Difference between revisions of "Cluster der kan alt/Install DNS server"

From Teknologisk videncenter
Jump to: navigation, search
m (Lock down the resolv.conf file)
(5. Create a “rev.0.0.10.in-addr.arpa” file for reverse lookup)
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Installer DNS Server==
+
== Install DNS Server ==
Install DNS server by download and install the package
+
 
<source lang=cli>
+
Install DNS server
apt-get install bind9
+
<source lang="text">
 +
sudo apt-get install bind9
 
</source>
 
</source>
  
==Configure DNS (Bind9)==
+
== Configure DNS Server  ==
First we will edit these 3 files.
+
 
*/etc/bind/named.conf.local
+
=== 1. Add domain zone ===
*/etc/bind/named.conf.options
+
 
*/etc/resolvconf/resolv.conf.d/base
+
Edit /etc/bind/named.conf.local
   
+
<source lang="cli">
Second we will create these 2 files.
+
sudo nano /etc/bind/named.conf.local
*/etc/bind/zones/dka.local.db
 
*/etc/bind/zones/rev.0.0.10.in-addr.arpa
 
 
===First step: add domain zone – dka.local===
 
Enter the named.conf.local file
 
<source lang=cli>
 
nano /etc/bind/named.conf.local
 
 
</source>
 
</source>
Add the entire to the file
+
Add the text below to the bottom of the file
<source lang=cli>
+
<source lang="cli">
# Our Domain zone
+
# Domain Zone
 
zone "dka.local." {
 
zone "dka.local." {
 
         type master;
 
         type master;
Line 33: Line 27:
 
         file "/etc/bind/zones/rev.0.0.10.in-addr.arpa.db";
 
         file "/etc/bind/zones/rev.0.0.10.in-addr.arpa.db";
 
};
 
};
 +
</source>
  
</source>
+
=== 2. Add DNS servers from your ISP  ===
  
===Secund step: Add the DNS servers from your ISP===
 
 
Enter the named.conf.options file
 
Enter the named.conf.options file
<source lang=cli>
+
<source lang="cli">
nano /etc/bind/named.conf.options
+
sudo nano /etc/bind/named.conf.options
 
</source>
 
</source>
Delete or comment the following
+
Comment out the following lines
<source lang=cli>
+
<source lang="text">
 
         dnssec-validation auto;
 
         dnssec-validation auto;
  
 
         auth-nxdomain no;    # conform to RFC1035
 
         auth-nxdomain no;    # conform to RFC1035
 
         listen-on-v6 { any; };
 
         listen-on-v6 { any; };
};
 
 
</source>
 
</source>
Add the following to the bottom of the file
+
Add the following to the bottom of the file, just above '};'
<source lang=cli>
+
<source lang="cli">
 
         forwarders {
 
         forwarders {
                 172.16.4.77;
+
                 172.16.4.77; # Mercantec DNS
 
         };
 
         };
  
Line 59: Line 52:
 
         listen-on { any; };
 
         listen-on { any; };
  
allow-query { 127.0.0.1; 172.16.4.66/24; 10.0.0.0/24;};
+
        allow-query { 127.0.0.1; 172.16.4.77/24; 10.0.0.0/24; };
};
+
</source>
 +
 
 +
'''NOTE:''' Be aware of which IP segment you are in. 172.16.4.77 = Hovedforløb 172.16.2.50,172.16.2.51 = Grundforløb
 +
 
 +
=== 3. Modify the resolv.conf file  ===
  
</source>
+
Edit /etc/resolvconf/resolv.conf.d/base file, and add the following lines. Replace 'dka.local' with your own domain.
*NOTE: Be aware of which IP segment you are in. 172.16.4.66 = Hovedforløb 172.16.2.50,172.16.2.51 = Grundforløb
 
*NOTE: DNS nameserver is now 172.16.4.77 - older documentation may still refer to 172.16.4.66 as DNS nameserver
 
  
===Third step: Modify the resolv.conf file ===
+
<source lang="cli">
Enter the resolv.conf.d/base file
 
<source lang=cli>
 
nano /etc/resolvconf/resolv.conf.d/base
 
</source>
 
Add the following lines
 
<source lang=cli>
 
 
nameserver 127.0.0.1
 
nameserver 127.0.0.1
 
nameserver 10.0.0.1
 
nameserver 10.0.0.1
Line 78: Line 67:
 
domain dka.local
 
domain dka.local
 
search dka.local
 
search dka.local
</source>
+
</source>  
===Fourth step: Lock down the resolv.conf file===
+
 
<source lang=cli>
+
You may want to lock down the resolv.conf file, making it immutable.
 +
 
 +
<source lang="cli">
 
sudo chattr -f +i /etc/resolv.conf
 
sudo chattr -f +i /etc/resolv.conf
 
</source>
 
</source>
Any problems with the resolv.conf file look [http://ubuntuforums.org/showthread.php?t=1978656| here]
+
Any problems with the resolv.conf file, look [http://ubuntuforums.org/showthread.php?t=1978656%7C here]  
  
===Fifth step: Define zones===
+
=== 4. Define zones ===
First make the directory /etc/bind/zones
+
 
<source lang=cli>
+
First make the directory /etc/bind/zones  
mkdir /etc/bind/zones
+
<source lang="cli">
 +
sudo mkdir /etc/bind/zones
 
</source>
 
</source>
Second make the file dka.local.db
+
 
<source lang=cli>
+
Second make the file dka.local.db (replace with your own domain)
nano /etc/bind/zones/dka.local.db
+
<source lang="cli">
 +
sudo nano /etc/bind/zones/dka.local.db
 
</source>
 
</source>
Add the following text to the newly created file
+
 
<source lang=cli>
+
Add the following text to the newly created file <source lang="cli">
 
; BIND data file for local loopback interface
 
; BIND data file for local loopback interface
 
;
 
;
Line 109: Line 102:
 
ns      IN      A      10.0.0.1
 
ns      IN      A      10.0.0.1
 
cluster IN      A      10.0.0.1
 
cluster IN      A      10.0.0.1
node1  IN      A      10.0.0.10
+
node1  IN      A      10.0.0.11
node2  IN      A      10.0.0.11
+
node2  IN      A      10.0.0.12
node3  IN      A      10.0.0.12
+
node3  IN      A      10.0.0.13
node4  IN      A      10.0.0.13
+
node4  IN      A      10.0.0.14
 
</source>
 
</source>
NOTES:
 
* The TTL or time to live is set for 1 week
 
  
===Step five: Create a “rev.0.0.10.in-addr.arpa” file for reverse lookup===
+
'''Note:''' TTL is set for 1 week.
Create the rev.0.0.10.in-addr.arpa file
+
 
<source lang=cli>
+
=== 5. Create a “rev.0.0.10.in-addr.arpa.db” file for reverse lookup ===
nano /etc/bind/zones/rev.0.0.10.in-addr.arpa
+
 
</source>
+
Create the rev.0.0.10.in-addr.arpa.db file <source lang="cli">
Add the following text
+
sudo nano /etc/bind/zones/rev.0.0.10.in-addr.arpa.db
<source lang=cli>
+
</source> Add the following text <source lang="cli">
 
$TTL 3D
 
$TTL 3D
 
@      IN      SOA    ns.dka.local. admin.dka.local. (
 
@      IN      SOA    ns.dka.local. admin.dka.local. (
Line 135: Line 126:
 
1      IN      PTR    ns.dka.local.
 
1      IN      PTR    ns.dka.local.
 
1      IN      PTR    cluster.dka.local.
 
1      IN      PTR    cluster.dka.local.
10     IN      PTR    node1.dka.local.
+
11     IN      PTR    node1.dka.local.
11     IN      PTR    node2.dka.local.
+
12     IN      PTR    node2.dka.local.
12     IN      PTR    node3.dka.local.
+
13     IN      PTR    node3.dka.local.
13     IN      PTR    node4.dka.local.
+
14     IN      PTR    node4.dka.local.
 
</source>
 
</source>
  
===Step six: Verify domain and DNS entries===
+
=== 6. Verify domain and DNS entries ===
Restart the network service
+
 
<source lang=cli>
+
Restart the network service <source lang="cli">
service bind9 restart
+
sudo service bind9 restart
</source>
+
</source>  
  
Dig
+
Dig  
  
<source lang=cli>
+
<source lang="cli">
 
$ dig dka.local
 
$ dig dka.local
</source>
+
</source>  
  
Nslookup
+
Nslookup  
  
<source lang=cli>
+
<source lang="cli">
 
nslookup ns
 
nslookup ns
</source>
+
</source> {{Source cli}}
{{Source cli}}
 

Latest revision as of 09:54, 30 October 2014

Install DNS Server

Install DNS server

sudo apt-get install bind9

Configure DNS Server

1. Add domain zone

Edit /etc/bind/named.conf.local

sudo nano /etc/bind/named.conf.local

Add the text below to the bottom of the file

# Domain Zone
zone "dka.local." {
        type master;
        file "/etc/bind/zones/dka.local.db";
};

# For reverse DNS
zone "0.0.10.in-addr.arpa" {
        type master;
        file "/etc/bind/zones/rev.0.0.10.in-addr.arpa.db";
};

2. Add DNS servers from your ISP

Enter the named.conf.options file

sudo nano /etc/bind/named.conf.options

Comment out the following lines

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };

Add the following to the bottom of the file, just above '};'

        forwarders {
                172.16.4.77; # Mercantec DNS
         };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        listen-on { any; };

        allow-query { 127.0.0.1; 172.16.4.77/24; 10.0.0.0/24; };

NOTE: Be aware of which IP segment you are in. 172.16.4.77 = Hovedforløb 172.16.2.50,172.16.2.51 = Grundforløb

3. Modify the resolv.conf file

Edit /etc/resolvconf/resolv.conf.d/base file, and add the following lines. Replace 'dka.local' with your own domain.

nameserver 127.0.0.1
nameserver 10.0.0.1
nameserver 172.16.4.77
domain dka.local
search dka.local

You may want to lock down the resolv.conf file, making it immutable.

sudo chattr -f +i /etc/resolv.conf

Any problems with the resolv.conf file, look here

4. Define zones

First make the directory /etc/bind/zones

sudo mkdir /etc/bind/zones

Second make the file dka.local.db (replace with your own domain)

sudo nano /etc/bind/zones/dka.local.db
Add the following text to the newly created file
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.dka.local. root.dka.local. (
                              8         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.dka.local.
ns      IN      A       10.0.0.1
cluster IN      A       10.0.0.1
node1   IN      A       10.0.0.11
node2   IN      A       10.0.0.12
node3   IN      A       10.0.0.13
node4   IN      A       10.0.0.14

Note: TTL is set for 1 week.

5. Create a “rev.0.0.10.in-addr.arpa.db” file for reverse lookup

Create the rev.0.0.10.in-addr.arpa.db file
sudo nano /etc/bind/zones/rev.0.0.10.in-addr.arpa.db
Add the following text
$TTL 3D
@       IN      SOA     ns.dka.local. admin.dka.local. (
                2007062001
                28800
                604800
                604800
                86400
)
        IN      NS      ns.dka.local.
1       IN      PTR     ns.dka.local.
1       IN      PTR     cluster.dka.local.
11      IN      PTR     node1.dka.local.
12      IN      PTR     node2.dka.local.
13      IN      PTR     node3.dka.local.
14      IN      PTR     node4.dka.local.

6. Verify domain and DNS entries

Restart the network service
sudo service bind9 restart

Dig

$ dig dka.local

Nslookup

nslookup ns