Wednesday, December 15, 2010

Debian LAN DNS setup

We are going setup a LAN DNS server for a dev.local domain. I assume you already have dns server up and running, if not please follow previous post here.

Configure Forward Lookup Zone

First of all let start from forward lookup zone (file /etc/bind/db.dev.local):
$TTL 2d
dev.local.    IN     SOA     ns1.dev.local. hostmaster.dev.local. (
                             2010122201 ; se = serial number
                             6h         ; ref = refresh
                             15m        ; ret = update retry
                             3w         ; ex = expiry
                             3h         ; min = minimum
                             )
              IN     NS      ns1.dev.local.
              IN     NS      ns2.dev.local.
              IN     MX  10  mail.dev.local.
              IN     A       192.168.10.5
; hosts
gw1           IN     A       192.168.10.1
ns1           IN     A       192.168.10.2
ns2           IN     A       192.168.10.3
mail          IN     A       192.168.10.4
www           IN     CNAME   dev.local.

Configure Reverse Lookup Zone

Each forward lookup zone can have a reverse lookup zone, here is ours (file /etc/bind/db.10.168.192):
$ORIGIN .
$TTL 2d
10.168.192.IN-ADDR.ARPA      IN   SOA   ns1.dev.local. hostmaster.dev.local. (
                             2010122201 ; se = serial number
                             6h         ; ref = refresh
                             15m        ; ret = update retry
                             3w         ; ex = expiry
                             3h         ; min = minimum
                             )
              IN     NS      ns1.dev.local.
              IN     NS      ns2.dev.local.
$ORIGIN 10.168.192.IN-ADDR.ARPA.
1             IN     PTR     gw1.dev.local.
2             IN     PTR     ns1.dev.local.
3             IN     PTR     ns2.dev.local.
4             IN     PTR     mail.dev.local.
5             IN     PTR     www.dev.local.

Add Zone to DNS server

Now that we have both forward and reverse dns lookup zones for dev.local domain, we need to let dns server to know about it. All we need to do is add the following to /etc/bind/named.conf.local:
//
// Do any local configuration here
//

zone "dev.local" IN {
       type master;
       file "/etc/bind/db.dev.local";
};

zone "10.168.192.IN-ADDR.ARPA" IN {
       type master;
       file "/etc/bind/db.10.168.192";
};

// Consider adding the 1918 zones here, if they are not 
// used in your organization
include "/etc/bind/zones.rfc1918";

Forwarding to other LAN DNS Servers

Let do DNS forwarding for corp.local LAN domain with dns server on 192.168.11.2 (create a new file /etc/bind/named.conf.forward).
zone "corp.local" IN {
       type forward;
       forwarders { 192.168.11.2; 192.168.11.3; };
};
zone "11.168.192.IN-ADDR.ARPA" IN {
       type forward;
       forwarders { 192.168.11.2; 192.168.11.3; };
};
Let include it into the /etc/bind/named.conf
include "/etc/bind/named.conf.forward";
We need to ask bind9 reload the changes:
/etc/init.d/bind9 reload

Forwarding to IPS DNS Servers

You can optimize the dns queries to use dns servers supplied by your ISP (they are much closer to you than any others). In case your dns server can not resolve some domains, instead of contacting root servers it will contact ISP's servers first. This can be configured in /etc/bind/named.conf.options file:
// forwarders {
//      0.0.0.0;
// };
forwarders {
        192.168.123.123;    # ns1.your-isp.net
        192.168.321.321;    # ns2.your-isp.net
};

Client Configuration

Our dns server for dev.local is up and running, so now it is time configure client machines to use it. Ensure the following in /etc/resolv.conf:
search dev.local
nameserver 192.168.10.2
Please read more here.

No comments :

Post a Comment