Configuring DNS Server Part 2
We intentionally made this a two-article topic because most of the readers will not be able to run a true dns server. If you are using cable modem or dsl, chances are pretty good that your provider is 'blocking ports' which prevent you from acting as a server on the internet. However, we are going to proceed in any event with you knowing that while some of this stuff works great for you, calling your buddy to get his opinion may fail if you are using a consumer type broadband service.
In this article, we are going to configure our DNS to resolve for the network (or even the internet). We are going to set up a master zone file for our domain. We are going to set up the MX record for our domain, and then add two A records to help us when we get into the web server configuration.
For example purposes, we will use ourdomain.com as our domain, www.ourdomain.com is our first website, www2.ourdomain.com is our second website. The freebsd server is called mail.ourdomain.com and resides on the ip address 192.168.1.100.
Configure DNS to resolve for your network
In the first part of our DNS article, we created a cache only name server. Let's expand that a little bit by getting it to act as a name server for the network. If you are on a consumer type broadband service, this dns server can work for you on your internal network using your NAT addresses provided by your router. I will not delve into those details as it is beyond the scope of what this article is about. Don't worry about that for now, just play along like you understand!
Let's start by renaming our existing named.conf file to another file. (has alot of useful but unwanted information in it out of the box).
# mv /var/named/etc/namedb/named.conf named.conf.old
Then create a new file with
# nano /var/named/etc/namedb/named.conf
copy and paste the following into the nano edit screen
______________________________ Copy from below here
// $FreeBSD: src/etc/namedb/named.conf,v 1.26.2.2.2.1 2008/11/25 02:59:29 kensmith Exp $
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works. Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-recursion {192.168.1.0/24;};
listen-on { 192.168.1.100;};
};
zone "." {
type hint;
file "named.root";
};
zone "1.168.192.IN-ADDR.ARPA" {
type master;
file "master/localblock.rev";
};
zone "localhost" { type master; file "master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file "master/empty.db"; };
zone "ourdomain.com" {
type master;
file "master/ourdomain.com";
};
------------------------------------------------------------- copy to above this line
save the file.
Ok, now let's fix our local dns server because we just broke it when changing the listen statement above.
# nano /etc/resolv.conf
change the 127.0.0.1 to
192.168.1.100
and save the file.
DNS is a little tricky sometimes. If the dns request can not resolve the ip address of the dns server, it refuses to use it. So, we have to make our ip address resolve to a name. We accomplish this by using a reverse look up zone. We defined it already in part of that big cut/paste we just did. Now we need to create the file we told it to use.
# nano /var/named/etc/namedb/master/localblock.rev
paste the follwing into that screen:
$TTL 86400
@ IN SOA ourdomain.com. root.ourdomain.com. (
100 ; serial
1H ; refresh
1M ; retry
1W ; expiry
1D) ; minimum
@ IN NS ns1.ourdomain.com.
100 IN PTR mail.ourdomain.com.
Save the file.
Now finally, we want to create our the file for our domain that we included in the zone configuration above.
# nano /var/named/etc/namedb/master/ourdomain.com
copy the following and paste it into the nano screen:
$TTL 3600 ; 1 hour default TTL
ourdomain.com. IN SOA ns1.ourdomain.com. root.ourdomain.com. (
2009070401 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
300 ; Negative Reponse TTL
)
; DNS Servers
IN NS mail.ourdomain.com.
; MX Records
IN MX 10 mail.ourdomain.com.
; Machine/Service Names
ns IN A 192.168.1.100
ns1 IN A 192.168.1.100
mx IN A 192.168.1.100
mail IN A 192.168.1.100
www IN A 192.168.1.100
www2 IN A 192.168.1.100
Save the file.
Now restart the dsn server with:
# rndc reload
check to make sure there are no errors:
# tail -f /var/log/messages
if all is well, there should be no errors at the end of that report. (Hit CTRL-C to get back to your prompt).
Let's test it out locally first!
# nslookup www.xerox.com
Should output something like this:
Server: 192.168.1.100
Address: 192.168.1.100#53
Non-authoritative answer:
www.xerox.com canonical name = www.xerox.com.edgekey.net.
www.xerox.com.edgekey.net canonical name = e82.c.akamaiedge.net.
Name: e82.c.akamaiedge.net
Address: 69.192.32.108
Notice the first two lines show our IP address which is what we expected to see. Our server is now responding correctly.
if you notice, we included the MX 10 record, and an A record for our www.ourdomain.com and www2.ourdomain.com as we said we would at the beginning of this article. Let's verify it works.
# nslookup www.ourdomain.com
should output this:
Server: 192.168.1.100
Address: 192.168.1.100#53
Name: www.ourdomain.com
Address: 192.168.1.100
Likewise,
# nslookup www2.ourdomain.com
should output this:
Server: 192.168.1.100
Address: 192.168.1.100#53
Name: www2.ourdomain.com
Address: 192.168.1.100
Our work is complete on setting up DNS on FreeBSD. You can now use this dns server from your network as well. Point your other systems to this box for dns and as long as they are in the network range we put for the allow-recursion way up top, our freebsd dns server should assist them.
You may have to reboot your other systems to get it to work though as some operating systems cache alot of dns lookups.
That's all for this article!