Archive

Archive for the ‘DNS’ Category

Custom TLD for local network

November 19, 2013 Leave a comment

 

 

In this post I will mention the steps to setup a TLD ( top level domain ) which can be used in a local network. Even though I have configured dns zones manually, this was the first time I configured a TLD zone(eventhough local one) of my own and it felt really cool after completing the setup 🙂

 

ASSUMPTION:

1) TLD used: “.jackal”
2) Bind version: 9
3) OS: Debian 7 (wheezy)
4) DNS/Nameserver ip: 10.111.44.221

 

SOLUTION:

1) Install bind and required packages,

apt-get install bind9 dnsutils

 

2) Insert the following into file “/etc/bind/named.conf.default-zones”,

zone "jackal." {
        type master;
        file "/etc/bind/db.jackal";
        allow-transfer { any;};
        allow-query { any;};
};

 

3) Verify configuration,

root@dns01:~# named-checkconf 
root@dns01:~#

 

4) Create the zone file for “jackal.” in “/etc/bind/db.jackal”

;
; BIND data file for TLD ".jackal"
;
$TTL	604800
@	IN	SOA	jackal. root.jackal. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	  IN	NS	ns1.jackal.
@	  IN	NS	ns2.jackal.
@	  IN	A	10.111.44.221
dns01	  IN 	A	10.111.44.222
apache01  IN	A	10.111.44.223
mysql01   IN	A	10.111.44.224
postfix01 IN	A	10.111.44.225
dovecot01 IN	A 	10.111.44.226
ns1	  IN	A	10.111.44.221
ns2	  IN	A 	10.111.44.221

 

5) And verify the zone file, bind configuration and after that restart bind service.

root@dns01:/etc/bind# named-checkzone jackal. db.jackal 
zone jackal/IN: loaded serial 2
OK
root@dns01:/etc/bind# named-checkconf 
root@dns01:/etc/bind# service bind9 restart
[....] Stopping domain name service...: bind9waiting for pid 2279 to die
. ok 
[ ok ] Starting domain name service...: bind9.
root@dns01:/etc/bind#

 

6) Create a separate directory for storing zone files of domains,

mkdir /etc/bind/zones/

 

7) Use the “initdns.sh” script for creating dns zone entries.
NOTE: We are using TLD’s ending with “.jackal”. Also customize the “initdns.sh” for your own use 😀

root@dns01:/# ./initdns.sh rogerjo.jackal
[*] Created zone file for rogerjo.jackal
[*] Added zone entry for rogerjo.jackal in bind configuration
root@dns01:/# named-checkzone rogerjo.jackal /etc/bind/zones/rogerjo.jackal 
zone rogerjo.jackal/IN: loaded serial 1378789827
OK
root@dns01:/# rndc reload
server reload successful
root@dns01:/#

 

 

 

initdns.sh

#!/bin/bash

if [ $# -ne 1 ];then
	echo "Usage: initdns.sh "
	exit 1
fi

## Domain name
MYDOMAIN=$1
ZONECONFIG="/etc/bind/named.conf.default-zones"

if [ `sed -n '/^zone "'${MYDOMAIN}'."/p' ${ZONECONFIG}|wc -l` -eq 1 ];then
	echo "[ERROR] Entry for ${MYDOMAIN} already exists"
	exit 1
fi

## Nameservers
NAMESERVER1="ns1.jackal"
NAMESERVER2="ns2.jackal"

## Apache and ftp service are running on the same host
APACHE_IP="10.111.44.222"
FTP_IP="10.111.44.222"

##Mail server
SMTP_IP="10.111.44.224"
POP_IMAP_IP="10.111.44.225"

## DB Server
MYSQL_IP="10.111.44.223"

## Create zone file
cat > /etc/bind/zones/${MYDOMAIN} << EOF \$TTL    86400 @       IN      SOA     ns.${MYDOMAIN}. root.${MYDOMAIN}. (                         1378789827      ; Serial                         10800   ; Refresh                         3600    ; Retry                         604800  ; Expire                         10800 ) ; Minimum ${MYDOMAIN}.       IN NS   ${NAMESERVER1}. ${MYDOMAIN}.       IN NS   ${NAMESERVER2}. ${MYDOMAIN}.       IN A    ${APACHE_IP} www.${MYDOMAIN}.   IN CNAME ${MYDOMAIN}. ${MYDOMAIN}.       IN MX  10  mx01.${MYDOMAIN}. ${MYDOMAIN}.       IN MX  10  mx02.${MYDOMAIN}. mx01.${MYDOMAIN}.  IN A	   ${SMTP_IP} mx02.${MYDOMAIN}.  IN A	   ${SMTP_IP} pop.${MYDOMAIN}.   IN A    ${POP_IMAP_IP} imap.${MYDOMAIN}.  IN A    ${POP_IMAP_IP} mysql.${MYDOMAIN}. IN A	   ${MYSQL_IP} ftp.${MYDOMAIN}.   IN A	   ${FTP_IP} EOF echo "[*] Created zone file for ${MYDOMAIN}" ## Create zone entry in bind configuration cat >> ${ZONECONFIG} << EOF

zone "${MYDOMAIN}." {
  	type master;
	file "/etc/bind/zones/${MYDOMAIN}";
};
EOF

echo "[*] Added zone entry for ${MYDOMAIN} in bind configuration"

 

 

 

removedns.sh

#!/bin/bash

if [ $# -ne 1 ];then
	echo "Usage: removedns.sh <domainname>"
	exit 1
fi

## Domain name
DOMAIN=$1

ZONECONFIG="/etc/bind/named.conf.default-zones"

if [ `sed -n '/^zone "'${DOMAIN}'."/p' /etc/bind/named.conf.default-zones|wc -l` -eq 1 ];then
	##Remove entries from dns configuration file
	sed -i -e '/^zone "'${DOMAIN}'."/,/^};/d' ${ZONECONFIG}
	sed -i '$d' ${ZONECONFIG}

	echo "[*] Removed zone entries from bind configuration"
else
	echo "[ERROR] ${DOMAIN} not present in bind configuration"
	exit 1
fi

#Remove zone file if it exists
if [ -f /etc/bind/zones/${DOMAIN} ];then
	rm -f /etc/bind/zones/${DOMAIN}
	echo "[*] Removed zone db file"
fi

Ubuntu 10.10 Bind Round Robin HowTo

March 5, 2011 1 comment

Hi everyone,

In this post i will explain the steps to configure bind to perform dns queries in a round robin fashion(everything works from your local machine).

Step1) Install bind and bind-utils

root@heuristics:~# sudo apt-get install bind9 bind9utils

By default all the configuration files will be present in the location “/etc/bind”.

Step 2) Add additional IP addresses to your local machine and restart the networking service.  Before modifying the network configuration, take a backup(Press Ctrl+D to save).  After restart view the new ip’s added using “ifconfig” command.

root@heuristics:~# cp -p /etc/network/interfaces /etc/network/interfaces.original-`date +%F`

root@heuristics:~# cat > /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

auto eth0:1
iface eth0:1 inet static
address 192.168.1.4
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

auto eth0:2
iface eth0:2 inet static
address 192.168.1.5
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

auto eth0:3
iface eth0:3 inet static
address 192.168.1.6
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

auto eth0:4
iface eth0:4 inet static
address 192.168.1.7
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

auto eth0:5
iface eth0:5 inet static
address 192.168.1.8
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
root@heuristics:~# /etc/init.d/networking restart

root@heuristics:~# ifconfig -a

Step 3) Add the following zone in “/etc/bind/named.conf.local”

zone “mercy.com” {
type master;
file “/var/cache/bind/mercy.com.db”;
};

Step 4) Create a zone file for domain “mercy.com” and add the contents listed below( Press Ctrl+D to exit).

root@heuristics:~# grep directory /etc/bind/named.conf.options
directory “/var/cache/bind”;
root@heuristics:~# cat > /var/cache/bind/mercy.com.db

$TTL 60    ; default TTL for zone
$ORIGIN mercy.com.
@             IN      SOA   ns1.mercy.com. jackal.mercy.com. (
2003080800 ; se = serial number
10        ; ref = refresh
10        ; ret = update retry
10         ; ex = expiry
10         ; min = minimum
)

IN      A       192.168.1.3
IN      A       192.168.1.4
IN      A       192.168.1.5
IN      A       192.168.1.6
IN      A       192.168.1.7
IN      A       192.168.1.8
IN      NS      ns1.mercy.com.
IN      MX  10  mail.mercy.com.
ns1 IN      A       192.168.1.3
mail IN      A       192.168.1.3
root@heuristics:~#

Step 5) Specify the rrset-order in the bind configuration(inside options directive).

root@heuristics:~# cat /etc/bind/named.conf.options
options {
directory “/var/cache/bind”;
auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };
rrset-order {order cyclic;};
};

root@heuristics:~#

Step 6) Add the local name server IP in “/etc/resolv.conf”. In my case the nameserver is running from localhost and the IP 192.168.1.3 .

root@heuristics:~# cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver 192.168.1.3
nameserver 192.168.1.1
root@heuristics:~#

Step 7) Make sure that the dns lookup order configured in “/etc/nsswitch.conf” is as pasted below,

root@heuristics:~# grep hosts /etc/nsswitch.conf
hosts:          files dns mdns4_minimal [NOTFOUND=return] mdns4
root@heuristics:~#

Step 8) Restart the bind service and test the working of bind round robin scheduling.

root@heuristics:~# service bind9 restart
* Stopping domain name service… bind9                                                                              [ OK ]
* Starting domain name service… bind9                                                                              [ OK ]
root@heuristics:~# for((i=1;i<=10;i++))
> do
> ping -c 1 mercy.com
> done
PING mercy.com (192.168.1.4) 56(84) bytes of data.
64 bytes from heuristics.local (192.168.1.4): icmp_req=1 ttl=64 time=0.027 ms

— mercy.com ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.027/0.027/0.027/0.000 ms
PING mercy.com (192.168.1.3) 56(84) bytes of data.
64 bytes from heuristics (192.168.1.3): icmp_req=1 ttl=64 time=0.035 ms

— mercy.com ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.035/0.035/0.035/0.000 ms
PING mercy.com (192.168.1.8) 56(84) bytes of data.
64 bytes from heuristics.local (192.168.1.8): icmp_req=1 ttl=64 time=0.035 ms

In the above output you can see that the IP of mercy.com changes during each iteration in the loop.

SPECIAL NOTE:

The bind can be configured to return random IP address from the list of A records. All that needs to be done is changing the “rrset-order” from “cyclic” to “random”.

REFERENCES:

http://www.zytrax.com/books/dns/ch9/rr.html#services

http://www.stanford.edu/~riepel/lbnamed/

Categories: DNS