Wednesday, September 7, 2011

DNS on Ubuntu

I've been configuring DNS services under Linux to streamline my intranet browsing and addressing. In particular, I did this to resolve my intranet addresses sans IP so that I can e.g. type 'production' into Chrome and it takes me to my internal 192.168.1.xx address automagically. Then I can view the http output from my Ubuntu Apache box from a laptop across the room via domain name. Sometimes it's the little conveniences that count.

I thought I'd summarize the circumstances to do this procedure, as doing so organically takes some serious site hopping to synthesize the elements. It's not a particularly memorable mix, and it's as much for me as anyone else. A cheat sheet of sorts, and here are the broadly-defined tasks:
  1. Select a Linux box on your system to be a dedicated DNS server (I'll call it the DNSbox)
  2. Give DNSbox a static ip 
  3. apt-get install bind9 DNS service on DNSbox 
  4. configure bind9 on DNSbox 
  5. Divert DNS queries from router to DNSbox 
  6. Test using CLI utilities ( dig and nslookup ) as well as the bind9 log Hopefully that will get you through the woods.
Here in greater detail, the steps:
  1. I used a Ubuntu box set up as my intranet fileserver. As I begin to use more ultraportable and SSD devices, the fileserver will take on a greater storage role for my media and development files. The Ubuntu box is connected to my Linksys WRT45 (I'll call it the router), which in turn is served by my ISP. At the start of this procedure, the router had DNS IPs pointing to Comcast's DNS servers: 75,75,75,75 and 75,75,76,76.
     
  2. Give your Linux box a static ip. Edit /etc/network/interfaces, here is a good example of how to structure the interfaces text file. Chances are your network connection is eth0, so set inet static and give an address outside of the DHCP range on the router.
     
  3. Install bind9.
  4. Configure bind #1: Enable logging
    First thing is a real time saver, which is to enable bind to output logs. Syntax errors in your bind configuration files will cause it to fail silently. You can monitor this in the log.
    Add the following to the bind config file at /etc/bind/named.conf:

    logging {
            channel "logfile" {
                    file "/var/log/named/named.log" versions 5 size 5m;
                    print-time yes;
                    print-severity yes;
                    print-category yes;
            };
            category "default" { "logfile"; };
            category "general" { "logfile"; };
            category "update" { "logfile"; };
            category "queries" { "logfile"; };
    };
    

    Be sure that /var/log/named/named.log exists and is accessible by i.e. owned by bind. Test it with a quick:

    sudo /etc/init.d/bind9 restart

    Ensure you see stopped and started dialog in the log file. Keep plugging until you have success.

    Configure bind #2: Add DNS forwarders. Add this to /etc/bind/named.conf.options:
    options {
    ...
    forwarders {
    *Put auxiliary DNS IP 1 here*;
    ... 
    *Put auxiliary DNS IP n here*;
    };
    ...
    };
    
  5. Divert DNS queries from router to DNSbox #1
    Visit your router's web-based config and set DNS IP to the static IP of your DNSbox.

    Divert DNS queries #2
    Declare your nameserver on the DNSbox. Visit /etc/resolv.conf. I simply commented out (#) all lines and added:

    nameserver 192.168.1.xx   <- ( the static ip set in step 2 above )
    
    
  6. Test using CLI utilities dig and nslookup
Appendix A: Helpful Linux commands for DNS
sudo /etc/init.d/networking restart
sudo /etc/init.d/bind9 restart
nslookup
dig

Appendix B: Useful locations for DNS

# config files for use with bind
/etc/bind/named.conf
/etc/bind/named.conf.local
/etc/bind/named.conf.options # holds forwarders among others
/var/log/named/named.log # declared in named.conf

# config files for use with networking
/etc/resolv.conf 

Appendix C:

No comments: