20121205

A caching DNS server on debian like systems ( Ubuntu 12.04 )

This recipe works on a 12.04 host and it does not on another 12.04 .
Try this instead.

I had to help a friend to setup a DNS caching server for his network. His network is a little bit special since he is connected constantly to three distinct networks: the Internet , the AWMN - A wireless community , and his `local` network.

The DNS server will serve the local network and provide a `public` DNS server to the wireless community.

I am setting the DNS caching server on an Ubuntu 12.04 server but the instructions following should work just fine on any Debian based system.

First of all we need to install bind
root@ubuntu-01:~# apt-get install bind9


Setting up bind

I like to reduce the number of files used to a minimum in any configuration so I set /etc/named.conf to the one following.

root@ubuntu-01:/etc/bind# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
//#g0 - 2012 there is an entry describing this configuration at alog.ipduh.com
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
//include "/etc/bind/named.conf.default-zones";



Next let 's set the basics at /etc/named.conf.options. 10.27.224.17 is an IP address accessible by the whole Wireless Communtity AWMN and the local network. The gateway used by the server has Internet Access.
root@ubuntu-01:/etc/bind# cat named.conf.options 
options {
 directory "/var/cache/bind";

 version "some other version search alog.ipduh.com & awmn wiki";

        listen-on { 127.0.0.1; 10.27.224.17; };

 

 // If there is a firewall between you and nameservers you want
 // to talk to, you may need to fix the firewall to allow multiple
 // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

 // If your ISP provided one or more IP addresses for stable 
 // nameservers, you probably want to use them as forwarders.  
 // Uncomment the following block, and insert the addresses replacing 
 // the all-0's placeholder.

  //forwarders {
  // 0.0.0.0;
  //};

 //========================================================================
 // If BIND logs error messages about the root key being expired,
 // you will need to update your keys.  See https://www.isc.org/bind-keys
 //========================================================================
 //dnssec-validation auto;

 auth-nxdomain no;    # conform to RFC1035
 //listen-on-v6 { any; };
};


I disabled dnssec-validation and I will push the "." hint to the bottom so the DNS resolver-cache can deal with the wireless communities TLDs any way it wants.

Here goes the heart of it all --the /etc/named.conf.local
root@ubuntu-01:/etc/bind# cat named.conf.local 
// #g0 2012 -- http://ipduh.com/contact -- there is a post on alog.ipduh.com
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

//No need we will make the caching DNS server available to everyone
//acl internals {
//      127.0.0.0/8;
//    192.168.0.0/16;
//  10.0.0.0/8;
//};

//view "internal" {
//       match-clients { internals; };
//      recursion yes;

//Moved to the bottom
// prime the server with knowledge of the root servers
//zone "." {
//       type hint;
//      file "/etc/bind/db.root";
//};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};


//####################################
//# Greek Wireless Communities Zones #
//####################################
//# https://www.awmn.net/wiki/       #
//####################################
//Because awmn will go gwmn pretty soon g stands for Greek or Global ;)
//####################################

zone "10.in-addr.arpa" IN {
        type forward;
        forwarders {
       10.19.143.12;
       10.19.143.13;
        };
};


zone "awmn" IN {
        type forward;
        forwarders {
              // 10.0.1.1;  
         10.19.143.12;
              // 10.19.143.13;
        };
};

zone "wn" IN {
        type forward;
        forwarders {
                10.126.3.115;
                10.110.17.115;
                10.19.143.12;
                10.17.122.134;
                10.86.87.129;
                10.2.16.130;
                10.110.17.67;
        };
};

zone "swn" IN {
        type forward;
        forwarders {
                10.101.0.254;
                10.106.3.1;
                10.174.254.101;
                10.174.1.253;
        };
};


zone "twmn" IN {
        type forward;
        forwarders {
                10.104.76.65;
                10.122.20.70;
                10.122.3.68;
                10.122.14.72;
                10.104.1.74;
        };
};

zone "wthess" IN {
        type forward;
        forwarders {
                10.96.0.1;
                10.96.22.2;
                10.96.9.3;
        };
};

zone "ewn" IN {
        type forward;
        forwarders {
                10.145.7.150;
                10.146.210.130;
        };
};

zone "mswn" IN {
        type forward;
        forwarders {
                10.148.50.2;
        };
};

zone "cywn" IN {
        type forward;
        forwarders {
                10.215.0.125;
                10.215.2.126;
        };
};

zone "dwn" IN {
        type forward;
        forwarders {
                10.174.1.253;
                10.174.254.101;
                10.174.17.250;
        };
};

zone "wiran" IN {
        type forward;
        forwarders {
                10.230.3.133;
        };
};

zone "wana" IN {
        type forward;
        forwarders {
                10.224.3.35;
        };
};

zone "awn" IN {
        type forward;
        forwarders {
                10.198.0.130;
        };
};

zone "pwmn" IN {
        type forward;
        forwarders {
                10.140.14.67;
        };
};

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

//};



Going around the resolv.conf madness on ubuntu 12.04 server.

Adding 127.0.0.1 on /etc/resolv.conf to be on the safe side
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1


Set base, original , and tail in the /etc/resolvconf/resolv.conf.d directory
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cat base
nameserver 10.27.224.17
nameserver 127.0.0.1
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cp base tail
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cp tail original


Restart Bind9 and Test Configuration
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# /etc/init.d/bind9 restart
 * Stopping domain name service... bind9                                                                                                                                                                    waiting for pid 5881 to die
                                                                                                                                                                                                     [ OK ]
 * Starting domain name service... bind9  
                                                                                
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# dig forum.awmn +short
10.19.143.13    
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# dig ipduh.com +short
85.25.242.245                                                                                                                         


OK, it works.

caching DSN for the AWMN --outdated