This article will describe running DNS server for private network.
This DNS server does not use recursion query for outside of private network.
Table of Contents
1 System environment
Private network address is 192.168.11.0/24.
Private network name is my.net.
IP address of DNS server is 192.168..11.67.
IP address of local machine inside private network is 192.168.11.70.
2 Install bind
Install bind9 with apt.
sudo apt-get install -y bind9
3 Configuration
Ubuntu 16.04 have config files at /etc/bind and zone file at /var/cache/bind.
3.1 /etc/bind/named.conf
Not using named.conf.default-zones, using new config file named.conf.my-zones.
$ diff -uprN /etc/bind/named.conf{.org,}
--- /etc/bind/named.conf.org 2016-04-30 04:54:33.437692485 +0900
+++ /etc/bind/named.conf 2016-04-30 05:33:38.114870069 +0900
@@ -8,4 +8,5 @@
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
-include "/etc/bind/named.conf.default-zones";
+include "/etc/bind/named.conf.my-zones";
+// include "/etc/bind/named.conf.default-zones";
3.2 /etc/bind/named.conf.options
Allow query from private network and disallow recursion query. If you running ufw, please open 53/udp and 53/tcp.
$ diff -uprN /etc/bind/named.conf.options{.org,}
--- /etc/bind/named.conf.options.org 2016-04-30 05:05:15.885386136 +0900
+++ /etc/bind/named.conf.options 2016-04-30 05:16:45.325945144 +0900
@@ -1,5 +1,8 @@
options {
directory "/var/cache/bind";
+ listen-on port 53 { localhost; 192.168.11.0/24; };
+ allow-query { localhost; 192.168.11.0/24; };
+ recursion no;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
3.3 /etc/bind/named.conf.my-zones
This is new file for zone my.net. my.net.zone is new file.
$ cat /etc/bind/named.conf.my-zones
zone "my.net" IN {
type master;
file "my.net.zone";
};
3.4 /var/cache/bind/my.net.zone
This is new file for private network name resolution.
Mapping 192.168.11.67, which is IP address of DNS server, to ubuntu-16.04 as NS record. Mapping 192.168.11.70, which is IP address of local machine, to ubuntu 14.04 as A record. If you want to map more, please append A record.
$ cat /var/cache/bind/my.net.zone $TTL 86400 @ IN SOA my.net root.my.net ( 2016043008 3600 900 604800 86400 ) @ IN NS ubuntu-16.04 ubuntu-16.04 IN A 192.168.11.67 ubuntu-14.04 IN A 192.168.11.70
3.5 Validation
named-checkconf validates /etc/bind/named.conf and included files.
$ named-checkconf
named-checkzone validates zone file.
$ named-checkzone my.net /var/cache/bind/my.net.zone zone my.net/IN: loaded serial 2016043008 OK
4 Run bind
Run bind with systemd.
$ sudo systemctl enable bind9 $ sudo systemctl start bind9
5 Excution result
/etc/resolv.conf is as below. This uses 192.168.11.67 for private network name resolution and uses 192.168.11.1 for internet name resolution.
$ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by # resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE # OVERWRITTEN search my.net nameserver 192.168.11.67 nameserver 192.168.11.1
Running ping command to ubuntu-14.04.my.net and ubuntu-16.04.my.net, name resolution is worked.
$ ping -c 4 ubuntu-14.04.my.net PING ubuntu-14.04.my.net (192.168.11.70) 56(84) bytes of data. 64 bytes from 192.168.11.70: icmp_seq=1 ttl=64 time=0.370 ms 64 bytes from 192.168.11.70: icmp_seq=2 ttl=64 time=0.273 ms 64 bytes from 192.168.11.70: icmp_seq=3 ttl=64 time=0.388 ms 64 bytes from 192.168.11.70: icmp_seq=4 ttl=64 time=0.406 ms --- ubuntu-14.04.my.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3001ms rtt min/avg/max/mdev = 0.273/0.359/0.406/0.053 ms hiroom2@ubuntu-16:~$ ping -c 4 ubuntu-16.04.my.net PING ubuntu-16.04.my.net (192.168.11.67) 56(84) bytes of data. 64 bytes from 192.168.11.67: icmp_seq=1 ttl=64 time=0.020 ms 64 bytes from 192.168.11.67: icmp_seq=2 ttl=64 time=0.043 ms 64 bytes from 192.168.11.67: icmp_seq=3 ttl=64 time=0.038 ms 64 bytes from 192.168.11.67: icmp_seq=4 ttl=64 time=0.038 ms --- ubuntu-16.04.my.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.020/0.034/0.043/0.011 ms