This article will describe running DNS server for private network. This DNS server does not use recursion query for outside of private network.
Table of Contents
1 System environment
Private network address is 192.168.11.0/24. DNS server is 192.168.11.84. Client machine is 192.168.11.128. Private network name is my.net.
2 Install bind
Install bind and enable named.
> sudo zypper -n in bind > sudo systemctl enable named
3 Configuration
OpenSUSE 13's zone files are in /var/lib/named by default.
3.1 /etc/named.conf
Use my.net.zone as zone file for resolving my.net.
> diff -uprN /etc/named.conf{.org,}
--- /etc/named.conf.org 2017-01-03 13:11:57.821147766 +0900
+++ /etc/named.conf 2017-01-03 15:05:00.558054848 +0900
@@ -149,6 +149,10 @@ zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
file "127.0.0.zone";
};
+zone "my.net" in {
+ type master;
+ file "my.net.zone";
+};
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
3.2 /var/lib/named/my.net.zone
Map 192.168.11.84 to "server" as NS record. Map 192.168.11.128 to "client"as A record. If you want to map more, please append A record.
> cat /var/lib/named/my.net.zone $TTL 86400 @ IN SOA my.net root.my.net ( 2017010302 3600 900 604800 86400 ) @ IN NS server server IN A 192.168.11.84 client IN A 192.168.11.128
3.3 Validation
named-checkconf validates /etc/named.conf.
> named-checkconf
named-checkzone validates zone file.
> named-checkzone my.net /var/lib/named/my.net.zone zone my.net/IN: loaded serial 2017010302 OK
4 Open port
Open port with config file "bind".
> firewall_open_service()
{
for t in FW_CONFIGURATIONS_EXT FW_CONFIGURATIONS_DMZ FW_CONFIGURATIONS_INT; do
sudo sed -e "s/^${t}=\"\(.*\)\"/${t}=\"\1 $1\"/g" \
-i /etc/sysconfig/SuSEfirewall2
done
sudo systemctl restart SuSEfirewall2
}
> firewall_open_service bind
> sudo systemctl restart SuSEfirewall2
5 Run named
Run named after configuration
> sudo systemctl restart named
6 Execution result
/etc/resolv.conf is as below. 192.168.11.84 is for resolving private network. 192.168.11.1 is for resolving internet.
> cat /etc/resolv.conf <snip> search my.net nameserver 192.168.11.84 nameserver 192.168.11.1
Running ping command to "server" and "client".
> ping -c 4 client.my.net PING client.my.net (192.168.11.128) 56(84) bytes of data. 64 bytes from 192.168.11.128: icmp_seq=1 ttl=64 time=0.041 ms 64 bytes from 192.168.11.128: icmp_seq=2 ttl=64 time=0.028 ms 64 bytes from 192.168.11.128: icmp_seq=3 ttl=64 time=0.057 ms 64 bytes from 192.168.11.128: icmp_seq=4 ttl=64 time=0.051 ms --- client.my.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.028/0.044/0.057/0.011 ms > ping -c 4 server.my.net PING server.my.net (192.168.11.84) 56(84) bytes of data. 64 bytes from 192.168.11.84: icmp_seq=1 ttl=64 time=0.563 ms 64 bytes from 192.168.11.84: icmp_seq=2 ttl=64 time=0.670 ms 64 bytes from 192.168.11.84: icmp_seq=3 ttl=64 time=0.615 ms 64 bytes from 192.168.11.84: icmp_seq=4 ttl=64 time=0.618 ms --- server.my.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.563/0.616/0.670/0.045 ms