1183
Comment:
|
3984
|
Deletions are marked like this. | Additions are marked like this. |
Line 21: | Line 21: |
network 192.168.1.0 | |
Line 22: | Line 23: |
gateway 192.168.1.1 network 192.168.1.0 |
broadcast 192.168.1.255 |
Line 35: | Line 35: |
=== Make BIND listen === edit `/etc/bind/named.conf.options` and add {{{ listen-on { any; }; }}} === Make a DDNS update key === We are going to let the DHCP server update BIND. For this we need an update key. Create it with the following command. Remember that entrophy must be available for the key to be generated, you can check available entrophy in `/proc/sys/kernel/random/entropy_avail`. {{{ dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST ddns-update }}} This will create two files with filenames equivalent to `Kddns-update.+157+18646.private` and `Kddns-update.+157+18646.key`. The latter is your public key, which will be used by the DCHP server to update BIND. Create the file `/etc/bind/ddns-update.dnskey` and put your key inside it. {{{ key "ddns-update" { algorithm hmac-sha512; secret "yYFzfibvlpS33+vsngV2jF5tGkTiVSjhYoFuV0T7bnCVfFGx3Mu05SW+LakImdofkNM00LxHCLuvD1W1vSWMmA=="; }; }}} === Create a new zone === `/etc/bind/named.conf.kallenberg.dk` {{{ # Key used by DHCP servers for dynamic DNS updates include "/etc/bind/ddns-update.dnskey"; zone "kallenberg.dk" { type master; file "/var/lib/bind/kallenberg.dk.zone"; allow-transfer { 192.168.1.35; }; allow-update { key "ddns-update"; }; }; zone "1.168.192.in-addr.arpa" { type master; file "/var/lib/bind/1.168.192.zone"; allow-transfer { 192.168.1.35; }; allow-update { key "ddns-update"; }; }; }}} |
|
Line 36: | Line 82: |
Line 41: | Line 86: |
`/var/lib/bind/kallenberg.dk.zone` {{{ $ORIGIN . $TTL 86400 ; 1 day kallenberg.dk IN SOA ns01.kallenberg.dk. ns02.kallenberg.dk. ( 20150427 ; serial 7200 ; refresh (2 hours) 300 ; retry (5 minutes) 604800 ; expire (1 week) 60 ; minimum (1 minute) ) NS ns01.kallenberg.dk. NS ns02.kallenberg.dk. $ORIGIN kallenberg.dk. $TTL 1800 ; 30 minutes }}} `/var/lib/bind/1.168.192.zone` {{{ $ORIGIN . $TTL 86400 ; 1 day 1.168.192.in-addr.arpa IN SOA ns01.kallenberg.dk. ns02.kallenberg.dk. ( 20150218 ; serial 7200 ; refresh (2 hours) 300 ; retry (5 minutes) 604800 ; expire (1 week) 60 ; minimum (1 minute) ) NS ns01.kallenberg.dk. NS ns02.kallenberg.dk. $ORIGIN 1.168.192.in-addr.arpa. }}} |
DNS
The Domain Name System is really a must for any TCIP/IP network. It is a key component of the network. That is why it is the first service we will configure.
Here we will be using Bind, ISC's DNS server. Bind has a master/slave configuration, where the master gets the DNS changes and then updates the slave. It cannot run truly redundant, in the sense that only the master is allowed to get DNS changes, if the master is down, the slave cannot be updated.
DNS Master
Network
Since looking up the DNS servers IP-address does not make any sense, we will give the DNS server a statc IP-address. Edit /etc/networking/interfaces and make the following changes.
# The primary network interface #allow-hotplug eth0 #iface eth0 inet dhcp auto eth0 iface eth0 inet static address 192.168.1.34 network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255 gateway 192.168.1.1
Install BIND
apt-get install bind9
Configure BIND
Make BIND listen
edit /etc/bind/named.conf.options and add
listen-on { any; };
Make a DDNS update key
We are going to let the DHCP server update BIND. For this we need an update key. Create it with the following command. Remember that entrophy must be available for the key to be generated, you can check available entrophy in /proc/sys/kernel/random/entropy_avail.
dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST ddns-update
This will create two files with filenames equivalent to Kddns-update.+157+18646.private and Kddns-update.+157+18646.key. The latter is your public key, which will be used by the DCHP server to update BIND. Create the file /etc/bind/ddns-update.dnskey and put your key inside it.
key "ddns-update" { algorithm hmac-sha512; secret "yYFzfibvlpS33+vsngV2jF5tGkTiVSjhYoFuV0T7bnCVfFGx3Mu05SW+LakImdofkNM00LxHCLuvD1W1vSWMmA=="; };
Create a new zone
/etc/bind/named.conf.kallenberg.dk
# Key used by DHCP servers for dynamic DNS updates include "/etc/bind/ddns-update.dnskey"; zone "kallenberg.dk" { type master; file "/var/lib/bind/kallenberg.dk.zone"; allow-transfer { 192.168.1.35; }; allow-update { key "ddns-update"; }; }; zone "1.168.192.in-addr.arpa" { type master; file "/var/lib/bind/1.168.192.zone"; allow-transfer { 192.168.1.35; }; allow-update { key "ddns-update"; }; };
Add the new zone file to /etc/bind/named.conf.local
include "/etc/bind/named.conf.kallenberg.dk";
/var/lib/bind/kallenberg.dk.zone
$ORIGIN . $TTL 86400 ; 1 day kallenberg.dk IN SOA ns01.kallenberg.dk. ns02.kallenberg.dk. ( 20150427 ; serial 7200 ; refresh (2 hours) 300 ; retry (5 minutes) 604800 ; expire (1 week) 60 ; minimum (1 minute) ) NS ns01.kallenberg.dk. NS ns02.kallenberg.dk. $ORIGIN kallenberg.dk. $TTL 1800 ; 30 minutes
/var/lib/bind/1.168.192.zone
$ORIGIN . $TTL 86400 ; 1 day 1.168.192.in-addr.arpa IN SOA ns01.kallenberg.dk. ns02.kallenberg.dk. ( 20150218 ; serial 7200 ; refresh (2 hours) 300 ; retry (5 minutes) 604800 ; expire (1 week) 60 ; minimum (1 minute) ) NS ns01.kallenberg.dk. NS ns02.kallenberg.dk. $ORIGIN 1.168.192.in-addr.arpa.