Differences between revisions 17 and 42 (spanning 25 versions)
Revision 17 as of 2017-12-09 08:53:45
Size: 1750
Comment:
Revision 42 as of 2017-12-10 19:39:44
Size: 5839
Comment:
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
In this setup we use the following IP-addresses for the master and slave:

 * 192.168.1.34 master
 * 192.168.1.35 slave

Configure the [[DNS Master|master]] Then the [[DNS Slave|slave]].
Line 21: Line 27:
        network 192.168.1.0
Line 22: Line 29:
        gateway 192.168.1.1
        network 19
2.168.1.0
        broadcast 192.168.1.255
Line 35: Line 41:
=== Make a DDNS update key ===

We are going to let the DHCP server update BIND. For this we need an update key. Create it with the following command.

{{{#!highlight bash
#!/bin/sh
# entrophy must be available for the key to be generated
# check available entrophy
# /proc/sys/kernel/random/entropy_avail
dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST ddns-update
}}}
Line 49: Line 43:
edit `/etc/bind/named.conf.options` and add  edit `/etc/bind/named.conf.options` and add
Line 55: Line 49:
=== Make a DDNS update key ===

We are going to let the DHCP server update BIND. For this we need an update key. Create it with the following command. Remember that entrophy must be available for the key to be generated, you can check available entrophy in `/proc/sys/kernel/random/entropy_avail`.

{{{
dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST ddns-update
}}}

This will create two files with filenames equivalent to `Kddns-update.+157+18646.private` and `Kddns-update.+157+18646.key`. The latter is your public key, which will be used by the DCHP server to update BIND. Create the file `/etc/bind/ddns-update.dnskey` and put your key inside it.

{{{
key "ddns-update" {
        algorithm hmac-sha512;
        secret "yYFzfibvlpS33+vsngV2jF5tGkTiVSjhYoFuV0T7bnCVfFGx3Mu05SW+LakImdofkNM00LxHCLuvD1W1vSWMmA==";
};
}}}
Line 56: Line 67:
Line 59: Line 69:
# Key used by DHCP servers for dynamic DNS updates
include "/etc/bind/ddns-update.dnskey";

zone "kallenberg.dk" {
        type master;
        file "/var/lib/bind/kallenberg.dk.zone";
        allow-transfer { 192.168.1.35; };
        allow-update { key "ddns-update"; };
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "/var/lib/bind/1.168.192.zone";
        allow-transfer { 192.168.1.35; };
        allow-update { key "ddns-update"; };
};
Line 62: Line 88:
Line 67: Line 92:
`/var/lib/bind/kallenberg.dk.zone`
{{{
$ORIGIN .
$TTL 86400 ; 1 day
kallenberg.dk IN SOA ns01.kallenberg.dk. ns02.kallenberg.dk. (
                                20150427 ; serial
                                7200 ; refresh (2 hours)
                                300 ; retry (5 minutes)
                                604800 ; expire (1 week)
                                60 ; minimum (1 minute)
                                )
                        NS ns01.kallenberg.dk.
                        NS ns02.kallenberg.dk.
$ORIGIN kallenberg.dk.
$TTL 1800 ; 30 minutes
}}}

`/var/lib/bind/1.168.192.zone`
{{{
$ORIGIN .
$TTL 86400 ; 1 day
1.168.192.in-addr.arpa IN SOA ns01.kallenberg.dk. ns02.kallenberg.dk. (
                                20150218 ; serial
                                7200 ; refresh (2 hours)
                                300 ; retry (5 minutes)
                                604800 ; expire (1 week)
                                60 ; minimum (1 minute)
                                )
                        NS ns01.kallenberg.dk.
                        NS ns02.kallenberg.dk.
$ORIGIN 1.168.192.in-addr.arpa.
}}}
Line 69: Line 126:


== Network ==

Since looking up the DNS servers IP-address does not make any sense, we will give the DNS server a statc IP-address. Edit `/etc/networking/interfaces` and make the following changes.

{{{
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp

auto eth0
iface eth0 inet static
        address 192.168.1.35
        network 192.168.1.0
        netmask 255.255.255.0
        broadcast 192.168.1.255
        gateway 192.168.1.1
}}}

== Install BIND ==

{{{
apt-get install bind9
}}}

== Configure BIND ==

=== Make BIND listen ===

edit `/etc/bind/named.conf.options` and add

{{{
listen-on { any; };
allow-notify { 192.168.1.35; };
}}}
=== Get the DDNS update key ===

Get the key from the master and save it in `/etc/bind/ddns-update.dnskey`.

{{{
key "ddns-update" {
        algorithm hmac-sha512;
        secret "yYFzfibvlpS33+vsngV2jF5tGkTiVSjhYoFuV0T7bnCVfFGx3Mu05SW+LakImdofkNM00LxHCLuvD1W1vSWMmA==";
};
}}}

=== Create a new zone ===
`/etc/bind/named.conf.kallenberg.dk`
{{{
# Key used by DHCP servers for dynamic DNS updates
include "/etc/bind/ddns-update.dnskey";

zone "kallenberg.dk" {
        type slave;
        file "/var/lib/bind/kallenberg.dk.zone";
        allow-transfer { 192.168.1.34; };
        allow-update { key "ddns-update"; };
};

zone "1.168.192.in-addr.arpa" {
        type slave;
        file "/var/lib/bind/1.168.192.zone";
        allow-transfer { 192.168.1.34; };
        allow-update { key "ddns-update"; };
};
}}}

Add the new zone file to `/etc/bind/named.conf.local`
{{{
include "/etc/bind/named.conf.kallenberg.dk";
}}}

DNS

The Domain Name System is really a must for any TCIP/IP network. It is a key component of the network. That is why it is the first service we will configure.

Here we will be using Bind, ISC's DNS server. Bind has a master/slave configuration, where the master gets the DNS changes and then updates the slave. It cannot run truly redundant, in the sense that only the master is allowed to get DNS changes, if the master is down, the slave cannot be updated.

In this setup we use the following IP-addresses for the master and slave:

  • 192.168.1.34 master
  • 192.168.1.35 slave

Configure the master Then the slave.

DNS Master

Network

Since looking up the DNS servers IP-address does not make any sense, we will give the DNS server a statc IP-address. Edit /etc/networking/interfaces and make the following changes.

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp

auto eth0
iface eth0 inet static
        address 192.168.1.34
        network 192.168.1.0
        netmask 255.255.255.0
        broadcast 192.168.1.255
        gateway 192.168.1.1

Install BIND

apt-get install bind9

Configure BIND

Make BIND listen

edit /etc/bind/named.conf.options and add

listen-on { any; };

Make a DDNS update key

We are going to let the DHCP server update BIND. For this we need an update key. Create it with the following command. Remember that entrophy must be available for the key to be generated, you can check available entrophy in /proc/sys/kernel/random/entropy_avail.

dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST ddns-update

This will create two files with filenames equivalent to Kddns-update.+157+18646.private and Kddns-update.+157+18646.key. The latter is your public key, which will be used by the DCHP server to update BIND. Create the file /etc/bind/ddns-update.dnskey and put your key inside it.

key "ddns-update" {
        algorithm hmac-sha512;
        secret "yYFzfibvlpS33+vsngV2jF5tGkTiVSjhYoFuV0T7bnCVfFGx3Mu05SW+LakImdofkNM00LxHCLuvD1W1vSWMmA==";
};

Create a new zone

/etc/bind/named.conf.kallenberg.dk

# Key used by DHCP servers for dynamic DNS updates
include "/etc/bind/ddns-update.dnskey";

zone "kallenberg.dk" {
        type master;
        file "/var/lib/bind/kallenberg.dk.zone";
        allow-transfer { 192.168.1.35; };
        allow-update { key "ddns-update"; };
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "/var/lib/bind/1.168.192.zone";
        allow-transfer { 192.168.1.35; };
        allow-update { key "ddns-update"; };
};

Add the new zone file to /etc/bind/named.conf.local

include "/etc/bind/named.conf.kallenberg.dk";

/var/lib/bind/kallenberg.dk.zone

$ORIGIN .
$TTL 86400      ; 1 day
kallenberg.dk           IN SOA  ns01.kallenberg.dk. ns02.kallenberg.dk. (
                                20150427   ; serial
                                7200       ; refresh (2 hours)
                                300        ; retry (5 minutes)
                                604800     ; expire (1 week)
                                60         ; minimum (1 minute)
                                )
                        NS      ns01.kallenberg.dk.
                        NS      ns02.kallenberg.dk.
$ORIGIN kallenberg.dk.
$TTL 1800       ; 30 minutes

/var/lib/bind/1.168.192.zone

$ORIGIN .
$TTL 86400      ; 1 day
1.168.192.in-addr.arpa  IN SOA  ns01.kallenberg.dk. ns02.kallenberg.dk. (
                                20150218   ; serial
                                7200       ; refresh (2 hours)
                                300        ; retry (5 minutes)
                                604800     ; expire (1 week)
                                60         ; minimum (1 minute)
                                )
                        NS      ns01.kallenberg.dk.
                        NS      ns02.kallenberg.dk.
$ORIGIN 1.168.192.in-addr.arpa.

DNS Slave

Network

Since looking up the DNS servers IP-address does not make any sense, we will give the DNS server a statc IP-address. Edit /etc/networking/interfaces and make the following changes.

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp

auto eth0
iface eth0 inet static
        address 192.168.1.35
        network 192.168.1.0
        netmask 255.255.255.0
        broadcast 192.168.1.255
        gateway 192.168.1.1

Install BIND

apt-get install bind9

Configure BIND

Make BIND listen

edit /etc/bind/named.conf.options and add

listen-on { any; };
allow-notify { 192.168.1.35; };

Get the DDNS update key

Get the key from the master and save it in /etc/bind/ddns-update.dnskey.

key "ddns-update" {
        algorithm hmac-sha512;
        secret "yYFzfibvlpS33+vsngV2jF5tGkTiVSjhYoFuV0T7bnCVfFGx3Mu05SW+LakImdofkNM00LxHCLuvD1W1vSWMmA==";
};

Create a new zone

/etc/bind/named.conf.kallenberg.dk

# Key used by DHCP servers for dynamic DNS updates
include "/etc/bind/ddns-update.dnskey";

zone "kallenberg.dk" {
        type slave;
        file "/var/lib/bind/kallenberg.dk.zone";
        allow-transfer { 192.168.1.34; };
        allow-update { key "ddns-update"; };
};

zone "1.168.192.in-addr.arpa" {
        type slave;
        file "/var/lib/bind/1.168.192.zone";
        allow-transfer { 192.168.1.34; };
        allow-update { key "ddns-update"; };
};

Add the new zone file to /etc/bind/named.conf.local

include "/etc/bind/named.conf.kallenberg.dk";

None: DNS (last edited 2021-01-17 20:10:16 by Kristian Kallenberg)