Archive for December, 2015

If you haven’t already,set static IP address on Ubuntu Server.
If vim is your favorite editor,you need to download it

apt-get install vim

In terminal type:

sudo vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eno16777736 //inteface name
iface eno16777736 inet static 

address 192.168.0.50
netmask 255.255.255.0
gateway 192.168.0.1

Restart network for changes to take effect:

sudo /etc/init.d/networking restart

 

Install bind package

sudo apt-get install bind9

Bind comes with “templates” for zone files (/etc/bind),so we don’t need to create it from scratch (prefixed with db (0/127) are for reverse lookup zone).

Untitled3.png

But,first we need to define our zones in /etc/bind/named.conf file.

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

zone "d1.com" {
type master;
file "/var/named/d1.com.forw";
};

zone "0.168.192.in-addr.arpa" {
type master;
file "/var/named/d1.com.rev";
};

 

In first section we define forward lookup zone (the resolution of host names to IP addresses)

Zone name is d1.com.Zone file name will be d1.com.forw (You can name it whatever you like) and file location will be /var/named directory

In next section we define reverse lookup zone (use an IP address and look up a computer name based on its address)

Zone suffix is always in-addr.arpa and prefix is network in reverse order.In this example my network is 192.168.0 hence name 0.168.192.in-addr.arpa.Zone file name is  d1.com.rev

I created folder named in /var directory

sudo mkdir /var/named

 

I copied “template” zone files from /etc/named  to /var/named and named it accordingly

sudo cp /etc/bind/db.local /var/named/d1.com.forw
sudo cp /etc/bind/db.0 /var/named/d1.com.rev

give named user ownership over /var/named:

sudo chown -R bind:bind /var/named/*

d1.com.forw:

$TTL 604800
@ IN SOA                               ubuntu.d1.com.   root.d1.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ubuntu.d1.com.
ubuntu IN A 192.168.0.50
win10 IN A 192.168.0.40
win8 IN A 192.168.0.48
@ IN AAAA ::1

 

$TTL 604800 defines the duration in seconds that the record may be cached

@ means this zone (d1.com)

SOA:The SOA record stores information about the name of the server that supplied the data for the zone

root.d1.com. (don’t forget period at the end) is mail address resposibile person for zone

2 is serial zone number.It’s purpose in DNS zone files is to provide a way for the server to verify that the contents of a zone file are up-to-date. If the serial number in a zone file hasn’t changed since that zone was last loaded, named figures that it can ignore the file.I put datetime as number,followed with 01 at the end,you can put any number you like

Refresh: Indicates the time when the slave will try to refresh the zone from the master (if we have another DNS server which transfers zone files from master server)

Retry:Defines the time between retries if the slave (secondary) fails to contact the master when refresh (above) has expired

Expire:Indicates when the zone data are considered incorrect by slave server,then slave tries to get update from master server

Minimum: defines the duration in seconds that the record may be cached

We don’t have slave server so accept default values

@ IN NS ubuntu.d1.com. don’t forget period at the end,if you omit it then server name would be appended at the end (ubuntu.d1.com.ubuntu)-is Name server for zone (our server)

ubuntu IN A 192.168.0.50 –  host (A) record our server

Reverse zone file:

; BIND reverse data file
;
$TTL 604800
@ IN SOA ubuntu.d1.com.              root.d1.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ubuntu.d1.com.
50 IN PTR ubuntu.d1.com.
48 IN PTR win8.d1.com.
40 IN PTR win10.d1.com.

 

Basically all is the same except PTR record

PTR map a network address to a host name.

Some external mail exchange servers make reverse DNS lookups before accepting messages originating from your mail server.

Check zone files for typo errors:

named-checkzone d1.com /var/named/d1.com.forw
named-checkzone d1.com /var/named/d1.com.rev

Point our ubuntu DNS server to itsels,start named and check if it works:

Edit /etc/resolv.conf

cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.0.50
service bind9 start
dig -x 127.0.0.1

 

Untitled

 

So far so good !,now try to ping some host,if ping fails,check /var/log/syslog

 

Untitled1.png

AppArmor is used to confine programs to a limited set of resources,similar to SELinux in Red Hat distros.In this example AppArmor prevents named to read our zone files.To overcome this issue edit /etc/apparmor.d/local/usr.sbin.named

# Site-specific additions and overrides for usr.sbin.named.
# For more details, please see /etc/apparmor.d/local/README.
/var/named/** r,

Reload apparmor and bind and you should be able to ping any hosts defined in zone files

sudo service apparmor reload sudo service bind9 restart

Test reverse zone:

dig 0.168.192.in-addr.arpa. AXFR

Untitled1