BIND DNS Server

From ThinkServer
Revision as of 01:55, 21 June 2016 by Sam (talk | contribs) (Started article)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Setting up the BIND DNS Server allows you to run a local DNS server. On initial configuration, it will act as a caching DNS server. When used by computers on the local network, it will use a common cache to save constant lookups over the internet (e.g. Computer 1 looks for google.com. The local DNS server will not have it in cache at first and will ask a DNS server on the internet for the address. The address will then be forwarded to the computer that requested it and cached in case it is needed in the near future. Computer 2 then wants to goto google.com as well. Instead of looking for it over the internet again, it will already be cached locally and can be sent straight to the computer). We are also using a local DNS server to resolve our new domain name locally. Locally it will point to the local IP address, externally, it will point to the external IP address, otherwise we would have to look up a local resource externally over the internet which is inefficient. It also allows us to use a HTTPS certificate both locally and externally without any problems.

Along with dynamic DHCP, it allows us to resolve any local host on the network, no matter what IP it happens to have. This means when a device gets a new local IP address with DHCP, DHCP will update its DNS link to the new address and the device can still be resolved. Setting up the DHCP server will also make all the local computer's look to the local DNS server.

Installation

We need 2 packages installed to complete this task:

  • bind
  • yast2-dns-server

This will also suggest some other dependencies which can be accepted.

Configuring for first use

On the first run, YaST will run through the settings in setup mode. Once setup, you will not be able to access setup mode again and will have to use the expert mode thereon after. Make sure settings are right the first time round to save disappointment later!!!

  1. On the terminal type sudo yast. Type your password if prompted.
  2. Arrow down to Network Services. Tab across to the right hand box and select the new option DNS Server. Press Enter.
  3. The first page will add the forwarders (DNS server to look for addresses if not cached or local) and caching policy.
    • We will leave Local DNS Resolution Policy as Automatic merging. Tab to the next box.
    • Make sure that under Local DNS Resolution Server, it is set to This name server (bind). Tab to the next box.
    • We need to add some forwarders to look up uncached internet address. Some examples are:
    • 8.8.4.4 and 8.8.8.8 to use Google DNS servers (selected)
    • 194.168.4.100 194.168.8.100 to use Virgin Media DNS servers
    • Type each one seperatly into the box then tab to [Add] and press Enter. Shift+Tab to move back to the address box and add another address.
    • You can add as many DNS servers as you feel necessary for redundancy purposes but need at least one.
    • Once done, tab to [Next] and press Enter.
  4. Next, we want to set up a DNS zone. You can name this anything you want, but for easier reference in the future, it is best to use your domain name here.
    • Tab to the name box and type your domain name. In our case, freddythechick.uk. We'll leave this as a master record so we'll tab past the Type box to the Add button and press Enter.
    • Your new zone should appear underneath in the Configured DNS Zones box.
  5. We'll want to edit the zone we have just created. Tab to [Edit] and press Enter.
    • We'll want to set up the NS Records. Tab along the top until you are on Basics. Arrow across to NS Records
    • Here we'll add the domain name (in our case, freddythechick.uk). When we add this, there must be a . at the end. Tab to Name Server to Add. Type the domain name (with the . at the end (it becomes freddythechick.uk.. Once done, tab to Add and press Enter.
    • We'll now need to add some records to the DNS server for lookup. Tab along the top to NS Records. Arrow across to Records.
    • The first record we'll add is an 'A' record. This points the domain name to the IP address.
    • Tab to Record Key. Type your domain name with the trailing .. Make sure the Type is A: IPv4 Domain Name Translation. Tab to Value and type the servers IP address in. Once done, tab to [Add] and press Enter. It should appear under Configured Resource Records
    • At this point, we can add 'CNAME' records which point to this server from different typed names. For example, if we add www CNAME record, www.freddythechick.uk will point to the same A record. In this case we'll add one for www (for web access) and one for thinkserver (the host name).
    • Tab to the Type box. Arrow down and select CNAME: Alias for Domain Name. Shift+Tab to the Record Key box and clear the current value. In this box, simply type @ (This automatically fills out the correct value for you. Tab to Value and clear the current value. Type one of the two values (www or thinkserver) in the box. Tab to the [Add] button and press Enter. It should appear under Configured Resource Records.
    • Repeat above to add outstanding CNAME records. Once done, tab to [OK] and press Enter.
  6. Once the zone is setup, tab to [Next] and press Enter.
  7. Last few settings to configure regarding firewall and boot behaviour.
    • If you have your firewall enabled, tab to [ ] Open Port in Firewall and press Space. You will have to configure it only to your Internal Zone with the [Firewall Details...]. You ABSOLUTLEY don't want to give it access from the outside unless you have a specific need to, otherwise you open up your server to attack. If your firewall is disabled, the text will be in blue and you will not be able to tab to it.
    • We won't be using LDAP support so we'll skip this option. Tab to Start-up Bhaviour (Behaviour is spelt wrong in the code!). Once on ( )On: Start Now and When Booting, press space to enable the option.
    • Once done, tab to [Finish] and press Enter. YaST will configure your computer and show the progress.
  8. That's it, you can start pointing computers to the server as a DNS server.