Setting local DNS server? Ubuntu 12.04

By zoheb
in Linux

 Share

Recommended Posts

Rising Star

zoheb

Posted
Posted

Hii guys...

I need to create a local DNS server in my office.

Here is the scenario:

- There is a development and staging website that is hosted on a remote server.

- We need to add the host file entries in everyone's system who needs to access that site.

What we need to accomplish is

- Skip to edit the host file entries on every system and instead just use the DNS server IP that will resolve the website that has a public IP and can be accessed only from our office

.

- Should I configure caching only DNS server OR primary and slave DNS server?

I tried configuring primary DNS server but unable to setup proper zone files. The name server is not registered anywhere. I am using dnsindia as the nameserver.

Can someone help me configuring the SOA


dnsindia.com. IN SOA dnsindia.com. root.dnsindia.com. (
[/CODE]

Can we use any name above or is there any process / restrictions?

when I use dig, the answer section returns NONE.

Even if I create a forward zone file with one of the system in my local network, the host name is not resolved.

Can someone help me with the walk through / guide that will help me configure the DNS server with bind?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

So if i am reading this right you have some server you need to access, so this server is not available via the public dns? There is no name I could resolve on the internet that would point to this IP of the server.

So your creating entries in your host file to access this server?

What is this entry?

So your clients that your putting the host entry in use what for dns now? Are you going to point them at this new BIND server you want to bring up, so that you can resolve say google.com and neowin.net?

Where did this ddnsindia.com come from?? You do understand that domain is already registered on the internet and currently points here for the owning nameservers

Nameservers

NS1.DOMAINRECOVER.COM

NS2.DOMAINRECOVER.COM

Now can not see who its registered to because its whois info is listing DomainProtect, do you own this domain?

Be more than happy to walk you through how to setup bind, but not really clear on what your wanting to do.. So here is an example, lets say your server IP address you create host entries for is 192.168.1.100, and you call it www.myserver.tld

so you have a host entry like this

192.168.1.100 www.myserver.tld

Is myserver this dnsindia domain? Or something else. Lets say you point to googledns now or your isp for dns currently. Just because you bring up a BIND that is setup to own the myserver.tld zone. Your clients are not going to ask him for dns -- they are going to ask googledns or your isp, etc.

So you need to point all your computers to your bind box, then you need to setup bind resolve the zone you want myserver.tld - and also forward other queries to googledns or your isp, etc.

So No if you want to resolve www.myserver.tld it can not be a caching only server, it would have to have authoritative zones, one being the myserver.tld zone - and then either query root servers for internet domains, or forward to some other dns so you can resolve say www.neowin.net, etc.

There is nothing that wrong with that SOA statement from how you presented it - your saying the SOA for dnsindia.com is a record called root.dnsindia.com -- but that is not really true.

The current SOA for that domain is

;; QUESTION SECTION:

;dnsindia.com. IN SOA

;; ANSWER SECTION:

dnsindia.com. 86400 IN SOA ns1.domainrecover.com. dnsmaster.domainrecover.com. 2011111400 28800 7200 604800 86400

So do you own that dnsindia.com domain or not - you shouldn't just grab some random name that you don't own and try and use it. If you want to use FQDN on your local network, then use domains that are not publicly feasible, ie make up the TLD, use .lan or .local, etc. For example you could use dnsindia.lan as you domain.

  • Karl L. and zoheb
  • Like 2
Rising Star

zoheb

Posted
  • Author
Posted

So if i am reading this right you have some server you need to access, so this server is not available via the public dns? There is no name I could resolve on the internet that would point to this IP of the server.

So your creating entries in your host file to access this server?

What is this entry?

So your clients that your putting the host entry in use what for dns now? Are you going to point them at this new BIND server you want to bring up, so that you can resolve say google.com and neowin.net?

Where did this ddnsindia.com come from?? You do understand that domain is already registered on the internet and currently points here for the owning nameservers

Nameservers

NS1.DOMAINRECOVER.COM

NS2.DOMAINRECOVER.COM

Now can not see who its registered to because its whois info is listing DomainProtect, do you own this domain?

Be more than happy to walk you through how to setup bind, but not really clear on what your wanting to do.. So here is an example, lets say your server IP address you create host entries for is 192.168.1.100, and you call it www.myserver.tld

so you have a host entry like this

192.168.1.100 www.myserver.tld

Is myserver this dnsindia domain? Or something else. Lets say you point to googledns now or your isp for dns currently. Just because you bring up a BIND that is setup to own the myserver.tld zone. Your clients are not going to ask him for dns -- they are going to ask googledns or your isp, etc.

So you need to point all your computers to your bind box, then you need to setup bind resolve the zone you want myserver.tld - and also forward other queries to googledns or your isp, etc.

So No if you want to resolve www.myserver.tld it can not be a caching only server, it would have to have authoritative zones, one being the myserver.tld zone - and then either query root servers for internet domains, or forward to some other dns so you can resolve say www.neowin.net, etc.

There is nothing that wrong with that SOA statement from how you presented it - your saying the SOA for dnsindia.com is a record called root.dnsindia.com -- but that is not really true.

The current SOA for that domain is

;; QUESTION SECTION:

;dnsindia.com. IN SOA

;; ANSWER SECTION:

dnsindia.com. 86400 IN SOA ns1.domainrecover.com. dnsmaster.domainrecover.com. 2011111400 28800 7200 604800 86400

So do you own that dnsindia.com domain or not - you shouldn't just grab some random name that you don't own and try and use it. If you want to use FQDN on your local network, then use domains that are not publicly feasible, ie make up the TLD, use .lan or .local, etc. For example you could use dnsindia.lan as you domain.

I am very much grateful for your answers.... Thanks !!.

Entries in the host files:


66.xx.xx.84		   www.myserver.tld
[/CODE]

So now, I changed the name from dnsindia.com to dnsindia.inc

I was able to setup zone file for my internal network. i.e I am able to dig / ping the internal hostnames just fine.(local IPs)

There is a website at remote location that has public IP (66.xx.xx.84)

Now when I point www.myserver.tld to public IP in zone file, it does not gets resolved.

Zone file entries as :

[CODE]
...
...
@ IN NS ns1.myserver.tld
www.myserver.tld IN A 66.xx.xx.84

[/CODE]

Do we need to include views for accessing Public IPs through local DNS?

The zone file looks fine for myserver.tld. checkzone command indicates the zone file as OK.

Please shed some light here sir

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

If you zone is myserver.tld

then your A record for www.myserver.tld would just be

www IN A 66.xx.xx.84

Your record is for

www.myserver.tld.myserver.tld

Why would you need to hide dnsindia.inc ?? with myserver.tld

Is that the zone your using? If you not using public domains, then there is no reason use made up stuff as examples or hide stuff.

Rising Star

zoheb

Posted
  • Author
Posted

Here are details for both the zone files:: 


root@dnsindia:/etc/bind# cat dnsindia.inc.db
; BIND db file for dnsindia.inc
$TTL 86400
@	   IN	  SOA	 ns1.dnsindia.inc.  admin.dnsindia.inc. (
					    2013030301	  ; serial number YYMMDDNN
					    28800		   ; Refresh
					    7200		    ; Retry
					    864000		  ; Expire
					    86400		   ; Min TTL
					    )
			    NS	  ns1.dnsindia.inc.
			    MX	  10 mail.dnsindia.inc.

$ORIGIN dnsindia.inc.
@	    IN	  NS	  ns1.dnsindia.inc.
mail	 IN	  A	   192.168.1.103
ns1	  IN	  A	   192.168.1.103
rahul    IN	  A	   192.168.1.111
[/CODE]

[CODE]
root@dnsindia:/etc/bind# cat db.mvelopes-dev.com
; Start of Authority (SOA) record
;TTL needs to be specified here too
$TTL 86400
mvelopes-dev.com. IN SOA dns.mvelopes-dev.com. root.mvelopes-dev.com. (
2013030301 ; serial # (date format)
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400) ; TTL (1 day)
; Mail Exchange (MX) records.
NS ns1.in2m.com.
; Address (A) records. (real-names of machines)
dns.mvelopes-dev.com. IN A 127.0.0.1
mvelopes-dev.com. IN A 66.xx.xx.84
www IN CNAME mvelopes-dev.com.
my IN CNAME mvelopes-dev.com.

apps.mvelopes-dev.com. IN A 66.xx.xx.85

[/CODE]

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

And what is not working?

you can't point to 127.0.0.1 - that is loopback, anyone that looks that is up is going to just point to themselves.

What are you trying to do with that NS record to ns1.in2m.com. whois domain is owned by.

Domain servers in listed order:

NS3.SINGLEEDGE.COM 63.171.8.252

NS4.SINGLEEDGE.COM 63.171.8.253

Rising Star

zoheb

Posted
  • Author
Posted

And what is not working?

you can't point to 127.0.0.1 - that is loopback, anyone that looks that is up is going to just point to themselves.

What are you trying to do with that NS record to ns1.in2m.com. whois domain is owned by.

Domain servers in listed order:

NS3.SINGLEEDGE.COM 63.171.8.252

NS4.SINGLEEDGE.COM 63.171.8.253

Thanks !! I got this working and was able to access the remote sites using my DNS server. There were some issues with the zone files which I checked with checkzone command. Zone files seems to be OK now.

in2m.com is a domain owned by our company. But can I exclude it? I don't want to use anything that is public. Everything should be private only for our company users.

I used dns.mvelopes-dev.com as loop back because any requests made to dns.mvelopes should be resolved by DNS server itself because that domain does not exists. (correct if I am wrong)

At last any suggestions or guide that you would prefer for the zone files OR DNS configuration that can enhance the performance of my DNS server.

Thanks in advance..

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

"I used dns.mvelopes-dev.com as loop back because any requests made to dns.mvelopes should be resolved by DNS server itself because that domain does not exists. (correct if I am wrong)"

You would point that to the IP of the dns server resolving it then, not loopback - if a client got told that the NS for mvelopes-dev.com was dns.mvelopes-dev.com and its ip address was 127.0.0.1 the client would query its OWN loopback, which would fail.

There is really no reason to include in2m.com, unless you want to have a zone for it on your own servers. Those domain servers are public already.

As to guides - none I would suggest, what I would suggest if your interested in BIND is http://shop.oreilly.com/product/9780596100575.do

Great book on BIND and dns in general.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • New PowerToys update fixes memory leaks and other issues

      By Dutchie64 · Posted

      Yup, that's a doozy right there 😄
    • New PowerToys update fixes memory leaks and other issues

      By Dutchie64 · Posted

      It's a bundle of tools created by a variety of people, so things can go wrong sometimes. It's a great addition to Windows, and I use a lot of the tools on a daily basis. Also, it's still a 0.**** release so quick updates are to be expected 😉
    • Why Delta Chat is the best decentralized messenger you have probably never tried

      By Nas · Posted

      Oh, I did. And it's even worse than I was hoping! Besides a lot of techno-babble jargon (yes I understand 100% of it but it's still all just techno-babble) there's 2 key points that make me super-weary about even considering testing this out. -- By default, after installation, a relay is automatically set up, so you do not need to care about that. * Non-chatmail apps use email servers as a long-term message archive while chatmail clients use email servers for ephemeral instant message relay. * Supporting the full variety of classic email setups would require considerable development and maintenance efforts, and complicate making chatmail-based messaging more resilient, reliable and fast. -- Basically, the end-user device is the 'server' (relay) so there is NO ARCHIVING whatsoever because every message is necessarily ephemeral. Great for techno-paranoia (and for illicit activities preferring no tracks to cover) but terrible for everybody else. It's also ironically contradictory to engineering principles of redundancies besides the transport layers due to the explicit absence of any persistent storage. Instead of 'classic email address' retaining multi-GB messaging archives on its server, now every device must retain 100% of those storage demands. (Email messages were originally meant to be short correspondences, not the multi-MB attachments boondoggle that now exists with unlimited spam engines flooding every potential recipient.) Any device swap or reset (or loss) makes the entire message history go bye-bye forever... lest there's an off-device auto-archival "relay" mechanism that's really a separate server that holds onto all transported messages (an email server) that utilizes 'chatmail email address' identities (like an email server) and its own persistent storage archive (like an email server). But... this solution is hoping to exist alongside real-world email address identities (based on the email server relay pathway) but simply render messages in chat thread format in an ephemeral manner (with contents being encrypted, and messages auto-expiring) ... In the end, it's a chat app/experience for the Web3/P2P-at-all-costs zealots. (I have accts on all sorts of federated web3 services so I understand the technical and non-technical alike.) For any practical users, however, it's just another service to download/install, register, cross-share id cards/qr codes, but know that there's no history/archive whatsoever (by design) so no account/message recovery whatsoever... update the device, install a bummed update patch, or dare upgrade your device... all history, poof, gone. Ya gotta start everything over again like they're a brand new person.
    • You've tried DuckDuckGo and Brave Search, now get serious with SearXNG

      By zikalify · Posted

      You've tried DuckDuckGo and Brave Search, now get serious with SearXNG by Paul Hill Over the last decade, it has become quite trendy to dump Google Search in favor of privacy-preserving alternatives such as DuckDuckGo, Startpage, and Brave Search. These search engines have done a very good job at highlighting dodgy practices by Google, such as adjusting search results based on what it thinks you’ll like (filter bubble) and stalking you around the web to advertise to you. While these search engines are good starting points when compared to non-private services like Google, there are still quite a few issues with them. For example, both DuckDuckGo and Brave Search require running non-free JavaScript in your web browser, which is comparable to running proprietary software on your computer, meaning you can be sure about what it’s actually doing in the background. Another issue is that these search engines are hosted on the respective companies’ servers, and you are using a service that you don’t control. Finally, DuckDuckGo, while offering privacy features, relies heavily on Microsoft’s infrastructure for its results and, in the past, has permitted Microsoft tracking scripts. If you are looking for a more private search solution than DuckDuckGo, Brave Search, and Startpage, then I recommend taking a look at SearXNG. It is a privacy-respecting metasearch engine that can be used via different public instances, which is useful for mobile users, or you can install it on your computer or server and run it locally with maximum control. Unlike Google, Bing, or Brave Search, which crawl the web and have their own search indexes, SearXNG is a metasearch engine, meaning it taps other search engines, stripping your identifying data, such as IP address, user agent, and cookies, in the process. Your search query is sent to the other search engines you enable before aggregating the results. SearXNG has deployment flexibility. If you are a casual user or a mobile user and don’t want to run SearXNG locally, you can use a public instance that is hosted by someone else. The main problem with this is that you are putting trust in the maintainer of the instance regarding stuff like logs that they may keep; good hosts should have a privacy policy explaining their policies. If you are trying to use SearXNG, you can also install the software on your device and then head to 127.0.0.1:8080 in your browser and search from there. While you don’t have to worry about a third-party admin like the public instances, search engines could ultimately block your IP address if they frown on you pulling in their search results locally. If you want to run it locally, it’s a good idea to use proxies or VPNs to hide your actual IP. You don’t have to worry about this with a public instance, as search engines never see your IP address. The main privacy benefit of using SearXNG is that it isolates your identity from the underlying engines that it’s capable of searching, such as Google and Bing. These search engines will only see requests coming from a generic server, so they can’t profile you and create a bubble filter that influences what results you see. This also ensures that your search engine doesn’t turn into an echo chamber that prevents you from reading alternative points of view. As a free software project, you are allowed to inspect SearXNG to make sure there are no negative features bundled inside. This sets it apart from the privacy search engines mentioned earlier because you can’t check their source code. As a meta search engine, you are not restricted to getting results from one source. Due to the fact that it scrapes content from other websites, your SearXNG instance will periodically get blocked from different providers, so it’s good to select a range of sources as a backup. While enabling all of the services will give you great results, this can make searching slower. I am personally happy with slower searches for the best results, but you can always check which providers are slowing down your search from the search results page and disable them to speed things up. If you want decent results quickly, enable the main search providers such as Google, Brave, DuckDuckGo, Qwant, Bing, and Yahoo. This way, you get wide coverage without the latency. On the Engines tab in Preferences, do note that there are different tabs, such as General, Images, and Videos, with their own providers that can be toggled and are not covered by "Enable all" while on the General tab, so be sure to dig into each. Just a note, if you want to enable everything, press "Enable all" in one tab, then hit save at the bottom of the page, then do the next tab, and so on. If you press "Enable all", then do that in each tab, and then save, nothing will stick. When I had just some of the search engines enabled, I searched “define nefarious” and results came back with the definition of “define” - obviously that was a sucky result. However, when I had everything enabled, it found dictionary pages for the word “nefarious” and even had an inline definition on the sidebar, which is quite nice too - that was delivered by WolframAlpha for anyone wondering! Probably the worst thing about this meta search engine is that the engines you select are saved with a cookie, so you must enable them on every new device you use SearXNG on, including if you decide to go into incognito mode with your web browser. Honestly, I would say this is the most annoying aspect, and perhaps if your browser lets you choose a separate private browsing search engine, then it would be best to use DuckDuckGo for this portion of your browsing. Another weakness of SearXNG is the random blocking of it by search providers. When you are on the results page, expand the “Response time” box, and it will show things like “Suspended: too many requests” or “access denied”. This is why it is good to enable several providers so that there is always a fallback to get results from. I won’t pretend SearXNG will be for everyone, however, if you enable all of the providers and put up with the slower response time, the results can be really amazing. Even if you don’t want to use it as your daily driver, keeping a bookmark handy that links to it is a good idea if you ever feel like doing a deep dive into a niche topic where other search engines are just failing to bring up any good result, due to the amount of sources it looks on. If you’re interested in radical user control over the software you use, installing SearXNG locally can also be a good idea, but be prepared to be temporarily blocked from sites if you trigger bot sensors without a VPN. Personally, I’ve opted to use a public instance, rather than install it myself. If you want to use it via a public instance, head over to searx.space to find a provider. Let us know in the comments if you have used SearXNG or its predecessor, Searx. What do you think about the quality of the results?
    • Windows 11 is getting redesigned taskbar settings in new build

      By Captain_Eric · Posted

      Dear Neowin, If it is not too much trouble, can you start using the new-ish designations for Insider Preview? "Experimental" is different than "former Dev" as it can apply to different models, eg 26H1 or 26H2 etc, right? No need to seed confusion IMHO. And, please "finally" update your graphics. OK?

  • Recent Achievements

    • Week One Done
      flexorcist earned a badge
      Week One Done
    • One Month Later
      Woland13 earned a badge
      One Month Later
    • Week One Done
      Woland13 earned a badge
      Week One Done
    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      503
    2. 2
      +Edouard
      226
    3. 3
      PsYcHoKiLLa
      158
    4. 4
      Steven P.
      75
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!