im trying to set up a bind dns controller https://wiki.archlinux.org/index.php/BIND on an arch linux box. The main thing i need out of this is so i will no longer need to edit windows/system32/drivers/etc/hosts file again on my win7 dev box, and can delete every custom entry in it gone, and let bind map the vhost entries for me.
here is my current /etc/named.conf http://dpaste.com/1XZ8JJR here is my /var/named/falcon.local.zone http://dpaste.com/094JGPR
i am changing my domain name to ld.pvt
, so when you see references to falcon.local those are being upgraded
A bit more about this machine, hostname: falcon, multiple roles; master backup san zfs array, apache LAMP stack for personal internal only professional dev, dns (new), ssh, etc..
what i want is this dns server machine (falcon) to make available its vhost resources which all share the same subdomain (ld.pvt).
the resources might look like this:
bleedingedgewebsites.com.ld.pvt (domain mimick, for development)
falcon.ld.pvt (root address, this one will just list directory, so i can easily click into any forgotton resources or resources missing vhost entries)
phpmyadmin.ld.pvt
tickets.ld.pvt
jenkins.ld.pvt
in the zone file, i prefer to use a wildcard for internal resources, but don't have to (e.g. *.ld.pvt)), then i wont need to list each of these individually, and each time i come up with something new. , i would just rather add the entry to the vhost file ONLY, and type it in the address bar of the dev machine, and VIOLA!
Can these be A records, and or CNAMES?
(after recent research, i understand that maybe the wildcard goes in the vhost, and only one entry needed here...)
should the zone SOA be ns1.ld.pvt
, or <hostname>.ld.pvt
, or is it the former, but with A records for both?
there is another example here on teh Arch site. im caught between this one https://wiki.archlinux.org/index.php/BIND#1._Creating_a_zonefile that has a disclaimer that its just a starting point, and all the others that are more for what i need, but arent specific to arch, like these https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04 https://help.github.com/articles/tips-for-configuring-an-a-record-with-your-dns-provider/ is it all the same?
i need a good example both /var/named/ld.pvt.zone /etc/named.conf master entry
i just need any one working solution to get started.
To get bind working correctly, there are some rules to follow to get it configured correctly.
You need to choose a domain, add the zone record for it, adding only one entry for the hostname inside this zone record, at the top, otherwise all mentions are the domain only.
It's good habit to end all domain names in a dot, in the config file, e.g. domain.com.
The NS name, can be the domain name.
The A record can be the ip of the machine, not localhost, since other machines in your network will pull this ip specified.
Once you have your a record, you can go hog wild adding your domain names, or you can wildcard it, which is what I did. So now all domains ending in the domain I chose map to the web development stuff.
The DNS settings in the IP properties of the adapter on the machine you want to use the DNS services, i.e. the client, you want to set the DNS to the lan ip of the DNS server.
Only adjustments needed are /etc/named.conf, /var/named/ld.pvt.zone, and the IP properties as I mentioned just above.
Here are the config files, enjoy!
// vim:set ts=4 sw=4 et:
acl "trusted" {
192.168.1.0/24;
127.0.0.0/8;
};
options {
directory "/var/named";
pid-file "/run/named/named.pid";
listen-on { trusted; };
listen-on-v6 { any; };
allow-query { trusted; };
allow-transfer { none; };
allow-update { none; };
forwarders {
8.8.4.4;
8.8.8.8;
};
query-source address * port 53;
version none;
hostname none;
server-id none;
};
logging {
channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
zone "ld.pvt" IN {
type master;
file "ld.pvt.zone";
};
$TTL 7200
@ 1D IN SOA ld.pvt. root.ld.pvt. (
2007011622 ; Serial
3H ; Refresh
15M ; Retry
1W ; Expire - 1 week
1D ) ; Minimum
IN NS ld.pvt.
ld.pvt. IN A 192.168.1.10
*.ld.pvt. IN CNAME ld.pvt.
You might need
# mkdir /var/db/nscd
# touch /etc/netgroup
# systemctl restart named
Use journalctl -xn to look for errors.
Once it is running, you should be able to ping anything.ld.pvt, NOW your vhost will know what to do!
Now on your client machine, you need to adjust the DNS, and flush dns resolver cache.
nscd -K
then nscd
or for a winbox, ipconfig /flushdns
, then try pinging on your LAN to the new anything.ld.pvt.
To put your client box on the map, you need to add an A record, pointing to its ip, e.g.
automated-pooper-scooper.ld.pvt. IN A 192.168.1.44