The Tiny Internet Project, Part III

Set Up DNS (bind9)

If you want to use domain names instead of IP addresses for reaching all your tiny internet machines, it's time to deploy a DNS server. Use the addresses you established as part of your tiny internet schema. Here's a reminder:

  • pve — 10.128.1.2

  • dns01 — 10.128.1.3

  • dns02 — 10.128.1.4

  • mail — 10.128.1.5

  • mirror — 10.128.1.6

  • web01 –10.128.1.7

Start by cloning your VM template. Right-click on the template and select "Clone". The target node will default to "pve" (or whatever you called your Proxmox host). Set the VM ID and name to whatever you want. Leave the auto-incrementing ID as is, and give the VM a name that's the same as the hostname you'll assign. In my example, I used "dns01". Set the Mode to "Full Clone", and set the Target Storage to "local" with "Raw disk image" as the format.

Figure 15. Cloning the Template

It takes less than a minute to spawn a new VM from your template. In its current state, it's exactly like the original "ubuntu" VM—same IP address, same hostname. Of course, you'll need to change those before putting the machine into production:

  • Edit /etc/hosts — change 127.0.1.1 ubuntu to 10.128.1.3 dns01.tiny.lab dns01.

  • Edit /etc/hostname — change ubuntu to dns01.tiny.lab.

  • Edit /etc/network/interfaces — change the 10.128.1.200 address to 10.128.1.3.

Once you've made these basic changes, reboot, log in and install bind9:


$ sudo apt-get update
$ sudo apt-get install bind9 bind9utils dnsutils bind9-doc

The main DNS configuration is done in these three files:

  • /etc/default/bind9

  • /etc/bind/named.conf.options

  • /etc/bind/named.conf.local

You'll finish by creating your zone files in /etc/bind/zones. I'm using the "tiny.lab" domain name in all these examples, but you can set the name to anything you want.

Start by adding an IPv4 option:


$ sudo vi /etc/default/bind9

Add the following to the end of the file:


OPTIONS="-4 -u bind"

Make backup copies of the next two files before editing them, then edit /etc/bind/named.conf.options and add your trusted hosts (one for each server and resource you have), and set the options:


acl "trusted" {
    10.128.1.1;
    10.128.1.2;
    10.128.1.3;
    10.128.1.4;
    10.128.1.5;
    10.128.1.6;
    10.128.1.7;
    10.128.0.0/16;
};

options {
    directory "/var/cache/bind";

    recursion   yes;   # enables recursive queries
    allow-recursion     { trusted; };   # allows queries from "trusted"
                                        # clients
    listen-on { 10.128.1.3; };   # dns01 IP address
    allow-transfer { none; };   # disable zone transfer by default

    forwarders {
        8.8.8.8;   # These are Google's DNS servers
        8.8.4.4;
    };

    ...
};

Save the file and create your zones by editing /etc/bind/named.conf.local. This is where you set your domain name, replacing "tiny.lab" with whatever you want:


zone "tiny.lab" {
    type master;
    file "/etc/bind/zones/db.tiny.lab";
    allow-transfer { 10.128.1.4; };  # Setting this for a
                                     # future secondary DNS server
};

zone "128.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.10.128";
    allow-transfer { 10.128.1.4; };
};

Now create the forward and reverse zone files, placing them in the /etc/bind/zones folder. If it doesn't exist, create it:


$ cd /etc/bind
$ sudo mkdir zones

Copy the default DNS forward and reverse zone config files into that folder, renaming them to match your domain name and IP subnet:


$ sudo cp db.local ./zones/db.tiny.lab
$ sudo cp db.127 ./zones/db.10.128

Edit /etc/bind/zones/db.tiny.lab, and enter your current and future hosts. The file I set up includes comments at the top to remind me of changes I make. I also created entries for my router (10.128.1.1) and a proxy server, which I put on the same box as my dns02. Each time you make modifications, increment the Serial entry before saving. Also note the ".?" after each name. Don't leave those off. You can find more information about DNS in the Resources section at the end of this article, but this will get you started:


; BIND data file for local loopback interface
;
;       20150505        JST     Modified proxy address
;       20160505        JST     Added web01

$TTL    604800
@       IN      SOA     dns01.tiny.lab admin.dns01.tiny.lab. (
                             12         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
; name servers -- NS records
        IN      NS      dns01.tiny.lab.
        IN      NS      dns02.tiny.lab.

; name servers -- A records
dhcp.tiny.lab.          IN      A       10.128.1.1
pve.tiny.lab.           IN      A       10.128.1.2
dns01.tiny.lab.         IN      A       10.128.1.3
dns02.tiny.lab.         IN      A       10.128.1.4
proxy.tiny.lab.         IN      CNAME   dns02.tiny.lab.
mail.tiny.lab.          IN      A       10.128.1.5
mirror.tiny.lab.        IN      A       10.128.1.6
web01.tiny.lab.         IN      A       10.128.1.7

Save the file and edit the /etc/bind/db.10.128 reverse zone file. The IP addresses for each server under "PTR records" are truncated-looking and can be confusing. Imagine each leading off with an invisible "10.128." to envision the addresses. Again, be sure to increment the Serial entry each time you make a change:


; BIND reverse data file for local loopback interface
;
; 20160505      JST     Added cname for proxy
; 20160505      JST     Added mirror01

$TTL    604800
@       IN      SOA     tiny.lab. admin.tiny.org. (
                             11         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
; name servers -- NS records
        IN      NS      dns01.tiny.lab.
        IN      NS      dns02.tiny.lab.

; PTR records
1.1     IN      PTR     dhcp.tiny.lab.
1.2     IN      PTR     pve.tiny.lab.
1.3     IN      PTR     dns01.tiny.lab.
1.4     IN      PTR     dns02.tiny.lab.
1.5     IN      PTR     mail.tiny.lab.
1.6     IN      PTR     mirror.tiny.lab.
1.7     IN      PTR     web01.tiny.lab.

Save the file and check the syntax of your files by running:


$ sudo named-checkconf

If everything is correct, you'll get no output and no errors. Check the configurations further with named-checkzone:


$ sudo named-checkzone tiny.lab /etc/bind/zones/db.tiny.lab
$ sudo named-checkzone 128.10.in-addr.arpa /etc/bind/zones/db.10.128

You'll see "OK" if everything checks out. If not, edit the files. Leaving off the trailing ".?" is a common mistake.

Restart bind to get it up and running:


$ sudo service bind9 restart

When bind9 restarts, do a quick check with the dig utility, or simply open a browser and navigate to your mirror server at http://mirror.tiny.lab:


$ dig mirror.tiny.lab

If you see 10.128.1.6 in the dig output, you've succeeded. DNS is working. You can complete your DNS setup by deploying a second VM or installing bind9 on a physically separate machine on your tiny internet network, but it's not strictly necessary at this point. You also can set this VM to start automatically when your Proxmox host starts, so you have DNS running whenever your tiny internet is up.

______________________

John S. Tonello is Director of IT for NYSERNet, Inc., in Syracuse, New York. He's been a Linux user and enthusiast since he installed his first Slackware system from diskette 20 years ago.