1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Install named server on a home network

Discussion in 'Web and Network Services' started by c00kie, Apr 25, 2012.

  1. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    Hi
    I'm trying to set up a name server on a home network. My setup:

    http://drupal876.co.uk/img/net.jpg

    I've done a post
    # sysinstall

    http://drupal876.co.uk/img/sysinstall.jpg

    In file:
    /etc/hosts
    Code:
    
    ::1  localhost localhost.org
    127.0.0.1  localhost localhost.org
    192.168.0.5  manor8 manor8.mydomain.org
    


    File:
    /etc/resolv.conf
    Code:
    domain mydomain.org
    nameserver 192.168.0.5			# manor8
    nameserver 194.168.4.100		# ISPs nameservers
    nameserver 194.168.8.100
    



    /etc/rc.conf
    Code:
    hostname="manor8.mydomain.org"
    ifconfig_re0="inet 192.168.0.5 netmask 255.255.255.0"
    default_router="192.168.0.1"
    named_enable="YES"
    



    /etc/namedb/db.mydomain.org
    Code:
    $TTL 1d
    mydomain.org. IN SOA manor8.mydomain.org. admin.mydomain.org. (
    						2012042301 ; Serial (date, 2 digits version of day)
    						1d ; refresh
    						2h ; retry
    						100d ; expire
    						1h ) ; negative cache expiry
    
    ;name servers
    	IN NS ns
    
    ;MXrecords
    	IN MX 50 manor8.mydomain.org.
    	
    ns      IN A		192.168.0.5
    
    ;Hosts
    localhost 	IN A		127.0.0.1
    manor8	 	IN A		192.168.0.5
    paula		IN A		192.168.0.2
    andy		IN A		192.168.0.3
    jess            IN A		192.168.0.4
    
    ;nicknames
    www IN CNAME manor8
    ftp IN CNAME manor8
    
    

    In the file:
    /etc/namedb/mydomain-reverse
    Code:
    $TTL 1d
    @		IN SOA 			manor8.mydomain.org. admin.mydomain.org. (
    								2012042301 ; Serial (date, 2 digits version of day)
    								1d ; refresh
    								2h ; retry
    								100d ; expire
    								2h ) ; negative cache
    		IN NS 			ns.mydomain.org.
    
    5		IN PTR                  manor8.mydomain.org.
    2		IN PTR                  paula.mydomain.org.
    3		IN PTR                  andy.mydomain.org.
    4		IN PTR                  jess.mydomain.org.
    


    In file:
    /etc/namedb/localhost.rev
    Code:
    $TTL 1d
    @		IN SOA 			manor8.mydomain.org. root.mydomain.org. (
    									2012042501 ; Serial
    									1h ; Refresh
    									5m ; Retry
    									100d ; Expire
    									1h ) ; Negative cache
    		IN NS 			manor8.mydomain.org.
    1		IN PTR 			localhost.mydomain.org.
    


    In file:
    /etc/namedb/named.conf

    With the comments removed, it looks like:
    Code:
    // $FreeBSD$
    
    options {
    	// All file and path names are relative to the chroot directory,
    	// if any, and should be fully qualified.
    	directory	"/etc/namedb";
    	pid-file	"/var/run/named/pid";
    	dump-file	"/var/dump/named_dump.db";
    	statistics-file	"/var/stats/named.stats";
    
    	forwarders {
    		194.168.4.100; 194.168.8.100;
    	};
    };
    
    ...
    [details omitted here]
    ...
    
    zone "mydomain.org" {
    	type master;
    	file "db.mydomain.org";
    };
    
    zone "0.168.192.in-addr.arpa" {
    	type master;
    	file "mydomain-reverse";
    };
    
    zone "0.0.127.in-addr.arpa" {
    	type master;
    	file "localhost.rev";
    };
    

    File:
    /var/log/messages

    For a successful configuration I'm expecting output similar to:

    Code:
    Mar 18 15:01:57 freebie named[69751]: starting (/etc/namedb/named.conf). named 8.3.
    4-REL Wed Dec 18 13:38:28 CST 2002 grog@freebie.example.org:/usr/obj/src/FreeBSD/5-S
    TABLE-FREEBIE/src/usr.sbin/named
    Mar 18 15:01:57 freebie named[69751]: hint zone "" (IN) loaded (serial 0)
    Mar 18 15:01:57 freebie named[69751]: master zone "example.org" (IN) loaded (serial
    2003031801)
    Mar 18 15:01:57 freebie named[69751]: Zone "0.0.127.in-addr.arpa" (file localhost.re
    verse): No default TTL ($TTL <value>) set, using SOA minimum instead
    Mar 18 15:01:57 freebie named[69751]: master zone "0.0.127.in-addr.arpa" (IN) loaded
    (serial 97091501)
    Mar 18 15:01:57 freebie named[69751]: listening on [223.147.37.1].53 (rl0)
    Mar 18 15:01:57 freebie named[69751]: listening on [127.0.0.1].53 (lo0)
    Mar 18 15:01:57 freebie named[69752]: Ready to answer queries.
    


    Mine's rather different however:

    Code:
    Apr 25 13:01:57 manor8 named[1727]: starting BIND 9.8.1-P1 -t /var/named -u bind
    Apr 25 13:01:57 manor8 named[1727]: built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man'
    '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr'
    Apr 25 13:01:57 manor8 named[1727]: command channel listening on 127.0.0.1#953
    Apr 25 13:01:57 manor8 named[1727]: command channel listening on ::1#953
    Apr 25 13:01:57 manor8 named[1727]: the working directory is not writable
    Apr 25 13:01:57 manor8 named[1727]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
    Apr 25 13:01:57 manor8 named[1727]: running
    


    Back at my domain registrar, Ive updated server settings. Removing their DNS server names to my ISP's name servers.
    Code:
    cache1.service.virginmedia.net
    cache2.service.virginmedia.net
    



    If I call:
    # rndc reload
    It reports:
    Code:
    Apr 25 13:52:17 manor8 named[1727]: the working directory is not writable
    server reload successful
    


    I'm not sure if the directory /etc/namedb/working is relevant to named?
    The directory is empty by default and in my /etc/namedb/named.conf file I edited the directory option to:
    Code:
    options {
    	// All file and path names are relative to the chroot directory,
    	// if any, and should be fully qualified.
    	// directory "/etc/namedb/working";
    	directory	"/etc/namedb";
    	
    



    help..
     
  2. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,628
    Thanks Received:
    2,385
    It all looks good, what's not working?

    You can test your DNS with the dig(1) command like so:
    dig @192.168.0.5 manor8.mydomain.org

    Or, doing a reverse lookup:
    dig @192.168.0.5 -x 192.168.0.5
     
    c00kie thanks for this.
  3. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    Thanks. That's reasurring. dig(1) is useful. It reports:

    Code:
    ; <<>> DiG 9.8.1-P1 <<>> @192.168.0.5 manor8.mydomain.org
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<-- opcode: QUERY, status: NOERROR, id: 10322
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ; manor8.mydomain.org.		IN		A
    
    ;; ANSWER SECTION:
    manor8.mydomain.org.	        86400	IN		A		192.168.0.5
    
    ;; AUTHORITY SECTION:
    mydomain.org.			86400	IN		NS		ns.mydomain.org.
    
    ;; ADDITIONAL SECTION:
    ns.mydomain.org.		86400	IN		A		192.168.0.5
    
    ;; Query time: 29 msec
    ;; SERVER: 192.168.0.5#53(192.168.0.5)
    ;; WHEN: Thu Apr 26 08:11:53 2012
    ;; MSG SIZE rcvd: 86
    


    So it would appear that everything is correct. This gives me hope. But alas browse to http://www.mydomain.org and receive
    Code:
    Could not find remote server


    Just wondering, in the file /etc/namedb/named.conf

    I commented out this line:
    Code:
    // listen-on 	{ 127.0.0.1; };
    


    Would this have any significance?

    Another strange thing is if I

    # cd /etc/namedb

    then # pwd I'm expecting to see

    /etc/namedb

    But it reveals:

    /var/named/etc/namedb

    Is this normal?
     
  4. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,628
    Thanks Received:
    2,385
    Yes, your BIND is correctly configured.

    You need to change your domain information for that. It needs to point to your DNS server. You also need to make sure your DNS server is accessible from the internet. Since you're using RFC-1918 addresses this means you have to open up your router and/or firewall and forward TCP and UDP port 53 to your DNS server.

    Yes, that will bind it to localhost making it unaccessable from any other machine.

    Yes, that's normal. They're symlinked :e
     
    c00kie thanks for this.
  5. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    Thanks.

    Hmm... Firstly, I'm using http://mydomain.org purely as a reference. All instances of it are replaced with my 'real' domain of course. Or are you getting at something else here?
     
  6. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,628
    Thanks Received:
    2,385
    Yes, that was clear. What wasn't clear is where you expected this to work, it should at least work on your local network. Provided the client you use is configured to use your DNS server.
     
  7. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    OK. It would be good if it works on my home network and externally via the internet. I think I'm getting a little closer. I fixed the port forwarding on my router:

    http://drupal876.co.uk/img/port_forwarding.jpg

    I have a firewall in place; you may recognise this :)

    pfctl -sr reveals:
    Code:
    anchor "ftp-proxy/*" all
    block drop all
    pass in on re0 proto tcp from any to any port = ftp flags S/SA keep state
    pass in on re0 proto tcp from any to any port > 49151 flags S/SA keep state
    pass in proto tcp from any to any port = ssh flags S/SA keep state
    pass in proto tcp from any to any port = http flags S/SA keep state
    pass out all flags S/SA keep state
    


    It's changed a little.

    I'm now sat at machine 192.168.0.2. At the browser enter http://mydomain.org and the page doesn't load...

    Do I need a new rule(s) in /etc/pf.conf?

    Purely a guess..

    Code:
    pass in on re0 proto tcp from any to any port = 53 flags S/SA keep state
    
     
  8. suntzu

    suntzu New Member

    Messages:
    21
    Thanks Received:
    2
    How about

    Code:
    pass in on re0 proto { tcp, udp } from any to any port 53 keep state


    cat /etc/services | grep ^domain
     
    c00kie thanks for this.
  9. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,628
    Thanks Received:
    2,385
    Yes, you need to allow both TCP and UDP to port 53 for DNS to work.
     
  10. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    Thanks.

    With these rules added to /etc/pf.conf, and

    cat /etc/services | grep ^domain

    The system reports:

    Code:
    domain       53/tcp    #Domain Name Server
    domain       53/tcp    #Domain Name Server
    


    All looks good. But, the server won't serve pages with the domain. It works with an IP address.
     
  11. aa

    aa New Member

    Messages:
    48
    Thanks Received:
    9
    Good for local exercise, but it will never go public.
     
  12. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    You're saying it's not possible?
     
  13. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    Thanks. I've defined my zone files with the local clients IP addresses inclusive. It should work then within the LAN? I've taken your comments on board. And am beginning to think a basic VPS package would be more suitable. I can then have multiple zones all for a flat fee, it's a long way away (and better) from shared hosting.
     
  14. aa

    aa New Member

    Messages:
    48
    Thanks Received:
    9
    Unfortunately, it won't. Your ISP (nameservers) is the one that has the authority of your domain name.

    You may ask the registrar (if you paid more for the service) to point your domain nameserver to your IPs (at least 2), but then you don't have authorization to manage the full network to modify PTR records do you?

    Even with part subnet classless delegation, I think at least you need 4 IP addresses to be functional, 2 dedicated to DNS server (with warning, because both reside in the same network).

    Also, you can not publish local IP (RFC-1918). Bear in mind that the only thing DNS do (primarily) is to convert name to address. If somebody somewhere tries to reach a name from your nameservers (which then give them local IP), they're stuck on a host in their local network as well.
     
    c00kie thanks for this.
  15. shitson

    shitson New Member

    Messages:
    181
    Thanks Received:
    32
    c00kie what are you trying to access on these machines form the outside world?
     
  16. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    Thanks for the insight. Clearly it was a little naive of me thinking that this would work outside of my network. Non routable addresses are just not suitable for the internet. What I have learn't from this exercise, is that a VPS is more realistic option. :stud
     
  17. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    Websites..:)
     
  18. rtwingfield

    rtwingfield New Member

    Messages:
    109
    Thanks Received:
    0
    I'm not clear on what you are referring to as a VPS that would allow you to have "multiple zones for a flat $fee". Are you wanting to host several web hosts, e.g., x.com, y.com z.com? If so, then take a look at virtual hosting with Apache. All you would need is one static IP address.
     
  19. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    Yes.

    I'm aware (not expert) of virtual hosting. This is what I'm trying to get to the bottom of. Even with one static IP address, and with virtual hosting. I'd still need to define individual zone files for each domain?

    I'm a little inexperienced in name servers, so this is all new to me.

    And a VPS would give me this, moreover, a public, static, routable IP address. Along with master and slave DNS servers.
     
  20. rtwingfield

    rtwingfield New Member

    Messages:
    109
    Thanks Received:
    0
    Here is a URL to an example of the Apache v2.2.11 httpd-vhost.conf file (i.e., the model that I use to host multiple domains):

    http://archaxis.net/htdocs/white_papers/vhost.conf.pdf

    As I mentioned in the brief, there is much more to configuring Apache than my simple example, but I hope it will get you started. Essentially, Apache becomes your VPS.

    Also, at first, I'd suggest that you focus more on understanding the Apache configuration, than DNS. As long as you've successfully set up DNS (assuming with BIND), and the authoritive name servers are working, then you can always come back and fine-tune later.

    I have plans to add to the document. Any questions, certainly ask. Criticism invited, too.
     
  21. c00kie

    c00kie New Member

    Messages:
    163
    Thanks Received:
    0
    Thanks. Plug in the values, nice.