Skip to content

Instantly share code, notes, and snippets.

@corbtastik

corbtastik/BIND.md

Last active February 21, 2021 16:18
Show Gist options
  • Save corbtastik/e5288e2d8f4df150e38002035c5be438 to your computer and use it in GitHub Desktop.
Save corbtastik/e5288e2d8f4df150e38002035c5be438 to your computer and use it in GitHub Desktop.
Download ZIP
RETROMAC_DNS
Raw
BIND.md

BIND config for retomac homelab (MacPro 5,1 with vmware)

Provision ubuntu 18.04 VM

  • Manually configure static interface
  • Install Bind DNS - sudo apt-get install bind9 bind9utils bind9-doc

named.conf.options

Configure BIND server options

//
// access control list - define subnets to allow recursive DNS queries from
// 
acl "trusted" {
	192.168.1.0/24;  # lab personal
	192.168.11.0/24; # lab infrastructure
	192.168.12.0/24; # lab management
	192.168.13.0/24; # lab vms
	localnets;
	localhost;
};

options {
	directory "/var/cache/bind";

	recursion yes;			# enables recursive queries
	allow-recursion { trusted; };	# allows recursive queries from trusted clients
	listen-on { 192.168.11.53; };	# ns1 private IP address - listen on private network only
	allow-transfer { none; };	# disable zone transfers by default

	forwarders {
		8.8.8.8;
		8.8.4.4;
	};

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	//dnssec-enable yes;
	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };
};

named.conf.local

Define Local DNS Zones

// -----------------------------
// Local DNS Zones
// -----------------------------
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Forward Zone for retro.io
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
zone "retro.io" {
        type master;
        file "/etc/bind/zones/db.retro.io"; # zone file
};
// <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
// Reverse Zone for 192.168.0.0/16
// <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
zone "168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/zones/db.192.168"; # 192.168.0.0/16 subnet
};

zones/db.retro.io forward zone file

$TTL    604800
retro.io.       IN      SOA     ns1.retro.io.   admin.retro.io. (
        9       ; serial number
        3h      ; refresh interval
        30m     ; retry interval
        3w      ; expiry period
        1h      ; negative cache ttl
)
; Name Servers NS Records
                        IN      NS      ns1.retro.io.
; Name Servers A Records
ns1.retro.io.           IN      A       192.168.11.53
; A Records for 192.168.0.0/16
retro.io.               IN      A       192.168.1.1
corbs0.retro.io.        IN      A       192.168.1.3
vcenter.retro.io.       IN      A       192.168.11.3
retroj.retro.io.        IN      A       192.168.11.4
ops.retro.io.           IN      A       192.168.11.9
retro0.retro.io.        IN      A       192.168.11.10
retro1.retro.io.        IN      A       192.168.11.11
retro2.retro.io.        IN      A       192.168.11.12
retro3.retro.io.        IN      A       192.168.11.13
retro4.retro.io.        IN      A       192.168.11.14
*                       IN      A       192.168.1.1

db.192.168 - reverse zone file

$TTL    604800
@       IN      SOA     retro.io. admin.retro.io. (
                              9         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
; name servers
        IN      NS      ns1.retro.io.
; PTR Records
53.11   IN      PTR     ns1.retro.io.           ; 192.168.11.53
9.11    IN      PTR     ops.retro.io.           ; 192.168.11.9
10.11   IN      PTR     retro0.retro.io.        ; 192.168.11.10
11.11   IN      PTR     retro1.retro.io.        ; 192.168.11.11
12.11   IN      PTR     retro2.retro.io.        ; 192.168.11.12
13.11   IN      PTR     retro3.retro.io.        ; 192.168.11.13
14.11   IN      PTR     retro4.retro.io.        ; 192.168.11.14
3.11    IN      PTR     vcenter.retro.io.       ; 192.169.11.3
4.11    IN      PTR     retroj.retro.io.        ; 192.169.11.4
3.1     IN      PTR     corbs0.retro.io.        ; 192.168.1.3

Check Zones and Restart BIND

sudo named-checkzone retro.io /etc/bind/zones/db.retro.io
sudo named-checkzone 168.192.in-addr.arpa /etc/bind/zones/db.192.168
sudo service bind9 restart

Typical Client Config

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto ens160
iface ens160 inet static
        address 192.168.11.4
        netmask 255.255.255.0
        network 192.168.11.0
        broadcast 192.168.11.255
        gateway 192.168.11.1
        dns-nameservers 192.168.11.53
        dns-search retro.io
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment