- Manually configure static interface
- Install Bind DNS - sudo apt-get install bind9 bind9utils bind9-doc
Configure BIND server options
//
// access control list - define subnets to allow recursive DNS queries from
//
acl "trusted" {
192.168.1.0/24; # lab personal
192.168.11.0/24; # lab infrastructure
192.168.12.0/24; # lab management
192.168.13.0/24; # lab vms
localnets;
localhost;
};
options {
directory "/var/cache/bind";
recursion yes; # enables recursive queries
allow-recursion { trusted; }; # allows recursive queries from trusted clients
listen-on { 192.168.11.53; }; # ns1 private IP address - listen on private network only
allow-transfer { none; }; # disable zone transfers by default
forwarders {
8.8.8.8;
8.8.4.4;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
//dnssec-enable yes;
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Define Local DNS Zones
// -----------------------------
// Local DNS Zones
// -----------------------------
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Forward Zone for retro.io
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
zone "retro.io" {
type master;
file "/etc/bind/zones/db.retro.io"; # zone file
};
// <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
// Reverse Zone for 192.168.0.0/16
// <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
zone "168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.192.168"; # 192.168.0.0/16 subnet
};
$TTL 604800
retro.io. IN SOA ns1.retro.io. admin.retro.io. (
9 ; serial number
3h ; refresh interval
30m ; retry interval
3w ; expiry period
1h ; negative cache ttl
)
; Name Servers NS Records
IN NS ns1.retro.io.
; Name Servers A Records
ns1.retro.io. IN A 192.168.11.53
; A Records for 192.168.0.0/16
retro.io. IN A 192.168.1.1
corbs0.retro.io. IN A 192.168.1.3
vcenter.retro.io. IN A 192.168.11.3
retroj.retro.io. IN A 192.168.11.4
ops.retro.io. IN A 192.168.11.9
retro0.retro.io. IN A 192.168.11.10
retro1.retro.io. IN A 192.168.11.11
retro2.retro.io. IN A 192.168.11.12
retro3.retro.io. IN A 192.168.11.13
retro4.retro.io. IN A 192.168.11.14
* IN A 192.168.1.1
$TTL 604800
@ IN SOA retro.io. admin.retro.io. (
9 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers
IN NS ns1.retro.io.
; PTR Records
53.11 IN PTR ns1.retro.io. ; 192.168.11.53
9.11 IN PTR ops.retro.io. ; 192.168.11.9
10.11 IN PTR retro0.retro.io. ; 192.168.11.10
11.11 IN PTR retro1.retro.io. ; 192.168.11.11
12.11 IN PTR retro2.retro.io. ; 192.168.11.12
13.11 IN PTR retro3.retro.io. ; 192.168.11.13
14.11 IN PTR retro4.retro.io. ; 192.168.11.14
3.11 IN PTR vcenter.retro.io. ; 192.169.11.3
4.11 IN PTR retroj.retro.io. ; 192.169.11.4
3.1 IN PTR corbs0.retro.io. ; 192.168.1.3
sudo named-checkzone retro.io /etc/bind/zones/db.retro.io
sudo named-checkzone 168.192.in-addr.arpa /etc/bind/zones/db.192.168
sudo service bind9 restart
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens160
iface ens160 inet static
address 192.168.11.4
netmask 255.255.255.0
network 192.168.11.0
broadcast 192.168.11.255
gateway 192.168.11.1
dns-nameservers 192.168.11.53
dns-search retro.io