Skip to content

Instantly share code, notes, and snippets.

@egg82

egg82/coredns_client.md

Last active November 21, 2020 04:53
Show Gist options
  • Save egg82/1b0bac573e17b19e447d5e50533c4e97 to your computer and use it in GitHub Desktop.
Save egg82/1b0bac573e17b19e447d5e50533c4e97 to your computer and use it in GitHub Desktop.
Download ZIP
CoreDNS on clients
Raw
coredns_client.md

Notes

This guide was designed for a fresh install of Ubuntu desktop 20.04

Edit the file /etc/sysctl.conf and add (or edit) the following line:

net.core.rmem_max=8388608

Reload sysctl

sudo sysctl -p

Install CoreDNS

Install CoreDNS

core_version=1.7.0
sudo useradd -M -s /bin/false coredns
cd ~
wget https://github.com/coredns/coredns/releases/download/v$core_version/coredns_"$core_version"_linux_amd64.tgz
tar -xvf coredns_"$core_version"_linux_amd64.tgz
sudo mv coredns /usr/local/bin
sudo chown coredns:coredns /usr/local/bin/coredns
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/coredns

Create the file /etc/systemd/system/coredns.service and add the following:

[Unit]
Description=CoreDNS Server
Wants=network-online.target
After=network.target network-online.target

[Service]
Type=simple
Restart=on-failure
User=coredns
Group=coredns
StandardOutput=syslog
StandardError=syslog
ExecStart=/usr/local/bin/coredns -conf /etc/coredns/Corefile
KillSignal=SIGTERM

[Install]
WantedBy=multi-user.target

Reload systemctl

sudo systemctl daemon-reload

Create the config directory

sudo mkdir -p /etc/coredns

Create the file /etc/coredns/Corefile and add the following, adjusting for your subnet:

.:53 {
        forward . /var/run/NetworkManager/resolv.conf
        dnssec

        cache
        cancel
        bufsize 1232

        log
        errors
}

chown/chmod the config directory and files

sudo chown -R coredns:coredns /etc/coredns
sudo chmod -R 0664 /etc/coredns
sudo chmod 0775 /etc/coredns

Create the log file for CoreDNS

sudo touch /var/log/coredns.log
sudo chown syslog:adm /var/log/coredns.log

Create /etc/rsyslog.d/coredns.conf and add the following:

if $programname == 'coredns' then /var/log/coredns.log
& stop

Resatrt syslog

sudo systemctl restart syslog

Disable resolved

sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved

Delete resolved files

Yes, this is important. No, you cannot skip it. Yes, it's fine.

sudo rm /etc/resolv.conf
sudo touch /etc/resolv.conf

Reconfigure NetworkManager

Create the file /etc/NetworkManager/conf.d/disableresolv.conf and add the following:

[main]
dns=none

Create the file /etc/NetworkManager/dispatcher.d/coredns and add the following:

#!/bin/bash

case "$2" in
  up)
    sleep 3
    service coredns restart
  ;;
  down)
    sleep 2
    service coredns restart
  ;;
esac

exit $?

Make sure the new file has proper permissions:

sudo chown root:root /etc/NetworkManager/dispatcher.d/coredns
sudo chown 0755 /etc/NetworkManager/dispatcher.d/coredns

Restart NetworkManager:

sudo systemctl restart NetworkManager

Enable CoreDNS

sudo systemctl enable coredns
sudo systemctl restart coredns

And you're done!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment