Setting up a DNS server on FreeBSD

Quite often, the question arises about the implementation of your DNS server, which could not only serve requests from external users for DNS names acquired, but also serve requests from users on the local network. Such a task is relatively simply solved by means of the FreeBSD OS.

Task:
')
Set up a FreeBSD DNS Bind server to serve requests from internal network clients and maintain direct and reverse DNS zones with the function of forwarding them to a secondary DNS server. The type of all zones on the server is Master, that is, this server provides authoritative answers for all zones.

Given:

1. The internal IP address of the DNS server is 192.168.0.1/24
2. External IP address of the DNS server - 10.10.10.1/24
3. The IP address of the secondary server - 10.10.10.2/24
4. Direct DNS zone - test.dom
5. Reverse DNS zone - 10.10.10.in-addr.arpa

Decision:

1. In the /etc/rc.conf file, we register the launch of the DNS server at system startup

named_enable=”YES”

2. We give the configuration file /etc/namedb/named.conf to the following form:

acl ACCESS { 127.0.0.1; 192.168.0.0/24; 10.10.10.0/24; };

options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; 10.10.10.1; };
allow-recursion { ACCESS; };
allow-transfer { 10.10.10.2; };
transfer-source 10.10.10.1;
version "Bind DNS Server";
};

logging {
category lame-servers { null; };
};

zone "." {
type hint;
file "named.root";
};

zone "localhost" {
type master;
file "master/localhost";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.in-addr.arpa";
};

zone "test.dom" {
type master;
file "master/test.dom";
allow-query { any; };
};

zone "10.10.10.in-addr.arpa" {
type master;
file "master/10.10.10.in-addr.arpa";
allow-query { any; };
};

Where:

acl is an access list named ACCESS and a description of networks in it that are allowed to use our DNS server.
directory - Bind working directory
pid-file - Location of the PID file
dump-file - Location of the DUMP file
statistics-file - The location of the statistics file
listen-on - Specify the IP addresses of the interfaces on which Bind will “listen” requests
allow-recursion - Specify access lists, who is allowed recursive requests to the server
allow-transfer - Specify the IP address of the secondary DNS server to which we will forward our zones
transfer-source - Specify the IP of the interface through which zone transfers will be allowed
version - Specify our version of DNS server
logging - Specify a log limit
zone "." - The zone describing root DNS servers is necessary for operation. Stored in the /etc/namedb/named.root file
zone "localhost" - A direct zone describing the local server is necessary for operation. Stored in the / etc / namedb / master / localhost file
zone "0.0.127.in-addr.arpa" - A reverse zone describing the local server is required for operation. Stored in the /etc/namedb/master/0.0.127.in-addr.arpa file
zone "test.dom" - our direct zone. It is stored in the /etc/namedb/master/test.dom file. Since our server has a master copy of the zone, with the help of allow-query, we allow everyone to poll it.
zone "10.10.10.in-addr.arpa" is our reverse zone. Stored in the /etc/namedb/master/10.10.10.in-addr.arpa file. Since on our server the master copy of the zone is stored, with the help of allow-query, we allow everyone to poll it.

3. Configure zone files

3.1. Zone "." - we leave by default

3.2. Zone "localhost" . The configuration file / etc / namedb / master / localhost is as follows:

$TTL 3600

@ IN SOA localhost. root.localhost. (
2009070601 ; Serial
3600 ; Refresh
600 ; Retry
2419200 ; Expire
86400 ) ; Minimum

IN NS localhost.

IN A 127.0.0.1

3.3. Zone "0.0.127.in-addr.arpa" . The configuration file /etc/namedb/master/0.0.127.in-addr.arpa is reduced to the following form:

$TTL 3600

@ IN SOA localhost. root.localhost. (
2009070601 ; Serial
3600 ; Refresh
600 ; Retry
2419200 ; Expire
86400 ) ; Minimum

IN NS localhost.

1 IN PTR localhost.

3.4. Zone "test.dom" . The configuration file /etc/namedb/master/test.dom is reduced to the following form:

$TTL 3600
@ IN SOA ns1.test.dom. hostmaster.test.dom. (
2009082801 ; Serial
3600 ; Refresh
600 ; Retry
2419200 ; Expire
86400 ) ; Minimum

IN NS ns1.test.dom.
IN NS ns2.test.dom.

@ IN A 10.10.10.1

ns1 IN A 10.10.10.1
ns2 IN A 10.10.10.2

3.5. Zone "10.10.10.in-addr.arpa" . The configuration file / etc/namedbmaster / master.10.10.10.in-addr.arpa we bring to the following form:

$TTL 3600
@ IN SOA ns1.test.dom. hostmaster.test.dom. (
2009082801 ; Serial
3600 ; Refresh
600 ; Retry
2419200 ; Expire
86400 ) ; Minimum

IN NS ns1.test.dom.
IN NS ns2.test.dom.

1 IN PTR ns1.test.dom.
2 IN PTR ns2.test.dom.

Where, for example, for the test.dom zone from top to bottom:

- Time indicating the duration in seconds, how much the record should be stored in the cache.
- @ - zone name - replacing symbol, IN - class of the INTERNET record - default value, SOA - description of global zone variables, ns1.test.dom. - DNS server name for this zone, hostmaster.test.dom. - mail address of the DNS server administrator for this zone. Instead of the @ sign, “.” Is used as a separator.
- The serial number of the change entry. To re-read the zone by the secondary server, each time it is necessary to increase the last digit by 1
- The time after which the secondary DNS server will try to re-read the zone
- The time after which the secondary server will try to re-read the zone if it failed to contact the primary DNS server during the period specified in Refresh
- Indicates after what time these zones are no longer authoritative for this server. Used by secondary servers.
- Obsolete attribute indicating the lifetime of the zone data in the cache.
- Specify the DNS of the primary DNS server for this zone
- Specify the secondary DNS server for this zone
- Description of nodes in this zone

4. Manage the DNS server with the following commands:

freebsd# /etc/rc.d/named start | stop | restart | status

Additionally:

The most commonly used types of records in DNS:

A - write to the IP address of the node in the network
NS - record on DNS server
CNAME - write to the canonical name for the node
PTR - record pointer to the domain name, used in reverse zones
MX - record for determining mail routing

For performance testing, you can use tools like dig or nslookup.

An example of using dig:

freebsd# dig @localhost test.dom ANY

The command means to display ANY type records in the test.dom zone using the localhost server.

; <<>> DiG 9.4.3-P2 <<>> @localhost test.dom ANY
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35560
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;test.dom. IN ANY

;; ANSWER SECTION:
test.dom. 3600 IN A 10.10.10.1
test.dom. 3600 IN SOA ns1.test.dom. hostmaster.test.dom. 2009082801 3600 600 2419200 86400
test.dom. 3600 IN NS ns1.test.dom.
test.dom. 3600 IN NS ns2.test.dom.

;; ADDITIONAL SECTION:
ns1.test.dom. 3600 IN A 10.10.10.1
ns2.test.dom. 54886 IN A 10.10.10.2

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 30 23:04:41 2009
;; MSG SIZE rcvd: 330

An example of using nslookup:

freebsd# nslookup
> test.dom
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: test.dom
Address: 10.10.10.1
>

In my opinion, using dig for diagnostics is more flexible, although those who know fully how to use nslookup will say the same about it. I also recommend a great DNS tuning guide.