DNS Server - HackMD

--- tags: dns --- # DNS Server [TOC] ## SOP > Env: FreeBSD 13 ### Beforehand - [Download bind 9.10 on Freebsd](http://blog.wulk.com.tw/freebsd-dns-server/) :::warning - In **FreeBSD 13**, the availible version for **bind** was **9.16**, so you should install it by typing: ```shell= pkg install bind916 ``` ::: - Enable DNS service - `/etc/rc.conf`, add: ``` named_enable="YES" named_flags="-u bind" ``` > Daemon's path: `/usr/local/etc/rc.d/named` ### Config file - Master:`/usr/local/etc/namedb/named.conf` > In `options{}`, set `directory` to `/usr/local/etc/namedb/working` ``` zone "phoebe.ncnu.org" IN { type master; file "db.phoebe.ncnu.org"; }; zone "22.21.10.in-addr.arpa" IN { type master; file "db.22.21.10"; }; ``` - Example of **Glue & Authorization** from Solomon ``` dns.phoebe A 10.21.22.12 phoebe NS dns.phoebe ``` ### Zone file - **Forward** Lookup: > file would be under `/usr/local/etc/namedb/working` ``` $TTL 86400 @ IN SOA dns.phoebe.ncnu.org. root.localhost. ( 11 ; serial 600 ; refresh 86400 ; retry 2419200; expire 360) ; negative cache ttl @ IN NS dns.phoebe.ncnu.org. dns IN A 10.21.22.12 ``` - **Reverse** Lookup: > file would be under `/usr/local/etc/namedb/working` ``` $TTL 86400 @ IN SOA dns.phoebe.ncnu.org. root.localhost. ( 11 ; serial 600 ; refresh 86400 ; retry 2419200; expire 360) ; negative cache ttl @ IN NS dns.phoebe.ncnu.org. 12 IN PTR dns.phoebe.ncnu.org. ``` ### Command - Check configuration ```shell= named-checkconf named.conf ``` - Check zone file ```shell= named-checkzone <zone_name> <zone_file> ``` - Manually start DNS server ```shell= named -u bind service named restart ``` - Check if you can find yourself ```shell= host -v phoebe.ncnu.org localhost host -v phoebe.ncnu.org 10.21.22.12 ``` ## Reference ### Official - [rfc 1035 - DOMAIN NAMES](https://datatracker.ietf.org/doc/html/rfc1035) ### Articles - [DNS運作原理](http://dns-learning.twnic.net.tw/dns/03opDNS.html) - [實作範例1](http://mail.lsps.tp.edu.tw/~gsyan/freebsd2001/dns.html) - [實作範例2](https://lab409.chem.ccu.edu.tw/~yach932/DNS_Server.htm) - [ipfw setting](https://www.cyberciti.biz/faq/howto-setup-freebsd-ipfw-firewall/) $cmd 020 allow tcp from any to any established ```= $TTL 86400 @ IN SOA dns.pearl.ncnu.org. root.localhost. ( 2032010701 ; serial 600 ; refresh 86400 ; retry 2419200; expire 360) ; negative cache ttl @ IN NS dns.pearl.ncnu.org. dns IN A 163.22.22.65 iperf IN A 163.22.22.61 ds920p IN A 10.22.149.6 dns.phoebe IN A 10.22.20.170 phoebe IN NS dns.phoebe ```