DNS With BIND9
mate, It's always a DNS issue, event after you configure everything correctly wait for the refresh time
DNS
First of all, let’s install bind9
sudo apt install bind9
Then go the bind9 directory:
cd /etc/bind9
touk@k8snode:/etc/bind$ ls
bind.keys db.127 db.255 db.local named.conf.default-zones named.conf.options zones.rfc1918
db.0 db.empty named.conf named.conf.local rndc.key
Now, let’s confgiure the file called ‘named.conf.options’:
sudo vim /etc/bind9/named.conf.options
the following output is the content of file:
acl trusted-hosts {
localhost;
localnets;
192.168.1.0/24;
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See <http://www.kb.cert.org/vuls/id/800113>
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.1.1.1;
8.8.8.8;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See <https://www.isc.org/bind-keys>
//========================================================================
dnssec-validation auto;
listen-on port 53 { 127.0.0.1; 192.168.1.9; };
listen-on-v6 { any; };
allow-query { trusted-hosts; };
allow-transfer { none; };
recursion yes;
allow-recursion { trusted-hosts; };
};
Now, let’s create a zone :
💡 For simplicity you can get the zone template config file like this
sudo cp db.local homelab.lan.zone
let’s see my config file:
;
; BIND data file for homelab.lan zone
;
$TTL 604800
@ IN SOA ns1.homelab.lan. admin.homelab.lan. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.homelab.lan.
ns1 IN A 192.168.1.9
; -- Add dns records
web IN A 192.168.1.12
centos IN A 192.168.1.16
Now BIND9 don’t know about this zone, so we need to declare it in a special file:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "homelab.lan" IN {
type master;
file "/etc/bind/homelab.lan.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/db.192.168.1";
};
And as you can see we have another zone which is for recursive lookup and that’s why we need to create a file for it :
for simplicity purpose, i follow this naming methode:
sudo cp db.127 db.192.168.1
Note: just like the we did before, we get the temlate from another file then we make our configuration
Let’s take a look at the content of db.192.168.1
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.homelab.lan. admin.homelab.lan. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.homelab.lan.
9 IN PTR ns1.homelab.lan.
12 IN PTR web.homelab.lan.
16 IN PTR centos.homelab.lan.
Reload bind9 with zero downtime:
sudo rndc reconfig
sudo rndc reload <reverse lookup zone file-name>
Now it depends if the NetworkManager or resolved is the on controlling the network configuration
In my case both are running which means, the NetworkMnager is responsible now And for that you have to change your DNS IP:
if it is resolved =⇒ sudo vim /etc/systemd/resolved.conf
If it is NetworkManager =⇒ You have to use the nmcli, check on this page