DNS-Server Installation
Source (Bind9 Installation): https://wiki.ubuntuusers.de/DNS-Server_Bind/
First we need to install bind9 by using this command:
Bind9 installation
$ sudo apt-get install bind9
$ sudo nano /etc/default/bind9
Change the line
OPTIONS="-u bind"
to
OPTIONS="-4 -u bind"
Create the following files:
/etc/bind/named.conf.local
include "/etc/bind/zones.rfc1918";
// ---***--- Own DynDNS
include "/etc/bind/ddns-keys.conf";
zone "codeblatz.xyz" IN {
type master;
file "/var/lib/bind/db.codeblatz.xyz";
allow-update { key "web01de.codeblatz.xyz.", 127.0.0.1; };
// for Apple OS X 10.8 "dynamic global hostname":
//allow-update { key mac.codeblatz.xyz; };
//update-policy {
//grant *.codeblatz.xyz. selfsub codeblatz.xyz. A AAAA TXT;
//grant *.d.example.com. self d.example.com. A AAAA TXT;
//grant sb.d.example.com. name sb.d.example.com. A AAAA TXT;
//grant sb.d.example.com. subdomain d.example.com.;
//};
notify yes;
};
zone "188.168.192.in-addr.arpa" IN {
type master;
file "/var/lib/bind/db.188.168.192";
};
/var/lib/bind/db.codeblatz.xyz
$TTL 3600
@ IN SOA dns01de.codeblatz.xyz. postmaster.codeblatz.xyz. (
2016082801 ; Serial
28800 ; Refresh
7200 ; Retry
604800 ; Expire
3600 ) ; Negative Cache TTL
IN NS dns01de.codeblatz.xyz.
IN MX 100 mail.codeblatz.xyz.
IN A 192.168.188.155
web01de IN A 192.168.188.155
www IN A 192.168.188.155
dns01de IN A 192.168.188.154
mail IN A 192.168.188.153
/etc/lib/bind/db.188.168.192
$TTL 3600
@ IN SOA dns01de.codeblatz.xyz. postmaster.codeblatz.xyz. (
2016082802 ; Serial
28800 ; Refresh
7200 ; Retry
604800 ; Expire
3600 ) ; Negative Cache TTL
@ IN NS dns01de.codeblatz.xyz.
155 IN PTR www.codeblatz.xyz.
154 IN PTR dns01de.codeblatz.xyz.
153 IN PTR mail.codeblatz.xyz.
/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
[IP of your Standard-Gateway];
8.8.8.8;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-transfer {[IPs of your slave DNS-Servers];};
};
NSUPDATE DOCUMENTATION
We choose web01de to be one of the servers that have rights to set DNS Records.
First we create a private/public keypair for authentication of web01de against dns01de
Private public keypair generation
$ sudo dnssec-keygen -r /dev/urandom -a HMAC-SHA512 -b 512 -n HOST web01de.codeblatz.xyz.
You will two files:
Kweb01de.codeblatz.xyz[...].key
Kweb01de.codeblatz.xyz[...].private
Now create the following file:
/etc/bind/ddns-keys.conf
key "web01de.codeblatz.xyz." {
algorithm HMAC-SHA512;
secret "[INSERT THE KEY FROM THE *.key FILE]";
};
Now copy the file "Kweb01de.codeblatz.xyz[...].private" to your server web01de
Now you can add, edit and delete records like this from your web01de server:
NSUPDATE EXECUTE
$ nsupdate -k Kweb01de.codeblatz.xyz[...].private -v < $ server dns01de.codeblatz.xyz
$ zone codeblatz.xyz
$ update delete andy.codeblatz.xyz A
$ update add andy.codeblatz.xyz 86400 A 91.112.219.XX
$ send
$ EOF
or run nsupdate from dns01de directly
(You need to specify 127.0.0.1 in allow-update to make it work)
NSUPDATE ON LOCAL SERVER
$ sudo nsupdate -l <
$ server dns01de.codeblatz.xyz
$ zone codeblatz.xyz
$ update delete andy.codeblatz.xyz A
$ update add andy.codeblatz.xyz 86400 A 91.112.219.XX
$ send
$ EOF
