Friday, September 30, 2016

how to setup a root dns server for hosting top level domain

*** setup information
- root dns server : tld: .test
                             ip : 192.168.202.242
- dns server1: domain: domain1.test
                     ip: 192.168.202.241
- dns server2: domain: domain2.test
                     ip: 192.168.202.2250


*** root dns server
1- install bind9
$ sudo apt-get install bind9

2-  configure bind9 to host two domain, domain1.test and domain2.test, so configure the follow file as below
-/etc/bind/named.conf.default-zones
zone "." {
    type hint;
    file "/etc/bind/db.root";
};
zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "test" {
    type master;
    file "/etc/bind/db.test";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};


-/etc/bind/db.test
$TTL    604800
$ORIGIN test.
@    IN    SOA    ns1.test. root.test. (
                  2        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
@    IN    NS    ns1.test.
@    IN    A    192.168.202.242
ns1    IN    A    192.168.202.242

$ORIGIN domain1.test.
@             IN      NS     ns1.domain1.test.
ns1          IN      A      192.168.202.241 ; 'glue' record

$ORIGIN domain2.test.
@             IN      NS     ns1.domain2.test.
ns1          IN      A      192.168.202.250 ; 'glue' record


-/etc/bind/named.conf.options
options {
    directory "/var/cache/bind";
    allow-recursion { any; };
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};


3- after update all the file, it is finished for the rood dns, so just restart the bind service
 $ sudo /etc/init.d/bind9 restart


***dns server1

1- install bind9
$ sudo apt-get install bind9

2-  configure bind9 to host two domain, domain1.test and domain2.test, so configure the follow file as below
-/etc/bind/named.conf.default-zones
zone "." {
    type hint;
    file "/etc/bind/db.root";
};

zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "domain1.test" {
    type master;
    file "/etc/bind/db.domain1.test";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};


-/etc/bind/db.domain1.test
$TTL    604800
@    IN    SOA    ns1.domain1.test. root.domain1.test. (
                  2        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
@    IN    NS    ns1.domain1.test.
@    IN    A    192.168.202.241
www    IN    A    192.168.202.241
ns1    IN    A    192.168.202.241


-/etc/bind/named.conf.options
options {
    directory "/var/cache/bind";
    allow-recursion { any; };
    allow-query { any; };
    allow-query-cache { any; };
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};


-/etc/bind/db.root
.                        3600000      NS    A.ROOT.TEST.
A.ROOT.TEST.      3600000      A     192.168.202.242


3- after update all the file, it is finished for the dns server1, so just restart the bind service
 $ sudo /etc/init.d/bind9 restart


***dns server2

1- install bind9
$ sudo apt-get install bind9

2-  configure bind9 to host two domain, domain1.test and domain2.test, so configure the follow file as below
-/etc/bind/named.conf.default-zones
zone "." {
    type hint;
    file "/etc/bind/db.root";
};

zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "domain2.test" {
    type master;
    file "/etc/bind/db.domain1.test";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};


-/etc/bind/db.domain2.test
$TTL    604800
@    IN    SOA    ns1.domain2.test. root.domain2.test. (
                  2        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
@    IN    NS    ns1.domain2.test.
@    IN    A    192.168.202.241
www    IN    A    192.168.202.241
ns1    IN    A    192.168.202.241


-/etc/bind/named.conf.options
options {
    directory "/var/cache/bind";
    allow-recursion { any; };
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};


-/etc/bind/db.root
.                        3600000      NS    A.ROOT.TEST.
A.ROOT.TEST.      3600000      A     192.168.202.242


3- after update all the file, it is finished for the dns server2, so just restart the bind service
 $ sudo /etc/init.d/bind9 restart


*** testing
- using dig to resolve domain2.com from server1, and got the reply, all the configure above we did not use forwarder, the dns do the query base on the root hint file

- snapshot of  dig domain2.test @192.168.202.241



***tips
if you counter some problems, you can run bind in debug mode with below command
$ sudo named -g -d 7

and if you query request live below, so the systemd-timesyncd.service
client 127.0.0.1#59980 (ntp.ubuntu.com): error

to stop it use the following command
$  sudo systemctl stop systemd-timesyncd.service

No comments:

Post a Comment