linuxubuntudnsbind9

Configuring DNS Server (bind9) on Ubuntu for a single local host


I have an ubuntu host machine running a CentOS guest that is hosting a webserver.

The Ubuntu host/local machine is 172.29.15.1 (static) - hostname is sysengtest01

The CentOS guest is 172.29.15.7 (static) - hostname I would like to use is ixchariot-server to resolve this address (e.g. http://ixchariot-server/)

---------------                         ---------------                      ------------------------
-  Cent OS    -                         -   DHCP/Host -                      -  Clients             -
- 172.29.15.7 - -- vmnet0 (bridge) ---- - 172.29.15.1 - --- eno4 -- switch --- 172.29.14.1 - 254    -
- ixchariot-server                          DNS 8.8.8.8                         
---------------                         ---------------                      ------------------------

I have a DHCP server that is addressing various clients being attached, below is DHCP configuration if this is necessary:

subnet 172.29.14.0 netmask 255.255.254.0 {
    authoritative;

    max-lease-time 3600;
    option subnet-mask 255.255.254.0;
    option broadcast-address 172.29.15.254;
    option routers 172.29.15.0;
    option domain-name-servers 8.8.8.8;
    option domain-name "example.org";

    pool {
            range 172.29.14.1 172.29.14.254; # address range for dynamic
            # static reserve for 172.29.15.1 - 172.29.15.254
    }

    host Switch { # static ip for switch
            hardware ethernet 8c:3b:ad:35:61:0a;
            fixed-address 172.29.15.2;
    }

    host IxiaServer { # static ip for Ixia Server
            hardware ethernet 00:0C:29:29:C4:A5;
            fixed-address 172.29.15.7;
    }

    host eno4 { # static ip for eno4 interface
            hardware ethernet ac:1f:6b:60:56:61;
            fixed-address 172.29.15.1;
    }

    host eno3 { # static ip for eno3 interface
            hardware ethernet ac:1f:6b:60:56:60;
            fixed-address 172.29.15.5;
    }

}

What I would like to do is as clients attach redirect traffic from a hostname ixchariot-server to 172.29.15.7 (the actual webserver). I figure the best mechanism to do this would be to set up a local DNS server but I am failing to configure bind9 correctly I believe...

Below is my named.conf.local:

zone "example.org" {
        type master;
        file "/etc/bind/zones/db.example.org";
//      allow-transfer { localhost };
};

and my named.conf.options:

options {
        directory "/var/cache/bind";

//      recursion yes;
//      allow-recursion { trusted; };
//      listen-on { localhost; };
//      allow-transfer { none; };


        forwarders {
                8.8.8.8;
        //        8.8.4.4;
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

and lastly, here is my db.example.org file under /etc/bind/zones:

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     sysengtest01.example.org. syseng.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

;
@       IN      NS      sysengtest01.example.org.
@       IN      A       127.0.0.1
@       IN      AAAA    ::1

; record addresses
ixchariot-server        IN      A       172.29.15.7

However, ixchariot-server is not able to be resolved on my clients, so it doesn't seem like the DNS is properly either listening to request, providing the address or some other like this.

It seems like the service is running, just unsure if this error may be the reason why?

syseng@sysengTest01:/etc/bind/zones$ service bind9 status
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
           └─50-insserv.conf-$named.conf
   Active: active (running) since Mon 2018-04-09 10:40:44 PDT; 2min 5s ago
     Docs: man:named(8)
  Process: 18734 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
 Main PID: 18740 (named)
   CGroup: /system.slice/bind9.service
           └─18740 /usr/sbin/named -f -4 -u bind

Apr 09 10:40:44 sysengTest01 named[18740]: managed-keys-zone: journal file is out of date: removing journal file
Apr 09 10:40:44 sysengTest01 named[18740]: managed-keys-zone: loaded serial 18
Apr 09 10:40:44 sysengTest01 named[18740]: zone 0.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: zone localhost/IN: loaded serial 2
**Apr 09 10:40:44 sysengTest01 named[18740]: zone example.org/IN: NS 'sysengtest01.example.org' has no address records (A or AAAA)
Apr 09 10:40:44 sysengTest01 named[18740]: zone example.org/IN: not loaded due to errors.**
Apr 09 10:40:44 sysengTest01 named[18740]: zone 127.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: zone 255.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: all zones loaded
Apr 09 10:40:44 sysengTest01 named[18740]: running

Solution

  • Your SOA record in the zone file should refer to the domain example.org, thus:

    ;
    ; BIND data file for local loopback interface  
    ;
    $TTL    604800
    @       IN      SOA     example.org. syseng.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
    
    ;
    @       IN      NS      sysengtest01.example.org.
    @       IN      A       127.0.0.1
    @       IN      AAAA    ::1
    
    ; record addresses
    sysengtest01            IN      A       172.29.15.1
    ixchariot-server        IN      A       172.29.15.7
    

    Do you really want example.org to resolve to 127.0.0.1 though? That seems wrong. You can directly test the DNS with the dig tool by the way.

    Also your named.conf.options needs to allow recursive queries from your clients. Thus:

    acl trusted { 172.29.14.0/24; };
    

    and in the options section:

          recursion yes;
          allow-recursion { trusted; };
    

    More on DNS caching and forwarding at Digital Ocean. I would recommend testing first on the DNS server with e.g. dig @172.29.15.1 -t A ixchariot-server.example.org. to check that the DNS resolves and then dig @172.29.15.1 -t any www.google.com to check that recursive queries work before testing from the clients.