Differences

This shows you the differences between two versions of the page.

--- linux_wiki:configure_a_caching-only_name_server [2018/04/10 23:19]
billdozor [DNS Caching Server: Bind]
+++ linux_wiki:configure_a_caching-only_name_server [2019/05/25 23:50] (current)
@@ Line 14: / Line 14: @@
   * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here
   * server2.example.com (192.168.1.151) -> Install DNS caching here
+  * ipa.example.com (192.168.1.152) -> DNS Server Here installed with FreeIPA
 ----
@@ Line 20: / Line 21: @@
 Installing and configuring the unbound DNS caching only server.
+  * **Advantages**: All config you need is included.
+  * **Disadvantage**: Need to remember which ones to uncomment and modify, need to remember to run unbound-control-setup, very long config file.
 \\
-Install required packages
+server2: Install required packages
 <code bash>
 yum install unbound
@@ Line 28: / Line 32: @@
 \\
-Enable the service
+server2: Enable the service
 <code bash>
 systemctl enable unbound
@@ Line 34: / Line 38: @@
 \\
-Open the firewall
+server2: Open the firewall
 <code bash>
 firewall-cmd --permanent --add-service=dns
@@ Line 41: / Line 45: @@
 \\
-Prevent errors about server-keys not existing
+server2: Prevent errors about server-keys not existing
 <code bash>
 unbound-control-setup
@@ Line 47: / Line 51: @@
 \\
-Configure to accept on any interface and allow from certain networks
+Unbound has almost all config commented out by default. Uncomment and modify items.
 <code bash>
 vim /etc/unbound/unbound.conf
+## Listen on all interfaces
+# uncomment/modify near config line 30
 interface: 0.0.0.0
+## Allow queries from local networks
+# uncomment/modify near config line 180
 access-control: 192.168.1.0/24 allow
-</code>
-\\
+## Disable dns-sec for local domain
-Configure a fowarder (DNS server that should receive requests the caching server doesn't know)
+# uncomment/modify near config line 375
-<code bash>
+domain-insecure: "example.com"
-vim /etc/unbound/unbound.conf
+## Configure forward zone
+# uncomment/modify near config line 550
 forward-zone:
   name: "."
@@ Line 66: / Line 75: @@
 \\
-Unbound requires DNSSEC validation by default. Disable for internal DNS that do not have this setup
+server2: Verify configuration
-<code bash>
-vim /etc/unbound/unbound.conf
-domain-insecure: "example.com"
-</code>
-\\
-Verify configuration
 <code bash>
 unbound-checkconf
@@ Line 80: / Line 81: @@
 \\
-Start the unbound service
+server2: Start the unbound service
 <code bash>
 systemctl start unbound
@@ Line 86: / Line 87: @@
 \\
-Configure a different system to use the DNS caching server
+**Client Testing**
+server1: Configure a different system to use the DNS caching server
 <code bash>
 nmcli con mod eth0 ipv4.dns 192.168.1.151
@@ Line 92: / Line 95: @@
 \\
-Test a DNS lookup
+server1: Test a ping and DNS lookup
 <code bash>
-dig server3.example.com
+ping ipa
+dig ipa.example.com
 </code>
@@ Line 102: / Line 106: @@
 Installing and configuring the bind DNS caching only server.
+  * **Advantages**: Much smaller config file, everything you need except 1 config part is uncommented (just modify)
+  * **Disadvantages**: Need to memorize how to create a forward zone
 \\
@@ Line 142: / Line 149: @@
 zone "example.com" IN {
   type forward;
-  forwarders { 192.168.1.200; };
+  forwarders { 192.168.1.152; };
 };
 </code>
@@ Line 151: / Line 158: @@
     * "example.com" -> local domain
     * type forward;  -> act as a forwarder for these zone lookups
-    * forwarders { 192.168.1.200; };  -> forward to this DNS entry
+    * forwarders { 192.168.1.152; };  -> forward to this DNS entry
 \\
@@ Line 167: / Line 174: @@
 \\
-Test a domain lookup
+**Client Testing**
+server1: Configure a different system to use the DNS caching server
 <code bash>
-nslookup google.com 127.0.0.1
+nmcli con mod eth0 ipv4.dns 192.168.1.151
+</code>
-OR
+\\
+server1: Test a ping and DNS lookup
-dig @127.0.0.1 google.com
+<code bash>
+ping ipa
+dig ipa.example.com
 </code>
 ----