posted Oct 24, 2015, 1:36 PM by Joshua S
[
updated Nov 10, 2015, 7:39 AM
]
This tutorial will work to implement a DNS server on the RaspberryPi. This allows us to use naming (raspberrypi.domain.lan, etc.) to connect to or reference networked components. It is the first step in moving network control and centralized authentication on the RaspberryPis.
I won't go into an in-depth explanation of how networking and the internet works, but when you visit a website or connect to a computer, your computer communicates using the IP address -- a four part numerical ID. The IP address of our RaspberryPi below is 192.168.84.248. DNS, or Domain Name System, allows us to use words to form an address which is easier for people to work with. For example, instead of typing in 192.168.84.248 each time we connect to the pi, we simply need to type in ProfessorX (or in a fully qualified sense ProfessorX.AcademicDabbling.Com) this is much easier for a person to understand. To give credit where credit is due -- this project is based on the project over at DuckyPond where I've learned quite a lot.
With any of the Dabbles on this site, if you have questions, suggestions, or thoughts, please feel free to send me an eMail (I'm still working to figure out how to enable comments on Google Sites -- suggestions would be appreciated)!
- RaspberryPi – The actual RaspberryPi hardware this will all be built around. In this tutorial, a Raspberry Pi 2 is used and has a memory card with the Raspbian operating system pre-installed.
- PuTTY SSH Client – PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. Other SSH tools can be used, but this tutorial will leverage PuTTY.
Prerequisites: - Install Raspbian on a memory card for the Raspberry Pi – for a tutorial to do this, try:
- Configure Raspbian so the basic setup is complete. For a tutorial to do this, try:
- Shrink the Raspbian operating system to remove unused components thus increasing efficiency and decreasing the attack surface. For a tutorial to do this, try:
- Update Raspbian to the latest software versions. This should be periodically and prior to making any changes to the RaspberryPi. For a tutorial to do this, try:
Project: - I know I said this guide was going to be comprehensive and not skip any steps, so what better way to start this off than by skipping steps. I am not writing out instructions for the following (and illustrating from XKCD):
- Buying a MicroSD Card
- Buying a RaspberryPi
- Finding the IP Address of your Pi
- This can be done in many ways, including on your router or using an IP scanner such as (AngryIP Scanner or NMAP) -- if there are requests from the "Contact Me" form; I'll look to create a tutorial for this.
- Obtaining and installing PuTTY
- Using PuTTY (or the SSH client of your choice) enter the IP Address or DNS Name of the RaspberryPi.
- If this is the first time you connect, you will get a warning that the RaspberryPi's host key is unknown. Click "Accept" or "Connect Once" to proceed with the connection.
- Once connected, log onto the Pi using the credentials you created. If you have not defined your own credentials, you should, but these are the default credentials:
- UserID: pi
- Password: raspberry
- OK, good! Now that we are connected, let's install PowerDNS:
sudo apt-get -y install pdns-server
- pdns-server – The server component portion of the PowerDNS deployment.
- Let's restart, then we can start working on configuration. Once we restart we'll need to sign back in.
- To configure the DNS server, we first need to edit /etc/powerdns/pdns.conf file using nano and update the following lines. A full example of this file is attached at the bottom of this lesson for reference.
sudo nano /etc/powerdns/pdns.conf
allow-recursion=127.0.0.1,192.168.84.0/24
- This defines the subnets that can be "recursed" when the DNS server processes the queries. Note, we've added the local subnet -- in this example 192.168.84.0/24, but you need to map that to your local subnet. In many cases this will be 192.168.0.0/24 or 192.168.1.0/24.
- This defines if zonetransfers are permitted from the DNS server. In this case, we want disable zone transfers.
- This defines the local IP address to bind the DNS server. We can keep the default setting, but need to enable the configuration.
- This defines the local port used for DNS queries. Port 53 is the default port for DNS, but we need to enable the configuration.
- This configuration is optional, but will result in the generation of additional detailed logs. If you plan to / already have implemented a centralized syslog, consider turning this on to capture valuable information about DNS queries made on your network. If you have not enabled a centralized syslog, consider that this will increase the volume of logs and will raise the risk of corrupting the storage card supporting the RaspberryPi.
- This configuration is optional, but will result in the generation of additional detailed query logs. If you plan to / already have implemented a centralized syslog, consider turning this on to capture valuable information about queries made on your network. If you have not enabled a centralized syslog, consider that this will increase the volume of logs and will raise the risk of corrupting the storage card supporting the RaspberryPi.
- This enables recursion of DNS queries. Essentially, if your local DNS does not have information around the requested domain name, it will pass the query to another service. In this example we use Google DNS, but many third party DNS services exist. Another good option to consider is OpenDNS which offers advanced management capabilities for a fee or basic recursion for free. XKCD also has a nice commentary about Google DNS, so I thought I'd share.
- This defines the controlsocket location.
- This defines the PowerDNS version to be noted in packets. For added security, consider moving this to anonymous mode.
- Save the work you've done to the configuration file.
- With the PowerDNS service configured, it's time to restart the PowerDNS service:
sudo service pdns restart
- Now, install the DNS Utilities to help manage PowerDNS:
sudo apt-get install dnsutils
- dnsutils – This package delivers various client programs related to DNS that are derived from the BIND source tree.
- Test the PowerDNS setup by running NSLookup against it for Google. Note, the localhost argument forces sends the nslookup request against the raspberry pi. You should expect to see several results of IP Addresses for google.com.
nslookup google.com localhost
- The basic installation and configuration are now complete, but we need to configure our DNS server if we want it to route results appropriately. We must first define a zone -- think of a zone as all of the configurations needed for a given domain. For example, our zone will be AcademicDabbling.Com, but there may be addresses like Pi.AcademicDabbling.Com or Router.AcademicDabbling.Com configured within that zone. In place of AcademicDabbling.Com, you should put the desired domain. Note, you do not need to actually manage the domain used -- in fact, often top level domains (TLDs) such as .lan or .home are used as they are not currently used in internet addressing. We'll begin by creating the /etc/powerdns/bindbackend.conf file using nano and inserting the following lines. A full example of this file is attached at the bottom of this lesson for reference.
sudo nano /etc/powerdns/bindbackend.conf
zone "academicdabbling.com"
type master;
file "/etc/powerdns/bind/academicdabbling.com.zone";
- Save the work you've done to the configuration file.
- In the previous step, we referenced the file /etc/powerdns/bind/academicdabbling.com.zone. We need to use the following commands to create the containing directory.
sudo mkdir /etc/powerdns/bind
- With the directory created, we need to create and configure the zone file at /etc/powerdns/bind/academicdabbling.com.zone. We'll create the /etc/powerdns/bind/academicdabbling.com.zone file using nano and insert the following lines. Note, in this example, 192.168.84.248 is the static IP address assigned to the Pi (this needs to be configured at your router or DHCP server). A full example of this file is attached at the bottom of this lesson for reference.
sudo nano academicdabbling.com.zone
$ORIGIN academicdabbling.com ; base for unqualified names
$TTL 1h ; default time-to-live
@ IN SOA ns.academicdabbling.com hostmaster.academicdabbling.com (
1; serial
1d; refresh
2h; retry
4w; expire
1h; minimal time-to-live
)
IN NS ns
IN A 192.168.84.248
IN A 192.168.84.1
ProfessorX IN A 192.168.84.248
ns IN CNAME ProfessorX
- The first record is the SOA (Start of Authority) which tells DNS which server to use as the main source for the zone and how it should propogate. Note, on many browsers this wraps to two lines, but is in fact only one.
- The next record is the NS (Name Server) which points to our Authoritative DNS server for the zone -- our RaspberryPi.
- The next records are the A records. The first is for the zone itself while the second is for the gateway. Essentially, the first means AcademicDabbling.Com will point to 192.168.84.158 while the second directs requests to the gateway (probably your router) at 192.168.84.1. The third record establishes that the server at 192.168.84.158 is known as ProfessorX by DNS while the final record points ns.AcademicDabbling.Com to whatever computer resolves in DNS as ProfessorX.
- Each time this file is updated, we will need to restart the DNS service.
- With the service restarted, let's check the config by using nslookup. Note, the command specifies we are looking up academicdabbling.com (defined in our DNS server) and forcing the query against the localhost.
nslookup academicdabbling.com localhost
- Note, the above successful results show the query was run locally (127.0.0.1) and returned both the IP address of academicdabbling.com (192.168.84.248) and the gateway (192.168.84.1).
- Congratulations! Your DNS Server is now installed and ready to go! If you need to add additional records, simply edit the zone file (/etc/powerdns/bind/academicdabbling.com.zone in this example), and add additional records to the end. Note -- DNS assigns names based upon IP addresses. It would be smart to assign static (unchanging) IP addresses to each machine you plan to assign a DNS name. This is done in your DHCP server which often runs on your router, or, in a later lesson, will be configured to run on a RaspberryPi!
|
 Updating... academicdabbling.com.zone (0k) Joshua S, Oct 24, 2015, 1:45 PM Joshua S, Oct 24, 2015, 1:47 PM Joshua S, Oct 24, 2015, 1:47 PM
|
