posted Nov 12, 2014, 6:59 PM by Joshua (Admin)
[
updated Dec 7, 2014, 12:07 PM by Joshua S
]
This post demonstrates how to build a DNS server using PowerDNS. Ultimately, this server will become the "authorization and authentication" server, but let's start by installing and configuring DNS.
I won't go into an in-depth explanation of how networking and the internet works, but when you visit a website or connect to a computer, your computer communicates using the IP address -- a four part numerical ID. The IP address of our RaspberryPi below is 192.168.84.158. DNS, or Domain Name System, allows us to use words to form an address which is easier for people to work with. For example, instead of typing in 192.168.84.158 each time we connect to the pi, we simply need to type in ProfessorX (or in a fully qualified sense ProfessorX.AcademicDabbling.Com) this is much easier for a person to understand. To give credit where credit is due -- this project is based on the project over at DuckyPond where I've learned quite a lot.
This is the second project of the series and several others assume this is in place and integrated into the template (see the template projects) in order to work.
Most of these projects can be performed in any order, but if you follow the order outlined here it will all definitely work. I've found a number of guides to help me, but many have partial documentation, skip key steps, etc. The goal is to build out a guide with everything you need to complete each step, but let me know if I miss something or it isn't clear.
For each template and initial setup, I used an 8GB memory card. With the B+, the image you back up will be the full size of the card whether you expand the file system or not. For the actual projects, I use a mix of card sizes -- generally 32GB, but I like my templates and initial setup configs to be 8GB to reduce the storage size of my backups.
Supply List: - MicroSD Card – A digital memory card, initially designed for media (think a camera) but which will serve as the hard drive for the RaspberryPi. All tutorials will focus on the 8GB size, but you can easily use this process for a larger format also. This should be pre-loaded with the template image created in the previous project (template step 01).
- PuTTY – A free SSH client which is excellent for working at the command line. I know, I know, no one loves the Command Line any more, but the more you use the RaspberryPi the more you will quickly learn that CommandLine > GUI.
- RaspberryPi B+ – The actual RaspberryPi hardware this will all be built around.
- Win32 Disk Imager – A Free Open Source Software (FOSS) utility to write of image (.IMG) files to various flash card media (SD, MicroSD, etc.). Download the software from the website.
Project: - Write the template file, created in the previous tutorial, to the SD Card and load it into the RaspberryPi.
- Using PuTTY (or whatever SSH client you prefer) connect to the IP address of the RaspberryPi. You should know this from the previous step (192.168.84.158 in this example), but if you do not, follow the steps at the beginning of the first lesson which show how to use AngryIP scanner to locate the IP address.
- Once connected, log onto the Pi using:
- UserID: pi
- Password: raspberry
- Now let's update the software currently loaded. There are several ways to do this, but if we issue the dist-upgrade command it will intelligently add software, update packages, and remove unneeded packages.
- sudo apt-get -y dist-upgrade
- Finally, let's upgrade the Pi Kernel:
- Let's reboot now that the upgrades are complete:
- OK, good! Now that everything is updated, let's install PowerDNS:
- sudo apt-get -y install pdns-server
- pdns-server – The server component portion of the PowerDNS deployment.
- Let's restart, then we can start working on configuration.
- DNS Servers are set up with "recursors". This allows DNS Servers to handle requests which they do not have defined locally. In this case, we will use the Google PublicDNS service at 8.8.8.8 by using the sed command which basically does a find and replace on the commands entered. See the linked documentation for more details. Note, I used 192.168.84.0, but you should use the range relative to your configuration.
- sudo sed -i 's/# recursor=/recursor=8.8.8.8/g' /etc/powerdns/pdns.conf
- sudo sed -i 's/allow-recursion=127.0.0.1/allow-recursion=127.0.0.1,192.168.84.0\/24/g' /etc/powerdns/pdns.conf
- With the recursor configured, it's time to restart the PowerDNS service:
- sudo service pdns restart
- Now, install the DNS Utilities to help manage PowerDNS:
- sudo apt-get install dnsutils
- Test the PowerDNS setup by running NSLookup against it for Google. Note, the localhost argument forces sends the nslookup request against the raspberry pi. You should expect to see several results of IP Addresses for google.com.
- nslookup google.com localhost
- The basic installation and configuration are now complete, but we need to configure our DNS server if we want it to route results appropriately. We must first create a zone -- think of a zone as all of the configurations needed for a given domain. For example, our zone will be AcademicDabbling.Com, but there may be addresses like Pi.AcademicDabbling.Com or Router.AcademicDabbling.Com configured within that zone. We'll begin by editing the /etc/powerdns/bindbackend.conf file using nano:
- sudo nano /etc/powerdns/bindbackend.conf
- Edit the bindbackend.conf file until it looks like the following. An example file is available uploaded at the bottom of this dabble. In place of AcademicDabbling.Com, you should put the desired domain. Note, you do not need to actually manage the domain used -- in fact, often top level domains (TLDs) such as .lan or .home are used as they are not currently used in internet addressing.
- In the previous step, we referenced the file /etc/powerdns/bind/academicdabbling.com.zone. We need to use the following commands to first create that directory, next navigate into it, and then create the file.
- sudo mkdir bind
- cd bind
- sudo nano academicdabbling.com.zone
- Now let's configure the zone file. The screen shown here is included below as an attachment. Note, 192.168.84.150, in this example, is the static IP address assigned to the Pi (this needs to be configured at your router or DHCP server).
- The first record is the SOA (Start of Authority) which tells DNS which server to use as the main source for the zone and how it should propogate. Note, the image cuts off, but this line reads:
- "@ IN SOA ns.academicdabbling.com hostmaster.academicdabbling.com ("
- The next record is the NS (Name Server) which points to our Authoritative DNS server for the zone -- our RaspberryPi.
- The next records are the A records. The first is for the zone itself while the second is for the gateway. Essentially, the first means AcademicDabbling.Com will point to 192.168.84.158 while the second directs requests to the gateway at 192.168.84.1. The third record establishes that the server at 192.168.84.158 is known as ProfessorX by DNS while the final record points ns.AcademicDabbling.Com to whatever computer resolves in DNS as ProfessorX.
- Each time this file is updated, we will need to restart the DNS service. Let's start by restarting the service, then checking the config by using nslookup.
- Power off the RaspberryPi and pull out the MicroSD card. Insert it into your computer's card reader and run Win32 Disk Imager. Create a new image file you name as your backup for the ProfessorX image and select the "Read" button. Note, several more components will be added to the ProfessorX image before it is complete.
- Congratulations! Your DNS Server is now installed and ready to go! If you need to add additional records, simply edit the zone file (/etc/powerdns/bind/academicdabbling.com.zone in this example), and add additional records to the end. Note -- DNS assigns names based upon IP addresses. It would be smart to assign static (unchanging) IP addresses to each machine you plan to assign a DNS name. This is done in your DHCP server which often runs on your router.
|
 Updating... academicdabbling.com.zone (0k) Joshua S, Nov 19, 2014, 3:56 PM Joshua S, Nov 19, 2014, 4:00 PM
|
