Internal DNS BIND Server Built!

I started this blog on May 8, 2013 with the hopes of sharing some of my I.S. “tinkering”. I’m fully intent on keeping my I.T. skills sharp so I can continue to be relevant in the classroom for Information Systems majors. One of the items on my list was to build an internal DNS server. If there’s anything that is slightly frustrating about a home network, it’s that you usually have to reference your internal devices with their IP Address (192.168.x.x usually). DNS works great for us on the Internet and is a whole lot easier than remembering IP Addresses. However, if your home network expands beyond a router and you have a file server, networked printer, etc., having DNS available to you on your home network can be rather convenient.

To Start

I started by taking an older HP nc6400 laptop with 1.5gb of RAM and installed openSUSE 11.4. 11.4 is an older Linux release, but it was the media I had on hand and Comcast was not being gracious to my download speeds the other night. I went through a typical install. In order to save on memory consumption, I  did a minimal server (text only) install and made sure to set the RunLevel to 3. For running network services like this, there is no reason to have a GUI. Besides, command line is all you really need to survive 🙂

After the install, I loaded up Yast2, configured the network interfaces and then ran all the software updates that were available. I also needed to get some basic tools that don’t install by default with the operating system like vim.

yast2 -i findutils readline libgcc glibc-devel findutils-locate gcc flex lynx compat-readline4 db-devel wget gcc-c++ make vim telnet cron iptables iputils man man-pages sudo

Then, it was time to install BIND so I could get DNS up and running:

yast2 -i bind bind-chrootenv bind-devel bind-utils

Added to system startup so I didn’t have to start the service when the server rebooted.

chkconfig –add named
/etc/init.d/named start

I have to credit the following site for getting me started.

Configuring BIND

I had co-administered nameservers in my previous role, but I never had to get one going from scratch. This, naturally, didn’t come without a few hiccups. There are several resources online that can help you get this going. After you have BIND installed via the previous steps, you need to configure your /etc/named.conf file. Here are the spots I changed/tweaked from the default.

I set the forwarding DNS servers to the public Google DNS servers. I have much more faith in their 
ability to resolve addresses as opposed to Comcast. Plus, Google has a shorter cache timeout, which means that if an address changes on the web, it will get picked up quicker by Google than Comcast.

forwarders { 8.8.8.8; 8.8.4.4; };

Next, I need to setup zone files for both internal DNS lookups and reverse DNS lookups. For example, I want 192.168.0.1 to resolve to router.somedomain.com and for the reverse, I want router.somedomain.com to resolve to 192.168.0.1.

zone “somedomain.com” IN {
                allow-transfer { any; };
                allow-query { 192.168.0.0/24; };
                type master;
                file “master/somedomain.com”;
        };

zone “0.168.192.in-addr.arpa” IN {
                allow-transfer { any; };
                allow-query { 192.168.0.0/24; };
                type master;
                file “master/0.168.192.in-addr.arpa”;

        };

Then, it was time to configure the zone files as mentioned in named.conf. In openSUSE, the zone files are stored in /var/lib/named. I first created my somedomain.com file in /var/lib/named/master:
$TTL 7200
@ IN SOA        dns.somedomain.com        root.localhost. (
                2013052702      ; serial
                28800           ; refresh, seconds
                7200            ; retry, seconds
                604800          ; expiry, seconds
                86400 )         ; minimum, seconds

somedomain.com. IN NS           dns.somedomain.com.

localhost       IN A            127.0.0.1
router          IN A            192.168.0.1
gateway         IN CNAME        router
To start with, I wanted to be able to resolve the router IP address and create an alias. The A record establishes the forward DNS lookup and the CNAME is an alias referencing router.

Then, I created my reverse lookup file 0.168.192.in-addr.arpa in /var/lib/named/master:

$TTL 86400
@ IN SOA        dns.somedomain.com.       root.somedomain.com. (
                2013052901      ; serial
                28800           ; refresh, seconds
                7200            ; retry, seconds
                604800          ; expiry, seconds
                86400 )         ; minumum, seconds
                IN NS   dns.somedomain.com.
1               IN PTR  router.somedomain.com.
The 1 in the last line references the last octet of the IP address for the reverse lookup. So, 192.168.0.1 resolves to router.somedomain.com.

Implementation

When finished, I restarted the BIND service from the command prompt:
# service named restart
To do some testing to make sure things worked, I used the dig and host commands to check my work.
# dig router.somedomain.com
# host router.somedomain.com
# dig 192.168.0.1
These commands should spit back results that indicate that your DNS entries correspond with the right domain and vice-versa.

The last step was to change the configuration on my router to reference the new internal DNS server so all devices on my home network could utilize the new DNS service. Ideally, you should have 2 internal DNS servers in case one fails. Down the road, I may bring up BIND on a separate box for fault tolerance. In the meantime, I made my internal DNS server the primary DNS and Google’s 8.8.8.8 the secondary. 

After rebooting the router, I opened up a command window on one of my windows clients and issued the flushdns command. This cleared the local DNS cache so all new addresses would be pulled from the server.
ipconfig /flushdns
I then tried a few simple ping and nslookup commands to make sure things were working locally:
ping router.somedomain.com
nslookup 192.168.0.1

In Closing

All is working and now I can go back and edit my host files to include other static IP addresses I want internal DNS addresses for like printers, file servers, Nintendo WII, etc. At the end of the day, it was a fun tinker. That’s what I was looking for in the end. I’m curious now to see how feasible this is to deploy to students in a lab format so they can tinker as well. From my perspective, it teaches fundamentals on how to install and configure a server in addition to picking up network fundamentals at the same time. We’ll see if this one has viability down the road. 

Thanks to the following resources:

I used the following to assist me with configuring my BIND server.


Still Recovering Broken Computers

Several years ago in college, 2 of my best friends and I started an IT consulting company to help small businesses with technology. This ranged from desktop and network support to web design. A fair number of the calls ended up in some sort of “my computer is broke, can you help.” In an age when Geek Squad didn’t exist, we were the best house call you could get. When we dissolved our company 5 or 6 years ago (because we also had day jobs), I thought I was done “fixing” computers. However, I forgot there was still one part of the population I would always be obligated to… family.

This weekend, I hit my second family “computer problem” in the last 2 months. The first one was a fried motherboard and involved me assisting in the purchase of a new computer. The latter, I am in the process (as I blog) of retrieving data off of the hard drive as the BIOS isn’t recognizing it at boot for some reason. So, rather than throw caution to the wind, let’s back up some data before proceeding. If you have a lot of family members or friends calling you about computer problems (and you have a hard time saying “No”), do yourself a favor and invest in an adapter that goes from USB to SATA/IDE for both 2.5″ and 3.5″ hard drives. I purchased this model from Amazon last year and have had good success: Vantec CB-ISATAU2 SATA/IDE to USB 2.0 Adapter Supports 2.5-Inch, 3.5-Inch, 5.25-Inch Hard Disk Drives It’s pretty straightforward…

  • Remove hard drive from affected machine.
  • Choose appropriate SATA or IDE adapter for your 3.5″ or 2.5″ hard drive.
  • Plug USB end into your good laptop, desktop, etc.
  • Your machine should recognize the new device and quickly install the appropriate drivers.
  • Then, you have access to that hard drive just like it’s a giant thumb drive.
  • I usually go through and copy My Documents, and any Favorites, Desktop icons, etc. in addition to any specialty program data that may be in other folders.
  • If you have someplace else to store your data rather than your own machine, I highly recommend it.
  • To protect you and your customer (user), always purge the data you have backed up after you have completed your service.

Now, you’ve at least done your due diligence and backed up their data before you embark on fixing their machine.

I’m now in “live mode” with this blog as I troubleshoot

As for me, the data is backed up and I’m now it’s back to troubleshooting why the drive isn’t recognizable by the BIOS. I was able to read the data just fine when I backed it up, so I’m fairly certain nothing is wrong with the drive itself. I’ve re-seated it twice to make sure it has a good connection, and tried it without the battery in the laptop. Now, it’s on to the Thinkpad SATA HD Update Utility to see if it can recognize the hard drive and/or update the firmware for the device controller, if needed. After downloading the ISO and burning to disc, that led to nowhere.

This Lenovo Forum suggested changing the hard drive setting in the BIOS to “compatible” from AHCI. That didn’t seem to get me anywhere. Press the Thinkvantage button, then F1 on boot.

I tried updating the BIOS next. I’m at 2.24 right now on this Lenovo Thinkpad T61 and 2.30 is available. here. Download another ISO to burn to disc so it’s bootable. Make sure you have a fully charged battery and the power adapter is firmly plugged in. The last thing you want is the power to go out during a BIOS update. If it fails, you essentially have a corrupt ROM. The BIOS update went just fine with no problems, but still no progress.

I’m starting to lean towards a faulty controller on the motherboard. Which, if that is the case, I’ll be recommending a new purchase on this laptop. It’s 5 years old and has probably served its time relative to most hardware life cycles.

 

How I want to spend my summer, technically speaking

As I complete my first full year as an assistant prof, I’m considering what techie projects I’d like to tackle this summer. In college, I always assumed that my professors reclused themselves to reading everything in the library while propped up on their patios. They may have also spent all their time on the golf course as far as I know. I hope to spend more time outdoors, but I also want to be able to keep my tech skills sharp. Here’s my preliminary tinker list.

Build PFSense Firewall

I’ve always just used the standard, out of the box, Netgear variety wireless router. I’d like to build and configure my own to experiment with traffic shaping, VPNs, and more specific port-forwarding rules. I built a PFSense firewall as a virtual machine in my previous position. The open source distribution was easy to get going and appeared to have all the features I was looking for at the time. I’m also interested in using its traffic graph feature to see how much bandwidth we are using at home. This may help me make the determination of whether to stay at my current level of broadband Internet or if I need to bump up or drop down a level. Who knows, I might save money in this process.

Re-build FreeNAS server

I built a FreeNAS server last year as a digital dumping ground and backup space for all my files (including media). I took the quick route and am using the live boot option over a flash drive. It works, but FreeNAS will allow you to add things like SubSonic to your FreeNAS server. Unfortunately, you need to have FreeNAS installed on a fixed disk. I’ll have to work through backing up all my data so I can destroy the mirrored array and re-build the new installation. Seems like futile re-work, but I hope it’s worth it in the end.

DNS

If there is anything that is annoying about a home network, it’s that you have to remember 192.168.x.x. every time you want to access one of your devices. I’d like to use a readily available Linux distro to run DNS. It would be so much easier to access freenas.myhouse.com instead of 192.168.0.101.

Too Ambitious?

Honestly, the list is probably too ambitious. I’ve got a whole other list of projects to get prepared for next school year already. It depends on how much it rains. At the rate we have been going so far this spring, I could get these done in a week. If the sun starts to shine, I just might be on the golf course or working in the yard. If you’ve been in class with me, let me know what tinkering you are thinking about doing this summer!