Monday, 12 May 2008

Configuring DNS

Having fixed my VMware woes, installation of Ubantu Server was easy. I choose the DNS, OpenSSH and Samba server options. OpenSSH is extremely useful: it allows you to open a secure console onto the server from another machine - including a Windows machine using a utility like PuTTY.

When you set up a new Windows domain you need to setup a DNS server for that domain. I'm assuming the same thing goes for Samba. Setting up a DNS server on Ubuntu isn't difficult, but it is long-winded and it does require that you edit a whole bunch of text files. This isn't so bad if you are using a GUI, but Ubuntu server doesn't install a desktop by default so you're stuck with console based text editors. You can install a desktop, like GNOME, but so much stuff you don't need gets installed along with it, stuff like Evolution and GIMP, that it's probably better to get along without it.

So which text editor? Unix hard men will now roll up their sleeves to reveal vi tattooed on their sallow, bloated arms. If you can get used to vi good luck to you. (There is a good tutorial here.) You can also use nano.

On Ubuntu there is a hierarchy of DNS configuration files. (It is different on Fedora, so what follows is probably not applicable. You are probably going to be using something like system-config-bind anyway.) Top of the pile is /etc/bind/named.conf. named.conf has entries to "include" two other files: /etc/bind/named.conf.options and /etc/bind/named.conf.local. You will probably not need to edit named.conf itself.

named.conf.options allows you to set a "forwarders" entry to a nameserver that can resolve all the domain names your DNS server doesn't know about. You just need to uncomment the block and enter the IP address. At ForensiT we already have a DNS server, so that server's IP address goes in here.

named.conf.local is where your domain really begins. Given that our new domain is going to be "riverside.forensit.com" and the server name is "medway", we need to add something like this:

zone "riverside.forensit.com" {
type master;
file "/etc/bind/zones/riverside.forensit.com.db";
};

We will also need to add a zone definition for reverse DNS:

zone "2.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.2.168.192.in-addr.arpa";
};

Now we need to create the two files referenced in the entries we just created. The zone .db file needs an entry like this:


A couple of things are worth pointing out in passing. "admin.riverside.forensit.com." is not a server: this information is interpreted as an email address(!) and is required. The line immediately below is the version of the file; it is based on the date with a number appended. As well as adding an "A" record for the server, I've added an "A" record for the domain as well - this follows what Windows does.

Similarly, we create the .arpa file:


We're getting there. However, a DNS server needs a static IP address, so before doing anything else we need to edit the /etc/network/interfaces file:

auto eth0
iface eth0 inet static
address 192.168.2.8
netmask 255.255.255.0
gateway 192.168.2.1

(I rebooted at this point.)

The use of all these config files is a recipe for trouble. Fortunately, before starting bind we can check that there aren't any problems with the files. We just need to run:

named-checkconf -z /etc/bind/named.conf

If all is well, we are almost ready to fire up our DNS server. There is one more file to edit, however. We need to change the entries in /etc/resolv.conf to reflect the new configuration:

search riverside.forensit.com
nameserver 192.138.2.8

(The previous entries were set by DHCP.) Finally, we can start bind:

sudo /etc/init.d/bind9 start

If you want to check for any errors on start up, you can look in the /var/log/daemon.log file. (Handy to know if, like me, you're only used to checking log files from the Desktop.) We can now use dig to make sure that our DNS server is doing what it should be:

dig riverside.forensit.com

Our existing DNS server needs to know about the new domain, so we add a forwarders entry for the new domain in the named.conf.local file of the existing DNS server:

zone "riverside.forensit.com"{
type forward;
forwarders{192.168.2.8;};
};

Don't forget to restart bind!

At ForensiT we find that customers frequently forget to do this when setting up a new domain, which leads to all kinds of problems. If your DNS server is a Windows server, you can find instructions in the User Profile Wizard User's Guide on creating a forwarders entry for the new domain.

The next step is to configure Samba. Before we do that, however, we need to set up LDAP.


If you're after some proper instructions on setting up DNS on Ubuntu try these links:

https://help.ubuntu.com/community/BIND9ServerHowto
http://ubuntuforums.org/showthread.php?t=236093
http://www.ubuntugeek.com/dns-server-setup-using-bind-in-ubuntu.html




No comments: