♪ DNS server settings in Debian

Dnsmasq

The dnsmasq package allows you to start a DNS server in a very simple way. Simply by installing and starting the dnsmasq service, without any additional configuration, our PC will become a DNS cache server and will also solve the names we have configured in the / etc / hosts file of our server. The resolution will work both directly and inversely, that is, it will solve the IP given a PC name and the PC name given the IP.

Installation

To install it only the following command will be necessary:

Configuration Then we edit the / etc / dnsmasq.conf file and modify the following lines:

  1. We discomment strict-order for DNS requests to be made to the servers that appear in the / etc / resolv.conf file in the order in it appear.

2.We include network interfaces that must accept DNS requests, discomment the interface line for example: interface = eth0

We will now create our configuration file:

  1. We create the configuration file of our area:

  1. The domain we have chosen is iesgn.org

  1. We assume that the name of the server is miseror.

6.We will assume that we have a ftp server called ftp.iesgn.org and that it is in 192.168.1.201 (this is fictitious) and that we have two websites: www.iesgn.org and departments.iesgn.org.

  1. We also want to name the client who had a reservation assigned: smooth.

  1. We restart the service

modification on DHCP server

Configure the customers and indicate that your DNS is our server. If you have a DHCP server modify it to send the new DNS to the customers.

We edit the file:

And we restart the service:

Now we’ll check if the client has changed our dns by looking at the following file:

We have been successfully changed.

Command to check the operation of dns

Check the operation using the dig / nslookup command from the customers asking for the different names. Check that the DNS server makes forwarder asking with dig / nslookup the address ip of www.josedomingo.org.

For the Jose Sunday page the answer is unauthorized because our server does not have the resolution in your file and has to use a forwarder

As you see above I have created my own area and despite having followed the steps of this [page] (https: / / www.josedomingo.org / pledin / 2020 / 12 / servo-dns-dnsmasq /) of Jose Domingo, I have not managed to get the answers authorized.

I created the dns.conf file.

And I created my area:

I have also tried more things however the only way I have got to give me an authorized response is by having only the resolutions in the host file of the server, without creating my area.

DNS BIND 9

Installation

The first thing we will do is uninstall dnsmasq since both are not compatible:

We can also see that it tells us that the / etc / dnsmasq.d / directory when not empty has not been deleted it would be good to delete it manually to remove all traces of previous configurations:

Now let’s install them bind:

Configuration

Now we will edit the / etc / bind / named.conf.local file where we will create the areas (direct and reverse). In the case of practice we are asked a direct (isgn.com) and a reverse (network 192.168.1).

We will add the following lines to that file:

In the / etc / bind directory are the db.empty and db.127 files (direct and reverse area configuration files respectively). We copy them to the / var / cache / bind directory to start adding the records

We modify the / var / cache / bind / db.isgn file and include the following lines for direct resolution:

  • javiercrosses is the name of my machine I have changed it to make things easier

We will now do the same for the reverse resolution:

We will now restart the service to apply the changes:

In addition to make sure we have done the configuration well we will look at the state of the service to see if our areas are working:

This step is optional, but thanks to reviewing this I have discovered because I did not do the reverse resolution and thanks to seeing the areas that were loaded I realized that the error was in the / etc / bind / named.conf.local configuration file and I was able to fix it.

# Reporter

So far, it would only solve the names and ip of our local network. If we want to set up a remander to ask in case the local DNS cannot give us the answer, we must edit the nano / etc / bind / named.conf.options file and add the following:

Before making this paragraph clear that as in the section of dnsmasq we already comment on the host file and modify the configuration of the dhcp to assign the dns automatically, I will omit it from this part.

Commands to check service performance

Check the operation using the dig / nslookup command from the customers asking for the different names. Check that the DNS server makes forwarder asking with dig / nslookup the address ip of www.josedomingo.org.

We see here that the answers are correct, those on our server are authorized while the page of Jose Domingo has given us a forwarder.

I will now make the same requests but inverse:

With this we have checked that the dns server works properly.