If you don't already have a BIND DNS environment setup you should refer to How to Setup a DNS Server for a Home Lab on Ubuntu 14.04 before continuing.
This post will walk you through some of the most common activities associating with maintaining private DNS servers including adding and removing host records, adding canonical name records, and adding networks.
Add a Host to DNS
When you add a new host to your environment you'll need follow the steps below on the primary name server, ns1. In this example we'll add a host named host2 with an IP address of 10.1.100.91. If the host is on a network or subnet that has not been previously defined in DNS for reverse lookup you'll also want to follow the steps in the “Add a Network” section.
Add an A Record
Connect to the ns1 host (10.1.100.41) via SSH.
Edit the forward zone file:
$ sudo vi /etc/bind/zones/db.homelab.local
Add an A record for host2 in the ; 10.1.100.0/24 - A records section:
host2.homelab.local. IN A 10.1.100.91
Increment the serial value by 1.
When done editing it should look like:
$TTL 604800
@ IN SOA ns1.homelab.local. admin.homelab.local. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
;
; name servers - A records
ns1.homelab.local. IN A 10.1.100.41
ns2.homelab.local. IN A 10.1.100.42
;
; 10.1.100.0/24 - A records
host1.homelab.local. IN A 10.1.100.90
host2.homelab.local. IN A 10.1.100.91
Save the file and exit the editor.
Add a PTR Record
Edit the reverse zone file:
$ sudo vi /etc/bind/zones/db.10.1.100
Add a PTR record for host2 in the ; PTR Records section:
91 IN PTR host2.homelab.local. ; 10.1.100.91
Increment the serial value by 1.
When done editing it should look like:
$TTL 604800
@ IN SOA ns1.homelab.local. admin.homelab.local. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
;
; PTR Records
20 IN PTR ns1.homelab.local. ; 10.1.100.41
21 IN PTR ns2.homelab.local. ; 10.1.100.42
90 IN PTR host1.homelab.local. ; 10.1.100.90
91 IN PTR host2.homelab.local. ; 10.1.100.91
Save the file and exit the editor.
Check BIND Configuration File Syntax
Check the syntax of the forward zone file:
$ cd /etc/bind/zones
$ sudo named-checkzone homelab.local db.homelab.local
If there are no syntax errors you should see something similar to the following:
zone homelab.local/IN: loaded serial 4
OK
Check the syntax of the reverse zone file:
$ sudo named-checkzone 100.1.10.in-addr.arpa db.10.1.100
If there are no syntax errors you should see something similar to the following:
zone 100.1.10.in-addr.arpa/IN: loaded serial 3
OK
Restart BIND
Restart the BIND service:
$ sudo service bind9 restart
Remove a Host from DNS
If you need to remove a host from your environment or delete the DNS record for whatever reason you'll need to reverse the steps in the previous section and increment the serial value for both the forward and reverse lookup zones. In this example, we'll remove the records for host2.
Remove an A Record
Connect to the ns1 host (10.1.100.41) via SSH.
Edit the forward zone file:
$ sudo vi /etc/bind/zones/db.homelab.local
Delete the line that begins host2.homelab.local. below and increment the serial value by 1:
$TTL 604800
@ IN SOA ns1.homelab.local. admin.homelab.local. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
;
; name servers - A records
ns1.homelab.local. IN A 10.1.100.41
ns2.homelab.local. IN A 10.1.100.42
;
; 10.1.100.0/24 - A records
host1.homelab.local. IN A 10.1.100.90
host2.homelab.local. IN A 10.1.100.91
When done editing it should look like:
$TTL 604800
@ IN SOA ns1.homelab.local. admin.homelab.local. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
;
; name servers - A records
ns1.homelab.local. IN A 10.1.100.41
ns2.homelab.local. IN A 10.1.100.42
;
; 10.1.100.0/24 - A records
host1.homelab.local. IN A 10.1.100.90
Save the file and exit the editor.
Remove a PTR Record
Edit the reverse zone file:
$ sudo vi /etc/bind/zones/db.10.1.100
Delete the line indicated below and increment the serial value by 1:
$TTL 604800
@ IN SOA ns1.homelab.local. admin.homelab.local. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
;
; PTR Records
20 IN PTR ns1.homelab.local. ; 10.1.100.41
21 IN PTR ns2.homelab.local. ; 10.1.100.42
90 IN PTR host1.homelab.local. ; 10.1.100.90
91 IN PTR host2.homelab.local. ; 10.1.100.91
When done editing it should look like:
$TTL 604800
@ IN SOA ns1.homelab.local. admin.homelab.local. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
;
; PTR Records
20 IN PTR ns1.homelab.local. ; 10.1.100.41
21 IN PTR ns2.homelab.local. ; 10.1.100.42
90 IN PTR host1.homelab.local. ; 10.1.100.90
Save the file and exit the editor.
Check BIND Configuration File Syntax
Check the syntax of the forward zone file:
$ cd /etc/bind/zones
$ sudo named-checkzone homelab.local db.homelab.local
If there are no syntax errors you should see something similar to the following:
zone homelab.local/IN: loaded serial 5
OK
Check the syntax of the reverse zone file:
$ sudo named-checkzone 100.1.10.in-addr.arpa db.10.1.100
If there are no syntax errors you should see something similar to the following:
zone 100.1.10.in-addr.arpa/IN: loaded serial 4
OK
Restart BIND
Restart the BIND service:
$ sudo service bind9 restart
Add a Canonical Name Record
A Canonical Name (CNAME) DNS record maps a single alias name to the real or canonical name. The real or canonical name may be outside the current DNS zone. In the first example we'll map www to host1.homelab.local. We'll follow that with an example mapping ftp to host3.labnet.local.
Add a CNAME Record Mapping www to host1
Connect to the ns1 host (10.1.100.41) via SSH.
Edit the forward zone file:
$ sudo vi /etc/bind/zones/db.homelab.local
Add a new section called ; 10.1.100.0/24 - CNAME records and a CNAME record for www mapped to host1:
; 10.1.100.0/24 - CNAME records
www IN A host1
Increment the serial value by 1.
When done editing it should look like:
$TTL 604800
@ IN SOA ns1.homelab.local. admin.homelab.local. (
6 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
;
; name servers - A records
ns1.homelab.local. IN A 10.1.100.41
ns2.homelab.local. IN A 10.1.100.42
;
; 10.1.100.0/24 - A records
host1.homelab.local. IN A 10.1.100.90
;
; 10.1.100.0/24 - CNAME records
www IN CNAME host1
Save the file and exit the editor.
Add a CNAME Record Mapping ftp to host3.labnet.local
Edit the forward zone file:
$ sudo vi /etc/bind/zones/db.homelab.local
Add a CNAME record mapping ftp to host3.labnet.local in the ; 10.1.100.0/24 - CNAME records section:
ftp IN CNAME host3.labnet.local.
Increment the serial value by 1.
When done editing it should look like:
$TTL 604800
@ IN SOA ns1.homelab.local. admin.homelab.local. (
7 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
;
; name servers - A records
ns1.homelab.local. IN A 10.1.100.41
ns2.homelab.local. IN A 10.1.100.42
;
; 10.1.100.0/24 - A records
host1.homelab.local. IN A 10.1.100.90
;
; 10.1.100.0/24 - CNAME records
www IN CNAME host1
ftp IN CNAME ftp.openstack.com.
Save the file and exit the editor.
Check BIND Configuration File Syntax
Check the syntax of the forward zone file:
$ cd /etc/bind/zones
$ sudo named-checkzone homelab.local db.homelab.local
If there are no syntax errors you should see something similar to the following:
zone homelab.local/IN: loaded serial 7
OK
Restart BIND
Restart the BIND service:
$ sudo service bind9 restart
Add a New Network
If you add a new subnet to your home lab that contains clients that need to query your DNS servers and hosts that you want to create FQDNs for you'll need to update your DNS server configuration. Follow the steps below to add the 10.1.101.0/24.
Configure Options File
The BIND options file needs to be edited to permit recursive DNS queries from clients on the 10.1.101.0/24 network. If you only want to define A, CNAME, or PTR for hosts on the network and don't require them to be able to query the DNS servers (unlikely) you can skip this section.
Connect to the ns1 host (10.1.100.41) via SSH.
On ns1, edit the named.conf.options file:
$ sudo vi /etc/bind/named.conf.options
If you want to permit recursive DNS queries from clients on the new network you need to add it to the trusted ACL:
10.1.101.0/24; # lab network 2
When done editing it should look like:
// Lab subnets we wish to allow recursive queries from.
acl "trusted" {
10.1.100.0/24; # lab network
10.1.101.0/24; # lab network 2
};
options {
directory "/var/cache/bind";
recursion yes; # enables resursive queries
allow-recursion { trusted; }; # allows recursive queries from "trusted" clients
listen-on { 10.1.100.41; }; # ns1 private IP address - listen on private network only
allow-transfer { none; }; # disable zone transfers by default
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Save the file and exit the editor.
Repeat the same process on the secondary nameserver:
Connect to the ns2 host (10.1.100.42) via SSH.
On ns2, edit the named.conf.options file:
$ sudo vi /etc/bind/named.conf.options
If you want to permit recursive DNS queries from clients on the new network you need to add it to the trusted ACL:
10.1.101.0/24; # lab network 2
When done editing it should look like:
// Lab subnets we wish to allow recursive queries from.
acl "trusted" {
10.1.100.0/24; # lab network
10.1.101.0/24; # lab network 2
};
options {
directory "/var/cache/bind";
recursion yes; # enables resursive queries
allow-recursion { trusted; }; # allows recursive queries from "trusted" clients
listen-on { 10.1.100.41; }; # ns1 private IP address - listen on private network only
allow-transfer { none; }; # disable zone transfers by default
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Save the file and exit the editor.
Add Local Reverse DNS Zone
On ns1, open the named.conf.local file for editing:
$ sudo vi /etc/bind/named.conf.local
Add a reverse zone for the 10.1.101.0/24 subnet. The reverse mapping for 10.1.101 is entered as 101.1.10:
zone "101.1.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.10.1.101"; # 10.1.101.0/24 subnet
allow-transfer { 10.1.100.42; }; # ns2 private IP address – secondary
};
At this point the /etc/bind/named.conf.local file should look like the following:
zone "homelab.local" {
type master;
file "/etc/bind/zones/db.homelab.local"; # zone file path
allow-transfer { 10.1.100.42; }; # ns2 private IP address – secondary
};
zone "100.1.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.10.1.100"; # 10.1.100.0/24 subnet
allow-transfer { 10.1.100.42; }; # ns2 private IP address – secondary
};
zone "101.1.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.10.1.101"; # 10.1.101.0/24 subnet
allow-transfer { 10.1.100.42; }; # ns2 private IP address – secondary
};
Save the file and exit the editor.
Repeat the same process on the secondary nameserver:
On ns2, open the named.conf.local file for editing:
$ sudo vi /etc/bind/named.conf.local
Add a reverse zone for the 10.1.101.0/24 subnet. The reverse mapping for 10.1.101 is entered as 101.1.10:
zone "101.1.10.in-addr.arpa" {
type slave;
file "db.10.1.101";
masters { 10.1.100.41; }; # ns1 private IP
};
At this point the /etc/bind/named.conf.local file should look like the following:
zone "homelab.local" {
type slave;
file "db.homelab.local";
masters { 10.1.100.41; }; # ns1 private IP
};
zone "100.1.10.in-addr.arpa" {
type slave;
file "db.10.1.100";
masters { 10.1.100.41; }; # ns1 private IP
};
zone "101.1.10.in-addr.arpa" {
type slave;
file "db.10.1.101";
masters { 10.1.100.41; }; # ns1 private IP
};
Save the file and exit the editor.
Configure the Forward Zone File
On ns1, edit the forward zone file:
$ sudo vi /etc/bind/zones/db.homelab.local
Add a new section called ; 10.1.101.0/24 - A records and an A record for host3:
; 10.1.101.0/24 - A records
host3.homelab.local. IN A 10.1.101.50
Increment the serial value by 1.
When done editing it should look like:
$TTL 604800
@ IN SOA ns1.homelab.local. admin.homelab.local. (
8 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
;
; name servers - A records
ns1.homelab.local. IN A 10.1.100.41
ns2.homelab.local. IN A 10.1.100.42
;
; 10.1.100.0/24 - A records
host1.homelab.local. IN A 10.1.100.90
host2.homelab.local. IN A 10.1.100.91
;
; 10.1.101.0/24 - A records
host3.homelab.local. IN A 10.1.101.50
;
; 10.1.100.0/24 - CNAME records
www IN CNAME host1
ftp IN CNAME ftp.openstack.com.
Save the file and exit the editor.
Create the Reverse Zone File
Next we will create a reverse zone file containing DNS PTR records for reverse DNS lookups. For example, if a client queries the DNS server for 10.1.101.50 the server will look in the 10.1.101 zone file for a record mapping 10.1.101.50 to the FQDN host3.homelab.local.
In the named.conf.local file on ns1 the file for the reverse zone 101.1.10.in-addr.arpa was set to be /etc/bind/zones/db.10.1.101. Create the reverse zone file based on the /etc/bind/db.127 sample:
$ cd /etc/bind/zones
$ sudo cp ../db.127 ./db.10.1.101
Edit the reverse zone file:
$ sudo vi /etc/bind/zones/db.10.1.101
By default, it should match the following:
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1.0.0 IN PTR localhost.
As we did with the forward zone file edit the SOA record and increment the serial value as follows:
@ IN SOA ns1.homelab.local. admin.homelab.local. (
2 ; Serial
Delete the localhost. NS and localhost. PTR records.
Add nameserver (NS) records for the ns1 and ns2 servers:
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
Add PTR records for each of the hosts in your lab on this new network. The first column will be the last octet of the host's IP addresses in reverse order. If you were using a /16 network then you would enter the last two octets of the host's IP addresses in reverse order. For this example we'll create records for the host3 host on the 10.1.101.0/24 subnet:
; PTR Records
50 IN PTR host3.homelab.local. ; 10.1.100.50
At this point the file should look like the following:
$TTL 604800
@ IN SOA ns1.homelab.local. admin.homelab.local. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.homelab.local.
IN NS ns2.homelab.local.
;
; PTR Records
50 IN PTR host3.homelab.local. ; 10.1.100.50
Save and exit the db.10.1.101 file.
Check BIND Configuration File Syntax
On ns1, check the syntax of the configuration files that start with named.conf:
$ sudo named-checkconf
If the configuration files have no syntax errors you won't see any error messages.
Check the syntax of the forward zone file:
$ sudo named-checkzone homelab.local db.homelab.local
If there are no syntax errors you should see something similar to the following:
zone homelab.local/IN: loaded serial 8
OK
Check the syntax of the reverse zone file:
$ sudo named-checkzone 101.1.10.in-addr.arpa /etc/bind/zones/db.10.1.101
If there are no syntax errors you should see something similar to the following:
zone 101.1.10.in-addr.arpa/IN: loaded serial 2
OK
Check the configuration syntax on the secondary nameserver:
On ns2, check the syntax of the configuration files that start with named.conf:
$ sudo named-checkconf
If the configuration files have no syntax errors you won't see any error messages.
Restart BIND
Restart the BIND service on ns1:
$ sudo service bind9 restart
Restart the BIND service on ns2:
$ sudo service bind9 restart
Summary
This post walked through some of the most common activities associating with maintaining private DNS servers including adding and removing host records, adding canonical name records, and adding networks. Additional BIND documentation can be found on the BIND9 site.