[Download the Complete Tutorial as a single PDF.]
This article is a continuation from this post. From this point onwards, I am using the RasPi system from my Windows machine, using PuTTY for shell login and WinSCP to transfer files between the two systems.
So where we left off, we had just rebooted the RasPi 2 after installing Raspbian OS and updating it. Next, we will install BIND9 on it.
Implement Static IP on RasPi
Before we proceed, we must make RasPi have Static IP. By default, it would have been configured to use DHCP. To do this, fire up PuTTY, login as root and go straight to:
# cd /etc/network
# ifconfig
Find the paragraph that has “eth0
” on the left-side. From the right-side against this, note down the values for “Bcast
” and “Mask
”. Both will be on the second line of that paragraph.
# nano interfaces
This will open up “nano
” a text-editor. Find the line that says:
iface eth0 inet dhcp
And change it to the following, also adding the extra statements exactly below it:
iface eth0 inet static
address 192.168.1.20 # Static IP value for Ras Pi.
netmask 255.255.255.0 # value of "Mask" from earlier.
gateway 192.168.1.1 # IP address of your internet router.
network 192.168.1.0 # value of "address" with the last element as 0.
broadcast 192.168.1.255 # value of "Bcast" from earlier.
Change the IP address, netmask and other details as per your network configuration.
Press CTRL+X, you will be prompted to save. Hit “y
” and then ENTER to save and exit Nano.
Installing BIND
The command itself is pretty straight-forward:
# apt-get install bind9 bind9utils
Note that I am not installing bind9-docs
because I don’t plan on using man-pages when I have Google and I have no idea what “bind9-host
” is.
At the end of that, you should have bind9
up and running already. But before we can proceed, we need to configure it. All configuration in Linux is done via… configuration files! And all of them will be in /etc. Each package or app you install will get (mostly) their own folders under various root folders. So the configuration files for an app called “bind
” (without the “9
” which is a version indicator) will have its files inside “/etc/bind”.
# cd /etc/bind
# nano named.conf.options
“named
” (or “NAME Daemon
”) was what it was called a long time ago before it was renamed to BIND
. And NANO is a nice text-editor in Linux that is easy to use if you are scared of hitting the wrong keys in the insanely more powerful VI.
In this file, leave the existing lines up to “listen-on-v6
” as it is. After that, add/modify lines to make the file contents match the below:
// FILE: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no;
listen-on-v6 { none; };
allow-transfer { none; };
version "";
};
logging {
channel default_out {
file "/var/log/bind/bind.log" size 100m;
print-time yes;
print-category yes;
};
category default {
default_out;
};
};
Press CTRL+X, then “y
” and then ENTER to save the file and exit NANO. The part in bold above is what you need to add newly. Ensure that all the lines, even after the closing “}
” has a “;
” at the end of it. Otherwise, the service will not start.
We have asked the Bind9
daemon to log to the /var/log/bind folder that does not exist by default, so we need to both create it and give the “bind
” daemon service account access to it. To do so:
# mkdir /var/log/bind
# chown bind:bind -R /var/log/bind
You can find the user you need to give ownership to by running:
# cat /etc/default/bind9
And looking for the line… whatever is the account as parameter to the “-u
” option is the account used by the daemon.
OPTIONS="-u bind"
Migrating Zones from Windows DNS
My original DNS server is on Windows. The next piece of the operation involved in importing these zones into the new BIND server on the RasPi.
DNS Zone files in Windows are traditionally placed in plain-text files in the “C:\Windows\System32\dns” folder. Each file will be named the same as the top level domain it contains and ends with a “.dns” filename extension. So the zone file for “foo.local” will be “foo.local.dns”.
If you have Active Directory and have configured DNS to store data in AD, then you will not have the above files. You can generate them however, using the Export-DnsServerZone
PowerShell command:
PS> Export-DnsServerZone -Name foo.local -FileName foo.local.dns
Note that the filename specified for the -FileName
parameter is always local to the C:\Windows\System32\Dns folder. You cannot specify a path to another directory here! After the Export, copy all the files from the C:\Windows\System32\Dns folder to wherever you are staging them to move to the RasPi.
Either way, get the zone files from the Windows DNS and copy them to a staging folder. We need to make some minor changes to them before pushing them to the RasPi.
- Rename all the files so that they have a “.zone” file extension. So “foo.local.dns” from the Windows DNS becomes “foo.local.zone“.
- Since I am going to be using the RasPi as a split DNS, serving only the world wide web, I will also go ahead and remove any records pointing to internal IP addresses so that these are not visible outside. I will also replace references to internal server names in records like the SOA record with their public equivalents. To do all this, simply remove the relevant lines or perform Find/Replace in a Notepad window.
Now we are ready.
Transfer DNS Zone Files to RasPi
Fire up WinSCP (get it from winscp.net if you haven’t already). On the left-hand side, navigate to the folder where we staged the DNS files. On the right hand side, navigate (double-click folder names to go into them) to the /etc -> bind folder. Right-click anywhere in a blank area and from the menu, do New > Directory (or you can hit the shortcut “F7”). Name the folder as “zones”. Double-click and enter it.
Select all the “.zone” files on the left and click the “Download” button. The files will be transferred over to the RasPi (to the /etc/bind/zones folder). Since we transferred the files from Windows, the line-endings are not what a Linux system expects. To fix, fire up PuTTY, login to RasPi. After login:
# cd /etc/bind/zones
# vi foo.local.zone
Note that I am doing this as “root
”. If you are not, then you must do “sudo vi foo.local.zone
”. Ugh!
You can choose to open the files in NANO (replace the “vi
” command with “nano
”) instead. In Nano, instead of “x
” to delete, you will need to hit the DEL key.
The “vi
” command will open up the zone file “foo.local.zone
” in a text editor. Note that this is a very powerful text editor that can cause a lot of harm if you are not careful. If you haven’t used vi before, follow along exactly as below:
Do you see the blue-highlighted “^M
” marks at the end of every line? We are going to delete them. You cannot use a mouse in VI. So carefully with your keyboard, using the arrow-keys, navigate to the first ^M
, the cursor will go only upto the “^
“. Ensure the CAPS LOCK key is OFF. Press “x
” once. The cursor will jump back to the previous character and the “^M
” will have disappeared. Now move to the next one (you can use the “END
” key on your keyboard to move to the “^M
” on that line) and repeat “x
”. Repeat them for all the “^M
”s that you see.
If you should accidentally delete something other than the “^M
”, fret not, simply hit “u
” immediately and it will be undone.
Once all the “^M
”s in a file are gone, press ESC, then “:
” and then type “wq
” and then enter. This will save the file and quit vi. Now open the next file there and repeat. Continue until you have opened and replaced it in all the files.
Register Zones with BIND
Though we have transferred the zone files, BIND still has no idea about them. To tell it, we need to edit the “named.conf.local” file. To do this easily, we are going to cheat a bit. From WinSCP, locate this file (on the right-hand side, this will be in the “/etc/bind” folder, one level up from the zones folder where we copied our files earlier). Simply double-click on this file. It will open up in WinSCP’s special editor. This editor thankfully knows all about the line-endings and will preserve them. Now for each zone you have, put an entry like this in the named.conf.local file:
zone "foo.local" {
type "master";
file "/etc/bind/zones/foo.local.zone";
};
Ensure that every line (except the “zone “foo.local” {
“) ends with a semi-colon (;
). If these are missing, BIND will not start. To add more than one zone, simply add a new line after the “};
” of the previous “zone
” entry and add another one:
zone "foo.local" {
type "master";
file "/etc/bind/zones/foo.local.zone";
};
zone "bar.local" {
type "master";
file "/etc/bind/zones/bar.local.zone";
};
// and so on...
When you are all done, click the floppy icon on top to save it and close the window. Now switch back to the PuTTY window and command:
# service bind9 restart
The BIND service will stop and restart. If there are any errors in the configuration, it will complain. It should not at this point.
One final step I did after this was to configure the external router to route requests on the DNS port to the RasPi’s IP address instead of my Windows system. To test all is working:
From Within
C:\> nslookup - <IPAddress of RasPi>
nslookup> set q=soa
nslookup> foo.local
Examine the return to see that the primary server name entry has the public version of the server names and not the internal ones. If you query for an internal hostname (that exists on the Windows DNS server), you should get back a “can’t find…” message.
From External
You can also test this from the outside. Go to a public DNS test service like http://www.dnsstuff.com/tools. Move to the “DNS Lookup” tool on the screen. Enter your domain name in the first textbox, select the record type as “Any” and click the “>” button. When the results show up, it will list ALL the records in your DNS zone for that domain. Your internal name references should not be on it.
That’s it for this post. Our next article looks at installing Apache and PHP.