»

Aug 18 2013

HOWTO: Install a Slackware Linux BIND DNS Server From Scratch

This HOWTO describes how to set up a Slackware Linux based BIND9 virtual DNS server.  The background on why this HOWTO came to be is that I recently received a renewal notice for my domain vanlab.net.  I haven’t used this domain for anything in nearly a year.  Not wanting to pay for DNS hosting or use someone else’s DNS servers, the domain has as a result sat idle.

It occurred to me last night though hat anything this domain would ever be used for would run off my laptop.  Since I’m the only one that would ever use it, it would be fine if it only was available when I was studying.  Therefore I decided that it would be feasible to host my own "part time" DNS server.

I opted not to use any flavor of Windows for three reasons:   First, I wanted as small a footprint as possible as this is a VM that will be running on my laptop all the time.  Second, Windows officially requires a license. (In my mind, this is a "production" implementation so I wanted to find something legal). Third, I’ve always wanted to see if I could make a useful Linux server and I finally came up with a use case.

What follows is how I’ve managed to successfully get my laptop to run a virtual machine that can resolve external DNS queries for vanlab.net.

Software

  • We will be using SMS or Superb Mini Server (http://sms.it-ccs.com) as our Linux distribution of choice.  After much trial and error with multiple distros, I found this one the best as it includes a tool called Webmin that provides a graphical web based interface for configuring BIND
  • (There is a wiki page for configuring this server at http://sms.it-ccs.com/wiki/)
  • Download the SMS64.Live.CD-2.0.5.iso file.  Note: We are downloading the live CD and will install to the HD rather than the full installation despite the recommendation by the distro.  I tried to install the full version but couldn’t get it to boot.  It also includes almost 3GB of packages, almost none of which I needed for this project anyway

Domain Configuration

  • My domain is registered with dyndns.org.  I first needed to configure the name servers for the domain.  I logged into the management interface at https://account.dyn.org
    and went to / My Zones Domains / Domain Registration / Edit Name Servers
  • I added two entries (as a minimum of two are required) for ns1.vanlab.net and ns2.vanlab.net.  I then created two glue records by the same name and pointed both of those IPs at my Shaw public IP of 175.0.103.66.  (An IP that hasn’t changed in 2 years so it’s nearly public anyway)

Router Configuration

I next logged into my Netgear Router running DD-WRT and clicked on the NAT / QOS tab.  I added a new port forwarding entry for DNS that forwards port 53 to the static IP I will assign my DNS server 192.168.21.10

  • As we are running VMWare workstation, we need to ensure that the port 53 packets can make through the host firewall
  • Go to Windows Firewall / Advanced Settings / Inbound Rules
  • Create a New Rule and Make a Port rule
  • Make it TCP and specify port 53
  • Allow the connection, set to all profiles and give it the name Inbound DNS

Virtual Machine Creation

  • I am using VMWare Workstation 9.  Create a new virtual machine with the following characteristics:
    • Custom (advanced)
    • Select Workstation 9
    • Install Operating System Later
    • Linux / Other Linux 2.6.x kernel 64-bit
    • Name: VANDNS1
    • Number of CPUs: 1
    • Memory: 1GB (we will scale this back to 128MB once the installation is completed)
    • Use Bridged Networking
    • IO Controller: LSI Logic
    • Create a new SCSI Disk: 5GB, store as single file (2.5GB minimum is needed for root partition, 500GB free space, 2GB for Swap)
    • Customize Hardware and mount the ISO you downloaded earlier SMS64.Live.CD-2.0.5.iso

OS Installation

  • Boot the ISO and at the login screen choose SMS Light

root

  • Login with the default username and password (shown on the screen ) root/toor
  • Type sms-text-installer to start the installation wizard
  • You will get a warning that you should use the Native ISO.  Ignore this and press Yes


  • Press enter several times until you’re in the cfdisk partitioning tool.  We need to create two linux partitions one for / and one for the swap
  • Select New / Primary / and type the size of 2500 (MB) / Beginning
  • Mark the partition as Bootable
  • Select the free space and select Primary / for the size, use the remaining space / Go to type and press enter twice to select the default partition type of 82 (Linux Swap)
  • Select Write to save your changes.  When you’re done it should look like this:

  • Select Quit
  • You’re now back where you started.  Select Continue

  • Select Yes to install the swap partition

  • Make note of the detected root partition, in this case /dev/sda1.  We’ll need that in a moment

  • Type /dev/sda1 or whatever you were shown on the previous screen

  • Leave the default ext4 file system

  • The installer will now copy the system to your HD

  • You’re now asked to configure the boot loader.  Leave the default Linux selected

  • The installation is now completed.  You’re now back at the shell.  Type reboot

  • After you’ve rebooted, log in with the default root/toor
  • We now need to configure the network.  Type netconfig
  • Follow the wizard as it’s pretty self explanatory.  In my case I used:

    Hostname: vandns1

    Domain: vanlab.net

    IP Type: Static IP

    IP Address: 192.168.21.10

    Subnet: 255.255.255.0

    Gateway: 192.168.21.1

    Nameserver: 192.168.21.1

    Accept

  • Ping an external IP DNS name (such as google.com) to verify you  have network connectivity
  • Because we installed the system with all the services turned off, we have to enable apache so we can connect to the management interface
  • Type pkgtool
  • Select Setup

  • Select services by pressing space bar to select it

  • You’ll find that rc.httpd (The Apache web server) is unchecked.  Check it and press OK

  • There is probably a way to reset the network and activate this service (something with init.d) but this is Slackware and I didn’t have the patience to figure it out.  So just type reboot to apply the settings
  • Open your webbrowser and go to http://192.168.21.10
  • You should see the SMS login page.
  • You’ll note the URL it wants to connect to is https://vandns1:10000 However, since I don’t have that in my DNS, it doesn’t resolve.
  • In my case since this will only ever be accessed from my parent Windows 8 machine, I’ve added an entry to my hosts file that reads 192.168.21.10 vandns1

  • Once you have the host entry, in your web browser go to https://vandns1:10000

  • Congratulations, you now have a Linux box you can manage via a web browser!
  • However, before we go much further, we’ll want to change the default root and admin passwords
  • From the Webmin console, choose Webmin / Webmin Users
  • Select on the admin user

  • Change the Password to Set To and type in the new password

  • Press Save, log out and verify the new password works
  • Next, from the local shell type passwd root to change the root password

BIND DNS Configuration

  • From the Management Console, expand Servers and select BIND DNS Server


  • Select Create master zone

  • Provide the name of the DNS zone you want to create.  In my case it’s vanlab.net
  • Provide an email address as well as it is required.  All other fields can be left at defaults

image

  • Next we need to create an A record.  Select Addresses

  • Type in your record and IP.  For testing, my record is called awesome and points at my public IP

image

  • (Note: Also create an A record for www.  I don’t know why but it doesn’t seem to want to work until this record is present.  Could just be coincidence though)
  • Next we need to allow external servers to query our DNS server.  From the main Bind Server configuration screen select the zone Vanlab.net
  • Select Edit Zone Options

  • In the Allow queries from section type any

  • The end result of all this?  I created another A record called itworks.vanlab.net and pointed it at my IP.  I then setup my router to forward port 80 to an internal Windows 2012 IIS Server.
  • I then connected to a remote site (in this case Avram’s home lab) and tried to connect

Clean up Steps

  • Reduce the memory allocated to the box from 1GB to 128MB.
  • Remove the Printer, USB, floppy and other unused hardware devices until it looks like this

  • Run pkgtool and choose Remove and remove the following packages
    • MailScanner*
    • Aspell*
    • Bluez*
    • Cdrtools*
    • Clamav*
    • Cups*
    • Dansguardian*
    • Fetchmail*
    • Floppy*
    • Get-mail
    • Imagemagick*
    • Imapd*
    • Minicom*
    • Newspost*
    • SpamAssassin*
    • Squid*
    • Squirrelmail*
  • In pkgtool, go into set Setup / Services and uncheck:
    • Rc.pcmcia
  • Under BIND DNS Server / Miscellaneous Options, change "Do full recursive lookups for clients" to No and save

Configure DNS Query Logging

  • In BIND DNS Server, select Logging and Errors
  • Modify the configuration so that it looks like below, specifically:
    • Create a new channel type called van_queries
    • Save the results to /var/log/vandnsqueries
    • Bring in all of the info messages
    • Set save the category type, severity and log time all to Yes

  • Select the logging categories tab
  • Ensure that the category queries is selected and that it’s pointing at the channel you just created

  • Go to the System tree and select System Logs
  • Choose Add a new system log

  • Configure it to match the configuration you see below. Note in the facilities, queries won’t be an option but if you type it in the many field, it’ll update there

  • When all is said and done, if you try view the vandnsqueries log from the system log, you’ll see the query attempts

  • Lastly, to ensure the log file doesn’t fill up all available disk space, go to System / Log File Rotation
  • Set the log file path to /var/log/vandnsqueries
  • Set the Maximum size before rotating to 1048576 (1MB)
  • This will rotate up to 4 logs so 4MB worth of logs and purge the rest (not tested)


Remove Unused Modules

  • Webmin / Webmin Configuration / Webmin Modules


  • Select the Delete tab


  • Remove the following modules:
    • ADSL Client
    • Bandwidth Monitoring
    • CD Burner
    • Clam Antivirus (v. 0.9.1)
    • DansGuardian Content Filter
    • Dovecot IMAP Pop3 Server
    • Fetchmail Mail Retreiver
    • HylaFax Server
    • LDAP Client, LDAP Server, LDAP Users and Groups
    • MailScanner
    • NFS Exports
    • Netatalk Apple File Print Sharing
    • Open SLP Server
    • Open VPN
    • Postfix Mailserver
    • ProFTPD Server
    • ProcMail Filter
    • Printer Administration
    • SMART Drive Status
    • SAMBA Windows File Sharing
    • SPAM Assassian Mail Filter
    • Squid Proxy Server
    • Iscsi Target Mangament
    • Vsftpd
    • DHCP Server
    • DHCP and DNS Hosts
    • MySQL database Server
    • SendMail Server
    • SSH Server
    • Webalizer Logfile Analysis

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">