eRacks Systems Tech Blog

Open Source Experts Since 1999

There are many Open Source DNS server services for Linux systems. Here we’ll discuss about installing and configuring one of the most popular DNS server services among them known as “Bind9”. We’ll use another most popular Debian based Linux server operating system distributed by Canonical which is Ubuntu 16.04 LTS Server edition.

Other good DNS implementations include the native OpenBSD DNS implementation, as well as Dan Bernstein’s tinyDNS (AKA djbdns), but these are topics for future articles. (We use djbdns on OpenBSD, internally).

Successfully installing and configuring Bind9 Server service on Ubuntu 16.04 LTS server edition require several steps. For better understanding we’ll divide the total process into two main steps as ‘Basic installs’ and ‘Securing the DNS Server’ service. Each main category could be divided into several additional steps.

Basic Installing Steps:

  1. Install fresh Ubuntu 16.04 LTS Server OS on a server.
  2. Preparing the Ubuntu 16.04 LTS Server OS for installing Bind9 DNS Server Service.
  3. Install Bind9 DNS Server Service and configure Caching-only name server.
  4. Install and configure Primary DNS server or Master DNS server.
  5. Bind9 Post installation Configurations for successful service run on Ubuntu Server.
  6. Install and configure Secondary DNS server or Slave DNS server.

Securing Bind9 DNS Server Service:

  1. Configure SPF record for securing mail server under Bind9 DNS service.
  2. Configure DKIM record for securing mail server under Bind9 DNS service.
  3. Configure DNSSEC signing on Bind9 DNS Server Services.
  4. Configure DMARC Record for securing mail server under Bind9 DNS service.

For this tutorial we’ll use ‘eracks.com’ as domain and local IP address for demo and real time configurations (tested) behind the NAT network. The global & dedicated Systems could be configured just by replacing with your own domain and real IP assigned from your ISP. If you need further assistance please contact our eRacks Systems’ experts. Also, you could buy securely configured “DNS Server” as your requirements from eRacks SystemsshowRoom without any hassle. For your requirement please checkout.

For configuring DNS Servers we’ll use private IP from 192.168.88.0/24 network block where the usable Host IP Range is: 192.168.88.1 – 192.168.88.254; and Subnet Mask: 255.255.255.0. Our Router/NAT-gateway IP address is already configured as 192.168.88.1.

IP Address Block:	192.168.88.0/24
Usable Host IP Range:	192.168.88.1 - 192.168.88.254
Broadcast Address:	192.168.88.255
Total Number of Hosts:	256
Number of Usable Hosts:	254
Subnet Mask:	255.255.255.0
Wildcard Mask:	0.0.0.255
Options Primary/Master DNS Server Secondary/Slave DNS Server Client/Host Server
Host Name dnsmaster dnsslave hostserver
Domain eracks.com eracks.com eracks.com
IP Address IPv4: 192.168.88.17
IPv6: ::8817
IPv4: 192.168.88.250
IPv6: ::8250
IPv4: 192.168.88.17
IPv6: ::8221
FQDN dnsmaster.eracks.com dnsslave.eracks.com hostserver.eracks.com

Enough talk – Let’s see how it’s done!

 

eRacks/DNS


Get your Own Open Source DNS Server as pre-configured as ‘plug & Play’ from eRacks Systems’ ShowRoom.

 

 

 

Step 1: Install fresh Ubuntu 16.04 LTS Server OS on a server.

For learn how to install a fresh copy of Ubuntu 16.04 LTS Server OS on a server system visit this link.

Step 2: Preparing the Ubuntu 16.04 LTS Server OS for installing Bind9 DNS Server Service.

After installing, login the server directly or using SSH tunnel with IP address with user with root privileges.

The login screen will look like this;

 

Then run the following command and press enter and your given password to update the system.

administrator@ubuntu:~$ sudo apt-get update

 

For avoiding “sudo” command, we’ll configure the server as ‘root’ user. To do so, type the following command and press enter.

administrator@ubuntu:~$ sudo -s

 

Once the Update and Upgrade are done as root user, we need to edit the network interface for setting up the static IP address for the system with the following command;

root@ubuntu:~$ nano /etc/network/interfaces

Here On the popped-up screen find # The primary network interface and replace the beneath lines with the following;

# Static Primary Network Interface IPv4 Address
# Required for IPv4 (A) Records
auto eth0
	iface eth0 inet static
	address 192.168.88.17
	netmask 255.255.255.0
	network 192.168.88.0
	broadcast 192.168.88.255
	gateway 192.168.88.1
	dns-nameservers 8.8.8.8 8.8.4.4
	dns-domain eracks.com
# Optional Static IPv6 Address for Primary Network Interface
# Required for IPv6 (AAAA) Records
iface eth0 inet6 static	
	address fe80::215:5dff:fe58:6500
	netmask 65
	gateway fe80::2a3b:82ff:fe74:58f6

 

Once it is done, press Ctl + X to exit and Press ‘Y’ then Enter button to save the changes.

 

Next, we need to set up the hostname for this server. Thus, Run the following command to edit the host name;

root@ubuntu:~$ nano /etc/hostname

On the popped up screen replace the existing default host name “Ubuntu 16.04 LTS” with “dnsmaster” (since we’ll be setting the hostname as “dnsmaster“) then Press control + X to exit. And Press ‘Y’ then Enter button to save the changes. And then Run the following command to edit the hosts file;

Replace the existing with the following host record entries with the following;

root@ubuntu:~$ nano /etc/hosts

The entries will look like this;

Once done, press control + X to exit and Press ‘Y’ then Enter button to save the changes and reboot your system with the “reboot” command.

 

After rebooting and login to the server we’ll see that the default host name “ubuntu” is replaced with hostname “dnsmaster”. To get assure we could check the hostname and FQDN with the following commands respectively;

root@dnsmaster:~$ hostname
root@dnsmaster:~$ hostname -f

Once these are done the system is ready for installing the Bind9 DNS Server Service. And we could proceed to the next steps.

Note:We’ll login as as root user from the start.

 

Step3: Install Bind9 DNS Server Service and configure Caching-only name server.

Before installing ‘Bind9’ DNS Server on this server we need to make sure all the packages are up to date. So, we’ll update and upgrade all the apt packages with following command;

root@dnsmaster:~$ apt-get update && apt-get upgrade

 

Once the Update and Upgrade are done, we’ll install the ‘Bind9’ Packages with the following command;

root@dnsmaster:~$ apt-get install bind9

The screen will pop up for your permission for using additional disk space. For approval, press “Y” and then Enter button for installing the packages. The installation process will take a few whiles.

 

When the installation is done the system is ready for configuring Caching-only name server with Bind9 DNS Server service package. For configuring Caching-only name server run the following command.

root@dnsmaster:~$ nano /etc/bind/named.conf.options

 

On the popped-up screen find & uncomment the forwarders & set the forwarders as follows with google public DNS IP address & or with your ISP’s DNS IP address.

The entries will look like this

 

Next, press control + X to exit and Press ‘Y’ then Enter button to save the changes. And restart the Bind9 DNS Service with the following command.

root@dnsmaster:~$ systemctl restart bind9.service

 

For testing the Caching-only name server we need to run the dig command as follows;

root@dnsmaster:~$ dig google.com

If everything is okay, the command will dig up the following records;

Step4: Install and configure Primary DNS server or Master DNS server.

Before proceeding further, first we need to make sure the Ubuntu server is up-to-date. We could make sure by running the following commands;

root@dnsmaster:~$ apt-get update && apt-get upgrade

 

Before configuring Primary Name Server with Bind9, we could verify all the required packages are installed by running the following command;

root@dnsmaster:~$ apt-get install bind9 bind9utils bind9-doc

 

Once it is done, we are ready to configure our Primary Name Server with Bind9 on Ubuntu 16.04 LTS Server. And All configuration files be will be available under /etc/bind/ directory. To do so, we need to edit ‘named.conf.local’ file first, and make entry for our domain zone.

So, we’ll run the following command line for setting up our domain’s forward look up zone.

root@dnsmaster:~$ nano /etc/bind/named.conf.local

 

Then make the following entries for Forward Look Up Zone

// ### Forward Look Up Zone
zone "eracks.com" {
	type master;
	file "/etc/bind/forward.eracks.com";
	allow-transfer {none;};
	};

 

Reverse, look up zone is also recorded here. So, we’ll add the reverse look up zone with the first there part of the IP address in reverse way by ending with “.in-addr.arpa”. The zone name it’ll look like “88.168.192.in-addr.arpa” this. So, we’ll add the following records beneath the forward look up zone as well as following;

// ### Reverse Look Up Zone
zone "88.168.192.in-addr.arpa" {
	type master;
	file "/etc/bind/reverse.eracks.com";
	allow-transfer {none;};
	};

These entries will look like this;

 

Then we need to save the file and exit.

 

We’ve identified forward lookup zone via “file “/etc/bind/forward.eracks.com”;” and reverse lookup zone via “file “/etc/bind/reverse.eracks.com”;” on the “named.conf.local” file. Therefore, we need to create those two-database files for use as forward & reverse lookup zone under “/etc/bind/” directory.

For “forward.eracks.com” database, we’ll copy the existing “db.local” database file that is created as default with Binid9 installation under ‘/etc/bind/’ directory. To, do so we’ll run the following command;

root@dnsmaster:~$ cp /etc/bind/db.local /etc/bind/forward.eracks.com

Then we’ll edit the newly copied database file with the following command;

root@dnsmaster:~$ nano /etc/bind/forward.eracks.com

Then make the following entries for the database records;

; ###########################################################################
; ### ******************************************************************* ###
; ##### Forward Look Up Zone Data Files For eRacks.Com Domain ###############
; ###########################################################################
$TTL    3600
$ORIGIN eracks.com.
@	IN	SOA	dnsmaster.eracks.com.	root.eracks.com. (
								2018110111	;	Serial
										4800	;	Refresh
										360	;	Retry
									2419200	;	Expire
										7200 )	;	Negative Cache TTL
;
@	IN	NS	dnsmaster.eracks.com.
@	IN	NS	dnsslave.eracks.com.
@	IN	AAAA	::8817
@	IN	A	192.168.88.17
; ################################
; NameServer Records
; ###########################################################################
dnsmaster.eracks.com.	IN	A	192.168.88.17
dnsmaster.eracks.com.	IN	AAAA	::8817
dnsslave.eracks.com.	IN	A	192.168.88.250
dnsslave.eracks.com.	IN	AAAA	::8250
; ################################
; Other Host Records
; ###########################################################################
hostserver.eracks.com.	IN	A	192.168.88.221
hostserver.eracks.com.	IN	AAAA	::8221
;

 

It’ll look like this;

 

Next for “reverse.eracks.com” database, we’ll copy the existing “db.127” database file that is created as default with Binid9 installation under ‘/etc/bind/’ directory as well. So, we’ll run the following command;

root@dnsmaster:~$ cp /etc/bind/db.127 /etc/bind/reverse.eracks.com

And edit using the following command

root@dnsmaster:~$ nano /etc/bind/reverse.eracks.com

Entries for the database are follows

; ###########################################################################
; ### ******************************************************************* ###
; ##### Reverse Look Up Zone Data Files For eRacks.Com Domain ###############
; ###########################################################################
$TTL    3600
@	IN	SOA	dnsmaster.eracks.com.	root.eracks.com. (
								2018110111	;	Serial
										4800	;	Refresh
										360	;	Retry
									2419200	;	Expire
										7200 )	;	Negative Cache TTL
;
@	IN	NS	dnsmaster.eracks.com.
@	IN	NS	dnsslave.eracks.com.
; ################################
; NameServer Records
; ###########################################################################
17.88.168.192.in-addr.arpa.	IN	PTR	dnsmaster.eracks.com.
250.88.168.192.in-addr.arpa.	IN	PTR	dnsslave.eracks.com.
; ################################
; Other Host Records
; ###########################################################################
221.88.168.192.in-addr.arpa.	IN	PTR	hostserver.eracks.com.
;

Once it is done, we’ll save the file and exit.

It’ll look like this;

 

After that, we’ll restart the bind9 DNS Server Service with the following command.

root@dnsmaster:~$ systemctl restart bind9.service
root@dnsmaster:~$ service bind9 status

Note: We should be careful that all the records that finishes with letter (other than IP addresses), we need to add full-stop (“.”) at their end point to declare it is finished. Else, the bind9 will show an error.

 

For instant checkup, we need to set the resolver with nameserver as localhost IP 127.0.0.1 using following command;

root@dnsmaster:~$ nano /etc/resolv.conf

 

And at the beginning of the name server lists we need to add the following line, then save and exit.

nameserver 127.0.0.1

 

For checkup we’ll use the “dig” command for specific host record like following

root@dnsmaster:~$ dig eracks.com

 

The command will dig up the host records from the local DNS Server as follow

 

If the configuration is correct then the above command will not show any error. or if there is any error, we need to look at log file and troubleshoot the error. For detail about bind9 troubleshooting on Ubuntu Server please visit Ubuntu’s official “DNS Troubleshooting Page” or contact eRacks Systems’ expertise for the help.

 

Step 6: Bind9 Post installation Configurations for successful service run on Ubuntu Server.

When, the bind9 shows no error, we need to set the post installation configuration for Bind9 DNS Server Service to run successfully on Ubuntu Server. To do so, we’ll run these following commands for give appropriate access permission to the Bind9 Server Service and Allow through Ubuntu Firewall (ufw).At first, we’ll enable the bind9 DNS Server Service at the system start up with the following command. So that the Bind9 always starts automatically after the system reboot.

root@dnsmaster:~$ systemctl enable bind9.service

 

Then for the access permission for Bind9 on ubuntu server, we’ll run the following commands;

root@dnsmaster:~$ chmod -R 755 /etc/bind
root@dnsmaster:~$ chown -R bind:bind /etc/bind

 

We’ll also configure the Ubuntu firewall in order to allow Bind9 through Ubuntu firewall (ufw). For configuring ufw we’ll run the following commands one by one.

root@dnsmaster:~$ ufw app list
root@dnsmaster:~$ ufw allow “Bind9”
root@dnsmaster:~$ ufw reload
root@dnsmaster:~$ ufw status
root@dnsmaster:~$ ufw status verbose

 

Then we’ll restart both servives Bind9 and the ufw with the following commands;

root@dnsmaster:~$ systemctl restart bind9.service
root@dnsmaster:~$ systemctl restart service.service

 

We could always restart and check status of the Bind9 DNS Server Service with following command.

root@dnsmaster:~$ service bind9 restart
root@dnsmaster:~$ service bind9 status

 

If everything is alright, the Bind9 status report will show no error. Beside, we could always visit this MxToolbox website for more detail reports and troubleshooting by entering the domain.

May 8th, 2018

Posted In: How-To, Linux, Open Source, servers

Tags: , , ,

Leave a Comment

EDIT: Binary modules have now also been provided for 7.4, 8.1 and 8.0.  The instructions below should apply to all three, with the exception that you’ll want to download either mps-bin-7.4.tar.gzmps-bin-8.1.tar.gz or mps-bin-8.0.tar.gz.

Unfortunately, the mps driver, which supports LSI Logic’s 6Gbps series of RAID controllers, didn’t make it into the FreeBSD kernel until after 8.2-RELEASE.  As a result, FreeBSD users who require this driver are forced to either install 8-STABLE — which, despite the name, is a development branch — or pull the driver’s source code from 8-STABLE and build it on FreeBSD 8.2-RELEASE.  Since we recently needed to use the mps driver and had to stick with a production-ready release, we opted for the second option.  Along the way, we decided to bundle up the driver’s source to make the task easier for those who don’t want to install a development branch, and to pre-compile binary modules for those who wish to install 8.2-RELEASE directly to the hardware RAID array.

If you have a separate hard drive for the operating system that’s not on a 6Gbps LSI controller and simply use the hardware RAID for additional storage, you can do a normal install of FreeBSD 8.2-RELEASE to the hard drive, boot into the new system and perform the following steps:

1) Download mps.tar.gz
2) Extract it, cd to the ‘mps’ directory and type make && make install
3) Edit /boot/loader.conf and add the following line at the end: mps_load="YES"
4) Reboot (or type kldload mps.ko without rebooting)

If instead you want to install 8.2-RELEASE directly to an array on your 6Gbps LSI controller, a few extra steps are required.

First, download mps-bin.tar.gz, extract it by typing tar -zvxf mps-bin.tar.gz and place the contents on some form of removable media mountable by FreeBSD.  A USB thumb drive, a floppy disk or a CD will suffice (though, a CD would be an awful waste of space… :))

Second, make sure to download the FreeBSD DVD and not the CD.  We will require the live filesystem that’s contained only on the larger DVD.  Once the installer is running, choose your language as usual, then select “Fixit” instead of the usual installation method.  Choose the CDROM/DVD option.

Figure 1: Select 'Fixit' instead of an installation method

Figure 2: Select 'CDROM/DVD'

Figure 3: The 'Fixit' Prompt

Now, insert your removable media.  For our example, we’ll assume a USB thumb drive with a device node on /dev/da0.

Before continuing, let me first warn you that the ordinary mount command will most likely not work.  Usually, mount will determine the filesystem type and automatically call the appropriate binary.  However, the way the live filesystem is setup, this doesn’t work — or at least, it didn’t work on my machine.  So instead, you’ll want to call the command for your filesystem type directly.  If it’s a CD, that command will be mount_cd9660.  If you’re using a USB thumb drive with a FAT32 filesystem on it (as we will be in our example), the command will be mount_msdosfs.

Assuming our example with the USB thumb drive, you’ll issue the following commands:

#mount_msdosfs /dev/da0 /mnt
#cd /mnt/mps-bin/i386 for 32-bit (or #cd /mnt/mps-bin/amd64 for 64-bit)
#kldload ./mps.ko
#exit

At this point, you’ll be returned to the FreeBSD installer.  Make sure to re-insert the DVD, then continue with the installation as usual.  Once the installation is complete, don’t reboot!  If you do, you won’t be able to start up FreeBSD, as we still have to install our kernel module and tell the boot loader to load it on boot.

So, now that the installation is finished, re-insert the DVD and return to the Fixit prompt.  Once again, choose the ‘CDROM/DVD’ option.  Assuming our USB thumb drive on /dev/da0 from before — the commands you use will differ based on the media you choose — type the following commands:

#mount_msdosfs /dev/da0 /mnt
#cd /mnt/mps-bin/i386 for 32-bit (or #cd /mnt/mps-bin/amd64 for 64-bit)
#./install.sh

If all goes well, the shell script will terminate without any output.  Incidentally, it’s worth mentioning that the newly installed root filesystem is mounted on / when you enter the Fixit environment after installation.  Now that we have the kernel module installed, we just need to tell FreeBSD to load it on boot.  To do so, we just have one last command:

#echo 'mps_load="YES"' >> /boot/loader.conf

That’s it!  Just unmount your media and exit the Fixit prompt.

#umount /mnt
#exit

At this point, you can exit the installer as usual and reboot. Once the system starts, you should find yourself face to face with a shiny new instance of FreeBSD 🙂

August 10th, 2011

Posted In: FreeBSD, How-To, Open Source

Tags: , , , , , , , , , , , , , , , , , , , , ,

7 Comments

Have you ever thought to yourself, “gee, it would be a lot of fun to learn how to write software,” but you didn’t want to shell out money for books or a development environment? Perhaps you’re just curious, or maybe you aspire to be a developer one day. Whatever your reason, thanks to open source software and free documentation, you can pick up the skills required with no cost to you (other than your time, of course.)

Where to Learn

Before you start writing code and playing with a compiler (a program that translates human-readable programs into instructions the computer can understand), you’ll first need to learn a programming language. You could spend anywhere between $30 to $70 on a book. Or, you could instead go online. Not only can you use Google to find countless tutorials for just about any programming language, you can also find sites that offer free e-book versions of published works (for an extensive collection of books in any subject, including quite a few on programming, check out http://www.e-booksdirectory.com/). For most of your programming needs, you’ll find that buying books really isn’t necessary.

As you grow in skill, you’ll find that learning by example is a powerful tool. Fortunately, with open source software, you have a plethora of real world applications, their source code layed bare for all the world to see (source code is the human-readable version of a program.) If you want to look at the implementation of a text editor, for example, you can check out the source code for projects like vim , nano or emacs. If you are interested to use nano text editor, see more details on this page https://www.linode.com/docs/guides/use-nano-text-editor-commands/.

Do you also want to know how various standard library functions are implemented in C, such as QuickSort? Then check out the source code to Glibc (http://www.gnu.org/software/libc/). Are you instead more interested in systems programming? Check out the kernel source trees for Linux (http://www.kernel.org) or FreeBSD (http://www.freebsd.org). You’ll find open source software for just about any need, from web browsers to mail clients, from 3D modeling to audio and video editing solutions. Whatever you want to look at, you’ll more than likely find examples written by others that can help you learn for your own projects.

Where to Get the Software

So, you already have at least some conception of what’s involved in programming, and you want to get your hands dirty by actually writing some code yourself. At the very least, you’ll need a text editor to write your code and a compiler or interpreter to run your programs. If you’re looking for a premium custom software development service to help you out with your project, check out DevsData. You may also desire a more elaborate solution, such as an IDE (integrated development environment), which offers you a one-stop solution for writing code and compiling/running your programs, all from the click of your mouse.

Either way, open source once again comes to the rescue. For C, C++ and a few other languages, you have the GNU Compiler collection (http://gcc.gnu.org/). There are also various interpreted languages, such as Ruby , Python (http://www.python.org/) or Perl  If you’re looking for an IDE roughly like Microsoft Visual C++ or the like, you’ll find KDevelop , Eclipse  or NetBeans , among others.

For more advanced needs, such as revision control (a means of tracking changes in software), you have applications like Subversion , Mercurial and Git (http://www.git-scm.org/).

There are many more applications for a variety of needs, so whatever you’re looking for, give Google a spin.

Conclusion

It is possible to learn how to develop software without breaking the bank. With free documentation and open source software, you have all the tools you need to learn as little or as much as you want, field service management software provided byBelfast based Workpal. Here at eRacks, we understand the needs of the developer, and can provide you with a machine pre-loaded with all the software you need to write professional programs. Contact us, and ask for a quote today!

June 1st, 2009

Posted In: Development, Open Source

Tags: , , , , , , , , , , , , , , , , , , , , ,

36 Comments