Configuring FreeBSD as authoritative and caching name server
At work it is handy to be able to test any websites I am developing on as many devices as possible before checking in code. This means the local development site needs to be accessable from within the office from, for instance, my phone. On a normal desktop or laptop it is simple enough to configure the hosts file to point to the machine that is hosting the development site, but this isn't (easily) possible on my phone. One solution is to configue my phone to use a DNS server that holds the master DNS record for the local development domain. This article describes how to set up a FreeBSD server to act as an authoritative and caching name server, using Bind as the DNS server.
1. Enable named/Bind at system start
Enable named/Bind at system start by adding named_enable="YES" to /etc/rc.conf
2. Configure DNS Server
The following are all updates to /etc/namedb/named.conf
Comment line ~22 as we want the name server to be available on the network, or enter the server's proper IP address.
//listen-on { 127.0.0.1; };
Uncomment the forwarders section on lines 38-42, and add the name servers you want to recurse to. For ease of use I use Google's name servers. The completed section follows:
forwarders {
8.8.8.8;8.8.4.4;
};
3. Configure DNS zones
DNS zones are configured at the end of /etc/namedb/named.conf. Each zone should have its own configuration file. The zone should also feature in a reverse lookup zone file. An example might be:
//////////////////////////////////////////////////////////////////
// START: Chris's config
zone "example.local" {
type master;
file "/etc/namedb/master/example.local";
allow-transfer { localhost; };
allow-update { key rndc-key; };
};
zone "0.0.10.in-addr.arpa" {
type master;
file "/etc/namedb/master/example.local.rev";
allow-transfer { localhost; };
allow-update { key rndc-key; };
};
Next we need to configure the individual zone files, and add any appropriate reverse lookup entries.
An example zone file /etc/namedb/master/example.local might look like:
$TTL 3600
example.local. IN SOA ns2.example.local. root.example.local. (
1 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
;DNS Servers
example.local. IN NS ns2.example.local.
;Machine Names - Chris
ns1.example.local. IN A 10.0.0.3
ns2.example.local. IN A 10.0.0.100
*.ca.example.local. IN A 10.0.0.2
;Machine Names - Phil
*.pg.example.local. IN A 10.0.0.6
;Machine Names - Sam
;*.sf.example.local. IN A 10.0.0.?????????
;Aliases
;www IN CNAME ns2.example.local.
;MX Record
;example.local. IN MX 10 ns2.example.local.
An example reverse zone file /etc/namedb/master/example.local.rev might look like:
$TTL 3600
0.0.10.in-addr.arpa. IN SOA ns2.example.local. root.example.local. (
1 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
;DNS Servers
0.0.10.in-addr.arpa. IN NS ns2.example.local.
;Machine Names
2 IN PTR tamaryn.example.local
3 IN PTR ns1.example.local
6 IN PTR trinity.example.local.
100 IN PTR ns2.example.local
4. Add named key
Need to add a key. This can be generated using rndc-confgen -a. This will create/update /etc/namedb/rndc.key. Does this need to be added to /etc/namedb/named.conf?
key "rndc-key" {
algorithm hmac-md5;
secret "+w7s5b06eEUpGm928CQ4kw==";
};
5. Check syntax
Check for syntax errors in /etc/rc.conf by using named-checkconf /etc/namedb/named.conf. Can check zone files with named-checkzone bpw.local /etc/namedb/master/bpw.local
6. Configure DHCP
With a static hardcoded IP address we could configure etc/resolv.conf to contain:
nameserver 127.0.0.1
nameserver 4.4.4.4
nameserver 8.8.8.8
nameserver 10.0.0.1
but as we are using DHCP this gets overwritten when the system starts, hence we need to add the following lines to /etc/dhclient.conf:
interface "em0" {
send dhcp-lease-time 3600;
prepend domain-name-servers 127.0.0.1, 4.4.4.4, 8.8.8.8;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers;
require subnet-mask, domain-name-servers;
}