Internal Errigal Collaboration Wiki

User Tools

Site Tools

Trace: ssl_configuration appservers docker_rdf-agent_deployment greenbone_security_assistant expanding_cinder_volume_pool advanced
toolsandtechnologies:raspberrypidnsslave

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
toolsandtechnologies:raspberrypidnsslave [2017/08/11 16:24] 1carew1toolsandtechnologies:raspberrypidnsslave [2021/06/25 10:09] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====== Setup Raspberry Pi (Raspbian) as DNS Slave ======
 + --- //[[colm.carew@errigal.com|Colm Carew]] 2017/08/11 08:30//
 +Ensure the pi has a scotty user who has sudoer access
 +This tutorial assumes you 10.91.100.71 is the master DNS and that 10.5.5.15 is the IP of the slave
 +
 +SSH to the pi as scotty 
 +  * sudo apt-get update
 +  * sudo apt-get install bind9 bind9utils
 +  * sudo mv /etc/bind/named.conf /etc/bind/named.conf.bk
 +  * sudo nano /etc/bind/named.conf <code>// This is the primary configuration file for the BIND DNS server named.
 +//
 +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
 +// structure of BIND configuration files in Debian, *BEFORE* you customize
 +// this configuration file.
 +//
 +// If you are just adding zones, please do that in /etc/bind/named.conf.local
 +
 +include "/etc/bind/named.conf.options";
 +include "/etc/bind/named.conf.local";
 +include "/etc/bind/named.conf.default-zones";
 +include "/etc/bind/named.conf.errigal-zones";
 +</code>
 +  * sudo nano /etc/bind/named.conf.options <code>options {
 +        listen-on port 53 { 127.0.0.1; 10.5.5.15; };
 +        listen-on-v6 port 53 { ::1; };
 +        directory "/var/cache/bind";
 +        allow-query     { localhost; 10.5.5.0/24; 192.168.123.0/24; };
 +        recursion yes;
 +        dnssec-enable yes;
 +        dnssec-validation no;
 +        dnssec-lookaside auto;
 +
 +        // If there is a firewall between you and nameservers you want
 +        // to talk to, you may need to fix the firewall to allow multiple
 +        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
 +
 +        // If your ISP provided one or more IP addresses for stable
 +        // nameservers, you probably want to use them as forwarders.
 +        // Uncomment the following block, and insert the addresses replacing
 +        // the all-0's placeholder.
 +
 +         forwarders {
 +              8.8.8.8;
 +         };
 +
 +        //========================================================================
 +        // If BIND logs error messages about the root key being expired,
 +        // you will need to update your keys.  See https://www.isc.org/bind-keys
 +        //========================================================================
 +
 +        auth-nxdomain no;    # conform to RFC1035
 +};</code>
 +  * # Note please replace 10.5.5.15 in the above file with whatever IP you want as the DNS Slave
 +  * sudo nano /etc/bind/named.conf.errigal-zones <code>// be authoritative slave for the Errigal forward and reverse zones
 +
 +zone "err" IN {
 +        type slave;
 +        file "/var/cache/bind/forward.errigal";
 +        masters { 10.91.100.71; };
 +};
 +
 +zone "100.91.10.in-addr.arpa" IN {
 +        type slave;
 +        file "/var/cache/bind/reverse.errigal";
 +        masters { 10.91.100.71; };
 +};
 +
 +zone "crc" IN {
 +        type slave;
 +        file "/var/cache/bind/forward.crown";
 +        masters { 10.91.100.71; };
 +};
 +
 +zone"30.10.in-addr.arpa" IN {
 +        type slave;
 +        file "/var/cache/bind/reverse.crown";
 +        masters { 10.91.100.71; };
 +};
 +zone "ext" IN {
 +        type slave;
 +        file "/var/cache/bind/forward.extenet";
 +        masters { 10.91.100.71; };
 +};
 +
 +zone"104.214.10.in-addr.arpa" IN {
 +        type slave;
 +        file "/var/cache/bind/reverse.extenet";
 +        masters { 10.91.100.71; };
 +};
 +
 +zone "atc" IN {
 +        type slave;
 +        file "/var/cache/bind/forward.atc";
 +        masters { 10.91.100.71; };
 +};
 +zone "atc-rev" IN {
 + type slave;
 + file "/var/cache/bind/reverse.atc";
 +        masters { 10.91.100.71; };
 +};
 +
 +</code>
 +  * ssh to the master dns (qadb2) and 
 +  * sudo nano /var/named/chroot/etc/named.conf
 +  * # Ensure that <code>allow-transfer  { localhost; 10.5.5.50; 10.5.5.15;  192.168.123.211; }; # Slave DNS Servers IP</code> has your slave ip
 +  * # If not add it and save and 
 +  * sudo service named restart
 +  * # ssh back to the pi
 +  * sudo reboot
 +  * ls -l /var/cache/bind/ 
 +  * # Ensure froward and reverse for crown, errigal and extenet are present
 +  * # if encountering any issues please run 
 +  * sudo tail -f /var/log/syslog
 +  * # On the pi to see if there are any issues transferring down the files
 +  * # If no issues then thats it you should now be able to set this pi as a DNS
  

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki