====== Setup Raspberry Pi (Raspbian) as DNS Slave ======
--- //[[colm.carew@errigal.com|Colm Carew]] 2017/08/11 08:30//
Ensure the pi has a scotty user who has sudoer access
This tutorial assumes you 10.91.100.71 is the master DNS and that 10.5.5.15 is the IP of the slave
SSH to the pi as scotty
* sudo apt-get update
* sudo apt-get install bind9 bind9utils
* sudo mv /etc/bind/named.conf /etc/bind/named.conf.bk
* sudo nano /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.errigal-zones";
* sudo nano /etc/bind/named.conf.options options {
listen-on port 53 { 127.0.0.1; 10.5.5.15; };
listen-on-v6 port 53 { ::1; };
directory "/var/cache/bind";
allow-query { localhost; 10.5.5.0/24; 192.168.123.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation no;
dnssec-lookaside auto;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
auth-nxdomain no; # conform to RFC1035
};
* # Note please replace 10.5.5.15 in the above file with whatever IP you want as the DNS Slave
* sudo nano /etc/bind/named.conf.errigal-zones // be authoritative slave for the Errigal forward and reverse zones
zone "err" IN {
type slave;
file "/var/cache/bind/forward.errigal";
masters { 10.91.100.71; };
};
zone "100.91.10.in-addr.arpa" IN {
type slave;
file "/var/cache/bind/reverse.errigal";
masters { 10.91.100.71; };
};
zone "crc" IN {
type slave;
file "/var/cache/bind/forward.crown";
masters { 10.91.100.71; };
};
zone"30.10.in-addr.arpa" IN {
type slave;
file "/var/cache/bind/reverse.crown";
masters { 10.91.100.71; };
};
zone "ext" IN {
type slave;
file "/var/cache/bind/forward.extenet";
masters { 10.91.100.71; };
};
zone"104.214.10.in-addr.arpa" IN {
type slave;
file "/var/cache/bind/reverse.extenet";
masters { 10.91.100.71; };
};
zone "atc" IN {
type slave;
file "/var/cache/bind/forward.atc";
masters { 10.91.100.71; };
};
zone "atc-rev" IN {
type slave;
file "/var/cache/bind/reverse.atc";
masters { 10.91.100.71; };
};
* ssh to the master dns (qadb2) and
* sudo nano /var/named/chroot/etc/named.conf
* # Ensure that allow-transfer { localhost; 10.5.5.50; 10.5.5.15; 192.168.123.211; }; # Slave DNS Servers IP has your slave ip
* # If not add it and save and
* sudo service named restart
* # ssh back to the pi
* sudo reboot
* ls -l /var/cache/bind/
* # Ensure froward and reverse for crown, errigal and extenet are present
* # if encountering any issues please run
* sudo tail -f /var/log/syslog
* # On the pi to see if there are any issues transferring down the files
* # If no issues then thats it you should now be able to set this pi as a DNS