(1 votes, average: 1.00 out of 5)
Loading...Installing and configuring a Bind DNS server on Solaris
I was recently working with an openstack installation in a Solaris environment, and to simplify the configuration I had the need to configure my own DNS server.Below are the steps required to configure a Solaris 12(11.x) DNS server, the config was using BIND 9.x. Note: The steps should also work in in Solaris 11.3, but was tested on Solaris 12.
First install the bind pkg
pkg install pkg:/service/network/dns/bind
Now lets configure DNS
Note: I am using foo.com as the domain name, and 192.168.1.x/24 as the network. Yes I know this is a routable network, you can use 192.168.x or 172.16, 10.x. if you like.First lets create a named.conf
Create a new named.conf
cat /etc/named.conf
include "/etc/rndc.key";
options {
directory "/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
forwarders {
8.8.8.8;
4.4.4.4;
};
forward only;
};
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
zone "." {
type hint;
file "/etc/namedb/root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
notify no;
file "/etc/namedb/master/0.0.127.in-addr.arpa";
allow-update { none; };
};
zone "foo.com" {
type master;
notify no;
file "/etc/namedb/master/foo.com";
allow-update { none; };
};
zone "1.180.192.in-addr.arpa" {
type master;
notify no;
file "/etc/namedb/master/1.180.192.in-addr.arpa";
allow-update { none; };
};
Now lets generate a random (rndc) key
This will generate a rndc key file under /etc/
rndc-confgen -a
cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "KHBH4L2EYsRpnK8oJyQlpw==";
};
Create the necessary directories
mkdir /var/dump mkdir /var/stats mkdir -p /var/run/namedb mkdir -p /etc/namedb/master mkdir -p /etc/namedb/working
Now lets create the zone files
First create the root.hints zone
; <<>> DiG 8.1 <<>> @A.ROOT-SERVERS.NET. ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUERY SECTION: ;; ., type = NS, class = IN ;; ANSWER SECTION: . 6D IN NS G.ROOT-SERVERS.NET. . 6D IN NS J.ROOT-SERVERS.NET. . 6D IN NS K.ROOT-SERVERS.NET. . 6D IN NS L.ROOT-SERVERS.NET. . 6D IN NS M.ROOT-SERVERS.NET. . 6D IN NS A.ROOT-SERVERS.NET. . 6D IN NS H.ROOT-SERVERS.NET. . 6D IN NS B.ROOT-SERVERS.NET. . 6D IN NS C.ROOT-SERVERS.NET. . 6D IN NS D.ROOT-SERVERS.NET. . 6D IN NS E.ROOT-SERVERS.NET. . 6D IN NS I.ROOT-SERVERS.NET. . 6D IN NS F.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4 J.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.10 K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129 L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12 M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33 A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4 H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53 B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107 C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12 D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90 E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10 I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17 F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241 ;; Total query time: 215 msec ;; FROM: roke.uio.no to SERVER: A.ROOT-SERVERS.NET. 198.41.0.4 ;; WHEN: Sun Feb 15 01:22:51 1998 ;; MSG SIZE sent: 17 rcvd: 436
Create the localhost reverse zone
cat 0.0.127.in-addr.arpa
$TTL 3D
@ IN SOA ns1.foo.com. root.foo.com. (
2016100301 ; Serial
28800 ; Refresh
7200 ; Retry
604800 ; Expire
86400) ; Minimum TTL
NS ns1.foo.com.
1 PTR localhost.
Create the foo.com zone
cat foo.com
$TTL 3h
@ IN SOA ns1.foo.com. root.foo.com. (
2016100301
28800
3600
604800
38400
)
TXT "ns1.foo.com, DNS txt record"
IN NS ns1.foo.com.
localhost IN A 127.0.0.1
ns1 IN A 192.180.1.1 ; Sol11 DNS client
TXT "router/dns"
za IN A 192.180.1.11 ; Sol11 DNS client
TXT "cloud system 1"
zb IN A 192.180.1.21 ; Sol11 DNS client
TXT "cloud system 2"
zc IN A 192.180.1.31 ; Sol11 DNS client
TXT "cloud system 3"
Create the revers 192.180 zone
cat 1.180.192.in-addr.arpa
$TTL 3h
@ IN SOA ns1.foo.com. root.foo.com. (
2016100301
28800
3600
604800
38400
)
IN NS ns1.foo.com.
1 IN PTR ns1.foo.com; Sol11 DNS client
11 IN PTR za.foo.com; Sol11 DNS client
21 IN PTR zb.foo.com; Sol11 DNS client
31 IN PTR zc.foo.com; Sol11 DNS client
Note: The zone above uses 3 Solaris zones za, zb and zc, but feel free to use your name.
Now lets verify all zone's are configured correctly
You should see something like the below.named-checkconf -z /etc/named.conf zone 0.0.127.in-addr.arpa/IN: loaded serial 2016100301 zone foo.com/IN: loaded serial 2016100301 zone 1.180.192.in-addr.arpa/IN: loaded serial 2016100301
Enable the DNS service
If all is correct DNS should now work.svcadm enable dns/server svcs dns/server STATE STIME FMRI online 1:09:58 svc:/network/dns/server:default root@foo.com:~#
Optional switch your dns (client dns) to use the local DNS
root@zc:~# svccfg -s svc:/network/dns/client svc:/network/dns/client> setprop config/search=(foo.com foo2.com) svc:/network/dns/client> setprop config/nameserver=192.180.1.1 svc:/network/dns/client> refresh svc:/network/dns/client> exitIf all works correctly, you should get back the proper dns results.
root@zc:~# nslookup za Server: 192.180.1.1 Address: 192.180.1.1#53 Name: za.foo.com Address: 192.180.1.11References Solaris 11.3 DNS references