License

Copyright (C) 2008-2017 Oliver Bohlen.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

A copy of the license is included in the section entitled "GNU Free Documentation License".

Introduction

This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Howto: DNS for Gentoo Linux

The goal of this topic is to use your own DNS. I use this setup for 3 zones (domains). One for my network (gabosh.net), one for my DMZ (dmz) and one for Piets computers over the VPN (piet). Feel free to change the configuration to fit your needs.

If you want to use this solution you need the following howto(s) finished:

Required software

The required software has to be installed with the following command(s):
emerge net-dns/bind
emerge net-dns/bind-tools

Changes in /etc/bind/named.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/bind/named.conf

Changed on 07.09.08
Issued by olli
Beginning line 13

Listen on localhost and the LAN and forward requests if they are not known by this DNS (for internet name resolution).


Before change
        listen-on { 127.0.0.1; };
After change
        // Listen
	listen-on { 127.0.0.1/8;
		    my.lan.network.ip/16;
		    XXX.XXX.XXX.XXX/16;
	};
	// The way to the Internet (only for LAN/WLAN:  my.lan.network.ip/24, XXX.XXX.XXX.XXX/24, XXX.XXX.XXX.XXX/24 and XXX.XXX.XXX.XXX/24)
        allow-recursion { 127.0.0.1/8;
                          my.lan.network.ip/24;
			  XXX.XXX.XXX.XXX/24;
			  XXX.XXX.XXX.XXX/24;
			  XXX.XXX.XXX.XXX/24;
        };
	// Local zones
        allow-query { 127.0.0.1/8;
		      my.lan.network.ip/16;
		      XXX.XXX.XXX.XXX/16;
	};
	allow-notify { none; };
	allow-transfer { none; };

Changed on 24.03.09
Issued by olli
Beginning line 47

Log DNS-Queries

logging {
 channel queries {
  #file "/var/log/bind/dns-queries" versions 2 size 1m;
  syslog local1;
  #print-time yes;
 };
 category queries {
  queries;
 };
};

Changed on 07.09.08
Issued by olli
Beginning line 91

Zone definitions for some domains


# This is an entry for an LDAP Zone. Use this only if you want to use Bind with LDAP
#zone "example.com" IN {
#        type master;
#	database "ldap ldap://127.0.0.1/dc=example,dc=com 172800";
#	allow-update { none; };
#};

zone "example.com." IN {
       type master;
       file "zones/db.example.com";
       allow-update { none; };
};
zone "XXX.XXX.in-addr.arpa" {
        type master;
	file "zones/db.172.23";
	allow-update { none; };
};

zone "25.172.in-addr.arpa" {
        type master;
        file "zones/db.172.25";
        allow-update { none; };
};

Changes in /etc/openldap/dns.ldif

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/openldap/dns.ldif

Changed on 31.03.10
Issued by olli
Beginning line 1

These are some examle LDAP-Entries for the DNS-Server and optional DHCP if you manage your DHCP over LDAP too. If you have both you should use the Objectclass gaboshComputer instead of DNSZone. Change the settings to fit your needs, then insert this file with

ldapadd -x -D cn=Manager,dc=example,dc=com -W -f /etc/openldap/dhcp.ldif
when the slapd is started.


# Example for a DNS-Zone SOA-Host (The DNS-Server)
dn: pTRRecord=silent-gabosh.example.com.,cn=Computers,dc=example,dc=com
aRecord: my.lan.ip.addr
pTRRecord: silent-gabosh.example.com.
zoneName: example.com
zoneName: XXX.XXX.in-addr.arpa
objectClass: dNSZone
objectClass: top
sOARecord: gabosh hostmaster 2010033001 8H 4H 4W 3H
relativeDomainName: 200.0
relativeDomainName: @
nSRecord: localhost.

# Example for a DNS-entry with two CNames and DHCP
dn: cn=think-gabosh.example.com,cn=Computers,dc=example,dc=com
aRecord: XXX.XXX.XXX.XXX
cn: think-gabosh.example.com
dhcpHWAddress: ethernet XX:XX:XX:XX:XX:XX
dhcpStatements: fixed-address XXX.XXX.XXX.XXX
pTRRecord: think-gabosh.example.com.
zoneName: example.com
zoneName: XXX.XXX.in-addr.arpa
objectClass: gaboshComputer
objectClass: top
objectClass: dhcpHost
relativeDomainName: think-gabosh
relativeDomainName: 50.0

dn: relativeDomainName=oliver,cn=think-gabosh.example.com,cn=Computers,dc=example,dc=com
dNSClass: IN
dNSTTL: 86400
objectClass: dNSZone
objectClass: top
zoneName: example.com
cNAMERecord: think-gabosh.example.com.
relativeDomainName: oliver

dn: relativeDomainName=olli,cn=think-gabosh.example.com,cn=Computers,dc=example,dc=com
dNSClass: IN
dNSTTL: 86400
objectClass: dNSZone
objectClass: top
zoneName: example.com
cNAMERecord: think-gabosh.example.com.
relativeDomainName: olli


# Example for a DNS-entry with two CNames without DHCP
dn: relativeDomainName=silent-gabosh.example.com,cn=Computers,dc=example,dc=com
aRecord: my.lan.ip.addr
pTRRecord: silent-gabosh.example.com.
relativeDomainName: silent-gabosh
relativeDomainName: 200.0
zoneName: example.com
zoneName: XXX.XXX.in-addr.arpa
objectClass: dNSZone
objectClass: top

dn: relativeDomainName=silent,relativeDomainName=silent-gabosh.example.com,cn=Computers,dc=example,dc=com
dNSClass: IN
dNSTTL: 86400
objectClass: dNSZone
objectClass: top
zoneName: example.com
cNAMERecord: silent-gabosh.example.com.
relativeDomainName: silent

dn: relativeDomainName=gabosh,relativeDomainName=silent-gabosh.example.com,cn=Computers,dc=example,dc=com
dNSClass: IN
dNSTTL: 86400
objectClass: dNSZone
objectClass: top
zoneName: example.com
cNAMERecord: silent-gabosh.example.com.
relativeDomainName: gabosh


Changes in /etc/openldap/schema/gabosh.schema

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/openldap/schema/gabosh.schema

Changed on 23.03.10
Issued by olli
Beginning line 9

This is for having DHCP and DNS in one ObjecClass. You need this only if you want mix DHCP and DNS in your LDAP.

objectclass ( 1.3.6.1.4.1.35312.2 NAME 'gaboshComputer'
        DESC 'for Computer DHCP and DNS entries'
        SUP top AUXILIARY
	MAY ( DNSTTL $ DNSClass $ ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $ MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord $ zoneName $ relativeDomainName )
        )

Changes in /etc/openldap/slapd.conf

File permissions:
Owner: root
Group: ldap
Permissions: -rw-r-----

Click here for a download of the complete file: /etc/openldap/slapd.conf

Changed on 19.02.10
Issued by olli
Beginning line 12

If you want to use LDAP-Data for DNS you need to include this schema

include         /etc/openldap/schema/dnszone.schema
include         /etc/openldap/schema/dlz.schema

Setting up services

For starting the new service after system reboot you should add it to a runlevel with the following command(s):

rc-update add named default

Please send a feedback to: doc<at>gabosh.net

Howto listing
File Index

Here you can find the official Gentoo Linux Forums where you can find a lot of answers.

Here a link to the official Gentoo Linux Homepage.

Edit Howto

About / Impressum

Click here for About / Impressum

Wishlist

If you want to support my work you can find my Amazon whishlist here