# Install named server on a home network



## c00kie (Apr 25, 2012)

Hi
I'm trying to set up a name server on a home network. My setup:

http://drupal876.co.uk/img/net.jpg

I've done a post
`# sysinstall`

http://drupal876.co.uk/img/sysinstall.jpg

In file:
/etc/hosts

```
::1  localhost localhost.org
127.0.0.1  localhost localhost.org
192.168.0.5  manor8 manor8.mydomain.org
```

File:
/etc/resolv.conf

```
domain mydomain.org
nameserver 192.168.0.5			# manor8
nameserver 194.168.4.100		# ISPs nameservers
nameserver 194.168.8.100
```


/etc/rc.conf

```
hostname="manor8.mydomain.org"
ifconfig_re0="inet 192.168.0.5 netmask 255.255.255.0"
default_router="192.168.0.1"
named_enable="YES"
```


/etc/namedb/db.mydomain.org

```
$TTL 1d
mydomain.org. IN SOA manor8.mydomain.org. admin.mydomain.org. (
						2012042301 ; Serial (date, 2 digits version of day)
						1d ; refresh
						2h ; retry
						100d ; expire
						1h ) ; negative cache expiry

;name servers
	IN NS ns

;MXrecords
	IN MX 50 manor8.mydomain.org.
	
ns      IN A		192.168.0.5

;Hosts
localhost 	IN A		127.0.0.1
manor8	 	IN A		192.168.0.5
paula		IN A		192.168.0.2
andy		IN A		192.168.0.3
jess            IN A		192.168.0.4

;nicknames
www IN CNAME manor8
ftp IN CNAME manor8
```
In the file:
/etc/namedb/mydomain-reverse

```
$TTL 1d
@		IN SOA 			manor8.mydomain.org. admin.mydomain.org. (
								2012042301 ; Serial (date, 2 digits version of day)
								1d ; refresh
								2h ; retry
								100d ; expire
								2h ) ; negative cache
		IN NS 			ns.mydomain.org.

5		IN PTR                  manor8.mydomain.org.
2		IN PTR                  paula.mydomain.org.
3		IN PTR                  andy.mydomain.org.
4		IN PTR                  jess.mydomain.org.
```

In file:
/etc/namedb/localhost.rev

```
$TTL 1d
@		IN SOA 			manor8.mydomain.org. root.mydomain.org. (
									2012042501 ; Serial
									1h ; Refresh
									5m ; Retry
									100d ; Expire
									1h ) ; Negative cache
		IN NS 			manor8.mydomain.org.
1		IN PTR 			localhost.mydomain.org.
```

In file:
/etc/namedb/named.conf

With the comments removed, it looks like:

```
// $FreeBSD$

options {
	// All file and path names are relative to the chroot directory,
	// if any, and should be fully qualified.
	directory	"/etc/namedb";
	pid-file	"/var/run/named/pid";
	dump-file	"/var/dump/named_dump.db";
	statistics-file	"/var/stats/named.stats";

	forwarders {
		194.168.4.100; 194.168.8.100;
	};
};

...
[details omitted here]
...

zone "mydomain.org" {
	type master;
	file "db.mydomain.org";
};

zone "0.168.192.in-addr.arpa" {
	type master;
	file "mydomain-reverse";
};

zone "0.0.127.in-addr.arpa" {
	type master;
	file "localhost.rev";
};
```
File:
/var/log/messages

For a successful configuration I'm expecting output similar to:


```
Mar 18 15:01:57 freebie named[69751]: starting (/etc/namedb/named.conf). named 8.3.
4-REL Wed Dec 18 13:38:28 CST 2002 grog@freebie.example.org:/usr/obj/src/FreeBSD/5-S
TABLE-FREEBIE/src/usr.sbin/named
Mar 18 15:01:57 freebie named[69751]: hint zone "" (IN) loaded (serial 0)
Mar 18 15:01:57 freebie named[69751]: master zone "example.org" (IN) loaded (serial
2003031801)
Mar 18 15:01:57 freebie named[69751]: Zone "0.0.127.in-addr.arpa" (file localhost.re
verse): No default TTL ($TTL <value>) set, using SOA minimum instead
Mar 18 15:01:57 freebie named[69751]: master zone "0.0.127.in-addr.arpa" (IN) loaded
(serial 97091501)
Mar 18 15:01:57 freebie named[69751]: listening on [223.147.37.1].53 (rl0)
Mar 18 15:01:57 freebie named[69751]: listening on [127.0.0.1].53 (lo0)
Mar 18 15:01:57 freebie named[69752]: Ready to answer queries.
```

Mine's rather different however:


```
Apr 25 13:01:57 manor8 named[1727]: starting BIND 9.8.1-P1 -t /var/named -u bind
Apr 25 13:01:57 manor8 named[1727]: built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man'
'--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr'
Apr 25 13:01:57 manor8 named[1727]: command channel listening on 127.0.0.1#953
Apr 25 13:01:57 manor8 named[1727]: command channel listening on ::1#953
Apr 25 13:01:57 manor8 named[1727]: the working directory is not writable
Apr 25 13:01:57 manor8 named[1727]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Apr 25 13:01:57 manor8 named[1727]: running
```

Back at my domain registrar, Ive updated server settings. Removing their DNS server names to my ISP's name servers.

```
cache1.service.virginmedia.net
cache2.service.virginmedia.net
```


If I call:
`# rndc reload`
It reports:

```
Apr 25 13:52:17 manor8 named[1727]: the working directory is not writable
server reload successful
```

I'm not sure if the directory /etc/namedb/working is relevant to named?
The directory is empty by default and in my /etc/namedb/named.conf file I edited the directory option to:

```
options {
	// All file and path names are relative to the chroot directory,
	// if any, and should be fully qualified.
	// directory "/etc/namedb/working";
	directory	"/etc/namedb";
```


help..


----------



## SirDice (Apr 26, 2012)

It all looks good, what's not working?

You can test your DNS with the dig(1) command like so:
[cmd=]dig @192.168.0.5 manor8.mydomain.org[/cmd]

Or, doing a reverse lookup:
[cmd=]dig @192.168.0.5 -x 192.168.0.5[/cmd]


----------



## c00kie (Apr 26, 2012)

SirDice said:
			
		

> It all looks good, what's not working?



Thanks. That's reasurring. dig(1) is useful. It reports:


```
; <<>> DiG 9.8.1-P1 <<>> @192.168.0.5 manor8.mydomain.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<-- opcode: QUERY, status: NOERROR, id: 10322
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
; manor8.mydomain.org.		IN		A

;; ANSWER SECTION:
manor8.mydomain.org.	        86400	IN		A		192.168.0.5

;; AUTHORITY SECTION:
mydomain.org.			86400	IN		NS		ns.mydomain.org.

;; ADDITIONAL SECTION:
ns.mydomain.org.		86400	IN		A		192.168.0.5

;; Query time: 29 msec
;; SERVER: 192.168.0.5#53(192.168.0.5)
;; WHEN: Thu Apr 26 08:11:53 2012
;; MSG SIZE rcvd: 86
```

So it would appear that everything is correct. This gives me hope. But alas browse to http://www.mydomain.org and rec*ei*ve 
	
	



```
Could not find remote server
```

Just wondering, in the file /etc/namedb/named.conf

I commented out this line:

```
// listen-on 	{ 127.0.0.1; };
```

Would this have any significance?

Another strange thing is if I

`# cd /etc/namedb`

then `# pwd` I'm expecting to see 

/etc/namedb

But it reveals:

/var/named/etc/namedb

Is this normal?


----------



## SirDice (Apr 26, 2012)

c00kie said:
			
		

> So it would appear that everything is correct.


Yes, your BIND is correctly configured.



> But alas browse to http://www.mydomain.org and recieve "Could not find remote server"


You need to change your domain information for that. It needs to point to your DNS server. You also need to make sure your DNS server is accessible from the internet. Since you're using RFC-1918 addresses this means you have to open up your router and/or firewall and forward TCP and UDP port 53 to your DNS server.



> Just wondering, in the file /etc/namedb/named.conf
> 
> I commented out this line:
> 
> ...


Yes, that will bind it to localhost making it unaccessable from any other machine.



> Another strange thing is if I
> 
> `# cd /etc/namedb`
> 
> ...


Yes, that's normal. They're symlinked :e


----------



## c00kie (Apr 26, 2012)

> You need to change your domain information for that. It needs to point to your DNS server.


Thanks.

Hmm... Firstly, I'm using http://mydomain.org purely as a reference. All instances of it are replaced with my 'real' dom*ai*n of course. Or are you getting at something else here?


----------



## SirDice (Apr 26, 2012)

c00kie said:
			
		

> All instances of it are replaced with my 'real' domain of course.


Yes, that was clear. What wasn't clear is where you expected this to work, it should at least work on your local network. Provided the client you use is configured to use your DNS server.


----------



## c00kie (Apr 26, 2012)

SirDice said:
			
		

> Yes, that was clear. What wasn't clear is where you expected this to work, it should at least work on your local network. Provided the client you use is configured to use your DNS server.



OK. It would be good if it works on my home network and externally via the internet. I think I'm getting a little closer. I fixed the port forwarding on my router:

http://drupal876.co.uk/img/port_forwarding.jpg

I have a firewall in place; you may recognise this 

[cmd=""]pfctl -sr[/cmd] reveals:

```
anchor "ftp-proxy/*" all
block drop all
pass in on re0 proto tcp from any to any port = ftp flags S/SA keep state
pass in on re0 proto tcp from any to any port > 49151 flags S/SA keep state
pass in proto tcp from any to any port = ssh flags S/SA keep state
pass in proto tcp from any to any port = http flags S/SA keep state
pass out all flags S/SA keep state
```

It's changed a little.

I'm now sat at machine 192.168.0.2. At the browser enter http://mydomain.org and the page doesn't load...

Do I need a new rule(s) in /etc/pf.conf?

Purely a guess..


```
pass in on re0 proto tcp from any to any port = 53 flags S/SA keep state
```


----------



## suntzu (Apr 26, 2012)

*H*ow about 


```
pass in on re0 proto [B]{ tcp, udp }[/B] from any to any port 53 keep state
```

[CMD=""]cat /etc/services | grep ^domain[/CMD]


----------



## SirDice (Apr 26, 2012)

Yes, you need to allow both TCP and UDP to port 53 for DNS to work.


----------



## c00kie (Apr 26, 2012)

suntzu said:
			
		

> how about
> 
> 
> ```
> ...



Thanks.

With these rules added to /etc/pf.conf, and

[CMD=""]cat /etc/services | grep ^domain[/CMD]

The system reports:


```
domain       53/tcp    #Domain Name Server
domain       53/tcp    #Domain Name Server
```

All looks good. But, the server won't serve pages with the domain. It works with an IP address.


----------



## aa (Apr 26, 2012)

c00kie said:
			
		

> OK. It would be good if it works on my home network and externally via the internet.


Good for local exercise, but it will never go public.


----------



## c00kie (Apr 26, 2012)

aa said:
			
		

> Good for local exercise, but it will never go public.



You*'re* saying it's not possible?


----------



## c00kie (Apr 26, 2012)

SirDice said:
			
		

> What wasn't clear is where you expected this to work, it should at least work on your local network. Provided the client you use is configured to use your DNS server.



Thanks. I've defined my zone files with the local clients IP addresses inclusive. It should work then within the LAN? I*'*ve taken your comments on board. And am beginning to think a basic VPS package would be more suitable. I can then have multiple zones all for a flat fee, it's a long way away (and better) from shared hosting.


----------



## aa (Apr 27, 2012)

c00kie said:
			
		

> You*'re* saying it's not possible?



Unfortunately, it won't. Your ISP (nameservers) is the one that has the authority of your domain name.

You may ask the registrar (if you paid more for the service) to point your domain nameserver to your IPs (at least 2), but then you don't have authorization to manage the full network to modify PTR records do you?

Even with part subnet classless delegation, I think at least you need 4 IP addresses to be functional, 2 dedicated to DNS server (with warning, because both reside in the same network). 

Also, you can not publish local IP (RFC-1918). Bear in mind that the only thing DNS do (primarily) is to convert name to address. If somebody somewhere tries to reach a name from your nameservers (which then give them local IP), they're stuck on a host in their local network as well.


----------



## shitson (Apr 28, 2012)

c00kie what are you trying to access on these machines form the outside world?


----------



## c00kie (Apr 28, 2012)

aa said:
			
		

> Unfortunately, it won't. Your ISP (nameservers) is the one that has the authority of your domain name.



Thanks for the insight. Clearly it was a little naive of me thinking that this would work outside of my network. Non routable addresses are just not suitable for the internet. What I have learn't from this exercise, is that a VPS is more realistic option. :stud


----------



## c00kie (Apr 28, 2012)

shitson said:
			
		

> c00kie what are you trying to access on these machines form the outside world?



Websites..


----------



## rtwingfield (Apr 29, 2012)

I'm not clear on what you are referring to as a VPS that would allow you to have "multiple zones for a flat $fee".  Are you wanting to host several web hosts, e.g., x.com, y.com z.com?  If so, then take a look at _virtual hosting_ with Apache.  All you would need is one static IP address.


----------



## c00kie (Apr 29, 2012)

rtwingfield said:
			
		

> I'm not clear on what you are referring to as a VPS that would allow you to have "multiple zones for a flat $fee".





> Are you wanting to host several web hosts, e.g., x.com, y.com z.com?


Yes. 



> If so, then take a look at _virtual hosting_ with Apache.



I'm aware (not expert) of virtual hosting. This is what I'm trying to get to the bottom of. Even with one static IP address, and with virtual hosting. I'd still need to define individual zone files for each domain?

I'm a little inexperienced in name servers, so this is all new to me.



> All you would need is one static IP address.


And a VPS would give me this, moreover, a public, static, routable IP address. Along with master and slave DNS servers.


----------



## rtwingfield (Apr 29, 2012)

Here is a URL to an example of the Apache v2.2.11 httpd-vhost.conf file (i.e., the model that I use to host multiple domains):

http://archaxis.net/htdocs/white_papers/vhost.conf.pdf

As I mentioned in the brief, there is much more to configuring Apache than my simple example, but I hope it will get you started.  Essentially, Apache becomes your VPS. 

Also, at first, I'd suggest that you focus more on understanding the Apache configuration, than DNS.  As long as you've successfully set up DNS (assuming with BIND), and the authoritive name servers are working, then you can always come back and fine-tune later.

I have plans to add to the document.  Any questions, certainly ask.  Criticism invited, too.


----------



## c00kie (Apr 30, 2012)

rtwingfield said:
			
		

> Here is a URL to an example of the Apache v2.2.11 httpd-vhost.conf


Thanks. Plug in the values, nice.


----------

