Configure your router for a local DNS domain.

Prerequisites
I have got an old ASUS WL-500gP router. One of the first things I did was to install firmware from OpenWRT. An "out-of-the-box" installation with DNSMasq which has served me well. OpenWRT is a really good product. No doubt about it! Thank you all that have been working with the realization of OpenWRT router software.

But if you want to do more sofisticated stuff like mounting home directories on your home server using the servers name instead of IP address or even configure an Active Directory, you will need a DNS. Kerberos does not function without a DNS. This post will inform you how to configure OpenWRT to serve your home computers with DHCP and dynamic DNS.

The plan is to use two nameservers; one for the forward lookup zone and one for the reverse zone. To accomplish that we start out with configuring the router with both zones. Later on, after Samba4 is installed and configured, we move the forward zone to the servers name server and let the routers nameserver act as a slave for the forward zone. And vice versa. The DHCP server will update the reverse zone with RR:s and the domaincontroller will feed the forward zone.

Install required packages.

1. Install the following packages; dhcp-server, bind-server, bind-check and bind-rndc. Uninstall dnsmasq.

Start with configuring the DHCP server.

2. Edit /etc/dhcpd.conf:

authoritative;

ddns-updates on;
ddns-update-style interim;
#ddns-update-style none;
update-static-leases on;
allow unknown-clients;
use-host-decl-names on;

include "/etc/rndc.key";

zone 1.168.192.in-addr.arpa. {
        primary 192.168.1.1;
        key "rndc-key";
}

option ntp-servers 192.168.1.1;

default-lease-time 43200;
max-lease-time 86400;

subnet 192.168.1.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        option domain-name-servers 192.168.1.1, 192.168.1.10;
        option routers 192.168.1.1;
        option broadcast-address 192.168.1.255;
        range 192.168.1.101 192.168.1.200;

        option domain-name "vusir.local";
        ddns-rev-domainname "in-addr.arpa.";

        zone 1.168.192.in-addr.arpa. {
                primary 192.168.1.1;
                key "rndc-key";
        }

}

3. Generate a key for dhcpd and named to use: /usr/sbin/rndc-confgen -a. This generates the key file /etc/rndc.key.

4. Start the daemon: /etc/init.d/dhcpd start and check for errors.

5. Check that your computer is being assigned an IP adress: ipconfig /renew.

Continue with configuring BIND.

6. Copy /etc/bind/named.conf.example: cp /etc/bind/named.conf.example /etc/bind/named.conf.

7. Edit /etc/bind/named.conf and add your DNS domains:

// This is the primary configuration file for the BIND DNS server named.
options {
directory "/tmp";

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
  208.67.222.222; // OpenDNS, primary
  208.67.222.220; // OpenDNS, secondary
};

allow-query {
  192.168.1.0/24;
  127.0.0.1;
};

allow-transfer {
  192.168.1.0/24;
  127.0.0.1;
};

auth-nxdomain no; # conform to RFC1035
};

// RNDC-key
include "/etc/rndc.key";
controls {
  inet 127.0.0.1 allow {
    localhost;
  }
  keys {
    rndc-key;
  };
};

zone "vusir.local" {
    type master;
    file "/etc/bind/db.vusir.local";
    allow-transfer { any; };
//  masters { 192.168.1.3; };
};

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.192.168.1";
    allow-update {
      key "rndc-key";
    };
    notify yes;
};

// prime the server with knowledge of the root servers
zone "." {
  type hint;
  file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
  type master;
  file "/etc/bind/db.local";
};

zone "localhost" {
  type master;
  file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
  type master;
  file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
  type master;
  file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
  type master;
  file "/etc/bind/db.255";
};


8. Check configuration file: named-checkconf /etc/bind/named.conf. No output means correct file.

9. Edit zone files; /etc/bind/db.vusir.local and /etc/bind/db.192.168.1.

vi /etc/bind/db.vusir.local:
$ORIGIN .
$TTL 3600       ; 1 hour
vusir.local             IN SOA  ojoj.vusir.local. hostmaster.vusir.local. (
                                1         ; serial
                                900        ; refresh (15 minutes)
                                600        ; retry (10 minutes)
                                86400      ; expire (1 day)
                                0          ; minimum (0 seconds)
                                )
$ORIGIN vusir.local.
                        NS      ohlala.vusir.local.
                        NS      ojoj.vusir.local.

ojoj                    A       192.168.1.1
ohlala                  A       192.168.1.3

vi /etc/bind/db.192.168.1:
$ORIGIN .
$TTL 3600       ; 1 hour
1.168.192.in-addr.arpa  IN SOA  ojoj.vusir.local. hostmaster.vusir.local. (
                                1          ; serial
                                900        ; refresh (15 minutes)
                                600        ; retry (10 minutes)
                                86400      ; expire (1 day)
                                0          ; minimum (0 seconds)
                                )
                        NS      ohlala.vusir.local.
                        NS      ojoj.vusir.local.
$ORIGIN 1.168.192.in-addr.arpa.
1                       PTR     ojoj.vusir.local.
3                       PTR     ohlala.vusir.local.


10. Check the zone files.
root@ojoj:~# named-checkzone vusir.local /etc/bind/db.vusir.local
zone vusir.local/IN: loaded serial 6
OK
root@ojoj:~# named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192.168.1
zone 1.168.192.in-addr.arpa/IN: loaded serial 7
OK
root@ojoj:~#

11. Start name server: /etc/init.d/named start

12. And test.
C:\ nslookup -type=NS vusir.local
Server:  ojoj.vusir.local
Address:  192.168.1.1

vusir.local       nameserver = ojoj.vusir.local
ojoj.vusir.local  internet address = 192.168.1.1

13. Restart dhcpd and named:

/etc/init.d/dhcpd restart
/etc/init.d/named restart

14. Done!

When Samba is installed and configured to serve the name server with computer names we change the following:

15. In /etc/bind/named.conf we change the following part:
zone "vusir.local" {
        type slave;
        file "/etc/bind/db.vusir.local";
        allow-transfer { 192.168.1.0/24; };
// <-Remove       masters { 192.168.1.3; };
};

16. Restart named on the router: /etc/init.d/named restart

17. And restart named on the server: /etc/init.d/bind9 restart

18. And test.
C:\ nslookup -type=NS vusir.local
Server:  ojoj.vusir.local
Address:  192.168.1.1

vusir.local         nameserver = ohlala.vusir.local
vusir.local         nameserver = ojoj.vusir.local
ohlala.vusir.local  internet address = 192.168.1.3
ojoj.vusir.local    internet address = 192.168.1.1

19. Done!
Trackback
RSS 2.0