Lab:Install and configure a DNS Server using BIND

From Iwan
Jump to: navigation, search

In this lab I am working with the following software and versions:

Software Version Filename
Ubuntu Server 20.04.3 ubuntu-20.04.3-live-server-amd64.iso
  1. Deploy an Ubuntu Server
  2. Install BIND
  3. Install NTP
  4. Configure BIND with the required DNS records

One of the prerequisites when you are installing NSX is a working Domain Name Server (DNS). The same prerequisites are there for the underlying infrastructure (vSphere (vCenter Server and ESXi Hosts)) that is also a prerequisite for NSX.

Windows DNS and BIND are the DNS Servers that are commonly used “in the wild”.

In this section I will tell you how to deploy/configure a DNS server that is based on BIND. I am also going to make this server an NTP server

The Steps

  • STEP 1: Deploy a Linux Server
  • STEP 2: Install BIND
  • STEP 3: Configure BIND
  • STEP 4: Install NTP (server)
  • STEP 5: Configure NTP (Server)

STEP 1» Deploy a Linux Server

The deployment of an actual Linux server is out of scope for this article. I personally to prefer using the Ubuntu Distribution. Ubuntu has some installation instructions on their own website.

STEP 2» Install BIND

When you installed Ubuntu and it is properly connected to the network you need to install BIND. 

administrator@dns:~$ sudo apt update
administrator@dns:~$ sudo apt install bind9 bind9utils bind9-doc bind9-host

STEP 3» Configure BIND

When BIND is installed you need to create the following files (click on the arrow to see the content of the files):

/etc/bind/named.conf
administrator@dns:~$ sudo nano /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
administrator@dns:~$
/etc/bind/named.conf.options
administrator@dns:~$ sudo nano /etc/bind/named.conf.options
//
// File: /etc/bind/named.conf.options
//

 options {
  directory "/var/cache/bind";
  recursion yes;
  notify yes;
  allow-query { any; };
  allow-query-cache { any; };
  allow-recursion { any; };
  forwarders { 8.8.8.8; };
  dnssec-validation no;
  auth-nxdomain no; # conform to RFC1035
  listen-on { localhost; any; };
  listen-on-v6 { localhost; any; };
  allow-transfer { any; };
};
administrator@dns:~$
/etc/bind/named.conf.local
administrator@dns:~$ sudo nano /etc/bind/named.conf.local
//
// File: /etc/bind/named.conf.local
//

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "sddc.lab" {
  type master;
  allow-update { any; };         // Needs to include the IP address of the Ansible control station
  allow-transfer { any; };       // Needs to include the IP address of the Ansible control station for utils/showdns
  file "/var/lib/bind/db.sddc.lab";
};
zone "203.10.in-addr.arpa" {
  type master;
  allow-update { any; };         // Needs to include the IP address of the Ansible control station
  allow-transfer { any; };       // Needs to include the IP address of the Ansible control station for utils/showdns
  file "/var/lib/bind/db.10.203";
};
administrator@dns:~$
/var/lib/bind/db.sddc.lab
administrator@dns:~$ sudo nano /var/lib/bind/db.sddc.lab
$ORIGIN .
$TTL 604800     ; 1 week
sddc.lab                IN SOA  dns.sddc.lab. admin.sddc.lab. (
                                329        ; serial
                                604800     ; refresh (1 week)
                                86400      ; retry (1 day)
                                2419200    ; expire (4 weeks)
                                604800     ; minimum (1 week)
                                )
                        NS      dns.sddc.lab.
$ORIGIN sddc.lab.
dns                     A       10.203.0.5
$TTL 3600       ; 1 hour
Pod-100-ComputeA-1  A   10.203.100.111
Pod-100-ComputeA-2  A   10.203.100.112
Pod-100-ComputeA-3  A   10.203.100.113
Pod-100-ComputeB-1  A   10.203.100.121
Pod-100-ComputeB-2  A   10.203.100.122
Pod-100-ComputeB-3  A   10.203.100.123
Pod-100-Edge-1      A   10.203.100.191
Pod-100-Edge-2      A   10.203.100.192
Pod-100-Edge-3      A   10.203.100.193
Pod-100-Mgmt-1      A   10.203.100.101
Pod-100-Mgmt-2      A   10.203.100.102
Pod-100-Mgmt-3      A   10.203.100.103
Pod-100-NSXT-CSM    A   10.203.100.15
Pod-100-NSXT-GM     A   10.203.100.7
Pod-100-NSXT-GM-1   A   10.203.100.8
Pod-100-NSXT-LM     A   10.203.100.11
Pod-100-NSXT-LM-1   A   10.203.100.12
Pod-100-NSXT-LM-2   A   10.203.100.13
Pod-100-NSXT-LM-3   A   10.203.100.14
Pod-100-Router      CNAME   Pod-100-Router-Uplink.SDDC.Lab.
Pod-100-Router-IPStorage A  10.203.103.1
Pod-100-Router-Management A 10.203.100.1
Pod-100-Router-NSXEdgeUplink1 A 10.203.106.1
Pod-100-Router-NSXEdgeUplink2 A 10.203.107.1
Pod-100-Router-RTEP A   10.203.108.1
Pod-100-Router-ServiceVM A  10.203.105.1
Pod-100-Router-Transport A  10.203.104.1
Pod-100-Router-Uplink   A   10.203.0.100
Pod-100-Router-VMNetwork A  10.203.109.1
Pod-100-Router-vMotion  A   10.203.101.1
Pod-100-Router-vSAN A   10.203.102.1
Pod-100-T0-EdgeVM-01    A   10.203.100.254
Pod-100-T0-EdgeVM-02    A   10.203.100.253
Pod-100-vCenter     A   10.203.100.5
Pod-100-vRLI        A   10.203.100.6
Pod-100-vRLI-1      A   10.203.100.20
administrator@dns:~$
/var/lib/bind/db.10.203
administrator@dns:~$ sudo nano /var/lib/bind/db.10.203
$ORIGIN .
$TTL 604800     ; 1 week
203.10.in-addr.arpa     IN SOA  dns.sddc.lab. admin.sddc.lab. (
                                298        ; serial
                                604800     ; refresh (1 week)
                                86400      ; retry (1 day)
                                2419200    ; expire (4 weeks)
                                604800     ; minimum (1 week)
                                )
                        NS      dns.sddc.lab.
$ORIGIN 0.203.10.in-addr.arpa.
$TTL 3600       ; 1 hour
100                     PTR     Pod-100-Router-Uplink.SDDC.Lab.
$TTL 604800     ; 1 week
5                       PTR     dns.sddc.lab.
$ORIGIN 100.203.10.in-addr.arpa.
1                       PTR     Pod-100-Router-Management.SDDC.Lab.
12                      PTR     Pod-100-NSXT-LM-1.SDDC.Lab.
13                      PTR     Pod-100-NSXT-LM-2.SDDC.Lab.
14                      PTR     Pod-100-NSXT-LM-3.SDDC.Lab.
15                      PTR     Pod-100-NSXT-CSM.SDDC.Lab.
21                      PTR     Pod-100-ESXi-21.SDDC.Lab.
22                      PTR     Pod-100-ESXi-22.SDDC.Lab.
23                      PTR     Pod-100-ESXi-23.SDDC.Lab.
31                      PTR     Pod-100-ESXi-31.SDDC.Lab.
32                      PTR     Pod-100-ESXi-32.SDDC.Lab.
33                      PTR     Pod-100-ESXi-33.SDDC.Lab.
5                       PTR     Pod-100-vCenter.SDDC.Lab.
6                       PTR     Pod-100-vRLI.SDDC.Lab.
8                       PTR     Pod-100-NSXT-GM.SDDC.Lab.
91                      PTR     Pod-100-ESXi-91.SDDC.Lab.
92                      PTR     Pod-100-ESXi-92.SDDC.Lab.
93                      PTR     Pod-100-ESXi-93.SDDC.Lab.
$ORIGIN 203.10.in-addr.arpa.
1.101                   PTR     Pod-100-Router-vMotion.SDDC.Lab.
1.102                   PTR     Pod-100-Router-vSAN.SDDC.Lab.
1.103                   PTR     Pod-100-Router-IPStorage.SDDC.Lab.
1.104                   PTR     Pod-100-Router-Transport.SDDC.Lab.
1.105                   PTR     Pod-100-Router-ServiceVM.SDDC.Lab.
254.105                 PTR     Pod-100-T0-EdgeVM-02.SDDC.Lab.
253.105                 PTR     Pod-100-T0-EdgeVM-01.SDDC.Lab.
1.106                   PTR     Pod-100-Router-NSXEdgeUplink1.SDDC.Lab.
1.107                   PTR     Pod-100-Router-NSXEdgeUplink2.SDDC.Lab.
1.108                   PTR     Pod-100-Router-RTEP.SDDC.Lab.
1.109                   PTR     Pod-100-Router-VMNetwork.SDDC.Lab.

$TTL 604800     ; 1 week
dns                     A       10.203.0.5
administrator@dns:~$

When you have all the configuration files in place with the correct DNS records you need to restart the DNS service. 

administrator@dns:~$ sudo systemctl restart named

You can verify if BIND is running as it should: 

administrator@dns:~$ sudo systemctl status named
● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2020-10-08 07:51:15 UTC; 6s ago
       Docs: man:named(8)
   Main PID: 2382 (named)
      Tasks: 8 (limit: 2282)
     Memory: 17.0M
     CGroup: /system.slice/named.service
             └─2382 /usr/sbin/named -f -u bind

Oct 08 07:51:15 dns named[2382]: command channel listening on ::1#953
Oct 08 07:51:15 dns named[2382]: managed-keys-zone: loaded serial 3
Oct 08 07:51:15 dns named[2382]: zone 0.in-addr.arpa/IN: loaded serial 1
Oct 08 07:51:15 dns named[2382]: zone 203.10.in-addr.arpa/IN: loaded serial 298
Oct 08 07:51:15 dns named[2382]: zone 127.in-addr.arpa/IN: loaded serial 1
Oct 08 07:51:15 dns named[2382]: zone sddc.lab/IN: loaded serial 329
Oct 08 07:51:15 dns named[2382]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 08 07:51:15 dns named[2382]: zone localhost/IN: loaded serial 2
Oct 08 07:51:15 dns named[2382]: all zones loaded
Oct 08 07:51:15 dns named[2382]: running
administrator@dns:~$

Some other useful BIND commands can be found below.

Start BIND
administrator@dns:~$ sudo systemctl start named
Restart BIND
administrator@dns:~$ sudo systemctl restart named
BIND Status (Useful to show errors in configuration)
administrator@dns:~$ sudo systemctl status named
Enable auto-start at enable BIND
administrator@dns:~$ sudo systemctl enable named
Verify all listeners are operational
administrator@dns:~$ sudo netstat -lnptu

STEP 4» Install NTP 〈server〉

Install NTP Server. 

administrator@dns:~$ sudo apt install ntp

STEP 5» Configure NTP 〈Server〉

Edit this file /etc/ntp.confto point to your closest NTP server in the internet.

Look up the NTP servers that are close to you with this link. Replace the above NTP servers in the config files with the NTP server that is closest to you

/etc/ntp.conf
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool 0.ubuntu.pool.ntp.org iburst
pool 1.ubuntu.pool.ntp.org iburst
pool 2.ubuntu.pool.ntp.org iburst
pool 3.ubuntu.pool.ntp.org iburst

You can verify if NTP is running as it should: 

sudo systemctl status ntp 
administrator@dns:~$ sudo systemctl status ntp
● ntp.service - Network Time Service
     Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2020-10-08 07:58:44 UTC; 4min 44s ago
       Docs: man:ntpd(8)
   Main PID: 2636 (ntpd)
      Tasks: 2 (limit: 2282)
     Memory: 1.2M
     CGroup: /system.slice/ntp.service
             └─2636 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 113:118

Oct 08 07:58:48 dns ntpd[2636]: Soliciting pool server 45.55.58.103
Oct 08 07:58:48 dns ntpd[2636]: Soliciting pool server 213.206.165.21
Oct 08 07:58:49 dns ntpd[2636]: Soliciting pool server 194.29.130.252
Oct 08 07:58:49 dns ntpd[2636]: Soliciting pool server 72.5.72.15
Oct 08 07:58:49 dns ntpd[2636]: Soliciting pool server 91.189.94.4
Oct 08 07:58:50 dns ntpd[2636]: Soliciting pool server 91.189.89.198
Oct 08 07:58:50 dns ntpd[2636]: Soliciting pool server 195.171.43.12
Oct 08 07:58:51 dns ntpd[2636]: Soliciting pool server 91.189.89.199
Oct 08 07:58:51 dns ntpd[2636]: Soliciting pool server 91.198.10.4
Oct 08 07:58:52 dns ntpd[2636]: Soliciting pool server 91.189.91.157
administrator@dns:~$

Continue with >> Lab:Install and configure a (nested) vSphere SDDC

Retrieved from "http://www.iwanhoogendoorn.nl/index.php?title=Lab:Install_and_configure_a_DNS_Server_using_BIND&oldid=5153"