Entrepreneur

How (and Why) I Wander My Possess DNS Servers

How (and Why) I Wander My Possess DNS Servers

 

Introduction

Despite my woeful data of networking, I creep my own DNS servers on my own web sites creep from dwelling.

I performed this through trial and mistake and now it requires nearly zero repairs, even supposing I don’t enjoy a static IP at dwelling.

Right here I share how (and why) I persist in this endeavour.

Overview

Right here’s an elaborate of the setup:

Right here’s how I build up my DNS. I:

  • got a web page from an authority (a .tk domain in my case)
  • build up glue data to defer DNS queries to my nameservers
  • build up nameservers with static IPs
  • build up a dynamic DNS updater from dwelling

How?

Walking through step-by-step how I did it:

1) Spot up two Virtual Personal Servers (VPSes)

You should well perhaps perhaps need two stable machines with static IP addresses.

Whereas you happen to’re now no longer fortunate adequate to enjoy these to your possession, then you definately could perhaps well additionally build one up on the cloud. I feeble this place, nonetheless there are masses accessible.  NB I asked them, and their IPs are static per VPS. I spend basically the most payment-fine cloud VPS (1$/month) and build up debian on there.

NOTE: Change any point out of DNSIP1 and DNSIP2 below with the first and second static IP addresses you are given.

Run surfing and build up root password

SSH to the servers and build up a solid root password.

2) Spot up domains

You should well perhaps perhaps need two domains: one to your dns servers, and one for the applying working to your host.

I spend dot.tk to rep free throwaway domains. On this case, I’d setup a myuniquedns.tk DNS domain and a myuniquesite.tk place domain.

Regardless of you elect, change your DNS domain while you happen to gaze YOURDNSDOMAIN below. Within the same plan, change your app domain while you happen to gaze YOURSITEDOMAIN below.

three) Spot up a ‘glue’ sigh

Whereas you happen to employ dot.tk as above, then to indicate possibilities are you’ll perhaps perhaps additionally protect an eye on the YOURDNSDOMAIN domain possibilities are you’ll perhaps perhaps need to position up a ‘glue’ sigh.

What this does is whisper the most fresh domain authority (dot.tk) to defer to your nameservers (the 2 servers you’ve build up) for this converse domain. In every other case it retains referring reduction to the .tk domain for the IP.

Survey here for a fuller clarification.

One other very most attention-grabbing clarification is here.

To attain this you’ll want to to envision with the authority responsible how that is done, or turn out to be the authority yourself.

dot.tk has an web interface for setting up a glue sigh, so I feeble that.

There, you’ll want to to transfer to ‘Spot up Domains’ => ‘Spot up Arena’ => ‘Administration Instruments’ => ‘Register Glue Facts’ and rep out the form.

Your two hosts will be known as ns1.YOURDNSDOMAIN and ns2.YOURDNSDOMAIN, and the glue data will screech either IP address.

Display, possibilities are you’ll perhaps perhaps need to wait a pair of hours (or longer) for this to capture attain. If in actuality uncertain, give it a day.


Whereas you happen to take care of this put up, possibilities are you’ll perhaps perhaps be attracted to my ebook Learn Bash the Exhausting Map, on hand here for lawful $5.


Four) Install bind on the DNS Servers

On a Debian machine (to illustrate), and as root, form:

very most attention-grabbing set up bind9

bind is the domain name server instrument possibilities are you’ll perhaps perhaps be working.

5) Configure bind on the DNS Servers

Now, that is the furry bit.

There are two facets this with two files enthusiastic: named.conf.native, and the db.YOURDNSDOMAIN file.

They are both in the /etc/bind folder. Navigate there and edit these files.

Part 1 – named.conf.native

This file lists the ‘zone’s (domains) served by your DNS servers.

It additionally defines whether or now no longer this bind occasion is the ‘master’ or the ‘slave’. I’ll choose ns1.YOURDNSDOMAIN is the ‘master’ and ns2.YOURDNSDOMAIN is the ‘slave.

Part 1a – the master

On the master/ns1.YOURNDSDOMAIN, the named.conf.native wants to be changed to sight take care of this:

zone "YOURDNSDOMAIN" {
 form master;
 file "/etc/bind/db.YOURDNSDOMAIN";
 enable-transfer { DNSIP2; };
};
zone "YOURSITEDOMAIN" {
 form master;
 file "/etc/bind/YOURDNSDOMAIN";
 enable-transfer { DNSIP2; };
};

zone "14.127.seventy five.in-addr.arpa" {
 form master;
 speak no;
 file "/etc/bind/db.seventy five";
 enable-transfer { DNSIP2; };
};

logging {
 channel build a matter to.log {
 file "/var/log/build a matter to.log";
 // Spot the severity to dynamic to gaze the whole debug messages.
 severity debug three;
 };
category queries { build a matter to.log; };
};

The going surfing the bottom is now no longer compulsory (I mediate). I added it a whereas ago, and I leave it in here for ardour. I don’t know what the 14.127 zone stanza is about.

Part 1b – the slave

On the slave/ns2.YOURNDSDOMAIN, the named.conf.native wants to be changed to sight take care of this:

zone "YOURDNSDOMAIN" {
 form slave;
 file "/var/cache/bind/db.YOURDNSDOMAIN";
 masters { DNSIP1; };
};

zone "YOURSITEDOMAIN" {
 form slave;
 file "/var/cache/bind/db.YOURSITEDOMAIN";
 masters { DNSIP1; };
};

zone "14.127.seventy five.in-addr.arpa" {
 form slave;
 file "/var/cache/bind/db.seventy five";
 masters { DNSIP1; };
};

 

Part 2 – db.YOURDNSDOMAIN

Now we rep to the meat – your DNS database is kept in this file.

On the master/ns1.YOURDNSDOMAIN the db.YOURDNSDOMAIN file looks take care of this:

$TTL 4800
@ IN SOA ns1.YOURDNSDOMAIN. YOUREMAIL.YOUREMAILDOMAIN. (
  2018011615 ; Serial
  604800 ; Refresh
  86400 ; Retry
  2419200 ; Expire
  604800 ) ; Antagonistic Cache TTL
;
@ IN NS ns1.YOURDNSDOMAIN.
@ IN NS ns2.YOURDNSDOMAIN. 
ns1 IN A DNSIP1
ns2 IN A DNSIP2
YOURSITEDOMAIN. IN A YOURDYNAMICIP

On the slave/ns2.YOURDNSDOMAIN it’s staunch same, nonetheless has ns1 in the SOA line, and the IN NS lines reversed. I will’t be conscious if this reversal is wanted or now no longer…:

$TTL 4800 @ IN SOA ns1.YOURDNSDOMAIN. YOUREMAIL.YOUREMAILDOMAIN. (
  2018011615 ; Serial
 604800 ; Refresh
 86400 ; Retry
 2419200 ; Expire
 604800 ) ; Antagonistic Cache TTL
;
@ IN NS ns1.YOURDNSDOMAIN.
@ IN NS ns2.YOURDNSDOMAIN. 
ns1 IN A DNSIP1
ns2IN A DNSIP2
YOURSITEDOMAIN. IN A YOURDYNAMICIP

A couple of notes on the above:

  • The dots on the end of lines are now no longer typos – that is how domains are written in bind files. So google.com is written google.com.
  • The YOUREMAIL.YOUREMAILDOMAIN. allotment need to be changed by your individual email. To illustrate, my email address: ian.miell@gmail.com becomes ianmiell.gmail.com..  Display additionally that the dot between first and closing name is dropped. email ignores those anyway!
  • YOURDYNAMICIP is the IP address your domain wants to be pointed to (ie the IP address returned by the DNS server). It doesn’t subject what it is at this point, on fable of….

the following step is to dynamically change the DNS server with your dynamic IP address whenever it changes.

6) Reproduction ssh keys

Sooner than setting up your dynamic DNS you’ll want to to position up your ssh keys in grunt that your plan server can rep entry to the DNS servers.

NOTE: Right here’s now no longer security advice. Exercise at your individual risk.

First, test whether or now no longer you already enjoy an ssh key generated:

ls ~/.ssh/id_rsa

If that returns a file, you’re all build up. In every other case, form:

ssh-keygen

and accept the defaults.

Then, whereas possibilities are you’ll perhaps perhaps additionally enjoy a key build up, reproduction your ssh ID to the nameservers:

ssh-reproduction-identification root@DNSIP1
ssh-reproduction-identification root@DNSIP2

Inputting your root password on each and every screech.

7) Develop an IP updater script

Now ssh to both servers and plan this script in /root/update_ip.sh:

#!/bin/bash
build -o nounset
sed -i "s/^(.*) IN A (.*)$/1 IN A $1/" /etc/bind/db.YOURDNSDOMAIN
sed -i "s/.*Serial$/ $(date +%Yp.cmp.cdp.cH) ; Serial/" /etc/bind/db.YOURDNSDOMAIN
/etc/init.d/bind9 restart

Effect it executable by working:

chmod +x /root/update_ip.sh

Going through it line by line:

This line throws an error if the IP is now no longer handed in as the argument to the script.

  • sed -i "s/^(.*) IN A (.*)$/1 IN A $1/" /etc/bind/db.YOURDNSDOMAIN

Replaces the IP address with the contents of the first argument to the script.

  • ​​​sed -i "s/.*Serial$/ $(date +%Yp.cmp.cdp.cH) ; Serial/" /etc/bind/db.YOURDNSDOMAIN

U.s.a.the ‘serial quantity’

  • /etc/init.d/bind9 restart

Restart the bind service on the host.

Eight) Cron Your Dynamic DNS

At this point you’ve got rep entry to to change the IP when your dynamic IP changes, and the script to achieve the change.

Right here’s the raw cron entry:

* * * * * curl ifconfig.co 2>/dev/null > /tmp/ip.tmp && (diff /tmp/ip.tmp /tmp/ip || (mv /tmp/ip.tmp /tmp/ip && ssh root@DNSIP1 "/root/update_ip.sh $(cat /tmp/ip)")); curl ifconfig.co 2>/dev/null > /tmp/ip.tmp2 && (diff /tmp/ip.tmp2 /tmp/ip2 || (mv /tmp/ip.tmp2 /tmp/ip2 && ssh root@192.210.238.236 "/root/update_ip.sh $(cat /tmp/ip2)"))

Breaking this screech down miniature by miniature:

curl ifconfig.co 2>/dev/null > /tmp/ip.tmp

This curls a ‘what’s my IP address’ place, and deposits the output to /tmp/ip.tmp

diff /tmp/ip.tmp /tmp/ip || (mv /tmp/ip.tmp /tmp/ip && ssh root@DNSIP1 "/root/update_ip.sh $(cat /tmp/ip)"))

This diffs the contents of /tmp/ip.tmp with /tmp/ip (which is yet to be created, and holds the closing-updated ip address). If there is an error (ie there could be a fresh IP address to change on the DNS server), then the subshell is creep. This overwrites the ip address, after which ssh’es onto the

The identical process is then repeated for DNSIP2 the utilization of separate files (/tmp/ip.tmp2 and /tmp/ip2).

 

Why!?

You would be questioning why I attain this in the age of cloud services and products and outsourcing. There’s a pair of causes.

It’s Low payment

The cost of working this stays on the value of the 2 nameservers (24$/365 days) no subject  what number of domains I build up and no subject I are searching to achieve with them.

Finding out

I’ve learned loads by doing this, doubtlessly some distance higher than any route would enjoy taught me.

More Alter

I will attain what I take care of with these domains: build up any sequence of subdomains, strive my hand at stable mail tactics, experiment with imprecise DNS data and an awfully good deal of others.

I could perhaps well lengthen this into a service. Whereas you happen to’re , my charges are very low 🙂


Whereas you happen to take care of this put up, possibilities are you’ll perhaps perhaps be attracted to my ebook Learn Bash the Exhausting Map, on hand here for lawful $5.


 

 

Learn More

Previous ArticleNext Article

Send this to a friend