DevTech101

DevTech101
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Installing and configuring a Bind DNS server on Solaris

I was recently working with an openstack installation in a Solaris environment, and to simplify the configuration I had the need to configure my own DNS server.
Below are the steps required to configure a Solaris 12(11.x) DNS server, the config was using BIND 9.x. Note: The steps should also work in in Solaris 11.3, but was tested on Solaris 12.

First install the bind pkg

pkg install pkg:/service/network/dns/bind

Now lets configure DNS

Note: I am using foo.com as the domain name, and 192.168.1.x/24 as the network. Yes I know this is a routable network, you can use 192.168.x or 172.16, 10.x. if you like.

First lets create a named.conf

Create a new named.conf
cat /etc/named.conf
include "/etc/rndc.key";

options {
        directory       "/etc/namedb/working";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";
        forwarders {
                8.8.8.8;
                4.4.4.4;
        };
        forward only;
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};


zone "." {
        type hint;
        file "/etc/namedb/root.hints";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/namedb/master/0.0.127.in-addr.arpa";
	allow-update { none; };
};

zone "foo.com" {
        type master;
        notify no;
        file "/etc/namedb/master/foo.com";
	allow-update { none; };
};

zone "1.180.192.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/namedb/master/1.180.192.in-addr.arpa";
	allow-update { none; };
};

Now lets generate a random (rndc) key

This will generate a rndc key file under /etc/
rndc-confgen -a

cat /etc/rndc.key 
key "rndc-key" {
	algorithm hmac-md5;
	secret "KHBH4L2EYsRpnK8oJyQlpw==";
};

Create the necessary directories

mkdir /var/dump
mkdir /var/stats
mkdir -p /var/run/namedb
mkdir -p /etc/namedb/master
mkdir -p /etc/namedb/working

Now lets create the zone files

First create the root.hints zone

; <<>> DiG 8.1 <<>> @A.ROOT-SERVERS.NET. 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUERY SECTION:
;;      ., type = NS, class = IN

;; ANSWER SECTION:
.                       6D IN NS        G.ROOT-SERVERS.NET.
.                       6D IN NS        J.ROOT-SERVERS.NET.
.                       6D IN NS        K.ROOT-SERVERS.NET.
.                       6D IN NS        L.ROOT-SERVERS.NET.
.                       6D IN NS        M.ROOT-SERVERS.NET.
.                       6D IN NS        A.ROOT-SERVERS.NET.
.                       6D IN NS        H.ROOT-SERVERS.NET.
.                       6D IN NS        B.ROOT-SERVERS.NET.
.                       6D IN NS        C.ROOT-SERVERS.NET.
.                       6D IN NS        D.ROOT-SERVERS.NET.
.                       6D IN NS        E.ROOT-SERVERS.NET.
.                       6D IN NS        I.ROOT-SERVERS.NET.
.                       6D IN NS        F.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
G.ROOT-SERVERS.NET.     5w6d16h IN A    192.112.36.4
J.ROOT-SERVERS.NET.     5w6d16h IN A    198.41.0.10
K.ROOT-SERVERS.NET.     5w6d16h IN A    193.0.14.129
L.ROOT-SERVERS.NET.     5w6d16h IN A    198.32.64.12
M.ROOT-SERVERS.NET.     5w6d16h IN A    202.12.27.33
A.ROOT-SERVERS.NET.     5w6d16h IN A    198.41.0.4
H.ROOT-SERVERS.NET.     5w6d16h IN A    128.63.2.53
B.ROOT-SERVERS.NET.     5w6d16h IN A    128.9.0.107
C.ROOT-SERVERS.NET.     5w6d16h IN A    192.33.4.12
D.ROOT-SERVERS.NET.     5w6d16h IN A    128.8.10.90
E.ROOT-SERVERS.NET.     5w6d16h IN A    192.203.230.10
I.ROOT-SERVERS.NET.     5w6d16h IN A    192.36.148.17
F.ROOT-SERVERS.NET.     5w6d16h IN A    192.5.5.241

;; Total query time: 215 msec
;; FROM: roke.uio.no to SERVER: A.ROOT-SERVERS.NET.  198.41.0.4
;; WHEN: Sun Feb 15 01:22:51 1998
;; MSG SIZE  sent: 17  rcvd: 436

Create the localhost reverse zone

cat 0.0.127.in-addr.arpa
$TTL 3D
@               IN      SOA     ns1.foo.com. root.foo.com. (
                                2016100301       ; Serial
                                28800            ; Refresh
                                7200             ; Retry
                                604800           ; Expire
                                86400)           ; Minimum TTL
                        NS      ns1.foo.com.
        
1                       PTR     localhost.

Create the foo.com zone

cat foo.com 
$TTL 3h
@       IN      SOA     ns1.foo.com. root.foo.com. (
        2016100301
        28800
        3600
        604800
        38400
)

             TXT     "ns1.foo.com, DNS txt record"
             IN      NS      ns1.foo.com.

localhost    IN      A       127.0.0.1
ns1          IN      A       192.180.1.1 ; Sol11 DNS client
                     TXT     "router/dns"
za           IN      A       192.180.1.11 ; Sol11 DNS client
                     TXT     "cloud system 1"
zb           IN      A       192.180.1.21 ; Sol11 DNS client
                     TXT     "cloud system 2"
zc           IN      A       192.180.1.31 ; Sol11 DNS client
                     TXT     "cloud system 3"

Create the revers 192.180 zone

cat 1.180.192.in-addr.arpa
$TTL 3h
@       IN      SOA     ns1.foo.com. root.foo.com. (
        2016100301
        28800
        3600
        604800
        38400
)

        IN      NS      ns1.foo.com.

1       IN      PTR     ns1.foo.com; Sol11 DNS client
11      IN      PTR     za.foo.com; Sol11 DNS client
21      IN      PTR     zb.foo.com; Sol11 DNS client
31      IN      PTR     zc.foo.com; Sol11 DNS client
Note: The zone above uses 3 Solaris zones za, zb and zc, but feel free to use your name.

Now lets verify all zone's are configured correctly

You should see something like the below.
named-checkconf -z /etc/named.conf
zone 0.0.127.in-addr.arpa/IN: loaded serial 2016100301
zone foo.com/IN: loaded serial 2016100301
zone 1.180.192.in-addr.arpa/IN: loaded serial 2016100301

Enable the DNS service

If all is correct DNS should now work.
svcadm enable dns/server
svcs dns/server
STATE          STIME    FMRI
online          1:09:58 svc:/network/dns/server:default
root@foo.com:~# 

Optional switch your dns (client dns) to use the local DNS

root@zc:~# svccfg -s svc:/network/dns/client
svc:/network/dns/client> setprop config/search=(foo.com foo2.com)
svc:/network/dns/client> setprop config/nameserver=192.180.1.1
svc:/network/dns/client> refresh
svc:/network/dns/client> exit
If all works correctly, you should get back the proper dns results.
root@zc:~# nslookup za
Server:		192.180.1.1
Address:	192.180.1.1#53

Name:	za.foo.com
Address: 192.180.1.11
References Solaris 11.3 DNS references
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x