Sunday, 9 September 2007

Running a DNS Server on an FSG3 Network Storage Box

I have a NAS box in the house, which is used to store my music and video. In the house, also, I have an internet radio / media player, and a networked satellite receiver, and of course, a webserver which recognises several different names (virtual hosts) to direct the access to different directories.

I want to be able to refer to these devices by name, rather than IP address, but I don’t want to go around hacking hosts files on every machine - the solution is to use a named server, and point all the machines in the house towards it. This has the advantage that I can override the internet recognised domain (e.g. trumpton.org.uk), to divert the address locally.

I have just upgraded my FSG3 to the latest kernel (2.6).

Firstly, I needed the name server (in a package called bind), and a dependant package (openssl). I downloaded bind_9.3.4-1_armeb.ipk and openssl_0.9.7m-2_armeb.ipk, and installed them on the FSG3 with the ipkg command.

Next, I created the name server files. Rather than storing them in the default /opt directory, I have decided to install them into /home/named - this means that the files will be retained following any firmware upgrade (on this particular device).

Note that in these files, a semicolon indicates the start of a comment, not the end of a line. If there are no comments, no semicolons are needed.

The first file is named.conf:

options {
pid-file “/home/named/named.pid”;
directory “/home/named”;
port 53;
};

// Internet Root Servers
zone “.” {
type hint;
file “root.zone”;
};

// Local Host Loopback
zone “0.0.127.in-addr.arpa” {
type master;
file “db.local”;
};

// Local network Addresses
zone “local” {
type master;
file “local.network”;
};

// Local netork Reverse Addresses
zone “14.168.192.in-addr.arpa” {
type master;
file “rev.local.network”;
};

// trumpton.org.uk
zone “trumpton.org.uk” {
type master;
file “trumpton.org.uk”;
};

The file contains pointers to all of the named configuration files - the options section identifies where files reside, the zone sections identify the forward (i.e. loking up www.trumpton.org.uk) and the reverse (i.e. looking up 192.168.14.1) files. The special zone file ‘.’ has pointers to other servers on the internet for the various naming authorities (RIPE, ARIN etc..).

The ’local’network’ file contains the names for the local (internal) network:

@ IN SOA webserver.local. junkmail.trumpton.org.uk. (
2006012103; serial
28800; refresh, seconds
7200; retry, seconds
604800; expire, seconds
86400 ); minimum, seconds;
NS web.local.;
;
MX 10 web.local.;
;
local. A 192.168.14.1
internet A 192.168.14.1
cam 192.168.14.100
desktop A 192.168.14.101
satbox A 192.168.14.102
nasmedia A 192.168.14.103
netradio A 192.168.14.104

web A 192.168.14.105

The part at the top of the file is used to put a timestamp on the file, and tell other servers on a network how often they should be updated. The list following, gives the names of all of the machines, and their corresponding IP addresses.

Of course, if you have an IP address, and want to know the machine name, you need reverse lookups - that is what the rev.local.network is for:

@ IN SOA webserver.local. junkmail.trumpton.org.uk. (
2006012103; serial
28800; refresh, seconds
7200; retry, seconds
604800; expire, seconds
86400 ); minimum, seconds;
NS web.local.;
;

1 PTR internet.local.
100 PTR cam.local.
101 PTR desktop.local.
102 PTR satbox.local.
103 PTR nasmedia.local.
104 PTR netradio.local.
105 PTR web.local.

The file ‘trumpton.org.uk’ contains the name lookups. Note, however, the MX entries here - these point to my service provider’s mail exchange, as in my case, all mail goes through their servers, and I do not run my own mail server. If I did, these would simply point to ‘trumpton.org.uk’. Note the ‘.’ at the end of a name - if the dot exists, it indicates that this is the end of the name, and if it is missing, the domain specified in the named.conf file for this particular file is appended.

@ IN SOA webserver.local. junkmail.trumpton.org.uk. (
2006012103 ; serial
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ; minimum, seconds
) ;

NS web.local.;
;
MX 10 easymx2.easily.co.uk.;
MX 10 rhea.easily.co.uk.;
;
trumpton.org.uk. A 192.168.14.105
www A 192.168.14.105

Once the files are in place, it’s just a matter of editing the S09named script that was installed in the ipkg to refer to the correct directories, copying it to the /etc/rc directory, and starting it with /etc/rc/S09named start.

Im my case, the ‘pidof’ program was missing. Rather than installin the bundle that includes pidof, I created /bin/pidof

PSLIST=”`ps -ef | grep $1 | grep -v pidof | grep -v grep | cut -c1-5`”
echo “$PSLIST”

Now, the computers on the network need to be pointed at this DNS, rather than the firewall’s one. Usually, it is possible to add at least two entries, mine are:

nameserver 192.168.14.1
nameserver 192.168.14.5

1 comment:

  1. Thanks a lot! I hope this will help. I’ll try it out.

    ReplyDelete