OpenBSD: Unbound Domain Name Server

Local DNS Server Relay

Introduction

A Local DNS Server Relay is useful within a local network when an internet-facing web server is present, and you wish to access it by name from within the local network.

A DNS Server with a local override enables the internet addresses of internal webservers to be overridden with the internal address instead of the external internet address.

This is useful, particularly when the internet modem that does the network address translation from the internet address (WAN) to the appopriate local area network address (LAN) is unable to "loop-back" the TCP packets destined for the internal network.

The solution is to run a local DNS server, but override the names of the internal webservers. Two programs can do this (dnsmasq and unbound).

Unbound refers the DNS queries through the root nameservers on the internet, rather than relaying them through the ISP. It also caches the query results. Because dnsmasq does neither of these, it is slightly slower. This note describes the installation of unbound on OpenBSD.

Installation

Install unbound:

pkg_add -i ftp://ftp.mirrorservice.org/pub/OpenBSD/snapshots/packages/i386/unbound-1.4.7.tgz

Download the root domain name servers:

mkdir /var/unbound/var/hints
cd /var/unbound/var/hints
ftp ftp://FTP.INTERNIC.NET/domain/named.cache

Edit the configuration file /var/unbound/etc/unbound.conf:

interface: 0.0.0.0
access-control: 0.0.0.0/0 allow
outgoing-range: 64
chroot: "/var/unbound"
directory: "etc"
root-hints: "/var/hints/named.cache"
local-zone: "local." static
local-data: "mycomputer.local." IN A 192.168.2.1
local-data: "www.mydomainname.co.uk" IN A 192.168.2.2

Change the default DNS server to be the local machine:

1. If the DNS server list is passed via DHCP, it should be done on the DHCP server (usually the modem that interfaces to the internet).
2. If the DNS server list is configured statically, it must be modified on each machine on the internal network - note that DHCP is a better mechanism for alocation, particularly with laptops and other mobile computers.

Create a startup script in /etc/rc.d/unbound:

#!/bin/sh
#
# unbound domain name server
#

daemon="/usr/local/sbin/unbound"
daemon_flags=""
. /etc/rc.d/rc.subr
rc_cmd $1

Start the server:

/etc/rc.d/unbound start

Making Things Permanent

Edit /etc/rc.conf, and ensure that unbound is included in the rc_scripts section.

# rc.d(8) daemons scripts
# started in the specified order and stopped in reverse order
rc_scripts="unbound samba"

Integrating into the Admin Webserver

In order to integrate this function into the admin webserver, the local server entries must be unplugged from the unbound.conf file, and produced automatically.

Remove the local-data lines from the unbound.conf file.
Copy the unbound.conf file to unbound.src.
Create a script in /var/localadm/bin/reconfiguredns:

#!/bin/sh
cat /var/unbound/etc/unbound.etc /var/localadm/etc/unbound.local-data > /var/unbound/etc/unbound.conf
/etc/rc.d/unbound restart

OpenBSD: Formatting Disks

This note shows how to identify and format a disk using OpenBSD.

Tools

fdisk - partition table editor
disklabel - BSD partition editor
newfs - formatter

Steps

1. Identify name of new disk, for example, insert a USB stick, then type 'dmesg'

scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0: SCSI2 0/direct removable
sd0: 1000MB, 512 bytes/sec, 2048000 sec total

2. Allocate the whole disk to BSD

This is done so that if it is used in another operating system, it will be pre-allocated. This is done using fdisk. You can select 'help' at any time. You may wish to remove existing partitions, such as ones associated with Windows / Fat32 etc - if so, simply change the partition type to 0 using the edit command.

# fdisk -e sd0
fdisk: 1> edit 3
Partition id ('0' to disable) [0 - FF]: [0] (? for help) A6
Do you wish to edit in CHS mode? [n]
offset: [0]
size: [0] *
fdisk:*1> w
Writing MBR at offset 0.
fdisk: 1> q

# fdisk sd0
Disk: sd0 geometry: 127/255/63 [2048000 Sectors]
Offset: 0 Signature: 0xAA55
Starting Ending LBA Info:
#: id C H S - C H S [ start: size ]
-------------------------------------------------------------------------------
0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
3: A6 0 0 1 - 127 122 59 [ 0: 2048000 ] OpenBSD

3. Create a whole partition on the disk with disklabel (the * means whole disk):

# disklabel -E sd0
> a
partition: [a]
offset: [0]
size: [2048000] *
FS type: [4.2BSD]
> w
> x

4. Format the disk:

# newfs sd0a
/dev/rsd0a: 1000.0MB in 2048000 sectors of 512 bytes
5 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each super-block backups (for fsck -b #) at:
32, 414688, 829344, 1244000, 1658656,

5. Add an entry in the fstab file

/dev/sd0a /mnt/usb ffs rw,nodev,nosuid 1 2

6. Mount the disk

This will be done automatically on boot, however the first time, the following commands should be used.

# mkdir /mnt/usb
# mount /mnt/usb