Introduction
A Local DNS Server Relay is useful within a local network when an internet-facing web server is present, and you wish to access it by name from within the local network.
A DNS Server with a local override enables the internet addresses of internal webservers to be overridden with the internal address instead of the external internet address.
This is useful, particularly when the internet modem that does the network address translation from the internet address (WAN) to the appopriate local area network address (LAN) is unable to "loop-back" the TCP packets destined for the internal network.
The solution is to run a local DNS server, but override the names of the internal webservers. Two programs can do this (dnsmasq and unbound).
Unbound refers the DNS queries through the root nameservers on the internet, rather than relaying them through the ISP. It also caches the query results. Because dnsmasq does neither of these, it is slightly slower. This note describes the installation of unbound on OpenBSD.
Installation
Install unbound:
pkg_add -i ftp://ftp.mirrorservice.org/pub/OpenBSD/snapshots/packages/i386/unbound-1.4.7.tgzDownload the root domain name servers:
mkdir /var/unbound/var/hintsEdit the configuration file /var/unbound/etc/unbound.conf:
cd /var/unbound/var/hints
ftp ftp://FTP.INTERNIC.NET/domain/named.cache
interface: 0.0.0.0Change the default DNS server to be the local machine:
access-control: 0.0.0.0/0 allow
outgoing-range: 64
chroot: "/var/unbound"
directory: "etc"
root-hints: "/var/hints/named.cache"
local-zone: "local." static
local-data: "mycomputer.local." IN A 192.168.2.1
local-data: "www.mydomainname.co.uk" IN A 192.168.2.2
- If the DNS server list is passed via DHCP, it should be done on the DHCP server (usually the modem that interfaces to the internet).
- If the DNS server list is configured statically, it must be modified on each machine on the internal network - note that DHCP is a better mechanism for alocation, particularly with laptops and other mobile computers.
#!/bin/shStart the server:
#
# unbound domain name server
#
daemon="/usr/local/sbin/unbound"
daemon_flags=""
. /etc/rc.d/rc.subr
rc_cmd $1
/etc/rc.d/unbound startMaking Things Permanent
Edit /etc/rc.conf, and ensure that unbound is included in the rc_scripts section.
# rc.d(8) daemons scriptsIntegrating into the Admin Webserver
# started in the specified order and stopped in reverse order
rc_scripts="unbound samba"
In order to integrate this function into the admin webserver, the local server entries must be unplugged from the unbound.conf file, and produced automatically.
Remove the local-data lines from the unbound.conf file.
Copy the unbound.conf file to unbound.src.
Create a script in /var/localadm/bin/reconfiguredns:
#!/bin/sh
cat /var/unbound/etc/unbound.etc /var/localadm/etc/unbound.local-data > /var/unbound/etc/unbound.conf
/etc/rc.d/unbound restart
No comments:
Post a Comment