FreeKB - Bind Named DNS Configure Bind DNS server on Docker
Bind Named DNS - Configure Bind DNS server on Docker

This assumes you have installed Bind on Docker and that Bind is up and running.


Firewall

If you have a firewall between your Bind DNS server and your systems that will be using the Bind DNS server, configure the firewall to allow traffic on port 53. For example, here is how you would allow traffic on port 53 in firewalld.

firewall-cmd --add-port=53/tcp --permanent
firewall-cmd --reload

 


DNSStubListener and resolved.conf

Use the lsof command to determine if systemd is listening on port 53.

lsof -i tcp:53
lsof -i udp:53

 

Set the DNSStubListener directive in /etc/systemd/resolved.conf to "no".

DNSStubListener=no

 

Restart the systemd-resolved service for this change to take effect.

systemctl deamon-reload
systemctl restart systemd-resolved

 


named.conf.options

With the following in your named.conf.options file, bind should be able to resolve entries listed in your forward and reverse lookup, and then use Googles name servers 8.8.8.8 and 8.8.4.4 for external lookup, storing successful resolutions in cache for quick, future lookups.

options {
  directory "/var/cache/bind";
  dnssec-validation auto;
  listen-on { any; };
  allow-query { any; };

  forwarders {
    8.8.8.8;
    8.8.4.4;
  };
};

 


Forward and Reverse lookups files

Create a forward and reverse lookup files. The forward lookup file resolves a hostname to an IP address. The reverse lookup file resolvs an IP address to a hostname.

The forward and reverse lookup files will be placed in the directory on your Docker server that will be mounted when the container is started, such as /usr/local/docker/bind/zones.

The forward.example.com.zone file could look something like this.

$ORIGIN example.com.
$TTL 1D
@ IN SOA  ns1.example.com. root.example.com. (
                                0  ; serial
                                1D ; refresh
                                1H ; retry
                                1W ; expire
                                3H ; minimum
)
; name servers
      IN   NS          ns1.example.com.
      IN   NS          ns2.example.com.

; hostname to IP address resolution
ns1   IN   A           192.168.0.6
ns2   IN   A           192.168.0.7
fs1   IN   A           192.168.0.8
fs2   IN   A           192.168.0.8

 

And the reverse.example.com.zone file something like this.

$TTL 1D
@ IN SOA  ns1.example.com. root.example.com. (
                                0  ; serial
                                1D ; refresh
                                1H ; retry
                                1W ; expire
                                3H ; minimum
)

0.168.192.in-addr.arpa.  IN  NS  ns1.example.com.
0.168.192.in-addr.arpa.  IN  NS  ns2.example.com.

@     IN   NS          ns1.example.com.
@     IN   NS          ns2.example.com.
ns1   IN   A           192.168.0.6
ns2   IN   A           192.168.0.7
6     IN   PTR         ns1.example.com.
7     IN   PTR         ns2.example.com.
8     IN   PTR         fs1.example.com.
9     IN   PTR         fs2.example.com.

 


Red Hat 7 and below (network scripts)

On systems using a Red Hat 7 or below distribution (CentOS, Fedora, Red Hat), the /etc/sysconfig/network-scripts/ifcfg-xxxxxxxxx file (or the /etc/network/interface file on a Debian distribution) is used to define the name servers the system will use.

PEERDNS=yes
DNS1=192.168.0.6
DNS2=192.168.0.7

 


Red Hat 8 and above (Network Manager)

The nmcli connection show (Network Manager CLI) command can be used to display the DNS servers being used.

~]# nmcli connection show ens192
ipv4.dns:  192.168.0.6,192.168.0.7

 

If needed, the nmcli connection modify command can be used to change the DNS servers being used. This change will be persistent, meaning the change will remain in place even if the system is rebooted.

nmcli connection modify eth0 ipv4.dns "10.124.141.51,10.112.42.10"
nmcli device reapply eth0

 


resolv.conf

The /etc/resolv.conf file should now contains your name servers.

~]# cat /etc/resolv.conf
nameserver 192.168.0.6
nameserver 192.168.0.7

 

And the resolvectl command should also display your name servers.

~]# resolvectl
Link 2 (eth0)
Current Scopes: DNS LLMNR/IPv4
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 192.168.0.6 192.168.0.7

 


Restart Bind

Restart the bind container, and ensure the container is up and running.

docker restart bind
docker container ls

 

The docker logs bind command should return something like this.

~]# docker logs bind
09-Oct-2021 11:24:55.730 all zones loaded
09-Oct-2021 11:24:55.731 running

 


Validate forward and reverse lookup zones

Ensure the forward and reverse zones return "OK".

~]# docker exec bind named-checkzone example.com /data/bind/zones/forward.example.com.zone
zone example.com/IN: loaded serial 2016032200
OK

~]# docker exec bind named-checkzone 0.168.192.in-addr.arpa /data/bind/zones/reverse.example.com.zone
zone 0.168.192.in-addr.arpa/IN: loaded serial 0
OK

 


Flush cache

Flush the DNS cache to ensure Bind is not using the cache for lookups.

docker exec bind rndc flush
docker exec bind rndc reload

 


nslookup

Use nslookup to see if the name server is able to resolve one of the hostnames in the forward lookup file to its IP address.

~]$ nslookup fs1.example.com
Server:              192.168.0.6
Address:             192.168.0.6#53

Non-authoritative answer:
Name:   fs1.example.com
Address: 192.168.0.8

 

And also reverse lookup.

~]# nslookup 192.168.0.8
8.0.168.192.in-addr.arpa       name = fs1.example.com.

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 6e4bb in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |