Raspberry Pi Bind9 DNS/DDNS (Dynamic DNS) Server

The Experiment: In this experiment were going to use bind9, dnssec-keygen and  nsupdate to build a Raspberry Pi DNS / DDNS (Dynamic DNS) Server.

Table of Contents

1. Required Software
2. Raspberry Pi Software Install
Raspbian Debian Wheezy
Set Static IP Address
Bind9
Configure Bind9
ddnsClient
3. Hardware
4. Prototype
5. Notes
6. Conclusion
7. Credits

Software:

Raspberry Pi
1. Raspbian Stretch
2. Bind9

Windows PC
1. Putty

^Top


Raspberry Pi Software Install


Raspbian Debian Stretch .img on SD

1. Download the Raspbian Debian Stretch here
2. Installing Operating System Images here Linux Mac OS Windows
^Top


Install Bind9

1. sudo apt-get update
2. sudo apt-get install bind9 bind9utils dnsutils

^Top


Configure Bind9

Add new folders
1. cd /etc/bind/
2. sudo mkdir primary
3. sudo chown -R bind:bind /etc/bind/primary
4. sudo mkdir ddnskeys

Generate secret key
1. cd /etc/bind/ddnskeys
2 sudo dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER sub.example.com.
3. sudo nano <your .key file name>
4. The Ksub.example.com.+157+59160.key contains <your secret key> which ends ==
5. The Ksub.example.com.+157+59160.private contains the <master key>

Will use the secret key in the named.conf.local file and the private key will be used in the ddnsClient file.

Cofigure DNS server
1. sudo nano /etc/bind/named.conf.local
2. Copy/Past text below:

include "/etc/bind/rndc.key";
//
// Do any DNS configuration here
//
zone "example.com" {
        type master;
        file "/etc/bind/db.example.com";
        allow-update { key rndc-key; };
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.example.com.inv";
        allow-update { key rndc-key; };
};
//
// Do any DDNS configuration here
//
zone "sub.example.com" {
        type master;
        file "/etc/bind/primary/sub.example.com";
        notify yes;
        allow-update { key sub.example.com.; };
        allow-query { any; };
};

key sub.example.com. {
        algorithm HMAC-MD5;
        secret "&amp;lt;your secret .key&amp;gt;";
};
//
// Consider adding the 1918 zones here,
// if they are not used in your organization
// include "/etc/bind/zones.rfc1918";

3. Ctrl+x – y-<enter>

Configure DNS forward lookup zone
1. sudo nano /etc/bind/db.example.com
2. Copy/Past text below:

;
; BIND data file for example.org
; 

$TTL    3600
@       IN      SOA     ns1.example.com. root.example.com. (
                        090401           ; Serial (NOTE: Needs to increment eve$
                          3600           ; Refresh [1h]
                           600           ; Retry   [10m]
                         86400           ; Expire  [1d]
                           600 )         ; Negative Cache TTL [1h]
;
@       IN      NS      ns1.example.com.
@       IN      A       192.168.1.22
;
ns1             A       192.168.1.22
server1         A       192.168.1.22
www             CNAME   server1

3. Ctrl+x – y-<enter>

Configure DNS reverse lookup zone
1. sudo nano /etc/bind/db.example.com.inv
2. Copy/Past text below:

;
; BIND data file for example.org.inv
;
$TTL    3600
@       IN      SOA      ns1.example.com. root.localhost. (
                         090401           ; Serial (NOTE: Needs to increment ever$
                           3600           ; Refresh [1h]
                            600           ; Retry   [10m]
                          86400           ; Expire  [1d]
                            600 )         ; Negative Cache TTL [1h]
                 NS      ns1.example.com.

22               PTR     example.com.
22               PTR     ns1.example.com.
22               PTR     www.example.com.

3. Ctrl x – y-<enter>

Configure DDNS forward lookup zone
1. sudo nano /etc/bind/primary/sub.example.com

;
; BIND data file for sub.example.com
;
$ORIGIN .
$TTL 86400      ; 1 day
sub.example.com         IN SOA  ns1.example.com. root.sub.example.com. (
                                2012080703 ; serial
                                28800      ; refresh (8 hours)
                                7200       ; retry (2 hours)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      ns1.example.com.
                        A       75.63.17.247

3. Ctrl+x – y-<enter>

Check DNS/DDNS configuration
1. sudo named-checkconf -z
2. Answer:

zone example.com/IN: loaded serial 90401
zone 1.168.192.in-addr.arpa/IN: loaded serial 90401
zone sub.example.com/IN: loaded serial 2012080703
zone localhost/IN: loaded serial 2
zone 127.in-addr.arpa/IN: loaded serial 1
zone 0.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1

Enable bind on boot
1.  sudo update-rc.d bind9 enable

Start bind6
1.  sudo service bind9 start

Set first Rpi name server
1.  sudo nano /etc/resolv.conf
2.  nameserver  <Rpi static IP address>
3.  Ctrl+x – y-<enter>

Reboot Rpi
1. sudo reboot

^Top


ddnsClient

1. cd
2. sudo nano ddnsClient
3. copy/past text below:

#!/bin/bash

# http://zteo.com/posts/your-own-dynamic-dns-in-3-steps/ 
# Servers: http://dynupdate.no-ip.com/ip.php, http://www.antedes.com/getip.php, ..?
# Less straifghtforward: http://checkip.dyndns.org/, ...
IPS=http://dynupdate.no-ip.com/ip.php

DNSP=/etc/bind/ddnskeys

while true; do

# First, retrieve IP address
CURIP=`curl -s $IPS | awk '{ print $1 }'`
OLDIP=`cat $DNSP/oldip`

# Compare to previously saved IP
[ "$CURIP" == "$OLDIP" ] &amp;amp;&amp;amp; continue
echo $CURIP &amp;gt; $DNSP/oldip

# If different, tell DNS
echo "server ns1.example.com" &amp;gt; $DNSP/zone
echo "zone sub.example.com" &amp;gt;&amp;gt; $DNSP/zone
echo "update delete sub.example.com. A" &amp;gt;&amp;gt; $DNSP/zone
echo "update add sub.example.com. 86400 A $CURIP" &amp;gt;&amp;gt; $DNSP/zone
echo "show" &amp;gt;&amp;gt; $DNSP/zone
echo "send" &amp;gt;&amp;gt; $DNSP/zone
/usr/bin/nsupdate -k $DNSP/&amp;lt;your secret .key&amp;gt; $DNSP/zone

# Sleeeeeeep I tell you
# 1800 = 30 minutes
# 300 = 5 minutes
sleep 300
done

3. Ctrl+x – y-<enter>

Note: If log file show permission denied when you run the ddnsClient then run sudo chown -R bind:bind /etc/bind that should fix the problem.

^Top


Hardware:

1. Raspberry Pi
^Top


Prototype:

None
^Top


Notes:

Test DNS/DDNS (Dynamic DNS) Server
1. Login

Verify DNS forward
1. dig example.com
2. Answer:

; <> DiG 9.8.4-rpz2+rl005.12-P1 <> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31374
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;example.com. IN A

;; ANSWER SECTION:
example.com. 3600 IN A 192.168.1.22

;; AUTHORITY SECTION:
example.com. 3600 IN NS ns1.example.com.

;; ADDITIONAL SECTION:
ns1.example.com. 3600 IN A 192.168.1.22

;; Query time: 8 msec
;; SERVER: 192.168.1.22#53(192.168.1.22)
;; WHEN: Tue Mar 17 14:49:52 2015
;; MSG SIZE rcvd: 79


nslookup example.com
1. nslookup example.com
2. Answer:

Server: 192.168.1.22
Address: 192.168.1.22#53

Name: example.com
Address: 192.168.1.22


Verify DNS revers
1. dig -x 192.168.1.22
2. Answer:

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49225
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;22.1.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
22.1.168.192.in-addr.arpa. 3600 IN PTR example.com.
22.1.168.192.in-addr.arpa. 3600 IN PTR ns1.example.com.

;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600 IN NS ns1.example.com.

;; ADDITIONAL SECTION:
ns1.example.com. 3600 IN A 192.168.1.22

;; Query time: 8 msec
;; SERVER: 192.168.1.22#53(192.168.1.22)
;; WHEN: Tue Mar 17 14:53:16 2015
;; MSG SIZE rcvd: 116


Verify DDNS forward zone
1. dig sub.example.com
2. Answer:

; <> DiG 9.8.4-rpz2+rl005.12-P1 <> sub.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9485
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;sub.example.com. IN A

;; ANSWER SECTION:
sub.example.com. 86400 IN A 75.63.17.247

;; AUTHORITY SECTION:
sub.example.com. 86400 IN NS ns1.example.com.

;; ADDITIONAL SECTION:
ns1.example.com. 3600 IN A 192.168.1.22

;; Query time: 8 msec
;; SERVER: 192.168.1.22#53(192.168.1.22)
;; WHEN: Tue Mar 17 14:50:59 2015
;; MSG SIZE rcvd: 83


nslookup sub.example.com
1. nslookup sub.example.com
2. Answer:

Server: 192.168.1.22
Address: 192.168.1.22#53

Name: sub.example.com
Address: 75.63.17.247


Useful Commands
* reload bind
1. sudo /etc/init.d/bind9 reload

* restart bind
1. sudo /etc/init.d/bind9 restart

* view bind log file
1. tail -f /var/log/syslog

* Give write permission to bind folder
1. sudo chown -R bind:bind /etc/bind
^Top


Conclusion:

It is possible to configure a DNS/DDNS (Dynamic DNS) Server on Raspberry Pi.

^Top


Credits:

1. https://www.samculley.co.uk/how-to-install-configure-bind9-on-raspbian-wheezy/
2. http://nexus.zteo.com/blog/your-own-dynamic-dns-in-3-steps/
3. http://www.linuxquestions.org/questions/linux-server-73/nsupdate-not-working-servfail-4175420637/
4. http://www.semicomplete.com/articles/dynamic-dns-with-dhcp/

^Top

Advertisements