Building an Ubuntu Router Part 5 - Dns Server

Publicado en

DNS server

Install bind9

1
sudo apt-get install bind9 -y

Edit file named.conf.options

1
2
sudo cp /etc/bind/named.conf.options{,.bak}
sudo nano /etc/bind/named.conf.options

These are the servers that BIND will ask to resolve domains when it doesn’t know the answer. We’ll just use Cloudflare’s public DNS servers:

1
2
3
4
forwarders {
    1.1.1.1;
    1.0.0.1;
};

Restart bind9

1
sudo systemctl restart bind9

Update service dhcp

If the installation was on the same computer, it is not necessary to update dhcp. 

1
sudo nano /etc/dhcp/dhcpd.conf

Update the domain-servers that will assign the dhcp service.

1
option domain-name-servers 128.0.0.2;

In this exercise another machine of the same network will be the server and has the ip 128.0.0.2.

You can customize a domain for your router, printer or any device, on the internet you will find many manuals how to do it with bind9.

Suggestion

Reserve a static ip to the server dns in the same file dhcpd.conf.

1
2
3
4
host ServerDNS {
        hardware ethernet 08:00:27:D9:A9:1A;
        fixed-address 128.0.0.2;
}

Force use DNS

Case 1: Based on the design shown above.

All clients with the ip ending .3 up to.30 will be forced to use the 128.0.0.2 dns.

1
2
sudo iptables -t nat -A PREROUTING -i enp0s8 -p udp -m iprange --src-range 128.0.0.3-128.0.0.30 --dport 53 -j DNAT --to 128.0.0.2
sudo iptables -t nat -A PREROUTING -i enp0s8 -p tcp -m iprange --src-range 128.0.0.3-128.0.0.30 --dport 53 -j DNAT --to 128.0.0.2

Note:

If the user manually changes their dns (example 8.8.8.8), I will no longer have an Internet connection.

Case 2: If the design of the network was the following:

Other design

Run this command in server dhcp:

1
2
sudo iptables -t nat -A PREROUTING -i enp0s8 -p udp --dport 53 -j DNAT --to 192.168.0.3
sudo iptables -t nat -A PREROUTING -i enp0s8 -p tcp --dport 53 -j DNAT --to 192.168.0.3

Note:

If the user manually changes his dns (example 8.8.8.8), he will still have an internet connection, but he would still be going through our dns.

Case 3: If the installation was on the same computer, where the dhcp is installed.

Run this command in server dhcp:

1
2
sudo iptables -t nat -A PREROUTING -i enp0s8 -p udp --dport 53 -j DNAT --to 10.55.15.58
sudo iptables -t nat -A PREROUTING -i enp0s8 -p tcp --dport 53 -j DNAT --to 10.55.15.58

Note:

If the user manually changes his dns (example 8.8.8.8), he will still have an internet connection, but he would still be going through our dns.

Remember to save iptables changes

1
sudo dpkg-reconfigure iptables-persistent

You will need to answer yes to the questions.

networking
© 2020 Juvenal Yescas All Rights Reserved.
Theme by hiero