Synology usage series 19 – Setup name server with bind


Install bind:

# ipkg install bind

This will install a copy of bind9.

Sample Working Configuration

First thing first, I’m not DNS expert, I’m not expert enough to explain things here, instead I’m sharing my working sample configuration here. Most of the configuration itself is quite self-explanatory so you may copy them and modify for your own environment.

Assumption:
1. Local network address is 192.168.1.0/24
2. The NAS local address is 192.168.1.100
3. The domain name assigned for the local network is mydomain.com
4. Default gateway of the local network is 192.168.1.1
5. The subdomain assigned for diskstation is nas.mydomain.com
6. The name server is configured to allow query from internal network only.

Text highlighted in red is for my network only, you might want to changes to your setting instead.

/opt/etc/named/named.conf

//define the local area network here which is allowed to submit query
acl "home" { 192.168.1.0/24; 127.0.0.1; };

//to make the name server public accessible, replace "home" to "any" for all allow statement, e.g.
//   allow-query { "any"; };
//   allow-recursion { "any"; };

options {
        directory "/opt/etc/named";
        allow-query { "home"; };
        allow-recursion { "home"; };
// forward to google dns
        forwarders { 8.8.8.8; };
};

controls {
        inet 127.0.0.1 allow { localhost; } ;
};

logging {
 channel dns_log {
   file "/opt/var/log/dns.log" versions 3 size 2m;
   severity info;
   print-severity yes;
   print-time yes;
   print-category yes;
};

category default {
  dns_log;
};
};

// Add local zone definitions here.
zone "localhost" {
        type master;
        file "db.localhost";
        allow-update { none; };
        notify no;
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "db.localhost.rev";
        allow-update { none; };
        notify no;
};

//only allow local network to query mydomain.com to preven leaking local network information to public
zone "mydomain.com" {
        type master;
        file "db.mydomain.com";
        allow-query { "home"; };
        allow-update { none; };
        notify yes;
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "db.192.168.1.rev";
        allow-query { "home"; };
        allow-update { none; };
        notify yes;
};

zone "." {
        type hint;
        file "root.servers";
};

/opt/etc/named/db.localhost

$TTL    86400 ; 24 hours could have been written as 24h
$ORIGIN localhost.
; line below = localhost 1D IN SOA localhost root.localhost
@  1D  IN        SOA @  root (
                              2006080801 ; serial
                              3H ; refresh
                              15 ; retry
                              1w ; expire
                              3h ; minimum
                             )
@  1D  IN  NS @
   1D  IN  A  127.0.0.1

/opt/etc/named/db.localhost.rev

$TTL    86400 ;
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@       IN      SOA     localhost. root.localhost.  (
                        2006080801 ; Serial
                        3h      ; Refresh
                        15      ; Retry
                        1w      ; Expire
                        3h )    ; Minimum
        IN      NS      localhost.
1       IN      PTR     localhost.

/opt/etc/named/db.mydomain.com

$TTL    604800
@       IN      SOA     nas.mydomain.com.      root.mydomain.com.     (
                2006080801 ; Serial
                    604800 ; Refresh
                     86400 ; Retry
                   2419200 ; Expire
                   604800) ; Negative Cache TTL
;
@       IN      NS      nas
 //assign NAS IP to nas subdomain
nas     IN      A          192.168.1.100
//wpad is for automatic proxy configuration setting, refer to usage series 27 article for details
wpad   IN      A          192.168.1.100
dell     IN      A           192.168.1.101
wrt54g IN     A           192.168.1.1
//define the rest of the machine of the local network here

/opt/etc/named/db.192.168.1.rev

$TTL    86400   ; 1 day
$ORIGIN 1.168.192.in-addr.arpa.
@       1D      IN      SOA  nas.mydomain.com. root.mydomain.com.     (
                2006080801 ; Serial
                    604800 ; Refresh
                     86400 ; Retry
                   2419200 ; Expire
                   604800) ; Negative Cache TTL

                        IN NS   nas.mydomain.com.
//define 192.168.1.1
1       IN      PTR     wrt54g.mydomain.com.
//define 192.168.1.101
101    IN      PTR     dell.mydomain.com.
//define the rest of the machine in the LAN
100    IN      PTR     nas.mydomain.com.

/opt/etc/named/root.servers

.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4

.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201

.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12

.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90

.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10

.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241

.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4

.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53

.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17

.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30

.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129

.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     198.32.64.12

.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33

After created the above configuration files, execute the name server

/opt/etc/init.d/S09named start

To investigate whether the name server is running, investigate the logs below

/var/log/messages
/opt/var/log/dns.log

To test the name server

# nslookup
> server 127.0.0.1
> www.yahoo.com





2 thoughts


  1. Pingback: Taking DNS to Synology Diskstation « Salman Zari Ghanvi's Blog

Leave a Reply

Your email address will not be published. Required fields are marked *