Install and Configure a Homelab Domain Name Server

When my homelab grew to several desktops, laptops, and virtual machines it became difficult to remember which IP address I’d given to a particular box. I began passing a hosts file around to each node but this was hard to keep in sync. I realized I was going to need a single place to coordinate IP address to domain name resolution, in other words a DNS server.

This was the exact problem Douglas Terry, Mark Painter, David Riggle and Songnian Zhou, grad-students at UC Berkeley set out to solve in the 1980’s. At that time a distributed hosts file with the hostname of every node on the net handled address to machine-name resolution. But, as new nodes were added at an ever increasing rate it quickly became unwieldy to do things this way. So by June of 86, BIND, the Berkeley Internet Name Daemon was released.

There are a couple of viable alternatives to BIND for resolving IP addresses to hostnames in a home lab environment such as dnsmasq and unbound. Since I use BIND at work it’s what I’m used to and, since I needed a nameserver in a hurry, it’s the one I went with.

Setting up BIND is pretty straightforward and explained in the following steps:

  1. Choose a server to host BIND. I chose to provision a new VM to do nothing but DNS. The CentOS minimal release will be fine for this.
  2. Choose a hostname for your DNS server. I picked ns1.home.lab. This means all the machines my nameserver will point to will be on the home.lab. domain.
  3. Configure networking on your DNS server. You most likely have a collection of machines that all connect to a common gateway, such as your home router which provides wired and wireless connections through your ISP to the internet. Give your DNS server a static IPV4 address on this network, and configure gateway and dns addresses as you would for any other client of your home router.
  4. Open up tcp/53 on your firewall:
    • firewall-cmd –perm –add-service=dns
    • firewall-cmd –reload
  5. Use yum to install the necessary package:
    • yum -y install bind bind-utils
  6. Edit the /etc/named.conf file, changing these two directives in the options section:
    • listen on port 53 {192.168.1.2;}; # Set to the IP address of your homelab nameserver (ns1.home.lab for me).
    • allow query {192.168.1.0/24;}; # For security set your nameserver to only respond to queries from within your local domain. (My local domain is on a /24 segment at 192.168.1.0).
  7. Go all the way to the bottom of the /etc/named.conf file and add a directive which includes named.conf.local. This file will hold your master zone file.
    • include "/etc/named/named.conf.local";
  8. Edit the /etc/named/named.conf.local file we asked named.conf to include in the last step, this is the way I have mine setup:
zone "home.lab" {
	type master;
	file "/etc/named/zones/home.lab";
};

zone "1.168.192.in-addr.arpa" {
	type master;
	file "/etc/named/zones/db.192.168.1";
};

As you can see, this master zone file does nothing more than hold pointers to two zone files, /etc/named/zones/home.lab, which holds dns records for my home.lab domain, and /etc/named/zones/db.192.168.1, which holds reverse lookup table.

  1. Create a directory to hold local zone files:
    • mkdir /etc/named/zones
  2. Create and edit /etc/named/zones/home.lab:
$TTL 604800
@       IN      SOA     home.lab. admin.home.lab. (
        1               ; Serial
        604800          ; Refresh
        86400           ; Retry
        2419200         ; Expire
        604800 )        ; Negative Cache TTL

; NS records
@       IN      NS      ns1.home.lab.

; NS A records
ns1.home.lab.      IN      A       192.168.1.2

; Other Hosts A records
filesrv.home.lab.       IN      A       192.168.1.3
compile.home.lab.	IN	A	192.168.1.4

The directives in this file can mostly be kept default, filling in your site-specific settings. You can see a NS (Nameserver) record pointing to 192.168.1.2, as well as 2 other nodes ( a fileserver and a server I use for compiling) listed as well. One thing to note is the ; Serial directive. Start this number at one on your forward and reverse zone tables and increment each time you make a change that requires restarting named.

11. Now, create and edit your reverse zone file, /etc/named/zones/db.192.168.1:

$TTL 604800
@       IN      SOA     home.lab. root.home.lab. (
        1               ; Serial
        604800          ; Refresh
        86400           ; Retry
        2419200         ; Expire
        604800 )        ; Negative Cache TTL
; name servers
@       IN      NS      ns1.home.lab.

; PTR Records
2    IN      PTR     ns1.home.lab.     ; 192.168.1.2
3    IN      PTR     filesrv.home.lab. ; 192.168.1.3
4    IN      PTR     compile.home.lab. ; 192.168.1.4

Again, defaults with your site-specifics, taking care to insure that the serial directive matches in forward and reverse zone files. You can see PTR records which will handle IP address to hostname resolution on the three hosts I’ve included in this example.

  1. Finally, we’re ready to check our work and start the named service. BIND provides syntax checking programs for our named.conf file and our zone files.
    • Check named.conf with: named-checkconf it will complain if there are any typos in the /etc/named.conf file.
    • Check your zone files like this:
      • named-checkzone home.lab /etc/named/zones/home.lab again, the output will tell you by line number where any errors exist.
  2. Start and enable the named service:
    • systemctl enable named.service --now
  3. Edit the /etc/resolv.conf on any host that you wish to have use your newly provisioned nameserver to point to 192.168.1.2 (or the IP you’ve chosen) and do some testing with the dig, nslookup, and host commands.
    • Here’s a tip: NetworkManager.service will periodically re-write your /etc/resolv.conf, which could have your DNS clients reverting to your home router. Set /etc/resolv.conf immutable with the following command:
      • chattr +i /etc/resolv.conf

Cheers. DCD

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.