• Use docker-bind to set up a private DNS server, and use domain names in the entire Intranet cluster to manage the service configuration of the server
• The following instructions are based on Ubuntu20.04, if you want to build a docker image running on raspberry PI, seeThe article

Configuration and Installation

Local DNS Configuration

sudo nano /etc/systemd/resolved.conf

# change to the following
Docker-bind = 192.168.3.37Resolve the DNS = 192.168.3.37#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=no
DNSStubListener=no
#ReadEtcHosts=yes

sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
Copy the code

• How to release port 53 used by SystemD-Resoved

• After the configuration, the content of /etc/resolv.conf is

  # This file is managed by man:systemd-resolved(8). Do not edit.
  #
  # This is a dynamic resolv.conf file for connecting local clients directly to
  # all known uplink DNS servers. This file lists all configured search domains.
  #
  # Third party programs must not access this file directly, but only through the
  # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
  # replace this symlink by a static file or a different symlink.
  #
  # See man:systemd-resolved.service(8) for details about the supported modes of
  # operation for /etc/resolv.conf.Nameserver 192.168.3.37 nameserver 192.168.3.1Copy the code

  • The first is the DNS server that we specified bind to build
  • The second is the DNS server of the local subnet network management
  • Note that the order cannot be changed. If the content is not so, it can be deleted/etc/resolv.confAnd re-executesudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
  • If it doesn’t/run/systemd/resolve/resolv.confFile, indicating executionsystemctl disable systemd-resolvedorservice systemd-resolved stop, so executesystemctl enable systemd-resolvedandservice systemd-resolved startAnd restart it.

Docker – bind installation

Select the server in the cluster to set up the DNS server and run the following command

# pull the mirror before disabling the native resolution service
docker pull sameersbn/bind9.16.1-20200524Use the Docker container to deploy bind
docker run \ 
--name bind \ 
-d \
--restart=always \
--publish 53:53/tcp \
--publish 53:53/udp \ 
--publish 10000:10000/tcp \ 
--volume docker-bind:/data \
sameersbn/bind9.16.1-20200524Copy the code

Docker – bind configuration

• Assume that the SERVER IP address is 192.168.3.37 and the local root domain name is dev.

• Access Webmin management interface, the address is: https://192.168.3.37:10000/, the default user name: ` root `, password: ` password `, associated Settings are as follows:

1. Servers → BIND DNS Server → Global Server Options → Access Control Lists, add:
   1. allow-query any
2. Servers → BIND DNS Server → Global Server Options → Forwarding and Transfers → Global Forwarding and zone transfer Add forwarding DNS server IP address:
   1. 8.8.8.8
   2. 8.8.4.4
   3. For now, only Google’s DNS has been added. Adding some other domestic DNS (such as AliDNS) will cause problems (NTP server access failure, etc.)
3. Servers → BIND DNS Server → Existing DNS Zones → Create Master Zone
   1. Zone type: Forward (Names to Addresses)
   2. Domain name / Network: dev
   3. Master server: a.dev
   4. Email address: admin@dev
4. Servers → BIND DNS Server → Existing DNS Zones → Create Master Zone
   1. Zone type: Reverse (Addresses to Names)
   2. Domain name/Network: 192.168.3
   3. Master server: a.dev
   4. Email address: admin@dev
5. Servers → BIND DNS Server → Existing DNS Zones → dev
   1. Add DNS records in Address
      1. Name: a, Address: 192.168.3.37, click Create, the reverse Address record will be automatically added and updated
      2. Add additional DNS records as needed
         1. You may need to restart the container for the newly added DNS record to take effect
   2. Servers → BIND DNS Server → Existing DNS Zones → dev→ Name Server Verify that the DNS Server address exists
      1. Zone Name: dev.
      2. Name Server: a.dev.

test

Update the local Nameservers Settings to the server IP address, and run the following command to check whether the DNS server is working properly

nslookup www.baidu.com
nslookup a.dev
nslookup b.dev
Copy the code

• If appear; Trying Next Server Got recursion not available from 192.168.3.37, Trying Next Server Servers → BIND DNS Server → Global Server Options → Edit Config File)

  docker cp  bind:/etc/bind/named.conf.options ./
  docker cp  bind:/etc/bind/named.conf ./
  
  # Modify the two files separately
  # named.confThe acl trusted {192.168.0.0/16; 10.153.154.0/24; localhost; localnets; }; // This is the primary configuration filefor the BIND DNS server named.
  //
  // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
  // structure of BIND configuration files in Debian, *BEFORE* you customize
  // this configuration file.
  //
  // If you are just adding zones, please do that in /etc/bind/named.conf.local
  
  include "/etc/bind/named.conf.options";
  include "/etc/bind/named.conf.local";
  include "/etc/bind/named.conf.default-zones";
  
  # named.conf.options
  options {
          directory "/var/cache/bind";
  
          // If there is a firewall between you and nameservers you want
          // to talk to, you may need to fix the firewall to allow multiple
          // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
  
          // If your ISP provided one or more IP addresses for stable
          // nameservers, you probably want to use them as forwarders.
          // Uncomment the following block, and insert the addresses replacing
          // the all-0'placeholder. // forwarders {// 0.0.0.0; / /}; //======================================================================== // If BIND logs error messages about the root  key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { any; }; Forwarders {8.8.8.8; 8.8.4.4; }; allow-query { any; }; allow-recursion { trusted; }; allow-query-cache { trusted; }; }; # written back to the container docker cp. / named. Conf. Options to bind: / etc/bind/named. Conf. Options docker cp. / named. Conf Bind: / etc/bind/named the conf # container restart docker restart the bindCopy the code

  • Refer to the issue

reference

1. sameersbn / docker-bind
2. Setup Bind DNS Using Webmin on Debian 10
3. Configure the BIND DNS server using Webmin on CentOS 8
4. DNS Forwarder and Transfer using Bind and Webmin
5. BIND DNS Server
6. DNS BIND uses summary (Forward)