2

I have tried using bind9 and dnsmasq. I also set the server machine to have a static ip address. The OS is Ubuntu 18.04. I want to access the domain on Windows 7 and 10 machines. I have tested, and my laptop can access everything using the ip address, but I cannot get it to access a .local domain name. Essentially I can't figure out how to get a halfway working configuration on either DNS server software.

Most of the tutorials tell me to put a Google DNS and use resolv.conf. I don't want to use an external server to route names that are supposed to be just on my network, maybe I'm paranoid, but that seems like a privacy issue to me.

Tutorials that disable forwarding using Google and using resolv.conf for nameservers become confusing because the language suggests I am trying to create my own DNS server for accessing external sites like Facebook. I am not trying to hijack my network's DNS registrar or anything crazy like that, I just want some .local domains to access a few apps hosted on one machine.

The tutorials all have ns1.example.com, ns2.example.com, host1.example.com, host2.example.com, each with its own respective IP address. Maybe I misunderstand what this is, but it looks like they want me to have separate machines for everything. I only want one machine running my DNS server, my CUPS server, my FTP server, my PXE server, and any other web or network application I decide to put on this machine.

I want to have name.local:port or app.name.local to access these applications with on every machine instead of ipaddress:port, and I don't want to specify that in every machine's hosts file.

I finally gave up on using bind9 after I couldn't even get it to serve the machine I was working on and tried dnsmasq. I was told this magical program would make everything a breeze. The instructions told me to modify the hosts file, which gave the temporary illusion that it was working. When I connected my laptop to the network and tried it, I realized the hosts file was the ONLY thing that worked. Yet another DNS configuration that does absolutely nothing. My configuration looks like this. I've tried adding and removing various options like no-dchp-interface, all of which had no effect. ipaddress is my machine's ip address and modemip is my modem's ip address, which is used as my router and gateway setting.

port=5353
#domain-needed
#bogus-priv
no-dhcp-interface=yes
no-resolv
no-poll
server=/name.local/ipaddress
local=/name.local/
expand-hosts
domain=name.local
dhcp-range=iprange,72h
# subnet mask
dhcp-option=1,255.255.255.0
# gateway
dhcp-option=3,modemip
# dns
dhcp-option=6,modemip

Here is my etc/bind/named.conf.options.

acl "trusted" {
    ipaddress;
    modemip;
    localhost;
    localnets;
};
options {
    directory "/var/cache/bind";
    recursion no;                 
    allow-query { trusted; };   
    listen-on { ipaddress; };
    allow-transfer { none; };      
    dnssec-validation auto;
    auth-nxdomain no;    # conform to RFC1035
};

I have a feeling that the tutorials may be neglecting to tell me something that I'm expected to know, but the problem is that if that is the case I don't know how to figure what it is. For example, I just figured out this morning that I'm supposed to enable and start bind9 using systemctl. Only one out of the four or five articles I've read told me that.

I will provide more relevant information if requested.

With all the details out of the way. How do I create a DNS Server without using resolv or external DNS such as Google's 8.8.8.8 (as if there were no internet access in other words), with only one machine, and where everything can be accessed by typing name.local:port or app.name.local? Is it even possible?

Thanks.

Improve this question
2
  • Have you looked into using multicast DNS? That wouldn't even need a server, though it gets a bit tricky to get working correctly on Windows sometimes.
    – Austin Hemmelgarn
    Commented Oct 2, 2018 at 19:51
  • Yep, it's possible. Can you show us a screen capture of "ipconfig /all" from one of the windows machines that is failing to resolve local dns addresses?
    – Tim_Stewart
    Commented Oct 2, 2018 at 19:56

1 Answer 1

Reset to default
0

NOTE: Although it is technically possible to set multiple DNS servers on a computer, doing that won't actually work. Most computers only use a single DNS server from that list and only choose a different one if the first one doesn't respond. However, if the first one responds that there is no result (NXDOMAIN), the computer will not try the other one.

THEREFORE, you need to set up your computers to point to this DNS server only, and not to your ISP/network.

With that in mind, see the explanation below for what you need to do.

In order to understand the tutorials you are following to set this up, you just need to remember that a DNS server can perform two functions:

  • Authoritative DNS
  • Recursive DNS

An Authoritative DNS server is responsible for answering queries that "belong to it". In your case, this is your *.local domains.

A Recursive DNS server is responsible for accepting queries that do not "belong to it" and forwarding them upstream to another server that can answer them, then returning the response. Usually, the Recursive server will cache the response for some time so that it does not need to be requested again. (The cache time is called TTL, and its length is set by the upstream server.) The reason this is "recursive" is that there may be a long string of DNS servers that handle the response until it finally gets all the way back to the Authoritative server. However, the answer can be given by any cache server in the chain.

The initial tutorials you saw which tell you to use Google DNS are just telling you to use it for the Recursive lookup settings. However, any request for which your server thinks it is the Authoritative server will never be sent out to the upstream server.

If you want to have Internet access on this network, you need to have the server act as both an authoritative server for your own domains and a recursive server for everything else. This is the configuration that they are telling you to set up.

If that is what you want, you should follow the tutorials that you found which say to use Google's DNS. Don't worry about your internal queries getting sent to Google (unless you misconfigure the server very badly) since any query that this server knows it can handle will not be sent upstream.

If you don't want to use Google, you have several other upstream options, including the following:

  • DNS servers run by your ISP
  • OpenDNS - 208.67.222.222 and 208.67.220.220
  • Cloudflare - 1.1.1.1 and 1.0.0.1

If you really don't want to have any Internet access on this network, you should specifically look for a tutorial about setting up an "authoritative" DNS server that is not recursive.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .