Setting up a DNS server on OpenBSD 4.9
You are here: Home > Blog > Entries > DNS on OpenBSD 4.9

[Ed.: Re-posted for reference and historical purposes. OpenBSD now uses nsd and unbound for DNS.]

Start with a stock installation of OpenBsd 4.9. During install, when asked about dns server, answer "127.0.0.1."

1. Log in as root.

2. Make log files:

touch /var/named/named.run
touch /var/named/named_query.log
touch /var/named/named_dump.db
chown named:named /var/named/named.run
chown named:named /var/named/named_query.log
chown named:named /var/named/named_dump.db

3. Edit /etc/resolv.conf:

domain subdomain.domain.com
lookup file bind
nameserver 127.0.0.1

4. Edit /etc/rc.local.conf:

...
named_flags="-t /var/named -u named -d 3"
...

5. Add forwarders to named.conf:

options {
	...
	forward only;
	forwarders {
		8.8.8.8;
		8.8.4.4;
		};
	...

6. Start named to allow some preliminary dns resolution:

named -t /var/named -u named -d 3

7. Install nano, screen, and multitail:

export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/i386/
pkg_add -v nano-2.2.6.tgz
pkg_add -v multitail-5.2.6.tgz
pkg_add -v screen-4.0.3p2-static.tgz

8. Set up rndc:

rndc-confgen | tee /etc/rndc.conf

Gets you this:

# Start of rndc.conf
key "rndc-key" {
	algorithm hmac-md5;
	ecret "YoUwiShIwoUldShOwUtHeKey";
	};

options {
	default-key "rndc-key";
	default-server 127.0.0.1;
	default-port 953;
	};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#	algorithm hmac-md5;
#	secret "YoUwiShIwoUldShOwUtHeKey";
#	};
# 
# controls {
#	inet 127.0.0.1 port 953
#	allow { 127.0.0.1; } keys { "rndc-key"; };
#	};
# End of named.conf

9. Paste the last (commented) lines into named.conf.

10. Edit the logging configuration in named.conf:

logging {
	channel query_info {
		file "named_query.log" versions 3 size 10m;
		severity debug;
		print-category yes;
		print-time yes;
		};

	category queries { query_info; };
 	category resolver { query_info; };
	//category queries { null; };
	category lame-servers { null; };
	};

1. Add reverse zone /var/named/master/1.168.192.in-addr.arpa:

; zone file for 1.168.192.in-addr.arpa

$TTL    3600

@    IN    SOA    ns1.subdomain.domain.com.  root.ns1.subdomain.domain.com.  (
	20060709    ; Serial
	3600    ; Refresh
	900    ; Retry
	3600000    ; Expire
	3600    ; Minimum
	)
	
	IN	NS	ns1.subdomain.domain.com.
	IN	NS	ns2.subdomain.domain.com.
	
251	IN	PTR	ns1.subdomain.domain.com.
252	IN	PTR	ns2.subdomain.domain.com.

12. Add master zone, /var/named/master.subdomain.domain.com:

; Zone file for subdomain.domain.com

$TTL 3D

@	IN	SOA	ns1.subdomain.domain.com. root.ns1.subdomain.domain.com. (
	20110507	; serial#
	3600		; refresh
	3600		; retry
	3600		; expire
	3600		; minimum
	)
		NS	ns1.subdomain.domain.com.
		NS	ns2.subdomain.domain.com.

localhost	A	127.0.0.1
ns1		A	192.168.1.251
ns2		A	192.168.1.252

13. Reload named.conf:

rndc Reload

14. Check for errors:

rndc status
tail /var/log/messages

15. Set up monitoring console:

screen
multitail -i /var/named/named_query.log -i /var/log/messages -l "tcpdump -i vic0 -ttt -n not '(port 22 or 80 or 110)'"

Done, guey. Have a cold Modelo.


Posted by Gordon, No Hair News, May 7, 2011

© nohair.net and the author

For comments, corrections, and addenda, email: gordon[AT]nohair.net

Blog | Entries | Tags | Home