Installation and configuration reminder for my RaspBerry Pi Model B as DNS
:!: Doesn't work, thanks to systemd that doesn't really like static IPs → DELETEME
It is now fully working under [[os:debian:raspberrydns|Debian]]!
====== Overview ======
To strengthen and add some fun at home I build a DNS out of the RaspBerry Pi.\\
:!: This is for home use only, this dns is not resolved from outside :!:
Here's the output of lsusb
lsusb
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9512 Standard Microsystems Corp. LAN9500 Ethernet 10/100 Adapter / SMSC9512/9514 Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Here's the output of cpuinfo
Processor : ARMv6-compatible processor rev 7 (v6l)
BogoMIPS : 697.95
Features : swp half thumb fastmult vfp edsp java tls
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0
CPU part : 0xb76
CPU revision : 7
Hardware : BCM2708
Revision : 000e
====== Partition table ======
^Disk^Partition^Name^Label^Size^Format^Comment^
|MMC|1|mmcblk0p1|/boot|95MB|VFAT|Boot partition|
|MMC|5|mmcblk0p5|/|64GB|ext4|Root|
====== Base install ======
===== References =====
* [[http://archlinuxarm.org/platforms/armv6/raspberry-pi|Installation guide + iso]]
* [[https://wiki.archlinux.org/index.php/Raspberry_Pi|Raspberry Pi]]
===== First install =====
Check the archlinuxarm.org page for latest img
dd if=archlinux-hf-2013-07-22.img of=/dev/mmcblk0 bs=1M
Extend the root partition with the free space: gparted :-)
\\ \\
Move the MMC card to the Raspberry Pi
===== Remote access =====
Headless (for my case) so I check on the DHCP for a newcomer.\\
SSH to it
ssh root@192.168.1.156
Default password is root
===== Basic configuration =====
First change this root password
passwd
==== System Upgrade ====
Simple as
pacman -Syu
==== Change Vi to Vim ====
pacman -S vim
rm /usr/bin/vi && ln -s /usr/bin/vim /usr/bin/vi
==== LOCALE ====
vi /etc/locale.gen
I'll use en_US.utf-8/iso8859 so uncomment:
en_US.UTF-8 UTF-8
en_US ISO-8859-1
Then generate locales
locale-gen
Configure them [[https://wiki.archlinux.org/index.php/Locale|Locale]]:
vi /etc/locale.conf
LANG="en_US.UTF-8"
# Keep the default sort order (e.g. files starting with a '.'
# should appear at the start of a directory listing.)
LC_COLLATE="C"
Configure the console (in case of direct connection):
Default keyboard in console (US variant international ... with a different mapping than on X11! Well done)
echo "KEYMAP=us-acentos" > /etc/vconsole.conf
==== TIMEZONE ====
ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime
==== Network configuration ====
Let's change the hostname
echo dns1.home > /etc/hostname
I will use a static netctl config\\
Reference: [[https://wiki.archlinux.org/index.php/Netctl]]
cp /etc/netctl/examples/ethernet-static /etc/netctl/.
vi /etc/netctl/ethernet-static
Description='A basic static ethernet connection'
Interface=eth0
Connection=ethernet
IP=static
Address=('192.168.1.10/24')
#Routes=('192.168.0.0/24 via 192.168.1.2')
Gateway='192.168.1.1'
#DNS=('192.168.1.2')
DNS=(127.0.0.1')
SkipNoCarrier=yes
ExecUpPost='/usr/bin/ntpd -q || true'
## For IPv6 autoconfiguration
#IP6=stateless
## For IPv6 static address configuration
#IP6=static
#Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
#Routes6=('abcd::1234')
#Gateway6='1234:0:123::abcd'
Disable dhcpcd on eth0
systemctl disable dhcpcd@eth0
Make it default
netctl enable ethernet-static
netctl start ethernet-static
:!:A nice reboot is mandatory ... didn't find a way to reload network configuration
==== Some tools ====
pacman -S screen bash-completion glances htop lftp rsync wget curl bc lsof strace base-devel
Select all base-devel tools even if some are already in place
==== NTP ====
Reference: [[https://wiki.archlinux.org/index.php/Ntp]]
pacman -S ntp
Normally already installed and started
vi /etc/ntp.conf
server 0.fr.pool.ntp.org iburst
server 1.fr.pool.ntp.org iburst
server 2.fr.pool.ntp.org iburst
server 3.fr.pool.ntp.org iburst
systemctl enable ntpd
systemctl start ntpd
===== DNS =====
Reference: [[https://wiki.archlinux.org/index.php/Bind]]\\
Would have been nice with a chroot but thanks to systemd no scripts are available for arch yet (and no I won't even try to make some)
==== Bind ====
Installation is pretty straight forward:
pacman -S bind dnsutils
=== named.conf ===
vi /etc/named.conf
Add your local zone and the reverse
zone "home" IN {
type master;
file "home.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "home.rev";
};
=== Zones ===
Then configure files for the zones:
* /var/named/home.zone
$TTL 3h
@ IN SOA dns1.home. root.home. (
2013083101 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
IN NS dns1.home.
;network devices and Services [1-30]
router IN A 192.168.1.1
dns IN A 192.168.1.2
wifi IN A 192.168.1.3
[...]
* /var/named/home.rev
$TTL 3h
@ IN SOA dns1.home. root.home. (
2013083101 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
IN NS dns1.home.
;network devices and Services [1-30]
1 IN PTR router.home.
2 IN PTR dns.home.
3 IN PTR wifi.home.
[...]
=== Resolv.conf ===
Change it to simply:
search home
nameserver 127.0.0.1
Search will help using network tools without the domain after\\
:!: Important, since a lot of stupid services try to rewrite resolv.conf BLOCK it :!:
chattr +i /etc/resolv.conf
No comments on standards - I deeply regret not having openBSD here ...
=== Final step ===
Enable it
systemctl enable named
Start it
systemctl start named
==== Tests ====
Weel first try to dig/nslookup:
#nslookup 192.168.1.1
Server: 127.0.0.1
Address: 127.0.0.1#53
1.1.168.192.in-addr.arpa name = router.home.
#nslookup router.home
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: router.home
Address: 192.168.1.1
See the performances:
for i in {1..30}; do echo google.com; done | xargs -I^ -P10 dig ^ | grep time | awk /time/'{sum+=$4} END { print "Average query = ",sum/NR,"ms"}'
Average query = 33.6667 ms
Reference: [[http://www.heystephenwood.com/2013/06/use-your-raspberry-pi-as-dns-cache-to.html]]
==== Tweaks ====
You can check this wiki [[network:dns|DNS]]\\
You need
pacman -S dos2unix
Add in /etc/named.conf
include "blockeddomains.zones";
In /var/named create a file called blockeddomain.hosts with:
$TTL 3h
@ IN SOA dns.home. root.home. (
2013071502 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
IN NS dns.home.
A 127.0.0.1
* IN A 127.0.0.1
* IN AAAA ::1
then use this script to generate the blockeddomains.zones file:
#! /bin/sh
# Script that generate a blockeddomains.zones according to a nice hosts file on the internet
# First rm previous version of downloaded and generated files
rm blockeddomains.zones hosts.txt
# Get the hosts file
wget http://winhelp2002.mvps.org/hosts.txt
# Convert to Unix
dos2unix hosts.txt
# For each line in the file that starts with 127, doesn't contain localhost we take the 3rd field (domain)
for line in `cat hosts.txt | grep ^127 | grep -v localhost | cut -d " " -f 3`
do
# Create an entry in blockeddomain.zones with the correct syntax pretending we own this domain :P
printf "zone \"$line\" {type master; file \"blockeddomain.hosts\";};\n" >> blockeddomains.zones
done
Then copy it to /var/named and relaunch named
copy blockeddomains.zones /var/named/.
systemctl reload named
try a nslookup/dig on one of the domain and ... it will redirect on 127.0.0.1 :D