Installation of the Raspberry Pi as DNS

====== Installation ======
Thanks to [[http://www.linuxsystems.it/raspbian-wheezy-armhf-raspberry-pi-minimal-image/|Raspbian (Minimal Install)]] I downloaded the image raspbian_wheezy_20130923.img.7z\\
After unzipping with 7z
<code bash>
7z x raspbian_wheezy_20130923.img.7z
</code>
Then copy directly on my SD card (64GB)
<code bash>dd if=raspbian_wheezy_20130923.img of=/dev/mmcblk0 bs=1M</code>
I used gparted to resize the partitions:
  * / is now 55GB wide
  * swap 4GB
8-) Installation done

====== Post-configuration ======
===== Locales =====
As mentionned on the site:
<code bash>dpkg-reconfigure tzdata</code>
Switched to Europe/Paris
<code bash>dpkg-reconfigure console-data</code>
Switched to us-intl
<code bash>dpkg-reconfigure locales</code>
Enabled en_US.iso/UTF-8
===== Network =====
<code bash>
vi /etc/network/interfaces </code>
Then I switched from dhcp to static
<code bash>
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

allow-hotplug eth0
#iface eth0 inet dhcp
iface eth0 inet static
  address 192.168.1.10
  netmask 255.255.255.0
  gateway 192.168.1.1
  dns-search test.local
  dns-nameservers 192.168.1.1 192.168.1.2
</code>
===== Updates =====
<code bash>apt-get update
apt-get upgrade</code>
====== Nice tools ======
I installed some third party tools I use a lot:
<code bash>apt-get install lftp rsync curl bc lsof strace vim screen htop</code>
====== DNS ======
Let's go and install Bind
<code bash>
apt-get install bind9 dnsutils</code>
===== Config =====
<code bash>vi /etc/bind/named.conf.default-zones</code>

<code bash>
zone "test.local" IN {
        type master;
        file "/etc/bind/db.test.local";
};

zone "1.168.192.in-addr.arpa" IN {
        type master;
        file "/etc/bind/rev.db.test.local";
};</code>

Then create this two files
<code bash>vi /etc/bind/db.test.local </code>
<code bash>
$TTL   3h
@ IN SOA dns1.test.local. root.test.local. (
    2013110601 ; serial
    3h         ; refresh after 3 hours
    1h         ; retry after 1 hour
    1w         ; expire after 1 week
    1h )       ; negative caching TTL of 1 hour

        IN NS dns1.test.local.

;network devices and Services [1-30]
router  IN A 192.168.1.1
dns     IN A 192.168.1.2
wifi    IN A 192.168.1.3
sip1    IN A 192.168.1.4</code>
<code bash>vi /etc/bind/rev.db.test.local</code>
<code bash>
$TTL   3h
@ IN SOA dns1.test.local. root.test.local. (
    2013110601 ; serial
    3h         ; refresh after 3 hours
    1h         ; retry after 1 hour
    1w         ; expire after 1 week
    1h )       ; negative caching TTL of 1 hour

        IN NS dns1.test.local.

;network devices and Services [1-30]
1       IN PTR  router.test.local.
2       IN PTR  dns.test.local.
3       IN PTR  wifi.test.local.
4       IN PTR  sip1.test.local.
</code>
Enable logging
<code bash>vi /etc/bind/named.conf.local</code>
With
<code bash>// Manage the file logs

include “/etc/bind/named.conf.log”;</code>
And create /etc/bind/named.conf.log
<code bash>vi /etc/bind/named.conf.log</code>
with
<code bash>
logging {

channel update_debug {
file “/var/log/update_debug.log” versions 3 size 100k;
severity debug;
print-severity yes;
print-time      yes;
};

channel security_info {
file “/var/log/security_info.log” versions 1 size 100k;
severity info;
print-severity yes;
print-time      yes;
};

channel bind_log {
file “/var/log/bind.log” versions 3 size 1m;
severity info;
print-category  yes;
print-severity  yes;
print-time      yes;
};

category default { bind_log; };
category lame-servers { null; };
category update { update_debug; };
category update-security { update_debug; };
category security { security_info; };
};</code>
===== Benchmark =====
<code bash>
for i in {1..30}; do echo google.com; done | xargs -I^ -P10 dig ^ | grep time | awk /time/'{sum+=$4} END { print "Average query = ",sum/NR,"ms"}'
Average query =  3.2 ms</code>

This is OK, I got :\\
Average query =  0.0666667 ms on the OpenBSD VM
===== Filtering =====
<code bash>vi /etc/bind/blockeddomain.hosts</code>
This file contains:
<code bash>
$TTL   3h
@ IN SOA dns1.test.local. root.test.local. (
    2013071502 ; serial
    3h         ; refresh after 3 hours
    1h         ; retry after 1 hour
    1w         ; expire after 1 week
    1h )       ; negative caching TTL of 1 hour

        IN NS dns1.test.local
             
              IN      NS      dns1.test.local.
              A       127.0.0.1
*             IN      A       127.0.0.1
*             IN      AAAA    ::1
</code>
Add this in /etc/bind/named.conf.default-zones
<code bash>vi /etc/bind/named.conf.default-zones</code>
<code bash>include "blockeddomains.zones";</code>
Now let's generate this blockeddomains.zones \\
First we need some tools:
<code bash>apt-get install dos2unix p7zip</code>
Then this script:
<code bash>
#! /bin/sh
# Script that generate a blockeddomains.zones according to a nice hosts file on the internet
 
# First rm previous version of downloaded and generated files
rm blockeddomains.zones hosts.txt
# Get the hosts file
wget http://winhelp2002.mvps.org/hosts.txt
# Convert to Unix
dos2unix hosts.txt
# For each line in the file that starts with 127, doesn't contain localhost we take the 3rd field (domain)
for line in `cat hosts.txt | grep ^127 | grep -v localhost | cut -d " " -f 3`
do   
     # Create an entry in  blockeddomain.zones with the correct syntax pretending we own this domain :P
     printf "zone \"$line\"  {type master; file \"/etc/bind/blockeddomain.hosts\";};\n" >> blockeddomains.zones
done
</code>
Reload bind
<code bash>/etc/init.d/bind reload</code>
\\
====== References ======

  * [[http://vuongxibul.wordpress.com/2011/09/16/configure-bind9-on-debian-squeeze/]]
  * [[http://www.linuxsystems.it/raspbian-wheezy-armhf-raspberry-pi-minimal-image/]]
  * [[network:dns|DNS - OpenBSD]]