Warnaud's Wiki

User Tools

Site Tools

You are here: start » os » archlinux » pidns
os:archlinux:pidns

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
os:archlinux:pidns [2021/12/29 19:59] – ↷ Page moved from archlinux:pidns to os:archlinux:pidns warnaudos:archlinux:pidns [2021/12/29 21:03] (current) – ↷ Links adapted because of a move operation warnaud
Line 1: Line 1:
 +Installation and configuration reminder for my RaspBerry Pi Model B as DNS
 +:!: Doesn't work, thanks to systemd that doesn't really like static IPs → DELETEME
 +It is now fully working under [[os:debian:raspberrydns|Debian]]!
  
 +====== Overview ======
 +To strengthen and add some fun at home I build a DNS out of the RaspBerry Pi.\\
 +:!: This is for home use only, this dns is not resolved from outside :!:
 +
 +Here's the output of lsusb
 +<code bash>
 +lsusb
 +Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
 +Bus 001 Device 002: ID 0424:9512 Standard Microsystems Corp. LAN9500 Ethernet 10/100 Adapter / SMSC9512/9514 Hub
 +Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 +</code>
 +
 +Here's the output of cpuinfo
 +<code bash>
 +Processor       : ARMv6-compatible processor rev 7 (v6l)
 +BogoMIPS        : 697.95
 +Features        : swp half thumb fastmult vfp edsp java tls 
 +CPU implementer : 0x41
 +CPU architecture: 7
 +CPU variant     : 0x0
 +CPU part        : 0xb76
 +CPU revision    : 7
 +
 +Hardware        : BCM2708
 +Revision        : 000e
 +</code>
 +====== Partition table ======
 +^Disk^Partition^Name^Label^Size^Format^Comment^
 +|MMC|1|mmcblk0p1|/boot|95MB|VFAT|Boot partition|
 +|MMC|5|mmcblk0p5|/|64GB|ext4|Root|
 +
 +====== Base install ======
 +===== References =====
 +  * [[http://archlinuxarm.org/platforms/armv6/raspberry-pi|Installation guide + iso]]
 +  * [[https://wiki.archlinux.org/index.php/Raspberry_Pi|Raspberry Pi]]
 +
 +===== First install =====
 +Check the archlinuxarm.org page for latest img
 +<code bash>
 +dd if=archlinux-hf-2013-07-22.img of=/dev/mmcblk0 bs=1M
 +</code>
 +Extend the root partition with the free space: gparted :-)
 +\\ \\
 +Move the MMC card to the Raspberry Pi
 +===== Remote access =====
 +Headless (for my case) so I check on the DHCP for a newcomer.\\
 +SSH to it
 +<code bash>
 +ssh root@192.168.1.156
 +</code>
 +Default password is root
 +===== Basic configuration =====
 +First change this root password
 +<code bash>
 +passwd
 +</code>
 +==== System Upgrade ====
 +Simple as
 +<code bash>pacman -Syu</code>
 +==== Change Vi to Vim ====
 +<code bash>
 +pacman -S vim
 +rm /usr/bin/vi &&  ln -s /usr/bin/vim /usr/bin/vi
 +</code>
 +==== LOCALE ====
 +<code bash>vi /etc/locale.gen</code>
 +I'll use en_US.utf-8/iso8859 so uncomment:
 +<code>
 +en_US.UTF-8 UTF-8
 +en_US ISO-8859-1
 +</code>
 +Then generate locales
 +<code bash> locale-gen </code>
 +Configure them [[https://wiki.archlinux.org/index.php/Locale|Locale]]:
 +<code bash>vi /etc/locale.conf </code>
 +<code bash>
 +LANG="en_US.UTF-8"
 +
 +# Keep the default sort order (e.g. files starting with a '.'
 +# should appear at the start of a directory listing.)
 +LC_COLLATE="C"
 +</code>
 +Configure the console (in case of direct connection):
 +Default keyboard in console (US variant international ... with a different mapping than on X11! Well done)
 +<code bash>echo "KEYMAP=us-acentos" > /etc/vconsole.conf</code>
 +==== TIMEZONE ====
 +<code bash>ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime</code>
 +==== Network configuration ====
 +Let's change the hostname
 +<code bash> echo dns1.home > /etc/hostname</code>
 +I will use a static netctl config\\
 +Reference: [[https://wiki.archlinux.org/index.php/Netctl]]
 +<code bash>
 +cp /etc/netctl/examples/ethernet-static /etc/netctl/.
 +vi /etc/netctl/ethernet-static
 +</code>
 +<code bash>
 +Description='A basic static ethernet connection'
 +Interface=eth0
 +Connection=ethernet
 +IP=static
 +Address=('192.168.1.10/24')
 +#Routes=('192.168.0.0/24 via 192.168.1.2')
 +Gateway='192.168.1.1'
 +#DNS=('192.168.1.2')
 +DNS=(127.0.0.1')
 +SkipNoCarrier=yes
 +ExecUpPost='/usr/bin/ntpd -q || true'
 +
 +## For IPv6 autoconfiguration
 +#IP6=stateless
 +
 +## For IPv6 static address configuration
 +#IP6=static
 +#Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
 +#Routes6=('abcd::1234')
 +#Gateway6='1234:0:123::abcd'
 +</code>
 +Disable dhcpcd on eth0
 +<code bash>systemctl disable dhcpcd@eth0</code>
 +Make it default
 +<code bash>netctl enable ethernet-static</code>
 +<code bash>netctl start ethernet-static</code>
 +:!:A nice reboot is mandatory ... didn't find a way to reload network configuration
 +==== Some tools ====
 +<code bash>pacman -S screen bash-completion glances htop lftp rsync wget curl bc lsof strace base-devel</code>
 +Select all base-devel tools even if some are already in place
 +==== NTP ====
 +Reference: [[https://wiki.archlinux.org/index.php/Ntp]]
 +<code bash>pacman -S ntp</code>
 +Normally already installed and started
 +<code bash>vi /etc/ntp.conf</code>
 +<code bash>
 +server 0.fr.pool.ntp.org iburst
 +server 1.fr.pool.ntp.org iburst
 +server 2.fr.pool.ntp.org iburst
 +server 3.fr.pool.ntp.org iburst
 +</code>
 +<code bash>systemctl enable ntpd
 +systemctl start ntpd</code>
 +===== DNS =====
 +Reference: [[https://wiki.archlinux.org/index.php/Bind]]\\
 +Would have been nice with a chroot but thanks to systemd no scripts are available for arch yet (and no I won't even try to make some)
 +==== Bind ====
 +Installation is pretty straight forward:
 +<code bash>pacman -S bind dnsutils</code>
 +=== named.conf ===
 +<code bash>vi /etc/named.conf</code>
 +Add your local zone and the reverse
 +<code bash>
 +zone "home" IN {
 +        type master;
 +        file "home.zone";
 +};
 +
 +zone "1.168.192.in-addr.arpa" IN {
 +        type master;
 +        file "home.rev";
 +};
 +</code>
 +=== Zones ===
 +Then configure files for the zones:
 +  * /var/named/home.zone
 +<code bash>
 +$TTL   3h
 +@ IN SOA dns1.home. root.home. (
 +    2013083101 ; serial
 +    3h         ; refresh after 3 hours
 +    1h         ; retry after 1 hour
 +    1w         ; expire after 1 week
 +    1h )       ; negative caching TTL of 1 hour
 +
 +        IN NS dns1.home.
 +
 +;network devices and Services [1-30]
 +router  IN A 192.168.1.1
 +dns     IN A 192.168.1.2
 +wifi    IN A 192.168.1.3
 +[...]
 +</code>
 +
 +  * /var/named/home.rev
 +<code bash>
 +$TTL   3h
 +@ IN SOA dns1.home. root.home. (
 +    2013083101 ; serial
 +    3h         ; refresh after 3 hours
 +    1h         ; retry after 1 hour
 +    1w         ; expire after 1 week
 +    1h )       ; negative caching TTL of 1 hour
 +
 +        IN NS dns1.home.
 +
 +;network devices and Services [1-30]
 +1       IN PTR  router.home.
 +2       IN PTR  dns.home.
 +3       IN PTR  wifi.home.
 +[...]
 +</code>
 +=== Resolv.conf ===
 +Change it to simply:
 +<code bash>
 +search home
 +nameserver 127.0.0.1
 +</code>
 +Search <domain> will help using network tools without the domain after\\
 +:!: Important, since a lot of stupid services try to rewrite resolv.conf BLOCK it :!:
 +<code bash>chattr +i /etc/resolv.conf</code>
 +No comments on standards - I deeply regret not having openBSD here ...
 +=== Final step ===
 +Enable it
 +<code bash>systemctl enable named</code>
 +Start it
 +<code bash>systemctl start named</code>
 +==== Tests ====
 +Weel first try to dig/nslookup:
 +<code bash>
 +#nslookup 192.168.1.1
 +Server:         127.0.0.1
 +Address:        127.0.0.1#53
 +
 +1.1.168.192.in-addr.arpa        name = router.home.
 +
 +#nslookup router.home
 +Server:         127.0.0.1
 +Address:        127.0.0.1#53
 +
 +Name:   router.home
 +Address: 192.168.1.1
 +
 +</code>
 +See the performances:
 +<code bash>for i in {1..30}; do echo google.com; done | xargs -I^ -P10 dig ^ | grep time | awk /time/'{sum+=$4} END { print "Average query = ",sum/NR,"ms"}'
 +
 +Average query =  33.6667 ms
 +
 +</code>
 +Reference: [[http://www.heystephenwood.com/2013/06/use-your-raspberry-pi-as-dns-cache-to.html]]
 +
 +==== Tweaks ====
 +You can check this wiki [[network:dns|DNS]]\\
 +You need
 +<code bash>pacman -S dos2unix</code>
 +Add in /etc/named.conf
 +<code>
 +include "blockeddomains.zones";
 +</code>
 +In /var/named create a file called blockeddomain.hosts with:
 +<code bash>
 +$TTL   3h
 +@ IN SOA dns.home. root.home. (
 +    2013071502 ; serial
 +    3h         ; refresh after 3 hours
 +    1h         ; retry after 1 hour
 +    1w         ; expire after 1 week
 +    1h )       ; negative caching TTL of 1 hour
 +
 +              
 +              IN      NS      dns.home.
 +              A       127.0.0.1
 +*             IN      A       127.0.0.1
 +*             IN      AAAA    ::1
 +</code>
 +then use this script to generate the blockeddomains.zones file:
 +<code bash>
 +#! /bin/sh
 +# Script that generate a blockeddomains.zones according to a nice hosts file on the internet
 + 
 +# First rm previous version of downloaded and generated files
 +rm blockeddomains.zones hosts.txt
 +# Get the hosts file
 +wget http://winhelp2002.mvps.org/hosts.txt
 +# Convert to Unix
 +dos2unix hosts.txt
 +# For each line in the file that starts with 127, doesn't contain localhost we take the 3rd field (domain)
 +for line in `cat hosts.txt | grep ^127 | grep -v localhost | cut -d " " -f 3`
 +do   
 +     # Create an entry in  blockeddomain.zones with the correct syntax pretending we own this domain :P
 +     printf "zone \"$line\"  {type master; file \"blockeddomain.hosts\";};\n" >> blockeddomains.zones
 +done
 +</code>
 +Then copy it to /var/named and relaunch named
 +<code bash>
 +copy blockeddomains.zones /var/named/.
 +systemctl reload named
 +</code>
 +
 +try a nslookup/dig on one of the domain and ... it will redirect on 127.0.0.1 :D