Table of Contents
Installation of the Raspberry Pi as DNS
Installation
Thanks to Raspbian (Minimal Install) I downloaded the image raspbian_wheezy_20130923.img.7z
After unzipping with 7z
7z x raspbian_wheezy_20130923.img.7z
Then copy directly on my SD card (64GB)
dd if=raspbian_wheezy_20130923.img of=/dev/mmcblk0 bs=1M
I used gparted to resize the partitions:
- / is now 55GB wide
- swap 4GB
Installation done
Post-configuration
Locales
As mentionned on the site:
dpkg-reconfigure tzdata
Switched to Europe/Paris
dpkg-reconfigure console-data
Switched to us-intl
dpkg-reconfigure locales
Enabled en_US.iso/UTF-8
Network
vi /etc/network/interfaces
Then I switched from dhcp to static
# interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback allow-hotplug eth0 #iface eth0 inet dhcp iface eth0 inet static address 192.168.1.10 netmask 255.255.255.0 gateway 192.168.1.1 dns-search test.local dns-nameservers 192.168.1.1 192.168.1.2
Updates
apt-get update apt-get upgrade
Nice tools
I installed some third party tools I use a lot:
apt-get install lftp rsync curl bc lsof strace vim screen htop
DNS
Let's go and install Bind
apt-get install bind9 dnsutils
Config
vi /etc/bind/named.conf.default-zones
zone "test.local" IN { type master; file "/etc/bind/db.test.local"; }; zone "1.168.192.in-addr.arpa" IN { type master; file "/etc/bind/rev.db.test.local"; };
Then create this two files
vi /etc/bind/db.test.local
$TTL 3h @ IN SOA dns1.test.local. root.test.local. ( 2013110601 ; serial 3h ; refresh after 3 hours 1h ; retry after 1 hour 1w ; expire after 1 week 1h ) ; negative caching TTL of 1 hour IN NS dns1.test.local. ;network devices and Services [1-30] router IN A 192.168.1.1 dns IN A 192.168.1.2 wifi IN A 192.168.1.3 sip1 IN A 192.168.1.4
vi /etc/bind/rev.db.test.local
$TTL 3h @ IN SOA dns1.test.local. root.test.local. ( 2013110601 ; serial 3h ; refresh after 3 hours 1h ; retry after 1 hour 1w ; expire after 1 week 1h ) ; negative caching TTL of 1 hour IN NS dns1.test.local. ;network devices and Services [1-30] 1 IN PTR router.test.local. 2 IN PTR dns.test.local. 3 IN PTR wifi.test.local. 4 IN PTR sip1.test.local.
Enable logging
vi /etc/bind/named.conf.local
With
// Manage the file logs include “/etc/bind/named.conf.log”;
And create /etc/bind/named.conf.log
vi /etc/bind/named.conf.log
with
logging { channel update_debug { file “/var/log/update_debug.log” versions 3 size 100k; severity debug; print-severity yes; print-time yes; }; channel security_info { file “/var/log/security_info.log” versions 1 size 100k; severity info; print-severity yes; print-time yes; }; channel bind_log { file “/var/log/bind.log” versions 3 size 1m; severity info; print-category yes; print-severity yes; print-time yes; }; category default { bind_log; }; category lame-servers { null; }; category update { update_debug; }; category update-security { update_debug; }; category security { security_info; }; };
Benchmark
for i in {1..30}; do echo google.com; done | xargs -I^ -P10 dig ^ | grep time | awk /time/'{sum+=$4} END { print "Average query = ",sum/NR,"ms"}' Average query = 3.2 ms
This is OK, I got :
Average query = 0.0666667 ms on the OpenBSD VM
Filtering
vi /etc/bind/blockeddomain.hosts
This file contains:
$TTL 3h @ IN SOA dns1.test.local. root.test.local. ( 2013071502 ; serial 3h ; refresh after 3 hours 1h ; retry after 1 hour 1w ; expire after 1 week 1h ) ; negative caching TTL of 1 hour IN NS dns1.test.local IN NS dns1.test.local. A 127.0.0.1 * IN A 127.0.0.1 * IN AAAA ::1
Add this in /etc/bind/named.conf.default-zones
vi /etc/bind/named.conf.default-zones
include "blockeddomains.zones";
Now let's generate this blockeddomains.zones
First we need some tools:
apt-get install dos2unix p7zip
Then this script:
#! /bin/sh # Script that generate a blockeddomains.zones according to a nice hosts file on the internet # First rm previous version of downloaded and generated files rm blockeddomains.zones hosts.txt # Get the hosts file wget http://winhelp2002.mvps.org/hosts.txt # Convert to Unix dos2unix hosts.txt # For each line in the file that starts with 127, doesn't contain localhost we take the 3rd field (domain) for line in `cat hosts.txt | grep ^127 | grep -v localhost | cut -d " " -f 3` do # Create an entry in blockeddomain.zones with the correct syntax pretending we own this domain :P printf "zone \"$line\" {type master; file \"/etc/bind/blockeddomain.hosts\";};\n" >> blockeddomains.zones done
Reload bind
/etc/init.d/bind reload