Sunday, November 04, 2012

DNS configuration for your home network

Installing BIND on the NAS

 
I found some documentation on how to set up BIND (DNS) on a Synology NAS running Linux but as I ran into some problems I thought I'd document them here on the offchance someone finds it a useful reference. [Edit]: Other (simpler and in many ways better) ways of doing this exist.
 
My starting point was here, but quickly found that the more comprehensive documentation here was also useful. BIND configuration notwithstanding, the installation of the BIND package on the Synology NAS (DSM 4.1) was not without issues.
 
You start by installing the BIND package:

DiskStation> ipkg install bind
Installing bind (9.6.1.3-4) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/bind_9.6.1.3-4_i686.ipk
Installing openssl (0.9.8v-2) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/openssl_0.9.8v-2_i686.ipk
Installing psmisc (22.17-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/psmisc_22.17-1_i686.ipk
Installing ncurses (5.7-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/ncurses_5.7-1_i686.ipk
Configuring bind
Running post-install
You must now create your named.conf file
When it is installed in /opt/etc/named/named.conf, execute
/opt/etc/init.d/S09named start
to start service
You will probably also want to create rndc.conf by running
rndc-confgen. Of course, you may want to set your name server
in the GUI to 127.0.0.1 or your local ip-address
Configuring ncurses
update-alternatives: Linking //opt/bin/clear to /opt/bin/ncurses-clear
Configuring openssl
Configuring psmisc
update-alternatives: Linking //opt/bin/killall to /opt/bin/psmisc-killall
update-alternatives: Linking //opt/bin/pidof to /opt/bin/psmisc-killall
Successfully terminated.

I created /opt/etc/named/named.conf and related files per my desired set-up and tried to start the daemon:

DiskStation> /opt/etc/init.d/S09named start
Starting DNS Services: /opt/bin/pidof: error while loading shared libraries: libssp.so.0: cannot open shared object file: No such file or directory
started
The forums will tell you that you need gcc installed to have access to this library, so go do it. Before you do it, however, make sure root's PATH environment variable has /opt/bin and /opt/sbin at the START (that is, edit and source ~/.profile):

PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/bin

Otherwise you will encounter errors like the ones below:

DiskStation> /opt/bin/ipkg install gcc
Installing gcc (4.2.1-5) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/gcc_4.2.1-5_i686.ipk
file_move: ERROR: failed to rename /opt/ipkg-Ys4oOA/gcc_4.2.1-5_i686.ipk to /opt/ipkg-Ys4oOA/gcc_4.2.1-5_i686.ipk: No such file or directory
Nothing to be done
An error ocurred, return value: -1.
Collected errors:
Failed to download gcc. Perhaps you need to run 'ipkg update'?
It appears that there are at least two wget binaries installed on the system and the Synology version doesn't work with ipkg.
/usr/syno/bin/wget (GNU Wget 1.10.1)
/opt/bin/wget (GNU Wget 1.12)

DiskStation> ipkg install gcc
Installing gcc (4.2.1-5) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/gcc_4.2.1-5_i686.ipk
Installing binutils (2.19.1-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/binutils_2.19.1-1_i686.ipk
Installing libc-dev (2.3.6-5) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/libc-dev_2.3.6-5_i686.ipk
Installing libnsl (2.3.6-4) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/libnsl_2.3.6-4_i686.ipk
Configuring binutils
update-alternatives: Linking //opt/bin/strings to /opt/bin/binutils-strings
Configuring gcc
Configuring libc-dev
Configuring libnsl
Successfully terminated.
Now let's start the daemon again:
DiskStation> /opt/etc/init.d/S09named start
Starting DNS Services: started
Well this is a lie.
DiskStation> ps | grep named
12730 root      2540 S    grep named
Check /var/log/messages to see what happened:
[...]
Nov  1 15:55:25 named[8642]: dns_master_load: root.servers:40: unexpected end of file
Nov  1 15:55:25 named[8642]: dns_master_load: root.servers:40: unexpected end of input
Nov  1 15:55:25 named[8642]: could not configure root hints from 'root.servers': unexpected end of input
Nov  1 15:55:25 named[8642]: loading configuration: unexpected end of input
Nov  1 15:55:25 named[8642]: exiting (due to fatal error)
Ok, my fault for incorrectly editing the config files (a couple of issues look related to a possible  bug using 'open' (o) command in vi which incorrectly splits the last character of the line onto a new line) so clean this up and see what else was missed by looking at /var/log/messages again:
[...]
Nov  1 16:21:02 named[12572]: none:0: open: /opt/etc/named/rndc.key: file not found
Nov  1 16:21:02 named[12572]: /opt/etc/named/named.conf:19: couldn't install keys for command channel 127.0.0.1#953: file not found
Nov  1 16:21:02 named[12572]: /opt/etc/named/named.conf:19: couldn't add command channel 127.0.0.1#953: file not found
Nov  1 16:21:02 named[12572]: logging channel 'dns_log' file '/opt/var/log/dns.log': file not found
Nov  1 16:21:02 named[12572]: isc_log_open '/opt/var/log/dns.log' failed: file not found
Silly mistakes corrected, but it is at least now running with some other issues:
DiskStation> ps | grep named
12572 root      7324 S    /opt/sbin/named -c /opt/etc/named/named.conf
12730 root      2540 S    grep named
Thank goodness for that. Now let's check if the config works.

dns> nslookup
> server 192.168.1.2
Default server: 192.168.1.2
Address: 192.168.1.2#53
> dns.mydomain.net
[...]
Name:   dns.mydomain.net
Address: 192.168.1.2
> bogus.mydomain.net
[...]
** server can't find bogus.mydomain.net: NXDOMAIN
> router.mydomain.net
[...]
Name:   router.mydomain.net
Address: 192.168.1.1
> r6300.mydomain.net
[...]
r6300.mydomain.net        canonical name = router.mydomain.net.
Name:   router.mydomain.net
Address: 192.168.1.1
> www.google.com
[...]
Non-authoritative answer:
Name:   www.google.com
Address: 74.125.237.82
Name:   www.google.com
Address: 74.125.237.83
Name:   www.google.com
Address: 74.125.237.84
Name:   www.google.com
Address: 74.125.237.80
Name:   www.google.com
Address: 74.125.237.81
> 192.168.1.2
[...]
2.1.168.192.in-addr.arpa        name = dns.mydomain.net.
Cool. All the locally configured hosts are there, non-existent local hosts are not found and hosts on the internet are also found. A reverse lookup also appears to have worked. Same results on the NAS (127.0.0.1) and a Win-7 host (connecting to 192.168.0.2).
 
Posted by at
Labels: , , , , , , ,

2 comments:

  1. Anonymous5/11/12 02:07

    In case you haven't seen it, dnsmasq is a nice BIND replacement for small networks - http://www.thekelleys.org.uk/dnsmasq/doc.html

    The reduction in admin and performance overhead is pretty handy, particularly if you're also using DHCP.

    ReplyDelete
  2. gsw5/11/12 11:51

    Thanks Anon, I was dimly aware of it only through the process of setting up BIND. I discovered just after I published this post that you can't use the DHCP Server (Synology package) with BIND as Synology uses dnsmasq which requires the same port as named. I'll cover this in a follow-up post shortly.

    ReplyDelete

Subscribe to: Post Comments (Atom)