I am at the point where my home intranet is complex enough that I want a DNS server that will do forward and backward network address lookups for intranet hostnames and static IP addresses. For example, I have an intranet only web server that I have assigned a static IP address of 192.168.0.110, but I want all computers in the intranet to be able to access it by its intranet-only hostname (http://apps.home). In addition, if some software needs to do a reverse lookup of 192.168.0.110, the DNS server should return apps.home.
Those who have started playing around with DNS servers know how daunting a task this is. I will show you how to do it with that cheap Windows XP box you have collecting dust and do it for free.
Prerequisites:
1. Windows XP box with an ethernet card
2. A router that performs NAT (Network Address Translation) between your intranet and your internet provider. Some internet providers have this function built into their box that they provide you, but I always get my own router to put in front of theirs so I have full control of my intranet.
Step 1 - Multihome your Windows XP box so it has two static IP addresses on its single ethernet card
You need two IP addresses because to make the DNS server work properly, you actually need to run two different DNS server processes on different IP addresses on the same Windows XP box. You could have them run on two different boxes, but that would be doubling the hardware cost for no real reason.
A. Assuming that you already have your Windows XP box to be able to connect to the internet using DHCP, open a command line window on it and execute "ipconfig /all". What you want to write down is your host name, IP address, subnet mask, default gateway and DNS servers.
B. Go to Control Panels and open the Network Connections control panel. Right-click on your network connection (usually named Local Area Connection) and choose Properties from the drop down menu that appears. If you have several things listed there, it should be the only one that has a status of Connected.
C. In the resulting window that appears, scroll down the list in a box with "This connection uses the following items:" above it until you find one named "Internet Protocol (TCP/IP). Click on it (but NOT the checkbox in front of it), and then click on the Properties button below the list.
D. In the resulting window, click on the selection circle named "Use the following IP address:". Using the ipconfig information you copied down in step 1, assign appropriate values. For IP address, use an IP address that is out of the range of DHCP addresses configured in your router. If you have no idea what I am talking about, just choose an IP address that is high. For example, my router assigned my XP box an IP address of 192.168.0.3. I would then choose a new IP address of 192.168.0.100. Copy in the subnet mask and default gateway from what you wrote down in step 1. For the preferred DNS server field, enter the new IP address of the XP box you chose (192.168.0.100 in my example). For the alternate DNS server, enter the DNS server you copied down in step 1. If there were more than one, copy down the first one.
E. Click on the Advanced button. In the list of IP addresses section, click on the Add button. Choose another static IP address (I chose 192.168.0.101 in my example) and copy over the same subnet mask you wrote down from step 1.
F. Click on the DNS tab. If there were more than one DNS server you wrote down in step 1, you can add them in section titled "DNS server addresses, in order of use:". Click on the selection circle named "Append these DNS suffixes (in order):", Click on the Add button in that section, and enter the domain suffix name you want for your intranet. In my example, my domain suffix would be "home". In the field named "DNS suffix for this connection", put in the same domain suffix.
G. Click on the OK buttons until you have closed everything. Reboot to make sure the changes are recognized, and then make sure your XP box is still able to access the internet.
Step 2 - Download MaraDNS software and install it
MaraDNS is a free DNS server software that will get the job done. There are plenty of others. If you want to use something else, you will have to extrapolate your own instructions from what I am writing down here.
A. Go to http://maradns.samiam.org/download.html and download the file for Windows into a temporary directory on your XP box. At the time I wrote this, the file name was maradns-2.0.11-win32.zip
B. Create a directory named C:\maradns and extract the files in the zip file into that directory so that all the files are not in a subdirectory. For the maradns-2.0.11-win32.zip I downloaded, when I unzipped it, it created a subdirectory named maradns-2-0-11-win32. I pulled all the files and folders out of there and put them in the C:\maradns folder.
C. Open the Service.html file and follow its instructions to add MaraDNS as a Windows service. At the time of this writing, I got the srvany.zip file they mention from http://maradns.samiam.org/download/non-maradns/srvany.zip. Do not start this service yet!
D. Go to the Deadwood subdirectory (for me, it was C:\maradns\Deadwood-3-2-07-wn32) and run the install.bat file
E. Open the Windows Services control panel and turn off the Deadwood and MaraDNS services if they are running. In the Deadwood subdirectory, delete a file named dw_cache_bin if it exists. Deadwood creates it when it is stopped. It contains old DNS cache information.
Step 3 - Configure the authoratative DNS server for your intranet
This will be the DNS process that will resolve the addresses recognized only in your intranet.
A. In the c:\maradns folder, run the mkSecretTxt.exe program which will create a file named secret.txt in that directory.
B. In the c:\maradns folder, create a text file named mararc if it doesn't already exist and make sure it looks like:
ipv4_bind_addresses = "192.168.0.101"
chroot_dir = "/maradns"
csv2 = {}
csv2["home."] = "db.home"
timestamp_type = 2
random_seed_file = "secret.txt"
Make sure the last line ends with a carriage return so that a blank line is at the end. If you created a different second static IP address for your XP box, use that instead in the first line. If you are going to have a different domain suffix than "home" for your intranet, replace the words "home" with your domain suffix name in line 4.
C. In the c:\maradns folder, create a text file named db.home (or whatever you changed it to above if you deviated from my example), and make sure it looks like the following. Replace "xphostname" with the host name you wrote down from the ipconfig information at the beginning of this article. Replace every occurrence of "home" with the domain suffix you chose if you are deviating from my example:
home. NS dnsauth.home. ~
xphostname.home. FQDN4 192.168.0.100 ~
dnsauth.home. FQDN4 192.168.0.101 ~
Make sure the last line ends with a carriage return so that a blank line is at the end. If you have other machines with static IP addresses that you want to assign hostnames, add them using the following example as a guide:
apps.home. FQDN4 192.168.0.110 ~
The above would assign the IP address 192.168.0.110 to the hostname apps.home, so that I can access that server, which I have a web server running, via http://apps.home in my intranet.
D. Don't start MaraDNS via the Services control panel yet. At a command line window, cd to the c:\maradns folder and run the following command: maradns -f mararc. A popup window will probably appear asking if you want to let this program access the internet. Do whatever to have it accept this. Quit the maradns program by pressing ctrl-c.
E. Now start MaraDNS via the Services control panel. As a quick test, open a command line window and enter the follow commands to test:
nslookup
server 192.168.0.101
dnsauth
It should return the Ip address 192.168.0.101 successfully. Enter the word exit to exit nslookup
Step 4 - Configure the recursive DNS server for your intranet
This will be the DNS process that will allow internet addresses to be resolved after your intranet adresses are tried first.
A. In the Deadwood subdirectory (in my case, it was named C:\maradns\Deadwood-3-2-07-wn32), edit the text file named dwood3rc.txt. The uncommented lines should look like:
ipv4_bind_addresses="192.168.0.100, 127.0.0.1"
recursive_acl = "192.168.0.0/24,127.0.0.1"
random_seed_file = "secret.txt"
cache_file = "dw_cache_bin"
filter_rfc1918 = 0
chroot_dir = "/maradns/Deadwood-3-2-07-win32"
root_servers = {}
root_servers["home."] = "192.168.0.101"
root_servers["0.168.192.in-addr.arpa."] = "192.168.0.101"
root_servers["."] = "198.41.0.4,"
root_servers["."] += "192.228.79.201,"
root_servers["."] += "192.33.4.12,"
root_servers["."] += "128.8.10.90,"
root_servers["."] += "192.203.230.10,"
root_servers["."] += "192.5.5.241,"
root_servers["."] += "192.112.36.4,"
root_servers["."] += "128.63.2.53,"
root_servers["."] += "192.36.148.17,"
root_servers["."] += "192.58.128.30,"
root_servers["."] += "193.0.14.129,"
root_servers["."] += "199.7.83.42,"
root_servers["."] += "202.12.27.33"
You should know by now what to change if you deviated from my example. Make sure the last line ends with a carriage return so that a blank line is at the end. Failing to do this is the most common reason why Deadwood fails to start.
B. Make sure the dw_cache_bin file is deleted before you start Deadwood, and then go to the Services control panel and start Deadwood. As a quick test, open a command line window and enter the follow commands to test:
nslookup dnsauth
nslookup 192.168.0.101
nslookup cnn.com
They should all return addresses successfully. If there are timeout errors, you may need to increase the timestamp_type in mararc higher than 2 seconds and restart the maradns service.
If you add additional hostnames and IP addresses to db.home later on, you will have to restart both MaraDNS and Deadwood services afer making the change, but after you stop Deadwood and before you start it again, you will need to delete the dw_cache_bin file to make sure the changes go into effect immediately.
Step 5 - Configure the router to use your intranet DNS server first
This will make sure all your devices connecting via DHCP to your router will be able to resolve the intranet hostnames and IP addresses. The steps to do this differs depending on your router, but in general, you will be switching from DHCP to a static IP address for your router when it connects to your internet provider, You would keep the same IP address, subnet mask, and default gateway as you had when using DHCP, but in the DNS server list, you would make 192.168.0.100 the first DNS server.
Step 6 - Configure machines that are assigned static IP addresses use your intranet DNS server first
If you have machines that are assigned static IP addresses in your intranet, make sure to add them to the db.home file, and make 192.168.0.100 the first DNS server in their IP configuration. The steps different depending on the operating system and device. If you deviated from my example, it should be obvious at this point what you need to do differently than what I say.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment