Home Lab – Configuring a DNS Server

Posted on by Matt Adam

Do you really need a DNS server? I would say probably. I guess technically you could just modify your host file and get to all the fqdns that you need, but a DNS server definitely makes your environment more streamlined. Also, vCenter is pretty picky with DNS and might cause problems down the road. Bottom line is that it’s not too hard to setup or maintain, and provides loads of value.

My DNS server of choice is a simple centos8 server in which I’ve deployed bind. There’s only a few files to update, and if you need a new record, simply add it and bounce named service. Easy as that. If you have something else in mind, by all means follow that guide. As long as you have a DNS server that is authoritative for your home lab fqdn, then you should be fine.

Install Centos 8

Or any distro. Centos/ubuntu/windows, whatever you prefer. If you want to stick to my guide exactly, I was using Centos 8 stream. There’s quite a few guides on this so I’ll keep the steps minimal.

  1. Download the ISO file
  2. Upload it to the physical ESXi datastore.
  3. Create a VM on one of the ESXi physical hosts, and point to the ISO file for booting.
  4. Install the image and reboot.
  5. Set a static IP address.

Update Centos and install Bind

Run the following commands after installing centos.

sudo yum update -y
sudo firewall-cmd --permanent --add-service=dns
sudo firewall-cmd --permanent --add-port=53/udp
sudo firewall-cmd --reload
sudo dnf update -y
sudo dnf install bind bind-utils -y
sudo systemctl start named
sudo systemctl enable named
sudo systemctl status named #Should show active

Ok next step is to make a few changes to the /etc/named.conf file.

vi /etc/named.conf

Comment these lines out:
//      listen-on port 53 { 127.0.0.1; };
//      listen-on-v6 port 53 { ::1; };

Add your home lab subnets to this param:
allow-query     { localhost;192.168.0.0/16;10.0.0.0/8; }

Add these blocks of code at the bottom (Modify the 'home.lab' if you are using something different. Also adjust the IP address below. My home subnet is 192.168.3.0):
//Forward Zone
zone "home.lab" IN {

           type master;
           file "home.lab.db";
           allow-update { none; };

};
//Reverse Zone
zone "3.168.192.in-addr.arpa" IN {

             type master;
             file "192.168.3.db";
             allow-update { none; };

};

Next step we’re going to create the forward zone file. Every time you add a new A record, you will update this file and the reverse zone file, then bounce named. I’ll provide an example below.

vi /var/named/home.lab.db

Paste the following code and save (I'm calling my DNS server 'ns1.home.lab' modify it as you please):
$TTL 86400
@   IN  SOA     ns1.home.lab. root.home.lab. (
                                              3           ;Serial
                                              3600        ;Refresh
                                              1800        ;Retry
                                              604800      ;Expire
                                              86400       ;Minimum TTL
)

;Name Server Information
@       IN  NS      ns1.home.lab.

;A - Record HostName To Ip Address
ns1       IN  A       192.168.3.6

And finally we create the reverse zone file. This allows for reverse DNS lookups (IP Address to FQDN)

vi /var/named/192.168.3.db

Paste the following code and save (I'm calling my DNS server 'ns1.home.lab' modify it as you please, and my dns server IP is 192.168.3.6):
$TTL 86400
@   IN  SOA     ns1.home.lab. root.home.lab. (
                                       3           ;Serial
                                       3600        ;Refresh
                                       1800        ;Retry
                                       604800      ;Expire
                                       86400       ;Minimum TTL
)

;Name Server Information
@         IN      NS         ns1.home.lab.

;Reverse lookup for Name Server
6      IN  PTR     ns1.home.lab.

It’s that simple. You can even validate the code for typos, by running the following commands. 

sudo named-checkconf /etc/named.conf
sudo named-checkzone home.lab /var/named/home.lab.db
sudo named-checkzone 3.168.192.in-addr.arpa /var/named/192.168.3.db
If successful, you’ll see something like this.

Finally, restart named to set it all up.

sudo systemctl restart named

Add an A record and test

To add a new record, you will modify both of the zone files, then restart named.

vi /var/named/home.lab.db

Add these lines:
esxi2     IN  A       192.168.3.4
esxi1     IN  A       192.168.3.5


vi /var/named/192.168.3.db

Add these lines:
5      IN  PTR     esxi1.home.lab.
4      IN  PTR     esxi2.home.lab.

Then restart named:
sudo systemctl restart named

Testing is just as easy. After you can test locally, I would test from various other machines to make sure it responds to all queries. If it fails, check firewall rules, check allowed subnets, reachability, routes, etc.

Test forward lookup:
dig esxi1.home.lab +short

Test reverse lookup:
dig -x 192.168.3.5 +short

Optional: Fix Forwarding

If you’re running into an issue where you can only resolve local domains, but not public domains like google.com, then you might try the following steps to see if it resolves your issue.

vi /etc/named.conf

Add your extra DNS servers here, or public servers like google.com:
        forwarders {
                8.8.8.8;
                x.x.x.x;
        };
        forward only;

Also modify the dnssec lines below:
        dnssec-enable no;
        dnssec-validation no;