3

We are currently using the DNS of our ISP but I would like to setup our own in house DNS server so that we could manage local names, and in short use this in house DNS server instead of .hosts file on all of our computers.

I would like the DNS server to resolve DNS only to certain IP's (so this way I could filter internet access in a way, by providing DNS resolution only to domains that are of use to our business and accordingly to IP's -something like openDns) I know I could setup a transparent squid to do filtering, but I've been interested in setting up a local DNS server and could not find the necessary resources online.

I am interested in a Unix, Debian, friendly app (Windows is acceptable also).

Dave M
  • 4,514
s.mihai
  • 1,509

11 Answers11

6

I can tell you on the Linux side that BIND is probably the most common and most powerful solution you could find. However, DNSmasq is a great lightweight DNS app that you actually might have some experience with since it's installed on many linux-based SOHO routers.

scotthere
  • 487
  • BIND i am considering, but has anyone got any substantial how-to out there.... i would really appreciate this. i have not been able to setup this so far. – s.mihai May 30 '09 at 20:56
  • It's not a simple project, but this is a good place to start: http://www.bind9.net/links – scotthere May 31 '09 at 17:41
6

I would recommend Linux + BIND or PowerDNS.

The setup is fairly easy with lots of HOWTOs on the web. I use this setup for 3 years now without any problem.

HOWTO for BIND an internal and external DNS server

Alakdae
  • 1,243
4

I'd recommend PowerDNS highly, if you just want a no-frills recursing DNS server to enable Internet usage, pdns-recursor requires close to zero configuration to be used on a local network. I use it on our FreeBSD server on the office, and basically, I just installed it, added the server's IP address to /usr/local/etc/pdns/recursor.conf and started the service.

If you want to provide your own DNS information, PowerDNS has some very powerful features, mainly in its ability to use a relational database as backend, which makes it a lot easier to make some sort of web interface or configuration system, and also makes it a lot easier to do replication, since you can just use the database server's replication system instead of AXFR or similar things.

mikl
  • 622
  • 3
    Storing production DNS data in an SQL database adds additional risk to a piece of critical infrastructure. Unless the system has a process to cope with the failure of the SQL server, I would implement something that uses traditional flat files. – Matt Jun 02 '09 at 21:17
  • 3
    Well, all systems have risks. Flat files might get corrupted, databases might go down. There's performance tradeoffs to flat files, especially if your zones change a lot or have a lot of records. So if you only have a few simple zones, I'd agree that having an RDBMS might be overkill. – mikl Jun 06 '09 at 20:38
3

DJBDNS - easy, works! :)

  • 3
    I'm not going to go so far as to vote you down, but DJBDNS has to be the most convoluted piece of software I've used since Qmail. The kludges it takes to install DJBDNS are just wrong. The only thing going for it is the (too) simple configuration. – Matt Simmons May 30 '09 at 20:57
  • How's that? I see your point for distro's on which you have to manually install daemontools etc. but it does have to be like that. Both daemontools and djbdns are in Lenny's default repo. It's still a bit non-standard, but its configuration beats the hell out of binds. – wzzrd Jun 01 '09 at 09:15
3

I thought about doing the same thing, and came across OpenDNS.

I'm a new user, so I can't add the link, but google will allow you to find them.

I don't work for/with them, I just use their service and I like it. Its free and allows for customizing access like you requested. As far as local DNS is concerned, I run a localized nameserver for all hostnames of of a Fedora install. As far as the local DNS goes, as long as you are running a DNS server on the network, and have your DHCP configured correctly to spit it out, it'll work. I simply don't allow DNS traffic originating from my exterior firewall, and it seems to do the trick.

bobby
  • 604
  • yes, i've tried OpenDNS but i can not allow access only to whitelisted websites and deny access to blacklisted. This is what i am trying to do. – s.mihai May 30 '09 at 21:01
1

Small sites often hand-edit zone files and BIND configurations which leads to inconsistencies and errors. Instead use HostDB to take a /etc/hosts file and uses it to generate your files. More info at everythingsysadmin.com/hostdb

It generates files for BIND which comes with all Linux distros.

TomOnTime
  • 8,131
1

Using a DNS Server for local/internet name resolution is the best and most managmenable solution. With that having been said I would suggest you do not use DNS for filtering. Use something that was designed for web content filtering like squid.

If using a windows server then use Windows DNS Server if using a Linux server use something like Bind or dnsmasq.

JJ01
  • 461
  • at the moment i am using the DNS provided by my ISP
  • centralized file sharing (no centralized auth)
  • we already have a DHCP in place.

    • only DNS required.

    – s.mihai May 30 '09 at 21:29
  • What operating system on the server and workstations ? – JJ01 May 30 '09 at 22:43
  • the stations are windows based. the server... i have both linux based, and windows based servers around, i'ld like to use someting cheap (open source) and user friendly – s.mihai May 31 '09 at 04:51