Integration · Linux · Making things work

Running pdnsd with split dns, bind and windows dns for your internal network


As a follow up to my last post on installing and configuring a sample pdnsd setup for cache only dns server, I wanted to share the context I made my setup in.

In our scenario we have a windows AD environment supporting all windows workstations and domain authentication. We also have a bind dns server on the side where we update all other local dns server entry for various servers.

We have placed couple of pdnsd server to process all dns requests from the local network

All dns requests are served by pdnsd server, while pdnsd server forwards appropriate requests to appropriate server and cache the data as per the systems configuration.

pdnsd Server: 192.168.XXX.99
Active directory dns1: 192.168.XXX.X1
Active directory dns2: 192.168.XXX.X2
Bind dns: active directory dns1: 192.168.XXX.X2
pdnsd, configration sample, split dns, diagram

Configuration file template for the above case, download this pdnsd.conf copy the content and save it as /etc/pdnsd.conf in your pdnsd server

// pdnsd configuration file by http://tektab.com.
// read more on how to use this file @ https://tektab.com/2013/03/21/pdnsd-with-internal/
//Must be customized to obtain a working pdnsd setup!
// Read the pdnsd.conf(5) manpage for an explanation of the options.
 
 
 
global {
        perm_cache=20480;
        cache_dir=”/var/cache/pdnsd”;
#       pid_file = /var/run/pdnsd.pid;
        run_as=”pdnsd”;
        server_ip = 127.0.0.1; 
        server_ip = eth0; # Use eth0 here if you want to allow other
        status_ctl = on;
#       paranoid=on;
        query_method=tcp_udp;   # pdnsd must be compiled with tcp
                                # query support for this to work.
        min_ttl=3d;       # One day, Retain cached entries at least 15 minutes.
        max_ttl=1w;        # One week.
        timeout=20;        # Global timeout option (10 seconds).
        proc_limit=150;
        procq_limit=200;
debug = off;
}
 
 
# The following section is most appropriate for fixed connections to the Internet.
 
server {
        label= “ourdomain.com”; #UPDATE THE LABEL #UPDATE
        ip = 192.168.XXX.X3; # Your bind server address #UPDATE
#        proxy_only=on;# Do not query any name servers beside your ISP’s.
        timeout=15;         # Server timeout; this may be much shorter
                           # that the global timeout option.
        uptest=if;
        interface=eth0;
        interval=10m;      # Check every 10 minutes.
        purge_cache=off;   # Keep stale cache entries in case the ISP’s
                           # DNS servers go offline.
        exclude = .ads.ourdomain.com; #UPDATE
}
 
 
server {
        label= “ads.ourdomain.com”; #UPDATE THE LABEL #UPDATE
        ip = 192.168.XXX.X1; # Primary DNS of windows ADS #UPDATE
        ip = 192.168.XXX.X2; # Secondery DNS of windows ADS. #UPDATE
        proxy_only=on;     # Do not query any name servers beside your ISP’s.
        timeout=15;         # Server timeout; this may be much shorter
                           # that the global timeout option.
        uptest=if;
        interface=eth0; #UPDATE
        interval=10m;      # Check every 10 minutes.
        purge_cache=off;   # Keep stale cache entries in case the ISP’s
                           # DNS servers go offline.
}
 
# This section is meant for resolving from root servers.
server {
        label = “root-servers”;
        root_server=on;
        ip =    198.41.0.4
        ,       192.228.79.201
        ,       192.33.4.12
        ,       128.8.10.90
        ,       192.203.230.10
        ,       192.5.5.241
        ,       192.112.36.4
        ,       128.63.2.53
#       ,       192.36.148.17
#       ,       192.58.128.30
#       ,       193.0.14.129
#       ,       198.32.64.12
#       ,       202.12.27.33
        ;
        timeout = 15;
        uptest = query;
        interval = 30m;      # Test every half hour.
        ping_timeout = 300;  # 30 seconds.
        purge_cache = off;
        exclude = .localdomain;
        exclude = .ourdomain.com; #UPDATE
        policy = included;
        preset = off;
}
 
 
source {
        owner=localhost;
#       serve_aliases=on;
        file=”/etc/hosts”;
}
 
rr {
        name=localhost;
        reverse=on;
        a=127.0.0.1;
        owner=localhost;
        soa=localhost,root.localhost,42,86400,900,86400,86400;
}
Configuration file template for the above case, download this pdnsd.conf copy the content and save it as /etc/pdnsd.conf in your pdnsd server
 
 
After saving the config tile to /etc/pdnsd.conf  reload the pdnsd config file
services pdnsd reload
 
Check the local dns lookup
 
dig @192.168.XXX.99 XXXX.mydomain.com
dig @192.168.XXX.99 XXXX.ads.mydomain.com
dig @192.168.XXX.99 google.com
 
If you need help with seeting up a pdnsd server, please lookup my blog post on how to setup a pdnsd server for cache only dns server https://tektab.com/2013/03/21/howto-pdnsd-on-redhatcentos-from-source/
 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s