DNS server on QNAP-TS-231


This is a simple guide on how setup a dns server on a qnap-ts-231 [firmware version 4.2.2] nas, why do that? well because significantly speed up the domain resolution and it can handle internal domains to the LAN and in the end because we can do 🙂
to achieve this we need a program that handles the dns requests, there are many programs that do this, but in this guide we use only bind. Bind is not distributed in the qnap store so we need to install another program to do this, this program is Entware-ng. I believe this guide also be used in other qnap model just get the enterware/bind version for the right platform [armv5 (x19), armv7 (x31, x41 – models x31/x31+), x86-32, x86-64)].
After this brief introduction proceed with the instructions:

  1. install the Entware-ng
    • donwload the qpkg package from here
    • install it by the web interface
  2. install bind9
    • login into the nas with ssh on admin account
    • install it, execute: opkg install bind-server
    • create a soft link to bind directory, execute: ln -s /opt/etc/bind /etc/bind
  3. setup bind9
    • edit the named.conf file, execute: vim /opt/etc/bind/named.conf
      in this file you need to remove the quotation marks into the forwarders section and add two zone for the new custom LAN domain.
      The file result should be like this:

      // This is the primary configuration file for the BIND DNS server named.
      
      options {
      	directory "/opt/etc/bind";
      	pid-file "/opt/etc/bind/named.pid";
      
      	query-source address * port 53;
      
      	forwarders {
      		// TIM dns
      		85.38.28.97;
      		85.37.17.51;
      		// OPENDNS dns
      		208.67.222.222;
      		208.67.220.220;
      		// DNS.WATCH dns
      		84.200.69.80;
      		84.200.70.40;
      		// LEVEL3 
      		209.244.0.3;
      		209.244.0.4;
      		// GOOGLE dns
      		8.8.8.8;
      		8.8.4.4;
       };
      
      	auth-nxdomain no;    # conform to RFC1035
      };
      
      // prime the server with knowledge of the root servers
      zone "." {
      	type hint;
      	file "/etc/bind/db.root";
      };
      
      // be authoritative for the localhost forward and reverse zones, and for
      // broadcast zones as per RFC 1912
      
      zone "localhost" {
      	type master;
      	file "/etc/bind/db.local";
      };
      
      zone "127.in-addr.arpa" {
      	type master;
      	file "/etc/bind/db.127";
      };
      
      zone "0.in-addr.arpa" {
      	type master;
      	file "/etc/bind/db.0";
      };
      
      zone "255.in-addr.arpa" {
      	type master;
      	file "/etc/bind/db.255";
      };
      
      zone "dns.lan" {
      	type master;
      	file "/opt/etc/bind/db.dns";
      };
      
      zone "1.168.192.in-addr.arpa" {
        type master;
        file "/opt/etc/bind/db.192.168.1";
      };

      in my first custom zone to specify the file that will handle the conversion machine network name to IP, this zone is named dns.lan.
      the second one to specify the file that will handle the conversion IP to machine network name, this zone is named 1.168.192.in-addr.arpa, note as the zone name is the reverse of the class C address of the network itself

    • create file db.dns, execute: cp /opt/etc/bind/db.local /opt/etc/bind/db.dns
    • edit it, execute: vim /opt/etc/bind/db.dns
      add the LAN domains in your network and take care to replace the string localhost. with the network name of your server[uname -n] and root.localhost. with the name of the account[whoami] plus the network name of your server[uname -n].
      The file result should be like this:

      ;
      ; BIND data file for local loopback interface
      ;
      $TTL	604800
      @	IN	SOA	QNAP-TS-231.dns.lan. admin.QNAP-TS-231.dns.lan. (
      			      1		; Serial
      			 604800		; Refresh
      			  86400		; Retry
      			2419200		; Expire
      			 604800 )	; Negative Cache TTL
      ;
      @	IN	NS	localhost.
      @	IN	A	127.0.0.1
      
      QNAP-TS-231	IN	A	192.168.1.20
      NS	IN	CNAME	QNAP-TS-231
      laptop	IN	A	192.168.1.89
      nas1	IN	A	192.168.1.20
      nas2	IN	A	192.168.1.21
      tv	IN	A	192.168.1.43
      router	IN	A	192.168.1.1
      cell	IN	A	192.168.1.91
    • create file db.192.168.1, execute: cp /opt/etc/bind/db.local /opt/etc/bind/db.192.168.1
    • edit it, execute: vim /opt/etc/bind/db.192.168.1
      this file holds a reverse resolution, you should do the same changes as the previous one, only at the end remember to include domains for placing first last suffixes of each ip address.
      The file result should be like this:

      ;
      ; BIND reverse data file for empty rfc1918 zone 
      ;
      $TTL	604800
      @	IN	SOA	QNAP-TS-231.dns.lan. admin.QNAP-TS-231.dns.lan. (
      			      1		; Serial
      			 604800		; Refresh
      			  86400		; Retry
      			2419200		; Expire
      			 604800 )	; Negative Cache TTL
      ;
      @	IN	NS	localhost.
      20	IN	PTR	QNAP-TS-231.dns.lan
      89	IN	PTR	laptop.dns.lan
      20	IN	PTR	nas1.dns.lan
      21      IN      PTR     nas2.dns.lan
      43      IN      PTR     tv.dns.lan
      1	IN	PTR	router.dns.lan
      91	IN	PTR	cell.dns.lan
      
    • start bind9, execute: /opt/etc/init.d/S09named restart
      we can verify that everything is working by running this command:

      [~] # /opt/etc/init.d/S09named start
       Starting named...              done. 
      [~] # ps aux | grep named           
       8367 admin      6688 S   named -c /opt/etc/bind/named.conf 
       8420 admin       540 S   grep named

      if you have problems run named with the parameter -g

  4. setup LAN devices and test dns server
    • now we change the IP DNS with the QNAP IP in all devices connected to the LAN [laptop,tv,cell…]
    • test it, execute: dig http://www.duckduckgo.com
      dig www.duckduckgo.com
      
      ; <<>> DiG 9.11.0 <<>> www.duckduckgo.com
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50099
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 13, ADDITIONAL: 1
      
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ;; QUESTION SECTION:
      ;www.duckduckgo.com.		IN	A
      
      ;; ANSWER SECTION:
      www.duckduckgo.com.	190	IN	CNAME	duckduckgo.com.
      duckduckgo.com.		169	IN	A	54.229.105.203
      duckduckgo.com.		169	IN	A	176.34.155.20
      duckduckgo.com.		169	IN	A	54.229.105.151
      duckduckgo.com.		169	IN	A	46.51.197.89
      duckduckgo.com.		169	IN	A	176.34.135.167
      duckduckgo.com.		169	IN	A	176.34.131.233
      duckduckgo.com.		169	IN	A	54.229.105.92
      
      ;; AUTHORITY SECTION:
      .			66659	IN	NS	l.root-servers.net.
      .			66659	IN	NS	j.root-servers.net.
      .			66659	IN	NS	g.root-servers.net.
      .			66659	IN	NS	b.root-servers.net.
      .			66659	IN	NS	i.root-servers.net.
      .			66659	IN	NS	k.root-servers.net.
      .			66659	IN	NS	m.root-servers.net.
      .			66659	IN	NS	h.root-servers.net.
      .			66659	IN	NS	a.root-servers.net.
      .			66659	IN	NS	c.root-servers.net.
      .			66659	IN	NS	e.root-servers.net.
      .			66659	IN	NS	f.root-servers.net.
      .			66659	IN	NS	d.root-servers.net.
      
      ;; Query time: 1 msec
      ;; SERVER: 192.168.1.20#53(192.168.1.20)
      ;; WHEN: dom ott 16 22:01:10 CEST 2016
      ;; MSG SIZE  rcvd: 384

that’s all, to support consult the qnap forum. thx

Lascia un commento

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...