dns server in lan

Posted on |

DNS server in LAN

to use domain name(e.g. gitlab.com) in LAN rather than IP, it needs every local host machine to store all key-values:: host-IP. if the LAN has many host machines, it will be difficult to maintain. Setting up DNS server will help to automatically map the ip to domain or reverse in the LAN.

bind9

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
apt-get install bind9 
``` 
### /etc/bind/named.conf.local
```shell
zone "gitlab.com" {
	type: master;
	file "/etc/bind/db.ip2gitlab.com" ;
};	
zone "101.20.10.in-addr.arpa" {
	type: master;
	file "/etc/bind/db.gitlab2ip.com" ;
};
``` 
### /etc/bind/db.gitlab2ip.com 
[dns zone file format](https://help.dyn.com/how-to-format-a-zone-file/)
gitlab2ip zone file is mapping from domain to ip, as following sample, it works like:
	www.$ORIGIN  -->  10.20.101.119 
```shell
; command
$TTL  6000
;@ refer to current zone file
;			 DNS-server-FDNQ notification-email
$ORIGIN  gitlab.com
@ 	IN 	SOA	 	server 	email (
			 		2	 ;
			 		1d ;
			 		1h ;
			 		5min ;
			 	)
@		IN		NS  	server
www		IN		A		10.20.101.119
server	IN		A		10.20.101.119

/etc/bind/db.ip2gitlab.com

ip2gitlab zone file is from ip to domain mapping, 

1
2
3
4
5
6
7
8
9
10
11
$TTL  6000
$ORIGIN 101.20.10.in-addr.arpa
@ 	IN 	SOA	 	server. 	email. (
			 		2	 ;
			 		1d ;
			 		1h ;
			 		5min ;
			 	)
@		IN		NS  	server
119		IN		A		www.gitlab.com
119		IN		A		server.gitlab.com

nslookup

nslookup www.gitlab.com   #dns forward (domain 2 ip)

nslookup  10.20.101.119   #reverse (ip 2 domain)

settings

if the DNS setted above(DNS-git) is the only DNS server in the LAN, then this DNS works like a gateway, to communicate by domain name, every local host talk to it first, to understand the domain name.

but in a large size company LAN newtwork, there may already has a DNS server hosted at IT department (DNS-IT), with a fixed IP e.g. 10.10.101.101, and all localhost machines actually set DNS-IT as the default DNS. DNS-git will work as a sub-DNS server.

Inside the small team, either every localhost change default DNS to DNS-git, then DNS-git become the sub-network server.

if every localhost still keep DNS-IT, there is no way(?) to use DNS-git service in LAN, and even make conflicts, as the DNS-git localhost machine will listen on all TCP/IP ports, every new gitlab.com access request (input as IP address) will get an output as domain name, but the others can’t understand this domain-name…

what happened with two DNS server in LAN ?

how email works

Mail User Agent(MUA), e.g. Outlook, Foxmail, used to receive and send emails.

MUA is not directly sent emails to end users, but through Mail Transfer Agent(MTA), e.g. SendMail, Postfix.

an email sent out from MUA will go through one or more MTA, finally reach to Mail Delivery Agent(MDA), the email then store in some database, e.g. mailbox

the receiver then use MUA to review the email in the mailbox

ps, one day work as a IT admin ….