Multiple DNS domains with Wildcard support

NethServer Version: 7.3.1611 (rc3)
Module: DNS

Hi, I’m trying to configure NetHServer to handle multiple domain names with wildcard support on some.
My objective is not to have a webserver with virutal hosts running on the nethserver, but to have a real DNS server that I can configure.

I can’t find any configuration for domains in the web admin panel, and no other package to handle DNS configuration is available in Software center.

Do you know if I can achieve what I want to do wit NethServer ?
Thank you.

1 Like

Currently there isn’t any as far as I am aware, unless you want to get your hands really dirty and configure and manage it all via cli and webmin.

Come to think of it - that would be a nice feature to have - a module which you can install which provides a fully fledged DNS / NameServer feature with the relevant plugins for the NethServer admin screen for those who really want to get under the hood with their DNS configuration. I know that personally I would love to give such a module a good test run!

It would also be a feature that many other distros (like ClearOS) do not have built in and which I know is a pain to implement and manage from the cli

Looking to the original demand, wildcard and dnsmasq, google gives back some answers and it doesnt seem to be so difficult to do. Of course it is early :slight_smile:


1 Like

for a matter of tests please @typedef can you do this

vim /etc/e-smith/templates/etc/dnsmasq.conf/90WildCardDomain

then inside (adjust IP and domain)

#wildcard domain address=/domain.tld/192.168.0.1

save and restart dnsmasq

signal-event nethserver-dnsmasq-save

after this test by the host command

host www.domain.tld

1 Like

looking a bit on dns name server I have the feeling that dnsmasq could be used more, all dns resolutions come first of /etc/hosts. I agree it works, so please don’t touch, but indeed the feature of @typedef makes senses for me.

Actually you have two ways to set a dns entry to an IP
in the dns menu

  • the host panel
  • the server alias

Each writes to the hosts file, but indeed you can be interested to set a wildcard to redirecte all subdomains to the same IP. I mean that just a check box can do the trick(in each tab), then write to the dnsmasq.conf

@dev_team what do you think ?

Seems reasonable! However, let’s see an alternative: what about one more UI tab (panel)? Would it be more helpful to understand the differences?

  • host panel entry is implemented by a line in /etc/hosts
  • server alias panel entry is implemented by one more name in /etc/hosts associated to the server IPs
  • domain wildcard panel entry would be implemented by an address= entry in dnsmasq.conf

Well i guess that whatever the host or the alias you need, the option to make a wildcard domain name is needed in each panel. Else you can create human bugs if you set a host, then a wildcard host in another panel…you might forget it and redirect all domains to a host…

A checkbox in each panel seems more easier to verify what you want to do

Having the the e-smith template would be one way to do it under the covers, hadn’t thought of that.

How would you setup a fully fledged name server with dnsmasq? From a quick search, I don’t see anything obvious of how to handle the glue and soa and such like records

You can’t.

The only solution I see is to redirect query for a certain domain to unbound, then configure unbound to handle all the cases.
But there is no easy way than to expose dnsmasq/unbound to the public internet.

@dev_team I’m still looking to wildcard and dnsmasq.

For a self wildcard.domain.tld, I figured that you can have just one IP definition for a *.domain.tld. My concern is of course when several green networks are set on the server. For example if I wrote to /etc/dnsmasq.conf (two green nics)

address=/toto.ca/192.168.12.170
address=/toto.ca/192.168.14.10

Only the last entry is taken by dnsmasq

[lsd@leo ~]$ dig any plop.toto.ca @192.168.12.170
..
;; QUESTION SECTION:
;plop.toto.ca.			IN	ANY
..
;; ANSWER SECTION:
plop.toto.ca.		0	IN	A	192.168.14.10

I don’t know if it is really important because we can retrieve the first green IP, and use it, but for the second green network I don’t know if we can create an Issue if the wildcard.domain.tld is referred to the first green network. I mean about computers on the other green lan if they will be able to resolve the dns entry and reach the server services.

For a remote host definition we have no problem to create a wildcard.domain.tld

this is the template fragment I used : /etc/e-smith/templates/etc/dnsmasq.conf/90WildCardDomain

#
# WildCard for hosts
#

{
    use esmith::HostsDB;
    use esmith::NetworksDB;
    my $ndb = esmith::NetworksDB->open_ro() || die '# network DB is not available';
    my $hdb = esmith::HostsDB->open_ro() || die '# hosts DB is not available';
    my $LocalIP = $ndb->green()->prop('ipaddr') || die 'cannot retrieve the green IP';

    foreach $host ($hdb->get_all_by_prop('type', 'remote')) {
        my $IpAddress = $host->prop('IpAddress') || '';
        my $wildcard =  $host->prop('AllSubDomains') || '';

            if ($wildcard ne 'enabled') {
                next;
            }
        $OUT .= "\n# redirect all subdomains to :".$host->key;
        $OUT .= "\naddress=/".$host->key."/".$IpAddress;
    }

    foreach $host ($hdb->get_all_by_prop('type', 'self')) {
        my $wildcard =  $host->prop('AllSubDomains') || '';

            if ($wildcard ne 'enabled') {
                next;
            }

        $OUT .= "\n# redirect all subdomains to :".$host->key;
        $OUT .= "\naddress=/".$host->key."/$LocalIP\n";
    }
}

I don’t catch why the “wildcard” concept is required on “self” records, too. Could you provide a use case example?

thinking a bit on it, I’m not sure it can be useful, and at least it is not easily feasible…what about a PR for the ‘remote’ hosts with a checkbox ?

1 Like

I agree, let’s focus on remote records.

I think we need to exclude records with “AllSubDomains” in /etc/hosts, too!

Proposal: in place of AllSubDomains, call it

WildcardMode = enabled|disabled

Or

SubdomainMatch = enabled|disabled
2 Likes