Full DNS software, even via docker

oneitonitram · October 25, 2020, 1:38pm

Has anyone managed to deploy a full DNS software on nethserver.

One that can enable the creation of A, AAA,MX,TXT and other DNS records?

Is this something that we could or can see in Nethserver builtin in future?

dnutan · October 25, 2020, 4:48pm

Something like BIND (or PoweDNS, TechnitumDNS…)?

There were similar requests:

And an old howto (bind9+facileManager webui), but unsure how many people use it within NethServer.

oneitonitram · October 25, 2020, 9:23pm

Ill try this.

This is what i was talking about. ill check it out, see if it works etc.

NLS · December 3, 2020, 4:00pm

please let us know (I don’t get why this doesn’t happen officially or at least as a “app” package)

oneitonitram · September 13, 2021, 7:50pm

hello, I installed the Bind DNS server, using the instructions provided on the link, but modified the file to the latest version of Facilemanager.

yum install bind bind-utils php-mysql wget vim php-posix

wget http://www.facilemanager.com/download/facilemanager-complete-4.0.3.tar.gz
tar zxvf facilemanager-complete-4.0.3.tar.gz
cd facileManager

mv server/ /var/www/html/facileManager
chmod -R 750 /var/www/html/facileManager/

nano /etc/httpd/conf.d/facilemanager.conf

Alias /facileManager /var/www/html/facileManager
<Directory “/var/www/html/facileManager”>
AllowOverride All

mysql -e "create database facileManager;" 
mysql -e "grant all on facileManager.* to admin identified by 'pwd';"

 service httpd restart

http://ip/facileManager

After running the ip address, i am getting error 403,
what could be the problem?

stephdl · September 14, 2021, 1:17am

Httpd log error or access could explain better

oneitonitram · September 14, 2021, 6:58am

i see this as being related

Logs

Search

[Mon Sep 13 21:44:42.067243 2021] [core:crit] [pid 14278] (13)Permission denied: [client 154.159.252.236:31447] AH00529: /var/www/html/facileManager/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that ‘/var/www/html/facileManager/’ is executable

oneitonitram · September 14, 2021, 7:04am

i was able to edit using sudo chmod -R 755 /var/www/html/facileManager/

am now getting requirement error on the system it requires
PHP >= 5.5.0

how can i enable it to use a specific php version

edit: i was able to solve it by specifying <FilesMatch .php$>
SetHandler “proxy:unix:/var/run/rh-php73-php-fpm/nethserver-glpi-php73.sock|fcgi://localhost”

which i copied from glpi settings

not sure what i should have defined that specifc to this case, maybe you cn help me change

This is what i have:

if i am to enable ssl, which path should be chosen?

mrmarkuz · September 27, 2021, 11:47pm

I found a docker image that provides Bind DNS and Webmin UI. It’s just for testing, don’t use in production.

Install Neth Docker:

yum -y install nethserver-docker

Get Bind container with Webmin and start it using local ports 153 (instead of 53 that’s used by dnsmasq) and 10000. The config/data files are stored in /srv/docker/bind

docker run --name bind -d --restart=always --publish 153:53/tcp --publish 153:53/udp --publish 10000:10000/tcp --volume /srv/docker/bind:/data sameersbn/bind:9.16.1-20200524

Browse to https://<Nethserver>:10000 and login with user root, the password is password.

To allow all queries, even as public DNS (insecure, just for testing) edit /srv/docker/bind/bind/etc/named.conf.options and add the “allow-query” option. This can be done in Webmin “Servers/Bind DNS Server/Edit config files” too.

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        listen-on-v6 { any; };
        allow-query { any; };
};

Restart the service with Webmin or on CLI:

docker exec bind /usr/sbin/service named restart

I forwarded port 53 from the router to the Nethserver VM port 153 and was able to resolve a DNS name from an external server using the public IP of my router as DNS server.

oneitonitram · September 28, 2021, 12:05am

why is it marked non prodcution?

The one above works(facsimile), i was able to login to the software, add zones etc and other things, but gets abit confusing.
Having actually gotten to create a working zone file, or an NS record sever, hopefully i can get to see that.

@mrmarkuz have you tried that one the facsimile version i mean

mrmarkuz · September 28, 2021, 12:16am

The last commit is one year ago and I configured it for public DNS without securing it properly.

No, I just found the image and thought it’s easy to use because it already adds Webmin as web UI for Bind.

oneitonitram · September 28, 2021, 12:20am

you should try it, install is straightforward, see if you can setup a new nameserver and configure some dns

mrmarkuz · September 28, 2021, 10:50pm

The problem is that dnsmasq runs on same port (53) as named so you need to stop dnsmasq and start named.

I needed to install the client so my local dns server was available in facileManager but after client configuration build the named server goes down after a few minutes. But it worked basically.

Install the client with php73:

scl enable rh-php73 "php /usr/local/facileManager/fmDNS/client.php install"

We could use FacileManager with a dockered Bind DNS server to avoid the port 53 issues and still have a running dnsmasq on Nethserver…

oneitonitram · September 28, 2021, 11:15pm

i think this should be the best option to do in this case.
SInce am not good in docker stuff, maybe you can lead the way we test and see

oneitonitram · September 28, 2021, 11:37pm

am on standby just holla…

oneitonitram · October 22, 2021, 6:55am

Hello Did you manage to get this isntalaltion done?

capote · October 23, 2021, 11:40am

Can this architecture (Nethserver plus dockerized DNS-server) also work in a virtualized environment?
I run my Nethsever in a KVM as root server at my service provider.

NLS · October 30, 2021, 10:11am

If you already have KVM maybe you can also enable docker on host.
This is what I do. So Technitium is just a container on the same host as NS is a VM in.
The only “problem” is that NS team should look for an EMBEDDED DNS solution to REPLACE the one they use. Reason being “unified environment and configuration” (populating the DNS automatically when AD emulation is enabled etc.).
Adding DNS as a container is not an NS “feature” any more. Just some system running in parallel.

If I start using more and more systems that should be in the core of a “small business server replacement”, in parallel VMs or containers, then the benefit of NS is what?

oneitonitram · October 30, 2021, 10:21am

@NLS do you have the instructions for installing Technitium in Nethserver as a Docker container, maybe post it here, it would help.

capote · October 30, 2021, 10:28am

I only use a provided KVM host as a root server from my provider. I cannot administrate them.
So the question remains: can I install/use docker on such a KVM based root server under nethserver?