Views for Local IPs
If you have a client PC within the same LAN as the DirectAdin box, you'll need to have the domains resolve to a local IP, not the external IP. This is because you cannot connect to your external IP from within the LAN. If you only have a few hosts, then adding them to your hosts file to override them to the LAN IP is the simplest.
But if you have too many and need to automate it, making it dynamic, bind9 (named) can do this using its views feature, however, it does require a new local zone for each domain, in addition to the current external zones. Bind will then control which zone is used depending on the incoming IP address. Your local PC would have a local IP returned, but an external clients would have the external IP returned.
Link LAN ip to External IP
When running DA in a LAN, you'll likely want the domain to resolve externally, but bind locally. For this, go to: Admin Level » Server Manager » IP Management
- Your external server IP should already be listed, and this will be what you're adding clients to during User creation.
- Add your LAN IP to this page with teh
+Add IPfeature. If it's already in the device (likely already is), de-select the 'Add to device' option. - Click on your external server IP address, then
+Link IP - Select the LAN IP that's on the box, ensure that
Add ApacheandApply to existing domainsis selected, and thatAdd to DNSis NOT selected, then Link.
This will add the LAN IP to the VirtualHosts for all domains that are set to use the external server IP address, making them accessible withing the LAN.
Change the configuration path with DirectAdmin
First, we'll need to change which files DirectAdmin uses to list all zones, as well as create a new area for the local zone. One done, DA will now be adding/removing zones from the named.zones.conf.
cp /etc/named.conf /etc/named.conf.BACKUP
cat /etc/named.conf | grep '^zone' | grep /var/named > /etc/named.conf.zones.conf
da config-set namedconfig /etc/named.zones.conf
service directadmin restart
Prepare the filesystem for the local zones
We'll need somewhere to put the local zones, and somewhere to list them.
mkdir /var/named/local_zones
touch /etc/named.zones.local.conf
chgrp named /etc/named.zones.local.conf
chmod 640 /etc/named.zones.local.conf
Create the pre/post scripts so that DA will automatically create and remove the local zones.
mkdir /usr/local/directadmin/scripts/custom/dns_create_post
mkdir /usr/local/directadmin/scripts/custom/dns_delete_post
Create the script:
/usr/local/directadmin/scripts/custom/dns_create_post/create_local_zone.sh
and add the following code, but replace 192.168.1.100 with the IP of your DirectAdmin server that all domains should resolve to.
#!/bin/sh
LOCAL_ZONE=/var/named/local_zones/${domain}.local
CONFIG=/etc/named.zones.local.conf
NS1=ns1.${domain}
NS2=ns2.${domain}
IP=192.168.1.100
echo "
\$TTL 3600
@ IN SOA $NS1. hostmaster.${domain}. (
2024010300
3600
3600
1209600
86400 )
${domain}. 3600 IN NS $NS1.
${domain}. 3600 IN NS $NS2.
@ 3600 IN A $IP
* 3600 IN A $IP
" > ${LOCAL_ZONE}
#add it to config:
if [ "$(grep -c ${LOCAL_ZONE} ${CONFIG})" -eq 0 ]; then
echo "zone \"${domain}\" { type master; file \"${LOCAL_ZONE}\"; };" >> $CONFIG
chmod 640 $CONFIG
chgrp named $CONFIG
fi
exit 0;
Create the script:
/usr/local/directadmin/scripts/custom/dns_delete_post/delete_local_zone.sh
and add the following code:
#!/bin/sh
LOCAL_ZONE=/var/named/local_zones/${domain}.local
CONFIG=/etc/named.zones.local.conf
cat $CONFIG | grep -v $LOCAL_ZONE > $CONFIG.temp
/bin/mv -f $CONFIG.temp $CONFIG
chmod 640 $CONFIG
chgrp named $CONFIG
exit 0;
and set them to run:
chmod 700 /usr/local/directadmin/scripts/custom/dns_create_post/create_local_zone.sh
chmod 700 /usr/local/directadmin/scripts/custom/dns_delete_post/delete_local_zone.sh
Update the named.conf to use the new configs
Edit the:
/etc/named.conf
After your options sections, delete all lines that start with zone. This includes the ".", as well as the possible includes lines that may bring in other configs that contain zones. Each named.conf configuration can be different, so take note of what you're deleting, as you'll need to re-add them into each view later.
You'll also delete each added zone "domain.com" zone, but they'll only live in the named.zones.local.conf, no need to insert them later.
Let's use these lines as an example of the lines that were deleted:
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
where the 2 include lines have files that also have zones so they must be moved to a view. For that example, we're those lines with:
view "internal" {
match-clients { 192.168.1.0/24; localhost; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.zones.local.conf";
};
view "external" {
match-clients { any; };
recursion no;
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.zones.conf";
};
such that the named.conf basically just has an options section, possibly a logging section, but everything else is in one of the 2 views. Each view will include either one of the named.zones.local.conf or named.zones.conf.
Also, note the 192.168.x.x IPs above. In that example, I'm assuming that:
192.168.1.0/24would catch your LAN traffic. Adjust this to whatever your LAN uses.localhostis included in there, which would imply that lookups of local domain from "this" box also return the local IP.
Add a local zone for all current domains
If you already have domains on the system and need to create their local zones, you can create all local zones with this one-time script:
/root/add_local_zones.sh
add code:
#!/bin/sh
for d in `cat /etc/named.zones.conf | cut -d\ -f2 | cut -d\" -f2`; do
EXTERNAL_ZONE=/var/named/$d.db
LOCAL_ZONE=/var/named/local_zones/$d.local
if [ -e ${EXTERNAL_ZONE} ] && [ ! -e ${LOCAL_ZONE} ]; then
domain=$d /usr/local/directadmin/scripts/custom/dns_create_post/create_local_zone.sh
fi
done;
exit 0;
and run it:
chmod 700 /root/add_local_zones.sh
/root/add_local_zones.sh
Test that the lookups return the correct values depending where you're calling from
Assuming your DA box is 192.168.1.100, and you've got a local domain called test.com, from one of your clients, test to ensure the values are different depending on the IP. This is the general call that can be used from any linux box to query 192.168.1.100 for test.com.
dig test.com @192.168.1.100
or windows:
nslookup test.com 192.168.1.100
Assuming your domain works externally, using an external tool such as intoDNS can help confirm what value is resolved externally.
If you're having issues, check your /var/log/messages for any errors.
Set your local LAN clients to to use the DA box as it's dns lookup.
If everything is working correctly, you'll need to change your client LAN devices to use the DirectAdmin box for dns. Set the NS1/NS2 IP address in your network clients to 192.168.1.100, replacing it with the IP of your server. This can be accomplished by either setting the NS1/NS2 for each client (a lot of work), one at a time, or possibly by editing your LAN's DHCP settings to tell clients to use it (eg: in your router), or have the clients use the router for dns, and the router itself asks 192.168.1.100 for all dns queries. I've tested here, and with TCP/UDP port 53 forwarding from the WAN to the 192.168.1.100 box, the box does see the external client IP, not the router IP. You may need to add !198.168.1.1; (adjust that to your router IP) as the first value in the internal match-clients section so the router gets the external IP, if your resuls are different than mine. For that case, you'd have to set the NS1/NS2 explicitly for each client, overriding the DHCP provided values.