info_i_25x25.png See important information about Ubiquiti Devices and KRACK Vulnerability in this article. We will update this document as more information becomes available.

EdgeRouter - Install and Configure BIND DNS Server on the Router

Overview


Readers will learn the instructions on how to get BIND working on EdgeOS. BIND is a DNS software package that is widely used, especially on the Internet.

These instructions include scripts to automate the reinstallation and configuration after a firmware upgrade.

It's recommend that readers be comfortable with SSH, SFTP, Linux commands and troubleshooting DNS with dig on Linux. I used Putty to SSH into the ERL, Filezilla to upload the files, and dig on the ERL to troubleshoot the DNS server. I prefer nano to vi as a text editor, so I installed it. If you want to use vi, skip step 2 and replace "nano" with "vi".

Note: Due to limited memory on the ER-X, ER-X-SFP, and EdgePoint R6, adding extra packages such as BIND and other larger packages may not work.

Steps


1. Add Debian repos to the EdgeRouter. SSH into the router and run:

configure
set system package repository wheezy components 'main contrib non-free'
set system package repository wheezy distribution wheezy
set system package repository wheezy url http://http.us.debian.org/debian

commit
save
exit

*Note: Word "squeeze" is used instead of "wheezy" in versions before 1.7.0

2. Install nano text editor.

sudo apt-get update
sudo apt-get install nano

3. Install BIND DNS Server and dnsutils. (Includes dig)

sudo apt-get install bind9 dnsutils

4. Edit location of the config files.

If you do not change the location, after each firmware upgrade you will lose them. We will move them to /config which gets copied over and backed up.

sudo nano /etc/bind/named.conf

Change the paths to the ones below and save the file: include "/config/bind/named.conf.options"; include "/config/bind/named.conf.local"; include "/config/bind/named.conf.default-zones";

5. Create directory for BIND DNS config files and copy them to the new directory.

mkdir /config/bind

sudo cp /etc/bind/named.conf /config/bind/named.conf
sudo cp /etc/bind/named.conf.options /config/bind/named.conf.options
sudo cp /etc/bind/named.conf.local /config/bind/named.conf.local
sudo cp /etc/bind/named.conf.default-zones /config/bind/named.conf.default-zones

6. Create your zone files and configure them.

See https://help.ubuntu.com/lts/serverguide/dns-configuration.html for documentation. Be sure to save them in /config/bind/, not /etc/bind/.

 7. Startup Script.

For whatever reason, BIND wouldn't work until I did a dig on the ERL and then it worked fine. This also copies over the config file that points to the config files in /config/bind. This is needed for when new firmware is upgraded. What I did was create a “start_dns.sh” file in /config/scripts/post-config.d/ containing these lines:

#!/bin/bash 
sudo service bind9 stop
sleep 5 
sudo cp /config/bind/named.conf /etc/bind/named.conf 
sudo service bind9 start 
sleep 5 
dig google.ca @127.0.0.1 
exit

I recommend creating this on the router just by using the command

sudo nano /config/scripts/post-config.d/start_dns.sh

Copy/Paste or type those lines and save the file. If you create the file on Windows, make sure to run dos2unix <filename> or else it will have issues with the character encoding. Now set the appropriate permissions and allow it to run as an executable:

sudo chmod 777 /config/scripts/post-config.d/start_dns.sh
sudo chmod +x /config/scripts/post-config.d/start_dns.sh

8. Test BIND.

BIND should now be working. Test it on a client by pointing their DNS to the router and doing a dig or nslookup on a record on one of the domain zones that you created earlier. If you want to test locally on the router, use:

dig google.ca @127.0.0.1
dig example.com @127.0.0.1

(Where example.com is a zone that you added.)

9. Automatic BIND re-install after firmware upgrade.

Now we need to set it to re-install BIND after a firmware upgrade. Similar to above, we need to create a startup  script that will install the packages we need. We don't need to re add the repos as they are stored on the config.

sudo nano /config/scripts/post-config.d/install_packages.sh

Contents of the script:

#!/bin/bash
doneit='/var/lib/my_packages'
packages='dnsutils bind9'

if [ -e $doneit ]; then
exit 0;
fi

sudo dpkg --configure -a
apt-get update
apt-get install -y $packages
if [ $? == 0 ]; then
 echo package install successful
 touch $doneit
else
 echo package install failed
fi
exit 0

Now edit the permissions:

sudo chmod 777 /config/scripts/post-config.d/install_packages.sh
sudo chmod +x /config/scripts/post-config.d/install_packages.sh

10. Test startup script(s).

Reboot your router and make sure that the BIND service comes up and works on the clients.

Done!

Notes


It may be necessary to reboot twice after a firmware upgrade for both scripts to go through fully. I tested this with a firmware upgrade and found a few issues that I fixed up but have yet to test it numerous times through upgrades. I will be able to update/tweak more as I do more testing.

Related Articles