Friday, January 23, 2009

OpenDNS Setup with Bind9 and local domains

I wanted to set up my Ubuntu system to use OpenDNS for all external queries, yet lookup up all local queries on our internal domain controllers. After finding the right reference it was really easy.

I just installed bind9 and changed 2 configuration files:

/etc/bind/named.conf.local:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "localdomain1.org" {
type forward;
forward only;
forwarders {
10.22.2.18;
10.22.2.25;
};
};


zone "localdomain2.org" {
type forward;
forward only;
forwarders {
10.22.2.18;
10.22.2.25;
};
};


/etc/bind/named.conf.options:

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
208.67.222.222;
208.67.220.220;
};

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};


Now whenever I make an internal query, I will use the local domain controllers and if I make an external query, I will use OpenDNS.

I had to change my /etc/dhcp3/dhclient.conf and uncommented this line:
prepend domain-name-servers 127.0.0.1;

Here is my reference that helped me work out this solution.

Frequently Asked Questions about BIND 9
Q: I want to forward all DNS queries from my caching nameserver to another server. But there are some domains which have to be served locally, via rbldnsd. How do I achieve this ?

A:
options {
    forward only;
    forwarders { ;
    };
};

zone "sbl-xbl.spamhaus.org" {
    type forward;
    forward only;
    forwarders { port 530;
    };
};

zone "list.dsbl.org" {
    type forward;
    forward only;
    forwarders { port 530;
    };
};