Skip to content

Instantly share code, notes, and snippets.

@anubhavg-icpl

anubhavg-icpl/coredns.md

Created September 21, 2024 05:12
Show Gist options
  • Save anubhavg-icpl/56d29f8924dd553a6c2010e3b9b7106f to your computer and use it in GitHub Desktop.
Save anubhavg-icpl/56d29f8924dd553a6c2010e3b9b7106f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
coredns.md

CoreDNS Setup for Local Network with SSL

Table of Contents

  1. Introduction
  2. System Architecture
  3. Prerequisites
  4. Installation
  5. Configuration
  6. SSL Configuration
  7. Troubleshooting
  8. Advanced Usage
  9. Contributing
  10. License

Introduction

This project sets up a local DNS infrastructure using CoreDNS, with one Debian server acting as the DNS server and two client VMs. The system is designed to use CoreDNS for local hostname resolution and fall back to 1.1.1.1 for internet queries. Additionally, it includes SSL configuration for secure local connections.

System Architecture

graph TD
    A[CoreDNS Server] -->|DNS Queries| B(Client VM 1)
    A -->|DNS Queries| C(Client VM 2)
    A -->|Fallback| D{Internet DNS 1.1.1.1}
    B -->|SSL| E[Local Services]
    C -->|SSL| E
Loading

Prerequisites

  • 1 Debian VM for CoreDNS server
  • 2 Client VMs (any Linux distribution)
  • Root or sudo access on all VMs
  • Basic understanding of DNS and networking

Installation

CoreDNS Server Setup

  1. Download and install CoreDNS:

    wget https://github.com/coredns/coredns/releases/download/v1.10.1/coredns_1.10.1_linux_amd64.tgz
tar xzf coredns_1.10.1_linux_amd64.tgz
sudo mv coredns /usr/local/bin/

  2. Verify installation:

    coredns -version

Client VM Configuration

On each client VM, edit the /etc/resolv.conf file:

sudo nano /etc/resolv.conf

Add the following content (replace 192.168.1.10 with your CoreDNS server's IP):

nameserver 192.168.1.10
nameserver 1.1.1.1

Configuration

CoreDNS Configuration File

Create and edit the Corefile:

sudo mkdir /etc/coredns
sudo nano /etc/coredns/Corefile

Add the following content:

.:53 {
    hosts {
        192.168.1.10 server.local
        192.168.1.20 client1.local
        192.168.1.30 client2.local
        fallthrough
    }
    forward . 1.1.1.1
    log
    errors
}

SystemD Service Setup

Create a SystemD service file:

sudo nano /etc/systemd/system/coredns.service

Add the following content:

[Unit]
Description=CoreDNS DNS server
After=network.target

[Service]
ExecStart=/usr/local/bin/coredns -conf /etc/coredns/Corefile
Restart=on-failure

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable coredns
sudo systemctl start coredns

SSL Configuration

Generate a self-signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
     -keyout /etc/ssl/private/hostname.local.key \
     -out /etc/ssl/certs/hostname.local.crt

Follow the prompts, ensuring you set the Common Name to "hostname.local".

Troubleshooting

If CoreDNS fails to start, try the following:

  1. Check permissions:

    ls -l /usr/local/bin/coredns
sudo chmod +x /usr/local/bin/coredns

  2. Verify Corefile:

    cat /etc/coredns/Corefile

  3. Run CoreDNS manually:

    sudo /usr/local/bin/coredns -conf /etc/coredns/Corefile

  4. Check logs:

    sudo journalctl -u coredns.service

  5. Check for port conflicts:

    sudo lsof -i :53

  6. Configure firewall:

    sudo firewall-cmd --permanent --add-service=dns
sudo firewall-cmd --reload

Advanced Usage

  • Custom DNS records: Add more entries to the hosts section in the Corefile.
  • Plugins: CoreDNS supports various plugins. Explore the official documentation for more options.
@mranv
Copy link

mranv commented Sep 21, 2024

the above issue can help to resolve the recent removeal of nameserver from the /etc/resolve.conf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment