Revision as of 21:46, 14 January 2024

In this lab I am working with the following software and versions:

Software	Version	Filename
Ubuntu Server	20.04.3	ubuntu-20.04.3-live-server-amd64.iso

Deploy an Ubuntu Server
Install BIND
Install NTP
Configure BIND with the required DNS records

One of the prerequisites when you are installing NSX is a working Domain Name Server (DNS). The same prerequisites are there for the underlying infrastructure (vSphere (vCenter Server and ESXi Hosts)) that is also a prerequisite for NSX.

Windows DNS and BIND are the DNS Servers that are commonly used “in the wild”.

In this section I will tell you how to deploy/configure a DNS server that is based on BIND. I am also going to make this server an NTP server

The Steps

STEP 1: Deploy a Linux Server
STEP 2: Install BIND
STEP 3: Configure BIND
STEP 4: Install NTP (server)
STEP 5: Configure NTP (Server)

STEP 1: Deploy a Linux Server

The deployment of an actual Linux server is out of scope for this article. I personally to prefer using the Ubuntu Distribution. Ubuntu has some installation instructions on their own website.

STEP 2: Install BIND

When you installed Ubuntu and it is properly connected to the network you need to install BIND.

administrator@dns:~$ sudo apt update
administrator@dns:~$ sudo apt install bind9 bind9utils bind9-doc bind9-host

STEP 3: Configure BIND

When BIND is installed you need to create the following files (click on the arrow to see the content of the files):

/etc/bind/named.conf

administrator@dns:~$ sudo nano /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
administrator@dns:~$

/etc/bind/named.conf.options

administrator@dns:~$ sudo nano /etc/bind/named.conf.options
//
// File: /etc/bind/named.conf.options
//

 options {
  directory "/var/cache/bind";
  recursion yes;
  notify yes;
  allow-query { any; };
  allow-query-cache { any; };
  allow-recursion { any; };
  forwarders { 8.8.8.8; };
  dnssec-validation no;
  auth-nxdomain no; # conform to RFC1035
  listen-on { localhost; any; };
  listen-on-v6 { localhost; any; };
  allow-transfer { any; };
};
administrator@dns:~$

/etc/bind/named.conf.local

administrator@dns:~$ sudo nano /etc/bind/named.conf.local
//
// File: /etc/bind/named.conf.local
//

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "sddc.lab" {
  type master;
  allow-update { any; };         // Needs to include the IP address of the Ansible control station
  allow-transfer { any; };       // Needs to include the IP address of the Ansible control station for utils/showdns
  file "/var/lib/bind/db.sddc.lab";
};
zone "203.10.in-addr.arpa" {
  type master;
  allow-update { any; };         // Needs to include the IP address of the Ansible control station
  allow-transfer { any; };       // Needs to include the IP address of the Ansible control station for utils/showdns
  file "/var/lib/bind/db.10.203";
};
administrator@dns:~$

/var/lib/bind/db.sddc.lab

administrator@dns:~$ sudo nano /var/lib/bind/db.sddc.lab
$ORIGIN .
$TTL 604800     ; 1 week
sddc.lab                IN SOA  dns.sddc.lab. admin.sddc.lab. (
                                329        ; serial
                                604800     ; refresh (1 week)
                                86400      ; retry (1 day)
                                2419200    ; expire (4 weeks)
                                604800     ; minimum (1 week)
                                )
                        NS      dns.sddc.lab.
$ORIGIN sddc.lab.
dns                     A       10.203.0.5
$TTL 3600       ; 1 hour
Pod-100-ComputeA-1  A   10.203.100.111
Pod-100-ComputeA-2  A   10.203.100.112
Pod-100-ComputeA-3  A   10.203.100.113
Pod-100-ComputeB-1  A   10.203.100.121
Pod-100-ComputeB-2  A   10.203.100.122
Pod-100-ComputeB-3  A   10.203.100.123
Pod-100-Edge-1      A   10.203.100.191
Pod-100-Edge-2      A   10.203.100.192
Pod-100-Edge-3      A   10.203.100.193
Pod-100-Mgmt-1      A   10.203.100.101
Pod-100-Mgmt-2      A   10.203.100.102
Pod-100-Mgmt-3      A   10.203.100.103
Pod-100-NSXT-CSM    A   10.203.100.15
Pod-100-NSXT-GM     A   10.203.100.7
Pod-100-NSXT-GM-1   A   10.203.100.8
Pod-100-NSXT-LM     A   10.203.100.11
Pod-100-NSXT-LM-1   A   10.203.100.12
Pod-100-NSXT-LM-2   A   10.203.100.13
Pod-100-NSXT-LM-3   A   10.203.100.14
Pod-100-Router      CNAME   Pod-100-Router-Uplink.SDDC.Lab.
Pod-100-Router-IPStorage A  10.203.103.1
Pod-100-Router-Management A 10.203.100.1
Pod-100-Router-NSXEdgeUplink1 A 10.203.106.1
Pod-100-Router-NSXEdgeUplink2 A 10.203.107.1
Pod-100-Router-RTEP A   10.203.108.1
Pod-100-Router-ServiceVM A  10.203.105.1
Pod-100-Router-Transport A  10.203.104.1
Pod-100-Router-Uplink   A   10.203.0.100
Pod-100-Router-VMNetwork A  10.203.109.1
Pod-100-Router-vMotion  A   10.203.101.1
Pod-100-Router-vSAN A   10.203.102.1
Pod-100-T0-EdgeVM-01    A   10.203.100.254
Pod-100-T0-EdgeVM-02    A   10.203.100.253
Pod-100-vCenter     A   10.203.100.5
Pod-100-vRLI        A   10.203.100.6
Pod-100-vRLI-1      A   10.203.100.20
administrator@dns:~$

/var/lib/bind/db.10.203

administrator@dns:~$ sudo nano /var/lib/bind/db.10.203
$ORIGIN .
$TTL 604800     ; 1 week
203.10.in-addr.arpa     IN SOA  dns.sddc.lab. admin.sddc.lab. (
                                298        ; serial
                                604800     ; refresh (1 week)
                                86400      ; retry (1 day)
                                2419200    ; expire (4 weeks)
                                604800     ; minimum (1 week)
                                )
                        NS      dns.sddc.lab.
$ORIGIN 0.203.10.in-addr.arpa.
$TTL 3600       ; 1 hour
100                     PTR     Pod-100-Router-Uplink.SDDC.Lab.
$TTL 604800     ; 1 week
5                       PTR     dns.sddc.lab.
$ORIGIN 100.203.10.in-addr.arpa.
1                       PTR     Pod-100-Router-Management.SDDC.Lab.
12                      PTR     Pod-100-NSXT-LM-1.SDDC.Lab.
13                      PTR     Pod-100-NSXT-LM-2.SDDC.Lab.
14                      PTR     Pod-100-NSXT-LM-3.SDDC.Lab.
15                      PTR     Pod-100-NSXT-CSM.SDDC.Lab.
21                      PTR     Pod-100-ESXi-21.SDDC.Lab.
22                      PTR     Pod-100-ESXi-22.SDDC.Lab.
23                      PTR     Pod-100-ESXi-23.SDDC.Lab.
31                      PTR     Pod-100-ESXi-31.SDDC.Lab.
32                      PTR     Pod-100-ESXi-32.SDDC.Lab.
33                      PTR     Pod-100-ESXi-33.SDDC.Lab.
5                       PTR     Pod-100-vCenter.SDDC.Lab.
6                       PTR     Pod-100-vRLI.SDDC.Lab.
8                       PTR     Pod-100-NSXT-GM.SDDC.Lab.
91                      PTR     Pod-100-ESXi-91.SDDC.Lab.
92                      PTR     Pod-100-ESXi-92.SDDC.Lab.
93                      PTR     Pod-100-ESXi-93.SDDC.Lab.
$ORIGIN 203.10.in-addr.arpa.
1.101                   PTR     Pod-100-Router-vMotion.SDDC.Lab.
1.102                   PTR     Pod-100-Router-vSAN.SDDC.Lab.
1.103                   PTR     Pod-100-Router-IPStorage.SDDC.Lab.
1.104                   PTR     Pod-100-Router-Transport.SDDC.Lab.
1.105                   PTR     Pod-100-Router-ServiceVM.SDDC.Lab.
254.105                 PTR     Pod-100-T0-EdgeVM-02.SDDC.Lab.
253.105                 PTR     Pod-100-T0-EdgeVM-01.SDDC.Lab.
1.106                   PTR     Pod-100-Router-NSXEdgeUplink1.SDDC.Lab.
1.107                   PTR     Pod-100-Router-NSXEdgeUplink2.SDDC.Lab.
1.108                   PTR     Pod-100-Router-RTEP.SDDC.Lab.
1.109                   PTR     Pod-100-Router-VMNetwork.SDDC.Lab.

$TTL 604800     ; 1 week
dns                     A       10.203.0.5
administrator@dns:~$

When you have all the configuration files in place with the correct DNS records you need to restart the DNS service.

administrator@dns:~$ sudo systemctl restart named

You can verify if BIND is running as it should:

administrator@dns:~$ sudo systemctl status named
● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2020-10-08 07:51:15 UTC; 6s ago
       Docs: man:named(8)
   Main PID: 2382 (named)
      Tasks: 8 (limit: 2282)
     Memory: 17.0M
     CGroup: /system.slice/named.service
             └─2382 /usr/sbin/named -f -u bind

Oct 08 07:51:15 dns named[2382]: command channel listening on ::1#953
Oct 08 07:51:15 dns named[2382]: managed-keys-zone: loaded serial 3
Oct 08 07:51:15 dns named[2382]: zone 0.in-addr.arpa/IN: loaded serial 1
Oct 08 07:51:15 dns named[2382]: zone 203.10.in-addr.arpa/IN: loaded serial 298
Oct 08 07:51:15 dns named[2382]: zone 127.in-addr.arpa/IN: loaded serial 1
Oct 08 07:51:15 dns named[2382]: zone sddc.lab/IN: loaded serial 329
Oct 08 07:51:15 dns named[2382]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 08 07:51:15 dns named[2382]: zone localhost/IN: loaded serial 2
Oct 08 07:51:15 dns named[2382]: all zones loaded
Oct 08 07:51:15 dns named[2382]: running
administrator@dns:~$

Some other useful BIND commands can be found below.

Start BIND

administrator@dns:~$ sudo systemctl start named

Restart BIND

administrator@dns:~$ sudo systemctl restart named

BIND Status (Useful to show errors in configuration)

administrator@dns:~$ sudo systemctl status named

Enable auto-start at enable BIND

administrator@dns:~$ sudo systemctl enable named

Verify all listeners are operational

administrator@dns:~$ sudo netstat -lnptu

STEP 4: Install NTP (server)

Install NTP Server.

administrator@dns:~$ sudo apt install ntp

STEP 5: Configure NTP (Server)

Edit this file /etc/ntp.confto point to your closest NTP server in the internet.

Look up the NTP servers that are close to you with this link. Replace the above NTP servers in the config files with the NTP server that is closest to you

/etc/ntp.conf

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool 0.ubuntu.pool.ntp.org iburst
pool 1.ubuntu.pool.ntp.org iburst
pool 2.ubuntu.pool.ntp.org iburst
pool 3.ubuntu.pool.ntp.org iburst

You can verify if NTP is running as it should:

sudo systemctl status ntp 
administrator@dns:~$ sudo systemctl status ntp
● ntp.service - Network Time Service
     Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2020-10-08 07:58:44 UTC; 4min 44s ago
       Docs: man:ntpd(8)
   Main PID: 2636 (ntpd)
      Tasks: 2 (limit: 2282)
     Memory: 1.2M
     CGroup: /system.slice/ntp.service
             └─2636 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 113:118

Oct 08 07:58:48 dns ntpd[2636]: Soliciting pool server 45.55.58.103
Oct 08 07:58:48 dns ntpd[2636]: Soliciting pool server 213.206.165.21
Oct 08 07:58:49 dns ntpd[2636]: Soliciting pool server 194.29.130.252
Oct 08 07:58:49 dns ntpd[2636]: Soliciting pool server 72.5.72.15
Oct 08 07:58:49 dns ntpd[2636]: Soliciting pool server 91.189.94.4
Oct 08 07:58:50 dns ntpd[2636]: Soliciting pool server 91.189.89.198
Oct 08 07:58:50 dns ntpd[2636]: Soliciting pool server 195.171.43.12
Oct 08 07:58:51 dns ntpd[2636]: Soliciting pool server 91.189.89.199
Oct 08 07:58:51 dns ntpd[2636]: Soliciting pool server 91.198.10.4
Oct 08 07:58:52 dns ntpd[2636]: Soliciting pool server 91.189.91.157
administrator@dns:~$

⚡
Continue with the deployment of the vSphere Infrastructure.

@@ Line 58: / Line 58: @@
 <div class="collapsible">
-     <div class="collapsible-sub-subheader"><code>/etc/bind/named.conf</code></div>
+     <div class="collapsible-alone-header"><code>/etc/bind/named.conf</code></div>
     <div class="collapsible-content">
 <pre class="code">administrator@dns:~$ sudo nano /etc/bind/named.conf
@@ Line 75: / Line 75: @@
 <div class="collapsible">
-     <div class="collapsible-sub-subheader"><code>/etc/bind/named.conf.options</code></div>
+     <div class="collapsible-alone-header"><code>/etc/bind/named.conf.options</code></div>
     <div class="collapsible-content">
 <pre class="code">administrator@dns:~$ sudo nano /etc/bind/named.conf.options
@@ Line 99: / Line 99: @@
 <div class="collapsible">
-     <div class="collapsible-sub-subheader"><code>/etc/bind/named.conf.local</code></div>
+     <div class="collapsible-alone-header"><code>/etc/bind/named.conf.local</code></div>
     <div class="collapsible-content">
 <pre class="code">administrator@dns:~$ sudo nano /etc/bind/named.conf.local
@@ Line 129: / Line 129: @@
 <div class="collapsible">
-     <div class="collapsible-sub-subheader"><code>/var/lib/bind/db.sddc.lab</code></div>
+     <div class="collapsible-alone-header"><code>/var/lib/bind/db.sddc.lab</code></div>
     <div class="collapsible-content">
 <pre class="code">administrator@dns:~$ sudo nano /var/lib/bind/db.sddc.lab
@@ Line 184: / Line 184: @@
 <div class="collapsible">
-     <div class="collapsible-sub-subheader"><code>/var/lib/bind/db.10.203</code></div>
+     <div class="collapsible-alone-header"><code>/var/lib/bind/db.10.203</code></div>
     <div class="collapsible-content">
 <pre class="code">administrator@dns:~$ sudo nano /var/lib/bind/db.10.203
@@ Line 267: / Line 267: @@
 <div class="collapsible">
-     <div class="collapsible-sub-subheader">Start BIND</div>
+     <div class="collapsible-alone-header">Start BIND</div>
     <div class="collapsible-content">
 <pre class="code">administrator@dns:~$ sudo systemctl start named</pre></div></div>
 <div class="collapsible">
-     <div class="collapsible-sub-subheader">Restart BIND</div>
+     <div class="collapsible-alone-header">Restart BIND</div>
     <div class="collapsible-content">
 <pre class="code">administrator@dns:~$ sudo systemctl restart named</pre></div></div>
 <div class="collapsible">
-     <div class="collapsible-sub-subheader">BIND Status (Useful to show errors in configuration)</div>
+     <div class="collapsible-alone-header">BIND Status (Useful to show errors in configuration)</div>
     <div class="collapsible-content">
 <pre class="code">administrator@dns:~$ sudo systemctl status named</pre></div></div>
 <div class="collapsible">
-     <div class="collapsible-sub-subheader">Enable auto-start at enable BIND</div>
+     <div class="collapsible-alone-header">Enable auto-start at enable BIND</div>
     <div class="collapsible-content">
 <pre class="code">administrator@dns:~$ sudo systemctl enable named</pre></div></div>
 <div class="collapsible">
-     <div class="collapsible-sub-subheader">Verify all listeners are operational</div>
+     <div class="collapsible-alone-header">Verify all listeners are operational</div>
     <div class="collapsible-content">
 <pre class="code">administrator@dns:~$ sudo netstat -lnptu</pre></div></div>
@@ Line 305: / Line 305: @@
 <div class="collapsible">
-     <div class="collapsible-sub-subheader"><code>/etc/ntp.conf</code></div>
+     <div class="collapsible-alone-header"><code>/etc/ntp.conf</code></div>
     <div class="collapsible-content">
 <pre class="code"># Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board

Lab:Install and configure a DNS Server using BIND: Difference between revisions