mjhjmtu

My SOHO lan is served by my main machine which operates as a router, firewall, gateway, DNS, DHCP server and backup server.

I've set up bind9 and isc-dhcp-server to do DDNS for the lan clients, while pppoe sets up the gateway to the net.

The backup server needs to recognise lan clients by hostname so I need it to look up their current IPs on the local DNS.

I'm using Ubuntu 16.04.4

I got quite far (see Dynamic DNS only serving DHCP clients, but new names not resolving on DNS server itself for the bind9 - dhcpd - ddns setup I did) but I still haven't managed to configure local DNS look-ups on the server.

The server's /etc/resolv.conf looks like this:

adam@gondor:~$ cat /etc/resolv.conf
nameserver 81.139.56.100
nameserver 81.139.57.100
domain localdomain
search localdomain

This is I assume being written at boot by pppoe which configures the gateway. There's a /etc/ppp/resolv.conf that is the same, but I'm not sure what role it plays.

My question is how I should configure linux so that backuppc will do DNS on the localhost for domain names on the lan, and yet browsing the net in firefox on the same machine will also work.

A colleague advised me to put 127.0.0.1 in /etc/resolvconf/resolv.conf.d/head but that doesn't seem to be a good idea:

adam@gondor:~$ cat /etc/resolvconf/resolv.conf.d/head
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

I'm also not using network-manager to control pppoe which seems to be a popular choice.

[UPDATE After 1st comment] I looked more into the resolvconf package and discovered that it was out-of-date. I've updated it but I'm now pretty sure that the warning in head above is warning me not to edit resolv.conf manually, rather than /etc/resolvconf/resolv.conf.d/head.

It also didn't help that http://manpages.ubuntu.com/manpages/xenial/man8/resolvconf.8.html talks about files that resolvconf isn't giving me, like resolvconf.conf.

I have also decided that pppd can't be using resolvconf, so I have disabled it from updating /etc/resolv.conf by commenting out the updatedns option in /etc/ppp/peers/dsl-provider. I don't want the British Telecom DNS servers anyway, I'm going to configure resolvconf to use 127.0.0.1, and I'll tell bind9 to forward to the OpenDNS servers instead.

pppd was controlling /etc/resolv.conf so the first thing I had to do was take out the ppp option which told it to pass through the British Telecom DNS servers. That was in usepeerdns in /etc/ppp/peers/dsl-provider.

Then I purged and re-installed the resolvconf package out of frustration, and re-installing it actually set it up as it is documented (almost) at http://manpages.ubuntu.com/manpages/xenial/man8/resolvconf.8.html

I put nameserver 127.0.0.1 in /etc/resolvconf/resolv.conf.d/head so now it appears in the /etc/resolv.conf or better said in the /run/resolvconf/resolv.conf file linked to.

I tweaked my /etc/bind/named.conf.options:

acl goodclients 
 localhost;
 localnets;
;

options 
 listen-on 
 192.168.0.3;
 127.0.0.1;
 ;
 listen-on-v6 
 fe80::2a37:37ff:fe03:4225/64;
 ::1;
 #any; 
 ;
 directory "/var/cache/bind";
 forwarders 
 208.67.220.220;
 208.67.222.222;
 ;
 allow-query goodclients; ;
 allow-recursion goodclients; ;
 allow-transfer goodclients; ;
 dnssec-enable no;
 #dnssec-validation auto; 
 auth-nxdomain no; # conform to RFC1035 
;

One article I was following told me to put 192.168.0.0/24 in my acl goodclients block, and also to use dnssec-validation auto; but they caused a whole raft of errors to be logged in syslog so I took them out again.

It would also work without the forwarders block where I put the OpenDNS DNS servers, but without them, lots of IPv6 network unreachable errors.