Why on earth would you want to do this?
For a very specific use case.
- You do development of a web application locally that needs a wildcard domain name. ie: where you want 192.168.1.1 to answer any http request for *.example.com ( example.com, www.example.com, blah.example.com, ridiculously.long.example.com) without specifically configuring each name in a hosts file.
- You have previously setup your workstation to use Google's public DNS and don't want to lose the benefits by setting up your own nameserver ( Also applies if you forward to ANY upstream DNS servers, just swap the Google IP's out with the ones you want.)
- You are using Windows XP (This should work on Vista). You can apply the same configuration files here for any version of BIND. ( OSX Users should look at a utility called DNSEnabler that provides a dead simple graphical user interface to manipulate BIND on OSX ), but the instructions steps here are specific to Windows.
Why Google's Public DNS?
It's faster than your ISP's default DNS which will make browsing faster. You can also use these instructions for other DNS networks like OpenDNS, or even forward them back to your ISP if you so wish. http://code.google.com/speed/public-dns/
Why Windows XP?
Because it's what I have at home. I use OSX and Linux at work where I use DNS Enabler http://cutedgesystems.com/software/DNSEnabler/ on OSX and I've previously posted how to configure BIND on Linux to use Google's Public DNS in an office environment, which pretty much covers all my bases.
Why BIND?
It is the defacto DNS implementation, it's well worn and battle tested; and they make a Windows distribution of the software that's freely available. While I like Microsoft's DNS server, it's only available on their server products, so regrettably it's not an option for Windows XP.
There are other Windows based DNS servers, but most of them are commercial and are not as clean, cheap, or as easy as DNSEnabler, so it wasn't worth the time to research any of them. I also have experience configuring BIND so I figured I could just share my configuration and hopefully the 2 other people on the internet that have the same needs as I can benefit from my experience.
For more information about BIND: https://www.isc.org/software/bind . A great reference about DNS in general as well as BIND is the venerable book "DNS for Rocket Scientists" http://www.zytrax.com/books/dns/
What are the steps?
- Download latest BIND zip for windows: https://www.isc.org/software/bind
- Unpack and run: BINDInstall.exe
- View: C:\windows\system32\dns\bin\readme1st.txt
- Start->Run: C:\windows\system32\dns\bin\rndc-confgen -a
- Use Explorer, navigate to c:\windows\system32\dns, right click "etc", properties, security, add, "named", click "full control", OK, OK
- Download ftp://ftp.internic.net./domain/named.root and save it to C:\windows\system32\dns\etc\named.root to seed BINDs root hints.
- Use Windows Services to start/stop the Named Service
- Start -> Right-Click "My Computer", manage , click "Services", Look for "ISC BIND", Right-Click start,stop, or restart.
- Start -> Right-Click "My Network Places", properties, Right-Click your active "Local area connection", properties, click "Internet Protocol (TCP/IP)", properties, Use following dns server: 127.0.0.1
- For any other system on your network that you want to use this nameserver you would need to use your hosts real IP address for the local network (It may change if your on dhcp, remember to check if you have "internet" problems.) and repeat only step 9 on that system, assuming its Windows. If it's a Unix platform you would edit /etc/resolv.conf. If you want to get fancy you can edit dhclient.conf to prevent DHCP from overwriting your custom nameserver selection.
- If you customized hosts in your hosts file that will be covered by the wildcard you must remove them: C:\windows\system32\drivers\etc\hosts
- If you intend on using the dns server from workstations other than the localhost and you are running any kind of firewall you will need to open up port 53 both UDP and TCP. For Windows' included firewall Start -> Right-Click "My Network Places", properties, Right-Click your active "Local area connection", Select the "Advanced" tab, settings, Select the "Exceptions" tab, Add Port ( name: DNS, port: 53, type: TCP), repeat last step except for UDP this time.
C:\windows\system32\dns\etc\named.conf is as follows:
options {
view "trusted" {
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "get lost";
// optional - disables all transfers
// slaves allowed in zone clauses
allow-transfer {"none";};
forwarders {8.8.8.8; 8.8.4.4;}; //GOOGLE Public DNS
directory "C:\WINDOWS\system32\dns\etc";
};
match-clients { 192.168.0.0/16; 127.0.0.1; }; // any private class c and localhost
recursion yes;
// required zone for recursive queries
// retrieve from: ftp://ftp.internic.net./domain/named.root
zone "." {
type hint;
file "named.root";
};
// basic localhost support
zone "localhost" in{
type master;
file "master.localhost";
};
// basic localhost support
zone "0.0.127.in-addr.arpa" in{
type master;
file "localhost.rev";
};
// this is the wildcard zone
zone "dev.example.com" {
// Don't forward queries for this zone.
forwarders {};
type master;
// The final extension of .txt simply is so that Windows doesn't
// think the file is executable (.com), and will open the file with your
// systems designated text editor without any fuss.
file "dev.example.com.txt";
};
};view "badguys" {
match-clients {"any"; }; // all others hosts
// recursion not supported
recursion no;
};
C:\windows\system32\dns\etc\dev.example.com.txt is as follows:
$TTL 2d ; 172800 secs default TTL for zone
; Retrieve the IP for the target of the wildcard
$ORIGIN dev.example.com.
@ IN SOA ns1.dev.example.com. hostmaster.dev.example.com. (
2009120500 ; se = serial number
12h ; ref = refresh
15m ; ret = update retry
3w ; ex = expiry
3h ; min = minimum
)
IN NS ns1.dev.example.com.
; Linux: ifconfig
; Windows: ipconfig
@ IN A 192.168.1.1www IN A 192.168.1.1
; Retrieve the IP for the DNS server
ns1 IN A 192.168.1.70* IN CNAME www
C:\windows\system32\dns\etc\localhost.rev is as follows:
$TTL 86400 ;
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
3h ; Refresh
15 ; Retry
1w ; Expire
3h ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
C:\windows\system32\dns\etc\master.localhost is as follows:
$TTL 86400 ; 24 hours could have been written as 24h
$ORIGIN localhost.
; line below = localhost 1D IN SOA localhost root.localhost
@ 1D IN SOA @ root (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
@ 1D IN NS @
1D IN A 127.0.0.1
To test your new caching dns server for resolving the local wildcard domain: Start->Run: "cmd", then type "nslookup whatever.dev.example.com" at the command prompt.
(If it doesn't work and you can't browse the web anymore, Look at step 9 and set dns back to "obtain DNS server address automatically", or to 8.8.8.8 and 8.8.4.4, to go direct to Google's DNS. You should also look at your Event Viewer to discover any errors, See step 8, except select the "Event Viewer" instead of "Services", then look at the "Application" log.)
The command should return:
Name: www.dev.example.com
Server: localhost
Address: 127.0.0.1
Address: 192.168.1.1
Aliases: whatever.dev.example.com
You can use nslookup to check a few more sites like www.disney.com, or www.yahoo.com; to make sure that the forwarding is occuring.
Your done, enjoy.