From the course: Managing DNS Essential Training

pfSense BIND setup and type A records

From the course: Managing DNS Essential Training

Start my 1-month free trial

pfSense BIND setup and type A records

- [Voiceover] Let's talk about A records, shall we? We are in our pfSense router in the BIND installation that we have running here, and we're within the custom Landon Hotels view and the landonhotels.com zone that we've created here. I can scroll through the settings so you can see them but the zone name is landonhotels.com. The description is Landon Hotels. We are a Master zone type. We are using the view Landon Hotels that was created over here under Views. We are scrolling through this, the only other things that are really necessary here because we're not using any kind of Master Slave situation or anything like that. We're also not doing forwarders because we are doing recursion on this DNS server specifically and if we had used forwarders, that would mean that this server was not doing recursion, we were offloading that to somebody else. We're gonna do that on our own. Our Master Zone Configuration is gonna set the baseline primary settings for every record that we have. So, we're gonna set at 7200 second TTL. The Name Server is landonhotels.com. The Base Domain IP is 192.168.1.3 for us, it might be different for you if you're using the same software to run through the course. The Mail Admin Zone is landonhotels.com. The Refresh, the Retry, the Expire, the Minimum, these all come pre-populated, you can leave those alone. And please, do not enter anything under Serial Number, that will be automatically generated by the BIND server. It is used by the primary and secondary servers in a primary secondary relationship where the secondary server is zone transferring all of the information from a primary server. The way it does that is that when it makes a request for information, the serial number is sent to it by the primary server, secondary server looks at that, compares it against its own information and if the serial number has increased, it knows that a change has been made and then it makes the request for the entire zone to be transferred down to the secondary again. So, we're not using that at this point, we're just going in here to talk about A records at the moment. So, we're gonna continue scrolling down. We're not going to allow updating because, again, not doing that. So, we don't need an update policy. And we are going to allow query by any and allow transfer to none because, again, we're not doing the primary secondary thing. And that gets us all the way down in this interface to this Zone Domain Records. Now, you know, this is one of the reasons why we're using the pfSense situation here because this is obviously a free open-source routing operating system. It's very powerful, it can be installed on whatever hardware you happen to have lying around that has a couple of network interface cards in it. We've got 32 and 64 bit versions of this system. For more information about pfSense, I recommend that you go to pfsense.org and look them up because this is the stuff that you get from them. And here, we have our Zone Domain records area and I, in fact, can't even click the Save button here until I enter in at least one A record, right? Because a Zone with no records has no purpose in it, right? So, we have to put in at least one. We put in our Record, we have our Type, it's got pretty much all of them here, we have our Priority, and we have our Alias or IP address that Type and Record maps to. So, how does this work, right? We've already got landonhotels.com as the zone name, so everything that we enter in here will be expected to end in landonhotels.com. That's how this works. So, if I put in something like mail and I put in an A record and I don't give it a priority because it's not an MX record and we're not prioritizing A records, right? And then I put in the IP address. I say, OK, 192.168.1. and I'm gonna make this 2. We're gonna have our OS 10 server sitting at 1.2 and I think that's a good place to put that, right? Mail, mail's a good one to have on OS 10. So, good. Alright, great. That's done. All we gotta do now is press the plus button again and get another record line. So, let's go ahead and do that. Let's call this one windows and we're gonna put that one in an A record at 192.168.1.3 and that's going to be the Windows server. That's gonna be good. OK, so we've got our mail server with its A record in there at 192.168.1.2, we've got our Windows server with its A record in there at 1.3. Fantastic. Those two things are in. That's really easy, right? I mean, that's just the easiest thing in the world. All we're doing is we're saying that if you're asked for something that says mail.landonhotels.com, because of what we have up there in the zone, that is going to be over here at 192.168.1.2 and because it's our local DNS server serving the local clients that will be asking it for responses, it's OK that it's on an unroutable private IP address, right? This is one of those ranges of IP addresses that would not be transferable across the internet, so, clearly, if this were a response given to somebody out on the internet, they wouldn't know what to do with it, the system would just fail. But this is great for internal, right? This is fantastic. The only problem that I have here is that I put in the wrong number. (laughs) That's really important. Now, remember I mentioned that keeping track of your typos is super important. If I had just hit Save on this, that would've been for a completely different IP address than where these things are actually going and we are actually in the range 192.168.3, so that's where we're going to stick. OK, so if you're doing this on your own, when you've gone through this and looked at it, check for your typos and you are sure that you're in good shape, you just come down here and you click Save. When you click save, it'll write out that to the router, or to your server if you're using a server, and you can see right here, we've got our serial number in place. It auto-populated like we said it would. If I come back in here and I click edit, you can see where it actually put that in here under serial and we could always come back in here and continue to add new records with our plus button, as we will be doing in a future movie. But, I wanted to point out as coming back in here that you get a Resulting Zone Configuration File when you click Save. This is a really nifty feature of the BIND module here in pfSense, is that it shows you exactly what the BIND file looks like that you have created, right? And so, we've got our at symbol IN name server landonhotels.com at IN A 1.3 right there. So, we've got the entire domain resolving to 1.3 right now. We've got mail going to 3.2 and we've got windows going to 3.3. The IN A at 1.3 is definitely not right, so I've clearly made a typo someplace and there it is. That's my typo right there. This is why we go back and check our work, right? So, that was 3.1, in fact, actually is what we were meaning for that to be. So, I'm gonna click Save. And if I come back in here and click Edit and scroll all the way down, I can look here and there, that looks much better. At IN A at 168.3.1 and that at symbol just means basically anything, it's a wild card, sort of. So, at IN NS landonhotels.com at IN A and we get that IP address at the router itself and then windows IN A at 3.3. So, we have our A record. Fantastic. That was really easy and super awesome. Go ahead and configure your A record on your Mac OS 10 DNS server, if that's what you're using, or on your Windows 2012 DNS server. Your interface will vary. If you want to look at what your interface will look like, we have movies later on in the course to cover your individual interface on those two operating systems.

Contents