You want a real Name Server at home? // DNS

  Рет қаралды 274,827

Christian Lempa

Christian Lempa

Күн бұрын

Пікірлер: 440
@williammrs
@williammrs Жыл бұрын
You're an absolute legend. I've followed two of your videos now and both have been enormous time savers. I'm just getting started with a homelab and setting everything up is extremely daunting and time consuming. You're an incredible resource!
@christianlempa
@christianlempa Жыл бұрын
Haha thank you :D I'm glad it's helping you :)
@user-dd1rg7sd9l
@user-dd1rg7sd9l 25 күн бұрын
Christian, thanks from the USA! It's nice to listen to someone who actually understands computers, operating systems, and networking. Good job!
@thecrimsonraven707
@thecrimsonraven707 Жыл бұрын
I did not know you could use Visual Studio Code to simulataneously access an SSH terminal and access remote folders. You just made my job easier to drop files to my servers. Thank you, Christian.
@tristheflash6928
@tristheflash6928 5 ай бұрын
rm filename
@solverz4078
@solverz4078 Жыл бұрын
Your are far by the best KZbinr for this kind of content as you don't just explain how to do something, you explain why to do things and how they actually work and not just saying put this here and there and it'll work. Love it!!! Shows you have put a lot of time into understanding the concepts properly.
@Glatze603
@Glatze603 7 ай бұрын
I now use technitium dns server - it‘s open source, easy to install on every os (docker, too), very feature rich, really secure and completely with graphical user interface.
@christianlempa
@christianlempa 7 ай бұрын
Sounds like a nice project! Thanks for sharing
@allards
@allards Жыл бұрын
Nice video to kick-off 2023 and a great explanation how to set up a bind server. It's a long video, and I was only loosely interested, but finished it in one viewing. One of your best video's ever!
@christianlempa
@christianlempa Жыл бұрын
Thank you so much for the kind words! That’s a huge compliment :)
@paullacatus8975
@paullacatus8975 Жыл бұрын
Hi Christian ! Nice Bind opening clip. But more interesting will be to make a public/local DNS server and segregating trafic will be a nice continuations. Also a good tutorial, as you do, about MX records with DKIM, DMARK , SPF records ;-)
@djKenpLan09
@djKenpLan09 Жыл бұрын
I personally use bind9 since very long time but never thought on running on a docker container... what a great idea actually! Great video!
@christianlempa
@christianlempa Жыл бұрын
Nice! Thank you :)
@MuhammadHuzaifa-wj1er
@MuhammadHuzaifa-wj1er Жыл бұрын
Hey you seem like a guy who can resolve my query | Hopefully ! I want to learn to serve a containered app to the internet. is that really possible? i believe if i configure dns settings locally good and also configure it with global dns like cloudflare it would really work will this really work [is that practical / feasible] will be waiting for your reply Thanks !
@ulrichbeutenmuller8101
@ulrichbeutenmuller8101 Жыл бұрын
Wow, this is awesome. I was always frustrated with the number of changes needed to have proper DNS resolution in a small network without a proper DNS server. Had I only invested a few hours to understand and setup bind9, this would have saved me a ton of time. Thanks Christian.
@nalle475
@nalle475 Жыл бұрын
Fantastic! You explain it in a way that is so easy to understand. When I hade to learn Bind 30 years ago it took forever and was as theoretical as it could be. Thank you again for an excellent tutorial.
@christianlempa
@christianlempa Жыл бұрын
Thank you so much, that’s a great compliment :)
@herbst1398
@herbst1398 Жыл бұрын
Hallo Christian, von mir und meiner Familie wünsche ich ein frohes neues, glückliches und erfolgreiches Jahr 2023! Meine Kinder stehen total auf deine IT Beiträge, wir schauen dieses Video gerade zusammen auf dem Beamer. Gruß aus Wiesbaden und vielen Dank für die Mühe : )
@christianlempa
@christianlempa Жыл бұрын
Hey, vielen Dank! Ich wünsche euch auch ein frohes Neues, richtig cool, dass ihr so Spaß an den Videos habt :D
@V3LOXy
@V3LOXy Жыл бұрын
Bit of advice, never use the :latest tag, look up the latest version tag (eg 2.4.2) and use that one instead. Always use a specific version and update in a controlled manner. You do not want to be in a situation where you've accidentally pulled a new version and your config files no longer work with that version. It will save you a lot of headache when something goes wrong or you have to migrate to a new server. You can backup your configs and docker file, but it does not ensure you that those config files will work on another device as you've not defined a version tag in your docker file, you may pull a completely different version. (I'm bad at explaining, please do look up why you shouldn't use :latest to understand it better)
@GiorgioAresu
@GiorgioAresu Жыл бұрын
So much this. So many people, and in so many big companies use tag latest and not all of them will listen or care enough to change
@ヽノ-u4t
@ヽノ-u4t Жыл бұрын
There is a middle ground in between the `latest` tag or a tag pointing to a specific release. The current stable nginx release is version `1.23.3`, this version can currently be referenced by multiple tags like `latest`, `stable`, `1.23.3` or even `1`. If the images maintainers are competent, these additional tags will be updated on every release. To always use the latest nginx release of version 1.x.x, but never accidentially use the releases of another major release (2.x.x), just use the tag `1`. In a corporate environment, where all changes to the infrastructure have to be managed in a certain way, you hopefully want to control the update process and also the whole image registry and image build process anyways and push new releases to the registry yourself.
@monkeysocar99
@monkeysocar99 Жыл бұрын
🙃🙂
@monkeysocar99
@monkeysocar99 Жыл бұрын
🙃🙃🙃🙃
@_duckk
@_duckk Жыл бұрын
This image is named bind9 not just bind, so it's implied that the major version is 9, so no breaking changes for you
@Felix-ve9hs
@Felix-ve9hs Жыл бұрын
I almost switched my DNS to BIND, but decided to go with Unbound and NSD instead. Still, great video, configuring services like DNS and DHCP for your own network by hand is really a great learning experience
@christianlempa
@christianlempa Жыл бұрын
Glad it helped!
@jakemuff9407
@jakemuff9407 Жыл бұрын
Please do a full home lab tour video with this included :) Everything thats running in your homelab!
@Mr.Jean-Paul
@Mr.Jean-Paul Жыл бұрын
Hi Christian, interesting video. Just an idea: you could install a second Bind9 server and use the VRRP Protocol to cover the fallout of the first one. I‘ve done that with 2 Piholes on different servers with 1 virtual DNS address. If the first DNS server fails, the second one automatically takes command of the name resolution until the first one recovers 🤷🏼‍♂️. Works flawlessly! LG aus Luxemburg 🇱🇺
@djvincon
@djvincon Жыл бұрын
Thats awesome. Do you have a write up about this?
@andrzejk980
@andrzejk980 Жыл бұрын
You fell from heaven with this video. I planning to local DNS for my devices :) Thank you :)
@christianlempa
@christianlempa Жыл бұрын
Haha thanks :) glad it was helpful!
@m-electronics5977
@m-electronics5977 Жыл бұрын
I don't know that bind9 is configured so easy before! Thanks for the video
@christianthomas5381
@christianthomas5381 Жыл бұрын
Hi, thank you for this great video! I'm actually preparing to provide an own DNS server (also planned to use the Ubuntu/bind9 docker image) for my local network. You give many useful tips that will help. So again: thank you and you have a new follower now 😉. Cheers from Germany!
@christianthomas5381
@christianthomas5381 Жыл бұрын
Okay, it seem's that dnsmasq is blocking port 53 (I need to use piVCCU)....
@1gold4
@1gold4 Жыл бұрын
This have been the most useful source I found for setting up an DNS Server, and granted I still had to troubleshoot somethings but this was so helpful and didn't over complicated things
@christianlempa
@christianlempa Жыл бұрын
Thank you! Glad it helped you :)
@sleipnir7446
@sleipnir7446 Жыл бұрын
I'm looking forward to watch ansible coming into play. Actually I'll try to automate the whole Bind deployment. Thanks for this great video.
@blackbarry45
@blackbarry45 Жыл бұрын
that's great! next topic could be how to issue a certificate from let's encrypt
@zencoding
@zencoding 2 ай бұрын
Christian, this was brilliant. Got my homelab DNS running with this. THANK YOU ♥💙💜💚🧡🧡
@christianlempa
@christianlempa 2 ай бұрын
Thank you so much! Glad that it was helpful
@softreck
@softreck Жыл бұрын
Vielen Dank für die hilfreichen Anweisungen, es ist auch schön, deine persönliche Herangehensweise an technische Themen zu hören.
@christianlempa
@christianlempa Жыл бұрын
Vielen Dank! 😊
@_phil_man_
@_phil_man_ 7 ай бұрын
Really lovely walkthrough of your process. Thankyou for sharing. Happy Saturday brother
@christianlempa
@christianlempa 7 ай бұрын
Thanks, you too!
@diegoperezruanova5590
@diegoperezruanova5590 Жыл бұрын
Hey Chris, have you tried integrating PowerDNS for graphical management of DNS? It would be interesting to see it in a video. I have it set up in my lab with KVM/LXC and it's very useful.
@IamDmitriev
@IamDmitriev Жыл бұрын
Several days ago I tried to find good solution DNS server + simple web UI (preferrable is not 3rd party). And found that there is only one solution for this, called SnitchDNS. And decided that the best option is PowerDNS + 3rd party PowerDNS-Admin. Might Chris do not need UI for DNS management, because its his homelab with one user.
@matthew6cooper
@matthew6cooper Жыл бұрын
One thing you may want to look at for outside requests using an SSL DNS server. I have the outside request routing through STunnel. This will stop anyone from logging your DNS requests
@Darkk6969
@Darkk6969 Жыл бұрын
One of the reasons why I use unbound in pfsense.
@wildflowers465
@wildflowers465 Жыл бұрын
Great video Christian! I'm looking at creating implementing my own DNS service in a private subnet in the cloud (rather than at home), which I connect to via a VPN, and I'm considering doing this. I'm sure there are probably some tools offered by the cloud provider (I'd rather not use those, in this particular cAWSe, or maybe by the VPN server (openvpn access server), but bind9 seems like a solid way to do things. I've yet to watch your Cloudfare Tunnel videos, so maybe those have some info re. DNS while connected remotely.. As always, I learned a ton; looking forward to the next video!
@christianlempa
@christianlempa Жыл бұрын
Thank you! :) Glad it helped you!
@housemann2770
@housemann2770 Жыл бұрын
Thanks a lot, Christian and a blessed 2023. Do you planned a second part with explaining split horizon and things like TLS w/LE for our local labs (0:52)?
@housemann2770
@housemann2770 Жыл бұрын
uhm, my mistake... with the public domain and a subdomain (like home. or demo.), TLS works after setting this up, I guess^^
@VelislavVarbanov
@VelislavVarbanov Жыл бұрын
Don’t forget to add the docker networks to the internal ACL list, or you may end up like me wondering why portainer does not resolve 😅 BTW I use views to control who sees what. As a side note if you are privacy cautious do not use forwarders. Bind is capable to resolve on its own. You may need to setup a hint zone to speed things up a little.
@christianlempa
@christianlempa Жыл бұрын
Good tip xD
@cateyenebula
@cateyenebula Жыл бұрын
I've been running bind for years now. I use a caching dns config to speed up things. I deploy my services via Ansible which also manages my zones via Ansible templates. Traefik is awesome in that chain to facilitate reverse proxying. Really great recap on all the intricacies!
@LucaGaetanoCapula
@LucaGaetanoCapula 10 ай бұрын
Hi! I am running in a problem that it looks like you solved. I use a dockerized NGINX proxy manger. I setup bind9 but I cant make the 2 work together. what should I do?
@andriescoetzee4751
@andriescoetzee4751 10 ай бұрын
@@LucaGaetanoCapula I am strugling with the same thing not sure what I ahm doing wrong.
@jack.smith2958
@jack.smith2958 Жыл бұрын
Hey, just a tip. If you want to show console input/output, maybe move the window up a little, because if you watch the video with subtitles, you can't at all see what's going on.
@JasonSFuller
@JasonSFuller Жыл бұрын
@christianlempa a few notes: 7:26 Small nit-pick: it's "I. S. C." (Internet Systems Consortium) and not "I. C. S." You mentioned the incorrect acryonym a few times. 18:30 Try using dig (vs nslookup), since you're using BIND. IMHO (and as a former DNS admin for a large ISP), dig is more powerful and streamlined. For EL distros, you'll find it in the "bind-utils" package. Not sure about Mac or Debian-based distros like Ubuntu. 19:30 FYI, the reason why you can use .home, .corp, and .mail (but not .local) TLDs on your private network is because ICANN's board found they were already in prevalent use, and attempting to introduce them publicly would be "high-risk" due to potential name collisions. Originally, these TLDs were not listed in any standard (or RFC) and were technically off-limits (even though people still used them), at least until ICANN Resolution 2018.02.04.12 stated "the delegations of such high-risk strings would be deferred indefinitely." 21:15 Use named-checkconf and named-checkzone. There's probably a config option or extension in VScode to automate this, or you can just add a precommit githook. 31:30 I'm surprised you went with BIND over CoreDNS, since I know you're interested in Kubernetes and especially given your automation aspirations (check the ectd plugin for use outside of k8s).
@adityaroshan1688
@adityaroshan1688 Жыл бұрын
Finally a technical guy not going assembly lang
@gacjezv
@gacjezv 7 ай бұрын
such a good video - watched it last night and have it up and running in 20 minutes for my home lab!!!!!
@christianlempa
@christianlempa 7 ай бұрын
I'm glad it helped you, man! Thanks again for your support :D
@pedro_alonso
@pedro_alonso Жыл бұрын
Damnn, this bring back memories. I have an class where we configured an linux machine from the ground up, and dns with bind9 was one of the configurations we have to do, sadly at the time I don't give much value to it and only remenbered now
@Ecker00
@Ecker00 Жыл бұрын
This setup looks neat, think I'll be setting up my own DNS resolver this weekend! 🌟😍
@christianlempa
@christianlempa Жыл бұрын
Awesome! Tell us how it goes (discord) :D
@fredrik354
@fredrik354 10 ай бұрын
I'm way behind but I'm also going back to bind9. We used it at work a couple of years ago and I laughed at the old half-dead guys running it.. now I'd love to have it that simple and being able to easily manage it automagically with Ansible or Terraform.
@Kqto
@Kqto Жыл бұрын
I followed your tutorial and it worked like a charm. Great tutorial! Thank you.
@MrJakecornford
@MrJakecornford Жыл бұрын
I use NextDNS as I can use it to protect my kids from nasties on the Web, both on my LAN and when they roam. It's an easy package to install on OpenWRT. I ended up doing split horizon without even knowing what it was by putting my internal services in the hosts file on OpenWRT. It works so I don't want to mess with it but would really like to move away from OpenWRT. This has given me a lot to think about. Thank you for the guide 👍
@christianlempa
@christianlempa Жыл бұрын
You’re welcome! Hope it helps to optimize your setup :)
@Eric-H79
@Eric-H79 Жыл бұрын
Great video! This is something I have been wanting to do for my home network. Thank you for creating this tutorial!
@christianlempa
@christianlempa Жыл бұрын
Thank you! Glad you enjoyed it :)
@PricelessToolkit
@PricelessToolkit Жыл бұрын
Hey Christian! Nice video! I'm using Pfsense which supports wildcard certificates.
@marcelcolley8580
@marcelcolley8580 Жыл бұрын
Perfect hit - i was looking for that currently. Thank you 🎉
@christianlempa
@christianlempa Жыл бұрын
You’re welcome 😊
@IT-Entrepreneur
@IT-Entrepreneur Жыл бұрын
Danke, genau was ich gesucht hab. Da Bind9 nur die Config Files braucht kann man das auch Super als Infrastructure as Code direkt aus dem Git hochziehen lassen. Perfekt Terraform für die VM und dann Ansible & Docker um Bind9 zu deployen. So macht Infrastruktur Spaß :)
@ThomasTomchak
@ThomasTomchak Жыл бұрын
@Christian, you’re an amazing teacher. You take some pretty complex subjects and make them not only understandable but exciting to try (at least for nerds like me). One question. You are using two different programs. One for terminal commands and one for text files. Both have some sort of auto-complete working on them. Can you share what two programs those are? I’m just curious. Thanks for another great video.
@shawnhu
@shawnhu Жыл бұрын
They are WARP termial and VS Code editor. Btw, if you not use macOS, and bash, zsh, or fish is your default shell, you could try oh-my-bash, oh-my-zsh, or oh-my-fish to enhance your default shell. The basic auto-complete script is included in enhancements, and you can also add your customize auto-complete scripts to the configuration file.
@christianlempa
@christianlempa Жыл бұрын
Thank you so much! And yeah Shawn actually explained the tools perfectly :)
@davidzuccarini8376
@davidzuccarini8376 Жыл бұрын
I love this channel, for more tutorials of this style, thank you very much.
@christianlempa
@christianlempa Жыл бұрын
Thank you so much :)
@marcoroose9973
@marcoroose9973 Жыл бұрын
Hey Christian! Sehr spannend. Ich habe mich vor 1/2 Jahr mal intensiver mit DNS beschäftigt. BIND9 fand ich irgendwie ein bisschen altbacken. Auch brauchte ich etwas mit API um das extern zu füttern. Ich bin damals auf PowerDNS gestoßen, das finde ich prima, vor allem mit der GUI. CoreDNS fand ich aber auch total spannend, da geht eine Menge mit. Vielleicht mal ein Vergleichsvideo?
@dirkmothes5136
@dirkmothes5136 Жыл бұрын
PowerDNS ist auch die bevorzugte Lösung. HA fähig, Docker-fähig, GUI und API.. alles was man braucht.
@6LordMortus9
@6LordMortus9 Жыл бұрын
I have been waiting for this for so long! Thank you.
@christianlempa
@christianlempa Жыл бұрын
Hope you like it!
@andreaquentino1068
@andreaquentino1068 Жыл бұрын
I like your videos. I watch them.Thank you! Just one thing about audio, I can improve it just for free. It's no problems for me, I can help.
@raymondfb
@raymondfb Жыл бұрын
thank you for taking the time to make this video. it helped me
@pprovost
@pprovost Жыл бұрын
This is exactly what I needed. Thanks Christian!
@svenklomp
@svenklomp Жыл бұрын
Great video, I use pihole’s local dns features. Works great :)
@MehrdadGivehchi
@MehrdadGivehchi Жыл бұрын
Happy new year and great start with your awesome video and wealth of info as usual.
@christianlempa
@christianlempa Жыл бұрын
Happy new year to you too! And thanks :)
@jeffer8762
@jeffer8762 Жыл бұрын
Hi Christian, really like you video and passion about technology. Just wonder do you have a tutorial on a quick ways to spin up new Ubuntu server 22.04.1 LTS from cloned image with sysprep so all the UUID/MAC address will be unique for each machine?
@geozeke
@geozeke Жыл бұрын
Fantastic video, Christian! Thanks. I'm not sure where it changed (maybe on Read the Docs), but your link to [Bind9 Configuration and Zone Files] seems broken. Your URL includes: "v9_18_10", but the current RtD link seems to use: "v9.18.10" (periods not underscore). If you're updating anyway, the current version is at: "v9.18.16" 🙂
@okoeroo
@okoeroo Жыл бұрын
Love the Instructions. Why not run your own recursive server? The bind9 configuration is now a forwarder
@AdrianPatten
@AdrianPatten Жыл бұрын
I agree.
@streambarhoum4464
@streambarhoum4464 Жыл бұрын
Great video Chris ! , yet may be implementing our own Local DIY CDN is a good perspective to avoid using cloudflare for full privacy.
@christianlempa
@christianlempa Жыл бұрын
Thank you! Currently no plans to do that
@streambarhoum4464
@streambarhoum4464 Жыл бұрын
@@christianlempa All right! Think of that in a future... Best regards.
@_nttai
@_nttai Жыл бұрын
Hi Christian, what is the terminal completion you are using? Looks so useful!
@m.jamilrahman4971
@m.jamilrahman4971 Жыл бұрын
and beatutiful, different with other terminal.
@christopherblare6414
@christopherblare6414 Жыл бұрын
I liked the video! I'd definitely be interested in seeing you incorporate more advanced dns topics like adblocking. I've used pihole but I was never able to figure out how to have a secondary DNS with the way it blocks requests. I'm not sure if that's not feasible with pihole or I just could figure it out.
@christianlempa
@christianlempa Жыл бұрын
I'm not sure whether I'd like to cover that topic, however, what would be a solution for your setup: set up bind, and in the "forwarders" section add the local IP of your PiHole instance.
@LampJustin
@LampJustin Жыл бұрын
You could just setup gravity sync. That will sync 2 PiHole instances.
@buldezir
@buldezir Жыл бұрын
@@LampJustin or just ignore this, because u need secondary dns only as fallback, so if it will not cut some ads - who cares :) i use 2 piholes in home lab, with manually wildcarded fake home domain, need to do it once. and all other settings just do only on main pihole.
@speedhunter787
@speedhunter787 Жыл бұрын
@@buldezir 2nd DNS gets used regularly by clients, not just as fallback. You need multiple AGH/Pihole instances which get synced.
@arturmeinild2461
@arturmeinild2461 Жыл бұрын
While bind9 will certainly do the job more than well, another lighter alternative is unbound (by NLnet Labs), which is also very flexible. Most people can actually do with a DNS resolver instead of a full DNS server. 👍
@slickheisenberg8208
@slickheisenberg8208 Жыл бұрын
Unbound would be the less involved an sufficient solution for most homelabs.
@arturmeinild2461
@arturmeinild2461 Жыл бұрын
@@slickheisenberg8208 Yeah I'm running Unbound myself! 👍
@chrisumali9841
@chrisumali9841 Жыл бұрын
Thanks for the demo and info, have a great day
@christianlempa
@christianlempa Жыл бұрын
Thanks, you too!
@luigitech3169
@luigitech3169 Жыл бұрын
Great video, I use Adguard as home DNS
@canadianwildlifeservice8883
@canadianwildlifeservice8883 Жыл бұрын
I am having good results since switching to Unbound. Be careful. When using a public resolver like Quad9 or Cloudflared, your ISP can still transparently proxy your DNS requests. This is referred to as a DNS leak. With Unbound, or Bind9, the DNS server on your network contacts different DNS root servers online and prevents DNS leaks. For some reason, I could not successfully use DoH or DoT (within AdGuard Home) without my requests being intercepted by my ISP's DNS proxies, as proven by the online DNS Leaktest websites. I would love to migrate from Unbound to Bind9 as BIND acts as an authoritative OR recursive DNS server, and not just a recursive DNS, and also use Pi-Hole or AdGuard DNS along with it.
@93davve93
@93davve93 Жыл бұрын
Nice introduction, thanks! Would like to implement something like this, but would miss the automatic DNS records that pfSense is providing via DHCP leases...
@thiagocrepaldi3655
@thiagocrepaldi3655 Жыл бұрын
Hi David, this is exactly what I am trying to learn before switching from Unbound to Bind9. How to register dynamic and static DHCP leases and OpenVPN clients to the bind9 as DNS server. Have you ever got that done?
@WastedMofo
@WastedMofo Жыл бұрын
Hey Christian! Nice video! I can see this fitting perfectly into my own lab :-). Just wondering if you'd consider a 2nd container (or K3S) orso as a secondary (Internal) DNS (to maintain HA). I'm not sure if you can configure that as well in your Sophos? (perhaps round robin). Maybe this is an overkill, but you keep mentioning that this is something you'd want to scale up to 'enterprise' levels. ;-).
@fanshaw
@fanshaw Жыл бұрын
I'd put a caching server like pihole on the inside and give out that IP to clients. That creates a consistent model for internal and external/3rd party domains: client->cache->[main cache]->authoritative server. This scales better if you go multi-site as you keep your authoritative systems in the data centre and put dumb caches out on sites and you can put your authoritative server somewhere nice like a DMZ, where it can publish out to the internet and do zone transfers to your ISP if required. Of course you can zone transfer to the DC (for things like dhcp dns registrations), but I think its neater centralise first if possible. You probably want to protect your primary DNS server with a DMZ which only allows outbound zone transfers to secondaries and doesn't answer queries itself. If someone hacks your DNS, you're toast.
@godwears7
@godwears7 Жыл бұрын
Great video, I might need to try this out. I like the idea of the split horizon. Anyway, more importantly, what terminal is that you are using? I like the auto complete and and sectioning.
@godwears7
@godwears7 Жыл бұрын
nevermind, I found warp which I'm pretty sure it is.
@conraadvandenberg
@conraadvandenberg Жыл бұрын
@ChristianLempa Great video! Which file explorer/editor are you using in the video?
@zubairzonbarkar3358
@zubairzonbarkar3358 Жыл бұрын
It is a very comprehensive setup guide. I have a question how to connect and run a spring docker container to a external standalone Oracle database?
@rdvqc
@rdvqc Жыл бұрын
Since you ask I have been running local bind, dhcp and smtp sevices for about 15 years. Originally I used an HP-UX system later moving to Centos and recently to Almalinux. I have owned a number of domains and master 'home.' variants for local use. Originally, when Internet connections were slower, it cut dns chatter on the Internet link by caching. The DHCP allows me to assign consistent IP's to my local devices and distribute DNS, gateway, NTP and other configuration. The DCHP on most ISP routers is pretty lame.
@ZeroXMK_
@ZeroXMK_ Жыл бұрын
Happy New Year Christian! Awesome video to start the year. I'm waiting on some new gear to change up my lab and will be implementing BIND for internal DNS as well. Are you going to explore setting up a DNS cluster in the future? That way your primary node doesn't resolve DNS queries and is only used for updating the record configuration and then pushing the config to the secondary nodes via zone transfers.
@thomaseckert5691
@thomaseckert5691 Жыл бұрын
You are rocking that turtleneck!
@christianlempa
@christianlempa Жыл бұрын
Haha thx :D
@Theborg72
@Theborg72 Жыл бұрын
Thanks.. always as interesting, this is how I drive with bind9 I've been running Bind for a few years now and am completely satisfied. I send the questions to the Nginx reverse proxy which puts on the ssl certificate before servers.
@christianlempa
@christianlempa Жыл бұрын
Awesome! Sounds like a great solution :)
@Net_Mastr
@Net_Mastr Жыл бұрын
It was super tutorial, Thanks for this❤
@christianlempa
@christianlempa Жыл бұрын
You're welcome 😊
@JasonDenson09
@JasonDenson09 Жыл бұрын
I've been using Technitium DNS, I definitely prefer it over BIND
@Glatze603
@Glatze603 Жыл бұрын
Why? I have played with Technitium DNS too and I like it feature set! Do you use it's Dhcp, too?
@marcelk.4371
@marcelk.4371 Жыл бұрын
👌 Mit dir müsste man mal ein Bierchen trinken :D Danke für alle deine interessanten Videos!
@christianlempa
@christianlempa Жыл бұрын
Haha, wenn ich anstatt Bier auch Cola trinken darf gerne :D
@trtrevenen
@trtrevenen Жыл бұрын
Gru you are killing it.
@christianlempa
@christianlempa Жыл бұрын
:D
@mysticsilent
@mysticsilent Жыл бұрын
Great video! Very interesting stuff to learn 😊 thanks for your time to explain it into detail. Also happy newyear 🎉
@christianlempa
@christianlempa Жыл бұрын
Happy new year to you too! :)
@sylvaindecrom
@sylvaindecrom Жыл бұрын
Hi Christian, happy new year! A great follow up to this video would be how to generate certs for the internal hosts using letsencrypt.
@buschmannd2
@buschmannd2 Жыл бұрын
Hi Christan, danke Dir vielmals, hat mir sehr geholfen. VG!
@christianlempa
@christianlempa Жыл бұрын
Das freut mich!
@guyfeldman4697
@guyfeldman4697 Жыл бұрын
You could configure your DHCP server to use dynamic dns for automatic updates to bind. Each VLAN could correspond to a different sub-domain. I don't think you need terraform or ansible.
@christianlempa
@christianlempa Жыл бұрын
Thank you! However, I'm not sure whether this would work in my case. I'd like to create a DNS record automatically with the same tool I'm using to create VMs (which is terraform).
@Mtbred
@Mtbred Жыл бұрын
@@christianlempa I think a clean method here would be calling an ansible playbook with TF. Looks like there are a few ansible roles out on galaxy for managing Bind9. And you should be able to take the output from TF as an input in the ansible playbook
@magnuscarlsson6785
@magnuscarlsson6785 Жыл бұрын
Could you please describe how to automatically update the dns from a DHCP server? Been looking all over, but searching for dynamic dns just gives hits on using external dyndns...
@linuxbasics7060
@linuxbasics7060 Жыл бұрын
I'm just getting an error - "open: /etc/bind/named.conf: file not found" and then it exits. I have the file in the folder so I am pretty stumped.
@matthiasbenaets
@matthiasbenaets Жыл бұрын
I guess this is a good solution if you want some more control over your local dns, but personally all I see is an extra container I need to manage. You can do pretty everything the same with a reverse proxy manager, pihole and managing the record with your public dns resolver.
@captcan78
@captcan78 Жыл бұрын
Awesome video! I tried that for myself, and experimented a bit with allowing my DHCP updating the DNS configuration whenever it issues a new lease. However despite setting the BIND9_USER=root like in your example, bind9 was not able to create a journal in the config folder. Setting the permissions of that folder to 777 solved the issue. The newly created ".jnl" file that contains the DHCP update is however created using the root user. That's a bit strange, that root is not allowed to create files... have not found the reason for that yet.
@InforMedic
@InforMedic Жыл бұрын
i used BIND9_USER=bind - this sets user according to the group "bind" in the container path /run/named/ - by doing this bind9 was able to write the pid and session files...
@robertjyllhed3245
@robertjyllhed3245 4 ай бұрын
It would be great to be able to like twice, this is a very good project.
@christianlempa
@christianlempa 4 ай бұрын
Haha thank you so much! :)
@launebaer86
@launebaer86 Жыл бұрын
Great video as always. Could you make a video about how you feel about moving to Mac now after a couple of months? P.S.: Gutes Neues! 🎉
@christianlempa
@christianlempa Жыл бұрын
Frohes Neues dir auch :D Würde gerne noch den Mac mit einer Docking Station testen und dann kommt ein Windows vs macOS video ;)
@ikerstges
@ikerstges Жыл бұрын
The mystery of bind lifted, this video made me subscribe to your channel! ☺ I'd be very gratefull if you would followup on this, showing the let's encrypt certificate process? Thanks for this demo example, very helpfull!!
@ΚωνσταντίνοςΝίκας-τ1θ
@ΚωνσταντίνοςΝίκας-τ1θ Жыл бұрын
Good morning Christian, happy new year. Thank you so much for your wonderful videos. I would like to ask you a few questions. Could we use docker compose instead of docker-compose? Or could we use podman instead of docker to "install" bind9. Is there any relationship between your custom configuration and the cloudflare tunnels I'm using? Finally I would like to ask as a newbie that I am, if you use port forwarding on your homelab. Greetings from Corfu (Greece)!!!
@christianlempa
@christianlempa Жыл бұрын
Thank you :) to your question, you can use any container engine that works for you, doesn’t matter whether it’s podman, docker or other tools. I’m not using cloudflare tunnels but I’m using an access proxy that’s cloud based as a secure connection to my servers, which is only for me though.
@ΚωνσταντίνοςΝίκας-τ1θ
@ΚωνσταντίνοςΝίκας-τ1θ Жыл бұрын
@@christianlempa I am very happy for your prompt response.🤓 So I guess: no port-forwarding... I would like to see in your channel how to build container images from amd64 to arm64.(I have a raspberry pi😉) I would also like to see a guide yet for vscode and remote access. Anyway... Thanks again for your very informative tutorials!!!
@luckyelmsworld
@luckyelmsworld Жыл бұрын
Good Tutorial. However i find using webmin to setup BIND9 far much easier and less error prone. Editing hosts & zone files may be ok but very tedious without a GUI. Webmin does this for and the best thing is, u get to know and check which file is being modified and if you want to can edit them from within Webmin.
@knowledgeispower17
@knowledgeispower17 Жыл бұрын
Setup PI Hole with Unbound. This is the real deal. :D
@henrikorouto7106
@henrikorouto7106 Жыл бұрын
Hi , wouldn't Santa have traded your macbook air for a macbook pro? And it was a nice video as usual
@eduardodelvalle2071
@eduardodelvalle2071 Жыл бұрын
Hi Christian. Great video. Please share the name of the text/proyect editor you used in the video. Thanks.
@dbriankimmel1538
@dbriankimmel1538 Жыл бұрын
Thanks for a great video. I am using ansible to implement this - almost working.
@christianlempa
@christianlempa Жыл бұрын
Excellent!
@mactech8167
@mactech8167 Жыл бұрын
Hey Christian good vid Many ways to do it, cloudflare, your method, Here’s how I do it… 1. buy a Synology+ model 8gb pref (you won’t regret it) 2. Synology comes with your own free ddns for life (Must own a Synology) also has quick connect reverse tunnel as well 3. Create let’s encrypt cert free inc wildcard cert on Synology 4. install docker in Synology 5. Create wildcards based on your ddns in Synology (nginx) reverse proxy section“or” can use nginx proxy manager on docker in your Synology 6. If you have behind a Pfsense firewall in which I do create firewall rules also create firewall rules in Synology 7 job Done
@robertroygaard902
@robertroygaard902 Жыл бұрын
I use BIND9 on two raspberry pi3 for my public domains and a pihole on kubernetes for local ip's. my local domain is named the same as my public domain. in the past I've used bind9 with views for local and public resolution but it was much more comfortable to use pihole on my local net.
@jeroenrevalk
@jeroenrevalk Жыл бұрын
Thanks Chistian! How about your SSL certs? Now i'm using NGINX Proxy manager with an subdomain wildcard to my home dns entry. Are you still facing something public? Or are you using wildcard certs with Letsencrypt with an dns challenge?
@MarkJay
@MarkJay Жыл бұрын
Great video! Thank you!
@christianlempa
@christianlempa Жыл бұрын
Glad you liked it!
@vk3fbab
@vk3fbab Жыл бұрын
I must be honest I have never seen a traffic storm from having a recursive DNS server on the internet. In theory it's possible and I agree it's best practise to only serve external clients records your server is authoritative for.
@berndeckenfels
@berndeckenfels Жыл бұрын
It should be mentioned Windows DNS for a homeland where you play around with AD is an alternative and a good unix alternative to bind is powerdns.
@dougbeard7624
@dougbeard7624 4 ай бұрын
Love your videos, I've learned a ton from you.
@christianlempa
@christianlempa 4 ай бұрын
Thank you so much ❤️ I'm glad my videos help you!
@Yizbot
@Yizbot Жыл бұрын
This is a great introduction to Bind9. Only question I have is do you show how to set up the split traffic thing you mention towards the beginning? Also you kinda gloss over this, but are you exposing this dns server publicly to be used by you to resolve local servers when you’re “out and about”? Or is it only for local traffic?
@christianlempa
@christianlempa Жыл бұрын
I'd use bind9 only for internal traffic, for public traffic you can set up a second instance, but honestly, I'd prefer using my provider's DNS server for that (e.g. the public Cloudflare DNS)
Build a custom Linux Desktop in Docker!
21:14
Christian Lempa
Рет қаралды 68 М.
Automate local Name Resolution with Terraform // DNS #2
20:56
Christian Lempa
Рет қаралды 60 М.
МЕНЯ УКУСИЛ ПАУК #shorts
00:23
Паша Осадчий
Рет қаралды 4,8 МЛН
Симбу закрыли дома?! 🔒 #симба #симбочка #арти
00:41
Симбочка Пимпочка
Рет қаралды 3,8 МЛН
Twin Telepathy Challenge!
00:23
Stokes Twins
Рет қаралды 78 МЛН
You're running Pi-Hole wrong! Setting up your own Recursive DNS Server!
18:02
Simple HTTPs for Docker! // Traefik Tutorial (updated)
38:06
Christian Lempa
Рет қаралды 40 М.
Self-Hosting Security Guide for your HomeLab
18:43
Techno Tim
Рет қаралды 409 М.
How to Install Arch Linux | Step By Step
32:47
zeeplockd
Рет қаралды 1 М.
What is DNS? (and how it makes the Internet work)
24:22
NetworkChuck
Рет қаралды 250 М.
Don’t run Proxmox without these settings!
25:45
Christian Lempa
Рет қаралды 281 М.
How To Install And Configure DNS Server In Linux
1:02:09
Tech Tutorials - David McKone
Рет қаралды 66 М.
How to protect Linux from Hackers // My server security strategy!
30:39
Christian Lempa
Рет қаралды 228 М.
How to Homelab: Considerations for adding a Domain to your Gear
29:10
Learn Linux TV
Рет қаралды 40 М.
How to use Cloudflare Tunnel in your Homelab (even with Traefik)
23:34
Christian Lempa
Рет қаралды 164 М.
МЕНЯ УКУСИЛ ПАУК #shorts
00:23
Паша Осадчий
Рет қаралды 4,8 МЛН