Skip to content

CoreDNS Setup for Local Network with SSL

Published: at 05:30 AM

CoreDNS Setup for Local Network with SSL

Table of Contents

Open Table of Contents

Introduction

This project sets up a local DNS infrastructure using CoreDNS, with one Debian server acting as the DNS server and two client VMs. The system is designed to use CoreDNS for local hostname resolution and fall back to 1.1.1.1 for internet queries. Additionally, it includes SSL configuration for secure local connections.

System Architecture

The setup consists of:

Prerequisites

Installation

CoreDNS Server Setup

  1. Download and install CoreDNS:
wget https://github.com/coredns/coredns/releases/download/v1.10.1/coredns_1.10.1_linux_amd64.tgz
tar xzf coredns_1.10.1_linux_amd64.tgz
sudo mv coredns /usr/local/bin/
  1. Verify installation:
coredns -version

Client VM Configuration

On each client VM, edit the /etc/resolv.conf file:

sudo nano /etc/resolv.conf

Add the following content (replace 192.168.1.10 with your CoreDNS server’s IP):

nameserver 192.168.1.10
nameserver 1.1.1.1

Configuration

CoreDNS Configuration File

Create and edit the Corefile:

sudo mkdir /etc/coredns
sudo nano /etc/coredns/Corefile

Add the following content:

.:53 {
    hosts {
        192.168.1.10 server.local
        192.168.1.20 client1.local
        192.168.1.30 client2.local
        fallthrough
    }
    forward . 1.1.1.1
    log
    errors
}

SystemD Service Setup

Create a SystemD service file:

sudo nano /etc/systemd/system/coredns.service

Add the following content:

[Unit]
Description=CoreDNS DNS server
After=network.target

[Service]
ExecStart=/usr/local/bin/coredns -conf /etc/coredns/Corefile
Restart=on-failure

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable coredns
sudo systemctl start coredns

SSL Configuration

Generate a self-signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
     -keyout /etc/ssl/private/hostname.local.key \
     -out /etc/ssl/certs/hostname.local.crt

Follow the prompts, ensuring you set the Common Name to “hostname.local”.

Troubleshooting

If CoreDNS fails to start, try the following:

  1. Check permissions:
ls -l /usr/local/bin/coredns
sudo chmod +x /usr/local/bin/coredns
  1. Verify Corefile:
cat /etc/coredns/Corefile
  1. Run CoreDNS manually:
sudo /usr/local/bin/coredns -conf /etc/coredns/Corefile
  1. Check logs:
sudo journalctl -u coredns.service
  1. Check for port conflicts:
sudo lsof -i :53
  1. Configure firewall:
sudo firewall-cmd --permanent --add-service=dns
sudo firewall-cmd --reload

Advanced Usage

  1. Custom DNS records: Add more entries to the hosts section in the Corefile.
  2. Plugins: CoreDNS supports various plugins. Explore the official documentation for more options.

Conclusion

This setup provides a robust local DNS solution with SSL support, perfect for development environments and homelabs. The CoreDNS server handles local hostname resolution while maintaining internet connectivity through Cloudflare DNS.