CoreDNS Setup for Local Network with SSL#

Table of Contents#

Introduction#

This project sets up a local DNS infrastructure using CoreDNS, with one Debian server acting as the DNS server and two client VMs. The system is designed to use CoreDNS for local hostname resolution and fall back to 1.1.1.1 for internet queries. Additionally, it includes SSL configuration for secure local connections.

System Architecture#

The setup consists of:

1 Debian VM running CoreDNS as the DNS server
2 Client VMs configured to use the CoreDNS server
SSL certificates for secure local connections
Fallback to Cloudflare DNS (1.1.1.1) for external queries

Prerequisites#

1 Debian VM for CoreDNS server
2 Client VMs (any Linux distribution)
Root or sudo access on all VMs
Basic understanding of DNS and networking

Installation#

CoreDNS Server Setup#

Download and install CoreDNS:

1
wget https://github.com/coredns/coredns/releases/download/v1.10.1/coredns_1.10.1_linux_amd64.tgz
2
tar xzf coredns_1.10.1_linux_amd64.tgz
3
sudo mv coredns /usr/local/bin/

Verify installation:

1
coredns -version

Client VM Configuration#

On each client VM, edit the /etc/resolv.conf file:

1
sudo nano /etc/resolv.conf

Add the following content (replace 192.168.1.10 with your CoreDNS server’s IP):

1
nameserver 192.168.1.10
2
nameserver 1.1.1.1

Configuration#

CoreDNS Configuration File#

Create and edit the Corefile:

1
sudo mkdir /etc/coredns
2
sudo nano /etc/coredns/Corefile

Add the following content:

1
.:53 {
2
    hosts {
3
        192.168.1.10 server.local
4
        192.168.1.20 client1.local
5
        192.168.1.30 client2.local
6
        fallthrough
7
    }
8
    forward . 1.1.1.1
9
    log
10
    errors
11
}

SystemD Service Setup#

Create a SystemD service file:

1
sudo nano /etc/systemd/system/coredns.service

Add the following content:

1
[Unit]
2
Description=CoreDNS DNS server
3
After=network.target
4

5
[Service]
6
ExecStart=/usr/local/bin/coredns -conf /etc/coredns/Corefile
7
Restart=on-failure
8

9
[Install]
10
WantedBy=multi-user.target

Enable and start the service:

1
sudo systemctl daemon-reload
2
sudo systemctl enable coredns
3
sudo systemctl start coredns

SSL Configuration#

Generate a self-signed certificate:

1
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
2
     -keyout /etc/ssl/private/hostname.local.key \
3
     -out /etc/ssl/certs/hostname.local.crt

Follow the prompts, ensuring you set the Common Name to “hostname.local”.

Troubleshooting#

If CoreDNS fails to start, try the following:

Check permissions:

1
ls -l /usr/local/bin/coredns
2
sudo chmod +x /usr/local/bin/coredns

Verify Corefile:

1
cat /etc/coredns/Corefile

Run CoreDNS manually:

1
sudo /usr/local/bin/coredns -conf /etc/coredns/Corefile

Check logs:

1
sudo journalctl -u coredns.service

Check for port conflicts:

1
sudo lsof -i :53

Configure firewall:

1
sudo firewall-cmd --permanent --add-service=dns
2
sudo firewall-cmd --reload

Advanced Usage#

Custom DNS records: Add more entries to the hosts section in the Corefile.
Plugins: CoreDNS supports various plugins. Explore the official documentation for more options.

Conclusion#

This setup provides a robust local DNS solution with SSL support, perfect for development environments and homelabs. The CoreDNS server handles local hostname resolution while maintaining internet connectivity through Cloudflare DNS.