CoreDNS Setup for Local Network with SSL

Open Table of Contents

Introduction
System Architecture
Prerequisites
Installation
- CoreDNS Server Setup
- Client VM Configuration
Configuration
- CoreDNS Configuration File
- SystemD Service Setup
SSL Configuration
Troubleshooting
Advanced Usage
Conclusion

Introduction

This project sets up a local DNS infrastructure using CoreDNS, with one Debian server acting as the DNS server and two client VMs. The system is designed to use CoreDNS for local hostname resolution and fall back to 1.1.1.1 for internet queries. Additionally, it includes SSL configuration for secure local connections.

System Architecture

The setup consists of:

1 Debian VM running CoreDNS as the DNS server
2 Client VMs configured to use the CoreDNS server
SSL certificates for secure local connections
Fallback to Cloudflare DNS (1.1.1.1) for external queries

Prerequisites

1 Debian VM for CoreDNS server
2 Client VMs (any Linux distribution)
Root or sudo access on all VMs
Basic understanding of DNS and networking

Installation

CoreDNS Server Setup

Download and install CoreDNS:

wget https://github.com/coredns/coredns/releases/download/v1.10.1/coredns_1.10.1_linux_amd64.tgz
tar xzf coredns_1.10.1_linux_amd64.tgz
sudo mv coredns /usr/local/bin/

Verify installation:

coredns -version

Client VM Configuration

On each client VM, edit the /etc/resolv.conf file:

sudo nano /etc/resolv.conf

Add the following content (replace 192.168.1.10 with your CoreDNS server’s IP):

nameserver 192.168.1.10
nameserver 1.1.1.1

Configuration

CoreDNS Configuration File

Create and edit the Corefile:

sudo mkdir /etc/coredns
sudo nano /etc/coredns/Corefile

Add the following content:

.:53 {
    hosts {
        192.168.1.10 server.local
        192.168.1.20 client1.local
        192.168.1.30 client2.local
        fallthrough
    }
    forward . 1.1.1.1
    log
    errors
}

SystemD Service Setup

Create a SystemD service file:

sudo nano /etc/systemd/system/coredns.service

Add the following content:

[Unit]
Description=CoreDNS DNS server
After=network.target

[Service]
ExecStart=/usr/local/bin/coredns -conf /etc/coredns/Corefile
Restart=on-failure

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable coredns
sudo systemctl start coredns

SSL Configuration

Generate a self-signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
     -keyout /etc/ssl/private/hostname.local.key \
     -out /etc/ssl/certs/hostname.local.crt

Follow the prompts, ensuring you set the Common Name to “hostname.local”.

Troubleshooting

If CoreDNS fails to start, try the following:

Check permissions:

ls -l /usr/local/bin/coredns
sudo chmod +x /usr/local/bin/coredns

Verify Corefile:

cat /etc/coredns/Corefile

Run CoreDNS manually:

sudo /usr/local/bin/coredns -conf /etc/coredns/Corefile

Check logs:

sudo journalctl -u coredns.service

Check for port conflicts:

sudo lsof -i :53

Configure firewall:

sudo firewall-cmd --permanent --add-service=dns
sudo firewall-cmd --reload

Advanced Usage

Custom DNS records: Add more entries to the hosts section in the Corefile.
Plugins: CoreDNS supports various plugins. Explore the official documentation for more options.

Conclusion

This setup provides a robust local DNS solution with SSL support, perfect for development environments and homelabs. The CoreDNS server handles local hostname resolution while maintaining internet connectivity through Cloudflare DNS.