We can assume control over DNS name resolution, at least for a controlled network or a intranet, and with that be able to choose names for machines and services to use at will locally.
In this guide, we will provide information on how it can be done in a Ubuntu 22.04 environment but it might be simple enough to be translated to other distributions.
The network name "forest.local" is used here as an example, replace it with your own network in the following documentation.
Information required:
- The local network CIDR is the network CIDR that end-users computers are connected to, for example, 192.168.0.0/16 is a valid network CIDR.
- The name of the network to use instead of forest.local.
- Current primary DNS server IP address used by your network. (if you don´t have any you can use the Google public DNS server 8.8.8.8 or any other)
- Current secondary DNS server IP address used by your network. (if you don´t have any you can use the CloudFlare public DNS server 1.1.1.1 or any other )
Unbound installation:
$> sudo apt update ....comand output... $> sudo apt install unbound ....comand output...
Other Linux distributions can download it directly from here:
Configuring Unbound:
Make adjustments in the section "labview" in the file /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf replacing variables with the corrected values.
You should also replace:
The IP address: "192.168.15.51" by the IP where the Labforward applications are running.
This is the initial template for your configuration file:
# You can know more about configuring Unbound in: # https://nlnetlabs.nl/documentation/unbound/unbound.conf/ server: interface: 0.0.0.0 interface: 127.0.0.53 port: 53 access-control: 192.168.0.0/16 allow #Which network can use this service access-control: 127.0.0.0/8 allow #Allow local services to use this service access-control-view: 192.168.0.0/16 labview #Apply the labview for clients from this network access-control-view: 127.0.0.0/8 labview #Apply the labview for local services do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes # Enable DNSSEC validation (optional but recommended) auto-trust-anchor-file: "/var/lib/unbound/root.key" # Forward DNS queries to upstream resolvers forward-zone: name: "." forward-addr: <Primary DNS IP> forward-addr: <Secondary DNS IP> view: # Locally defined names and respective IP addresses name: "labview" # local-zone has the same value as domain property in the admin console. local-zone: "labforward.forest.local." static local-data: "account.labforward.forest.local. 10880 IN A 192.168.15.51" local-data: "labregister.forest.local. 10880 IN A 192.168.15.51" local-data: "labfolder.labforward.forest.local. 10880 IN A 192.168.15.51" local-data: "laboperator.labforward.forest.local. 10880 IN A 192.168.15.51" local-data: "fos.labforward.forest.local. 10880 IN A 192.168.15.51" local-data: "connector-manager.labforward.forest.local. 10880 IN A 192.168.15.51" local-data: "workflow-editor.labforward.forest.local. 10880 IN A 192.168.15.51"
Make sure that the new config file is correct and valid. You can test it with the following command:
$> unbound-checkconf /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf unbound-checkconf: no errors in /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
If you don't get the “no error message” go back and fix the file.
Enabling Unbound:
$> sudo systemctl disable systemd-resolved.service ....comand output... $> sudo systemctl enable unbound ....comand output...
Check the service status to see if Unbound is running.
$> sudo systemctl status unbound ....comand output...
TL;DR;
Execute these commands on your server assuming the DNS intranet server job:
$> sudo apt update ....comand output... $> sudo apt install unbound ....comand output... $> sudo systemctl disable systemd-resolved.service ....comand output...
Make sure that the new config file is correct and valid. You can test it with the following command:
$> unbound-checkconf /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf unbound-checkconf: no errors in /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
If you don't get the “no error message” go back and fix the file.
$> sudo systemctl enable unbound ....comand output...
After Installation:
The computers on your network now need to be configured to use the IP address of the DNS intranet server.
This can be done manually on each computer, and the process can vary according to the operating system.
This can also be done automatically by the network administrator.
Multiple options can be selected.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article