HOW TO RUN YOUR OWN INDEPENDENT DNS WITH CUSTOM TLDS
--

BACKGROUND


After reading what feels like yet another article about a BitTorrent tracker losing its domain name, I started to think about how trackers could have an easier time keeping a stable domain if they didn’t have to register their domain through conventional methods Among their many roles, The Internet Corporation for Assigned Names and Numbers (ICANN), controls domain names on the Internet and are well known for the work with the Domain Name System (DNS) specifically the operation of root name servers and governance over top level domains (TLDs).


If you ever register a domain name, you pick a name you like and head over to an ICANN-approved registrar. Let’s say I want my domain to be “n-o-d-e.net”. I see if I can get a domain with “n-o-d-e” affixed to the TLD “.net” and after I register it, I’m presented with an easy-to-remember identification string which can be used by anyone in the world to access my website. After I map my server’s IP address to the domain, I wait for the new entry to propagate. This means that the records for my domain are added/updated in my registrar’s records. When someone wants to visit my website, they type out “n-o-d-e.net” in their address bar of their browser and hit the enter key. In the background, their set name server (usually belonging to the ISP) checks to see who controls records for this domain, and then works its way through the DNS infrastructure to retrieve the IP address matching this domain name and returns it back to you.


It’s a reliable, structured system, but it is still controlled by an organization who has been known to retract domains from whoever they like. What if you could resolve domains without going through this central system? What if there was a way to keep sites readily accessible without some sort of governing organization being in control?


I’m not the first to think of answers to these questions. Years ago, there was a project called Dot-P2P which aimed to offer “.p2p” TLDs to peer-to-peer websites as a way of protecting them against losing their domains. While the project had notable backing by Peter Sunde of The Pirate Bay, it eventually stagnated and dissolved into obscurity.


The organization that would have handled the “.p2p” domain registrations, OpenNIC, is still active and working on an incredible project itself. OpenNIC believes that DNS should be neutral, free, protective of your privacy, and devoid of government intervention. OpenNIC also offers new custom TLDs such as “.geek” and “.free” which you won’t find offered through ICANN. Anyone can apply for a domain and anyone can visit one of the domains registered through OpenNIC provided they use an OpenNIC DNS server, which is also backwards-compatible with existing ICANN-controlled TLDs. No need to say goodbye to your favorite .com or .net sites.


If you have the technical know-how to run your own root name server and submit a request to OpenNIC’s democratic body, you too could manage your own TLD within their established infrastructure.


Other projects like NameCoin aim to solve the issue of revoked domains by storing domain data for its flagship “.bit” TLD within its blockchain. The potential use cases for NameCoin take a radical shift from simple domain registrations when you consider what developers have already implemented for storing assets like user data in the blockchain alongside domain registrations.


But what if I wanted to run my own TLD without anyone’s involvement or support, and still be completely free of ICANN control? Just how easy is it to run your own TLD on your own root name server and make it accessible to others around the world?



INTRODUCTION


It turns out that running your own DNS server and offering custom TLDs is not as difficult as it first appears. Before I set out to work on this project, I listed some key points that I wanted to make sure I hit:


- Must be able to run my own top level domain
- Must be able to have the root server be accessible by other machines
- Must be backwards compatible with existing DNS


Essentially, I wanted my own TLD so I didn’t conflict with any existing domains, the ability for others to resolve domains using my TLD, and the ability for anyone using my DNS to get to all the other sites they would normally want to visit (like n-o-d-e.net).



REQUIRED


For this guide, you are going to need a Linux machine (a virtual machine or Raspberry Pi will work fine). My Linux machine is running Debian. Any Linux distribution should be fine for the job, if you use something other than Debian you may have to change certain commands. You will also want a secondary machine to test your DNS server. I am using a laptop running Windows 7.


Knowledge of networking and the Linux command line may aid you, but is not necessarily required.



CHOOSING A DNS PACKAGE


I needed DNS software to run on my Linux machine, and decided upon an old piece of software called BIND. BIND has been under criticism lately because of various vulnerabilities, so make sure that you read up on any issues BIND may be experiencing and understand the precautions as you would with any other software you may want to expose publicly. I am not responsible if you put an insecure piece of software facing the internet and get exploited.


It is important to note that I will be testing everything for this project on my local network. A similar configuration should work perfectly for any internet-facing server.


Other DNS software exists out there, but I chose BIND because it is something of a standard with thousands of servers running it daily in a production environment. Don’t discount other DNS packages! They may be more robust or secure and are definitely something to consider for a similar project.



HOW-TO GUIDE:


Step 1. Initial Configuration


Connect your Linux machine to the network and check the network interface status.


ifconfig


The response to the command should look similar to this:


eth0      Link encap:Ethernet  HWaddr f0:0d:de:ad:be:ef
                         inet addr:192.168.1.12  Bcast:192.168.1.255  Mask:255.255.255.0
                         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                         RX packets:8209495 errors:0 dropped:386 overruns:0 frame:0
                         TX packets:9097071 errors:0 dropped:0 overruns:0 carrier:0
                         collisions:0 txqueuelen:1000
                         RX bytes:2124485459 (1.9 GiB)  TX bytes:1695684733 (1.5 GiB)


Make sure your system is up-to-date before we install anything.


sudo apt-get update
sudo apt-get upgrade



Step 2. Installing & Configuring BIND


Change to the root user and install BIND version 9. Then stop the service.


su -
apt-get install bind9
/etc/init.d/bind9 stop


Now that BIND is installed and not running, let’s create a new zone file for our custom TLD. For this example, I will be using “.node” as my TLD but feel free to use any TLD of your choosing.


cd /etc/bind
nano node.zone


Paste the following into the file and edit any values you may see fit, including adding any domains with corresponding IP addresses. For a full explanation of these options visit http://www.zytrax.com/books/dns/ch6/mydomain.html which has a nice write-up on the format of a zone file. I did find that I needed to specify a NS SOA record with a corresponding A record or BIND would not start.


As you see below, a lot of this zone file is boilerplate but I did specify a record for “google” which signifies that “google.node” will point to the IP address “8.8.8.8.”


When you are done editing, save the file with CTRL-X.

       ;
       ; BIND data file for TLD “.node”
       ;
       $TTL    604800  ; (1 week)
       @       IN      SOA     node. root.node. (
       2015091220      ; serial (timestamp)
       604800          ; refresh (1 week)
       86400           ; retry (1 day)
       2419200         ; expire (28 days)
       604800 )        ; minimum (1 week)
       ;
       @         IN    NS    ns1.node.    ; this is required
       ;@        IN    A       0.0.0.0         ; unused right now, semicolon comments out the line
       google  IN    A       8.8.8.8
       ns1       IN    A       0.0.0.0         ; this is also required


Now, we need to edit the default zones configuration file to include our new zone.


nano named.conf.default-zones


A the bottom, paste the following block to add our new zone to the configuration.


zone “node.” {
                       type master;
                       file “/etc/bind/node.zone”;
                       allow-transfer { any;};
                       allow-query { any;};
};


Now find the block in the file similar to the below:


zone “.” {
               type hint;
               file “/etc/bind/db.root”;
};


Replace this block with the following to make our root server a slave to master root server 75.127.96.89. This is one of OpenNIC’s public DNS servers and by marking it as a master, we can also resolve OpenNIC TLDs as well as any TLDs under control of ICANN.

zone “.” in {

                  type slave;
                  file “/etc/bind/db.root”;
                  masters { 75.127.96.89; };

                 notify no;
  };


After saving the file, we want to generate a new root hints file which queries OpenNIC. This can be done with the dig command.


dig . NS @75.127.96.89 > /etc/bind/db.root


Finally, restart BIND.


/etc/init.d/bind9 restart


You should see:


[ ok ] Starting domain name service…: bind9.


Configuration on the server on your Linux machine is now done!



Step 3. Configure Other Machines to Use Your Server


On your Windows machine (on the same local network), visit the Network Connections panel by going to Control Panel -> Network and Internet -> Network Connections.


Right-click on your current network connection and select Properties. On the resulting Network Connection Properties dialog, select Internet Protocol Version 4 (TCP/IPv4) if you are using IPv4 for your local network or Internet Protocol Version 6 (TCP/IPv6). Since I am using IPv4, I will be selecting the former.


Next, click the Properties button. On the resulting Internet Protocol Properties dialog, select the radio button for “Use the following DNS server addresses.” Enter the IP address of your Linux machine in the Preferred DNS server box (192.168.1.12 from my example, but make sure you use the IP address of your Linux machine) and then click the OK button. Back on the Network Connection Properties dialog, click the Close button.


Now, load up a command shell and ping one of our defined domains.


ping google.node


You should see the following:


Pinging google.node [8.8.8.8] with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=15ms TTL=55
Reply from 8.8.8.8: bytes=32 time=17ms TTL=55
Reply from 8.8.8.8: bytes=32 time=16ms TTL=55


Congratulations, you now have a DNS server which will not only resolve your custom TLD but be accessible to other machines.



NEXT STEPS


This is just a proof of concept, and could easily be expanded upon for future projects. If you are wondering where to go from here, you could easily move on to make your DNS publicly accessible and expand the offerings. Further, you could construct multiple DNS nodes to act as slaves or links to your root server as a method of distributing the network to make it more reliable and geographically accessible


While I don’t think many BitTorrent trackers will be quick to adopt a system such as this, it still shows that you can create and resolve custom TLDs which may be useful for constructing alternative networks.



SOURCES


- http://wiki.opennicproject.org/Tier2ConfigBindHint
- http://timg.ws/2008/07/31/how-to-run-your-own-top-level-domain/
- http://www.unixmen.com/setup-dns-server-debian-7-wheezy/



––
BY MIKE DANK (@FAMICOMAN)