Skip to main content
  1. Our Guides/
  2. CoreDNS @ Wolfspyre Labs/
  3. 🏗️ Setting Up CoreDNS/
  4. Pi4 Soup to nuts/

⑤ Deploy & Config

⇦ ⇦ ⇦ Back to Build CoreDNS
Deploy and configure CoreDNS #
Make Haste! Robustification ⇨ ⇨ ⇨
Install CoreDNS
User and Group
Directories
Init scripts
Setup CoreDNS
Services
Enablement / Disablement
Base functional config
Test

🐾

Install CoreDNS #

User and group #

CoreDNS user #

According to our local copy of users uids/gid across different flavors of unix, Gentoo is the only unix variant that has assigned or reserved a UID/GID for CoreDNS: 312 Additionally in other variants 312 isnt a contended placeholder!
ERGO! 312 it is!

Adding the CoreDNS User 
useradd --home-dir /home/coredns --uid 312 \
--create-home --system coredns --user-group --shell /sbin/nologin --comment "CoreDNS User"

Directories and binaries #

Lets create the CoreDNS config directory, The CoreDNS User home directory, and the CoreDNS Binary

Install all the things 
install --group coredns --owner coredns --mode 0777 --verbose -d /etc/coredns /home/coredns

install --group=coredns --owner=coredns --mode=0755 /usr/src/coredns/coredns /usr/bin/coredns

… I hope you weren’t thinking this would be a big thing.

Install scripts and binaries #

Install the init script #

Put this file in /lib/systemd/system/coredns.service:

/lib/systemd/system/coredns.service 
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target

[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=/home/coredns
ExecStart=/bin/bash -c '/usr/bin/coredns -conf=/etc/coredns/Corefile'
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure

[Install]
WantedBy=multi-user.target

Let systemd know you’ve changed its’ configuration files via the command systemctl daemon-reload

….. I know, Kinda anti-climactic.

Setup CoreDNS #

Okay…. Everything essential is in place….now lets make a minimal configuration and kick the tires….

Disable systemd-resolved #

Disabling systemd-resolved 
systemctl disable systemd-resolved
systemctl stop systemd-resolved

resolv.conf #

Now that systemd-resolved is out of the picture, we have to fix resolv.conf.

systemd-resolved symlinks it to a dynamic file ( /run/systemd/resolve/stub-resolv.conf ):

root@coredns-03:~# ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 37 Aug 31 20:09 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.con

This is simple enough to fix though:

Fix resolv.conf 
root@coredns-03:~# rm /etc/resolv.conf && cat <<EOF>/etc/resolv.conf
nameserver 127.0.0.1
domain wolfspyre.com
search wolfspyre.com wolfspyre.io
EOF

Deploy a minimal, but functiona config to /etc/coredns/Corefile #

Here’s a minimal Corefile:

A Minimal CoreDNS Corefile 
(external) {
  health
  prometheus  0.0.0.0:9153
  metadata
  log . "{remote} {type} {name} {class} {size} {rcode} {duration}"
  errors
  cache 
  template ANY AAAA { rcode NOERROR  }
}
.:53 {
  import external
  forward . 127.0.0.1:5301 127.0.0.1:5302
}

.:5301 {
  import external
  forward . 8.8.8.8 8.8.4.4 { tls_servername dns.google }
}

.:5302 {
  import external
  forward . 1.1.1.1 1.0.0.1 { tls_servername cloudflare-dns.com }
}

With the above Corefile installed. we should be able to kick off the CoreDNS service and make sure it returns queries

Enable and start CoreDNS #

Starting CoreDNS 
systemctl enable coredns
systemctl start coredns
systemctl status coredns
Look Ma! It Works! 
root@coredns-03:/usr/src/coredns# service coredns status
● coredns.service - CoreDNS DNS server
     Loaded: loaded (/lib/systemd/system/coredns.service; enabled; vendor preset:>
     Active: active (running) since Tue 2022-09-13 15:26:58 CDT; 4s ago
       Docs: https://coredns.io
   Main PID: 37561 (coredns)
      Tasks: 9 (limit: 4416)
     Memory: 10.3M
        CPU: 280ms
     CGroup: /system.slice/coredns.service
             └─37561 /usr/bin/coredns -conf=/etc/coredns/Corefile

Sep 13 15:26:58 coredns-03 systemd[1]: Started CoreDNS DNS server.
Sep 13 15:26:58 coredns-03 coredns[37561]: .:53
Sep 13 15:26:58 coredns-03 coredns[37561]: .:5301
Sep 13 15:26:58 coredns-03 coredns[37561]: .:5302
Sep 13 15:26:58 coredns-03 coredns[37561]: CoreDNS-1.9.4
Sep 13 15:26:58 coredns-03 coredns[37561]: linux/arm64, go1.19.1, 8655b7cb-dirty

Well whaddaya know! It works!

Neat, eh?

Lets continue on and install some extra stuff to make this host a little more durable

🐾
⇦ ⇦ ⇦ Back to Build CoreDNS
Make Haste! Robustification ⇨ ⇨ ⇨