Greetings,

I'm currently working on a project and could use some guidance. In my project, I have several components: a gateway, DNS server, mail server, web server, and a client (workstation).

The external interface is enp0s9, with the external IP address set to 172.16.10.2. The gateway address is 172.16.10.1, and my DNS servers are 8.8.8.8 and 9.9.9.9. The internal network is on the 10.20.30.0/24 subnet.

After configuring the basic settings on my servers and ensuring I can ping all hosts on my network, I'm looking to set up a DHCP server to support at least 60 clients via my gateway. The DNS server should receive a static network configuration via DHCP. The assigned IP address range for clients must not overlap with the server addresses. The goal is to provide the workstation with network settings in the internal network and ensure the DNS server has a static IP.

I also need to configure a DNS server to resolve specific FQDNs:
- Webserver: www.project.ant
- Nameserver: ns.project.ant
- Mailserver: email.project.ant
- Gateway: gw.project.ant
- www.orf.at

The aim is to resolve all these FQDNs to their respective IP addresses, set up reverse lookups, and associate them with the mail server.

My internal network's web server (10.20.30.0/24) should be accessible via the external IP address. For this, I want to create two virtual hosts (tina.project.ant and max.project.ant) and modify the homepage content for both. The goal is for these virtual hosts to be accessible from the workstation via the external IP address.

Additionally, I want to configure the email server so that the workstation can send emails from tina@project.ant to max@project.ant using a mail user agent like Thunderbird.

For network security, I intend to implement the following stateful inspection firewall rules:
- Allow the DNS server to respond to DNS requests only.
- Restrict internal network hosts to use only HTTP (no HTTPS) connections to the internet.
- Allow the gateway to use only HTTPS connections to the internet.
- Allow the mail server to respond to mail requests only.

This project is quite extensive, and I've explored different approaches, but none have been successful so far. I would greatly appreciate a clear tutorial or guidelines on how to resolve these issues. I've managed to set up the basic configuration correctly, but everything beyond that isn't functioning as expected.

So essentially you want to:

• Set up a DNS server
• Set up a DHCP server
• Set up a web server
• Set up a mail server
• Configure firewall/networks accordingly

Great; so where are you stuck??? What 'approaches' have you tried, and what exactly do you mean they weren't 'successful'?? There are a LOT of steps/things to do to configure all of these things, so asking us to type up a tutorial to do all this isn't going to be something volunteers on a forum will do. You don't tell us what version/distro of Linux you're using on this, or if these are virtual servers or physical.

There are tutorials you can easily find on how to set up DNS, DHCP, web, and email. Have you consulted any of them???

Yes, indeed! The servers are virtual and I am using proxmox virtual environment 8.0.4 using Linux 6.x - 2.6 Kernel.
My approach for the DHCP server was to install dhcp with this command: sudo apt install isc-dhcp-server
In /etc/default/isc-dhcp-server I set the INTERFACESv4 to my internal interface enp0s10. In /etc/dhcp/dhcpd.conf I added my option domain-name-servers 10.20.30.20, the default lease time and the max lease time. I also added the attribute authoritative and set ddns-update-style none. Then I defined my subnet 10.20.30.0 netmask 255.255.255.0 with the range of 60 clients, the option router, the option broadcast address (10.20.30.255) and the domain name server (10.20.30.20).

I restarted isc-dhcp-server. The status is active running, however I get following error message: uid lease 10.20.30.50 for client 2a:7a:7f:10:15:aa is duplicate on 10.20.30.0/24.2a:7a:7f:10:15:aa being the MAC address of my workstation client.

For DNS I installed bind9 using this command: sudo apt install -y bind9 bind9utils bind9-doc dnsutils

In the "named.conf.options" file, I added a new access control list block for my trusted clients, like this:

acl "trusted" {
10.20.30.0/24;
localhost;
};
I also allowed specific properties in the "options" section, including recursion, allow-recursion, listen-on 10.20.30.20 (my DNS server), allow-transfer (none), and allow-query (trusted). Additionally, I added forwarders like this:

forwarders {
10.100.0.1;
10.100.0.2;
};
For the forward and reverse zones, I created two files and referenced them in the "named.conf.local".

zone "project.ant." {
type: master;
file "etc/bind/db.project.ant";
allow-transfer { 10.20.30.10; };
};

zone "30.20.10.in-addr.arpa" {
type: master;
file "/etc/bind/db.30.20.10";
allow-transfer { 10.20.30.10; };
};

My reverse zone file:

$TTL 604800
@ IN SOA ns.project.ant. root.ns.project.ant (
8 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expired
604800 ) ; Negative Cache TTL

1 IN PTR www.project.ant. ; 10.20.30.30
2 IN PTR ns.project.ant. ; 10.20.30.20
3 IN PTR email.project.ant. ; 10.20.30.40
4 IN PTR gw.project.ant. ; 10.20.30.10

My forward zone file:

$TTL 604800
@ IN SOA ns.project.ant. rootns.project.ant. (
12 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expired
604800 ) ; Negative Cache TTL

@ IN NS ns.project.ant.
@ IN MX 0 mail.project.ant.

ns IN A 10.20.30.20
www IN A 10.20.30.30

email.project.ant. IN MX 10 email.project.ant.




-------

I am currently experiencing a DNS resolution issue with my DNS server configuration using bind9. The specific problem is that DNS entries for various hostnames cannot be resolved correctly.

Do you increase the Bind serial number every time you do a change?