How To Setup DNS Server In Ubuntu
Scenario
For the purpose of this tutorial, I will be using three nodes. One will be acting as Master DNS server, the second system will be acting as Secondary DNS, and the third will be our DNS client. Here are my three systems details.
Primary (Master) DNS Server Details:
Operating System : Ubuntu 14.04 64bit minimal server Hostname : masterdns.unixmen.local IP Address : 192.168.1.101/24
Secondary (Slave) DNS Server Details:
Operating System : Ubuntu 14.04 32bit minimal server Hostname : secondarydns.unixmen.local IP Address : 192.168.1.102/24
Client Details:
Operating System : Ubuntu 14.04 desktop Hostname : client.unixmen.local IP Address : 192.168.1.103/24
Setup Caching Server
In this configuration BIND9 will find the answer to name queries and remember the answer for the next query. This can be useful for a slow internet connection. By caching DNS queries, you will reduce bandwidth and (more importantly) latency.
The default configuration is setup to act as a caching server. All that is required is simply adding the IP Addresses of your ISP’s DNS servers. Caching server is opt for low Internet connection.
Install bind9 packages using command:
sudo apt-get install bind9 bind9utils bind9-doc
Then edit /etc/bind/named.conf.options file,
sudo vi /etc/bind/named.conf.options
Simply uncomment and edit the following in /etc/bind/named.conf.options:
forwarders {
8.8.8.8;
};
Restart bind9 service.
sudo service bind9 restart
Test Caching Server
Run the following command to test it.
dig -x 127.0.0.1
Sample output:
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60612 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;1.0.0.127.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.0.0.127.in-addr.arpa. 604800 IN PTR localhost. ;; AUTHORITY SECTION: 127.in-addr.arpa. 604800 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 604800 IN A 127.0.0.1 localhost. 604800 IN AAAA ::1 ;; Query time: 4 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Thu Apr 09 14:51:36 IST 2015 ;; MSG SIZE rcvd: 132
Setup Primary (Master) DNS Server
You can use the same server for both Primary and Caching server.
Install bind9 packages on your server if not installed.
sudo apt-get install bind9 bind9utils bind9-doc
1. Configure Master DNS Server
DNS configuration files are stored in /etc/bind directory. Primary configuration file is/etc/bind/namd.conf.
Edit ‘/etc/bind/named.conf’ file.
sudo vi /etc/bind/named.conf
Make sure it contains the following lines. If not, add them.
include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";
Save and close the file.
Then, edit named.conf.local,
sudo vi /etc/bind/named.conf.local
Add the lines as shown in bold:
zone "unixmen.local" {
type master;
file "/etc/bind/forward.unixmen";
allow-transfer { 192.168.1.102; };
also-notify { 192.168.1.102; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/reverse.unixmen";
allow-transfer { 192.168.1.102; };
also-notify { 192.168.1.102; };
};
Here,
- forward.unixmen – Forward zone file
- reverse.unixmen – Reverse zone file
- 192.168.1.102 – Slave DNS server
2. Create Zone files
Create forward and reverse zone files which we defiend in the‘/etc/bind/named.conf.local’ file.
2.1 Create Forward Zone
Create Forward Zone file name forward.unixmen in /etc/bind/zones,
sudo vi /etc/bind/forward.unixmen
Add the following lines:
$TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN A 192.168.1.101 @ IN A 192.168.1.102 @ IN A 192.168.1.103 masterdns IN A 192.168.1.101 secondarydns IN A 192.168.1.102 client IN A 192.168.1.103
2.2 Create Reverse Zone
Create Forward Zone file name reverse.unixmen in /etc/bind/zones,
sudo vi /etc/bind/reverse.unixmen
Add the following lines:
$TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071002 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN PTR unixmen.local. masterdns IN A 192.168.1.101 secondarydns IN A 192.168.1.102 client IN A 192.168.1.103 101 IN PTR masterdns.unixmen.local. 102 IN PTR secondarydns.unixmen.local. 103 IN PTR client.unixmen.local.
3. Configuring Permissions, Ownership for Bind
Run the following commands one by one:
sudo chmod -R 755 /etc/bind
sudo chown -R bind:bind /etc/bind4. Test DNS configuration and zone files for any syntax errors
Check DNS default configuration file:
sudo named-checkconf /etc/bind/named.conf
sudo named-checkconf /etc/bind/named.conf.local
If it returns nothing, your configuration is valid.
Check Forward zone:
sudo named-checkzone unixmen.local /etc/bind/forward.unixmen
Sample output:
zone unixmen.local/IN: loaded serial 2011071001 OK
Check reverse zone:
sudo named-checkzone unixmen.local /etc/bind/reverse.unixmen
Sample Output:
zone unixmen.local/IN: loaded serial 2011071002 OK
Restart bind9 service.
sudo service bind9 restart
Add the DNS Server details in your network interface config file.
sudo vi /etc/network/interfaces
Add the nameserver IP address:
autoeth0 iface eth0 inet static address 192.168.1.101 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 dns-nameservers 192.168.1.101 dns-search unixmen.local
Reboot your system.
5. Test DNS Server
Method 1:
dig masterdns.unixmen.local
Sample Output:
; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27712 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.unixmen.local. IN A ;; ANSWER SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101 ;; AUTHORITY SECTION: unixmen.local. 86400 IN NS masterdns.unixmen.local. unixmen.local. 86400 IN NS secondarydns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102 ;; Query time: 4 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Thu Apr 09 14:20:00 IST 2015 ;; MSG SIZE rcvd: 125
Method 2:
nslookup unixmen.local
Sample Output:
Server: 192.168.1.101 Address: 192.168.1.101#53 Name: unixmen.local Address: 192.168.1.101 Name: unixmen.local Address: 192.168.1.102 Name: unixmen.local Address: 192.168.1.103
Now the Primary DNS server is ready to use.
It is time to configure our Secondary DNS server.
Setup Secondary(Slave) DNS Server
Secondary DNS server is optional, but recommended. If the master DNS server goes down, the Secondary DNS server will take charge and answer the queries. You need an additional server to setup Slave DNS server.
Install bind9 packages using the following command:
sudo apt-get install bind9 bind9utils bind9-doc
1. Configure Slave DNS Server
Edit ‘/etc/bind/named.conf’ file.
sudo vi /etc/bind/named.conf
Make sure it contains the following lines. If not, add them.
include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";
Save and close the file.
Then, edit named.conf.local,
sudo vi /etc/bind/named.conf.local
Add the lines as shown in bold:
zone "unixmen.local" {
type slave;
file "/var/cache/bind/forward.unixmen";
masters { 192.168.5.101; };
};
zone "1.168.192.in-addr.arpa" {
type slave;
file "/var/cache/bind/reverse.unixmen";
masters { 192.168.5.101; };
};
Here,
- forward.unixmen – Forward zone file
- reverse.unixmen – Reverse zone file
- 192.168.1.101 – Master DNS server
The zone file must be in /var/cache/bind/ because, by default, AppArmor only allows write access inside it.
3. Configuring Permissions, Ownership for Bind
Run the following commands one by one:
sudo chmod -R 755 /etc/bind
sudo chown -R bind:bind /etc/bind
Restart bind9 service.
sudo service bind9 restart
4. Add the DNS Server details
Add the DNS Server details in your network interface config file.
sudo vi /etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.102 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 dns-nameservers 192.168.1.101 dns-nameservers 192.168.1.102 dns-search home
Save and close the file.
Reboot your system.
5. Test DNS Server
After logging in to your server, run the following commands to check if DNS server is really working or not.
Method 1:
dig masterdns.unixmen.local
Sample Output:
; <<>> DiG 9.9.5-3-Ubuntu <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20290 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.unixmen.local. IN A ;; ANSWER SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101 ;; AUTHORITY SECTION: unixmen.local. 86400 IN NS masterdns.unixmen.local. unixmen.local. 86400 IN NS secondarydns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102 ;; Query time: 5 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Thu Apr 09 14:32:38 IST 2015 ;; MSG SIZE rcvd: 125
Method 2:
dig secondarydns.unixmen.local
Sample Output:
; <<>> DiG 9.9.5-3-Ubuntu <<>> secondarydns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53461 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;secondarydns.unixmen.local. IN A ;; ANSWER SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102 ;; AUTHORITY SECTION: unixmen.local. 86400 IN NS masterdns.unixmen.local. unixmen.local. 86400 IN NS secondarydns.unixmen.local. ;; ADDITIONAL SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101 ;; Query time: 5 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Thu Apr 09 14:33:02 IST 2015 ;; MSG SIZE rcvd: 125
Method 3:
nslookup unixmen.local
Sample Output:
Server: 192.168.1.101 Address: 192.168.1.101#53 Name: unixmen.local Address: 192.168.1.101 Name: unixmen.local Address: 192.168.1.103 Name: unixmen.local Address: 192.168.1.102
Note: A zone is only transferred if the Serial Number on the Primary DNS server is larger than the one on the Secondary DNS server.
Client Side Configuration
Add the DNS server details in ‘/etc/resolv.conf’ file in all client systems
vi /etc/resolv.conf
# Generated by NetworkManager search unixmen.local nameserver 192.168.1.101 nameserver 192.168.1.102
Restart network service or reboot the system.
Test DNS Server
Now, you can test the DNS server using any one of the following commands:
dig masterdns.unixmen.local
dig secondarydns.unixmen.local
dig client.unixmen.local
nslookup unixmen.local
That’s all about now. The primary and secondary DNS servers are ready to use.
#####################################################
===================================================
DNS Server Installation Step by
Step Using CentOS 6.5/6.4/6.3
Scenario
Primary(Master) DNS Server Details:
Operating System : CentOS 6.5 server Hostname : masterdns.unixmen.local IP Address : 192.168.1.100/24
Secondary(Slave) DNS Server Details:
Operating System : CentOS 6.5 server Hostname : secondarydns.unixmen.local IP Address : 192.168.1.101/24
Client Details:
Operating System : CentOS 6.5 Desktop Hostname : Client.unixmen.local IP Address : 192.168.1.102/24
Setup Primary(Master) DNS Server
[root@masterdns ~]# yum install bind* -y
1. Configure DNS Server
Add the lines as shown below in ‘/etc/named.conf’ file
[root@masterdns ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.100; }; ### Master DNS IP ###
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ### IP Range ###
allow-transfer{ localhost; 192.168.1.101; }; ### Slave DNS IP ###
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"unixmen.local" IN {
type master;
file "forward.unixmen";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Create Zone files
Create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.
2.1 Create Forward Zone
Create forward.unixmen file in the ‘/var/named’ directory.
[root@masterdns ~]# vi /var/named/forward.unixmen $TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN A 192.168.1.100 @ IN A 192.168.1.101 @ IN A 192.168.1.102 masterdns IN A 192.168.1.100 secondarydns IN A 192.168.1.101 client IN A 192.168.1.102
2.2 Create Reverse Zone
Create reverse.unixmen file in the ‘/var/named’ directory.
[root@masterdns ~]# vi /var/named/reverse.unixmen $TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN PTR unixmen.local. masterdns IN A 192.168.1.100 secondarydns IN A 192.168.1.101 client IN A 192.168.1.102 100 IN PTR masterdns.unixmen.local. 101 IN PTR secondarydns.unixmen.local. 102 IN PTR client.unixmen.local.
3. Start the DNS service
[root@masterdns ~]# service named start Starting named: [ OK ] [root@masterdns ~]# chkconfig named on
4. Adjust iptables to allow DNS server from outside of the network
Add the lines as shown below in ‘/etc/sysconfig/iptables’ file.
[root@masterdns ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
5. Restart iptables
[root@masterdns ~]# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
6. Test DNS configuration and zone files for any syntax errors
[root@masterdns ~]# named-checkconf /etc/named.conf [root@masterdns ~]# named-checkzone unixmen.local /var/named/forward.unixmen zone unixmen.local/IN: loaded serial 2011071001 OK [root@masterdns ~]# named-checkzone unixmen.local /var/named/reverse.unixmen zone unixmen.local/IN: loaded serial 2011071001 OK
7. Test DNS Server
[root@masterdns ~]# dig masterdns.unixmen.local ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49834 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.unixmen.local.INA ;; ANSWER SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 ;; AUTHORITY SECTION: unixmen.local.86400INNSsecondarydns.unixmen.local. unixmen.local.86400INNSmasterdns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; Query time: 6 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:07:56 2013 ;; MSG SIZE rcvd: 114
[root@masterdns ~]# nslookup unixmen.local Server:192.168.1.100 Address:192.168.1.100#53 Name:unixmen.local Address: 192.168.1.102 Name:unixmen.local Address: 192.168.1.100 Name:unixmen.local Address: 192.168.1.101
Now the Primary DNS server is ready to use.
Setup Secondary(Slave) DNS Server
[root@secondarydns ~]# yum install bind* -y
1. Configure Slave DNS Server
Open the main configuration file ‘/etc/named.conf’ and add the lines as shown below.
[root@secondarydns ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.101; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.100; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.100; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Start the DNS Service
[root@secondarydns ~]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] [root@secondarydns ~]# chkconfig named on
Now the forward and reverse zones are automatically replicated from Master DNS server to‘/var/named/slaves/’ in Secondary DNS server.
[root@secondarydns ~]# ls /var/named/slaves/ unixmen.fwd unixmen.rev
[root@secondarydns ~]# cat /var/named/slaves/unixmen.fwd $ORIGIN . $TTL 86400; 1 day unixmen.localIN SOAmasterdns.unixmen.local. root.unixmen.local. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS masterdns.unixmen.local. NS secondarydns.unixmen.local. A192.168.1.100 A192.168.1.101 A192.168.1.102 $ORIGIN unixmen.local. clientA192.168.1.102 masterdnsA192.168.1.100 secondarydnsA192.168.1.101
[root@secondarydns ~]# cat /var/named/slaves/unixmen.rev $ORIGIN . $TTL 86400; 1 day 1.168.192.in-addr.arpaIN SOAmasterdns.unixmen.local. root.unixmen.local. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS masterdns.unixmen.local. NS secondarydns.unixmen.local. PTRunixmen.local. $ORIGIN 1.168.192.in-addr.arpa. 100PTRmasterdns.unixmen.local. 101PTRsecondarydns.unixmen.local. 102PTRclient.unixmen.local. clientA192.168.1.102 masterdnsA192.168.1.100 secondarydnsA192.168.1.101
3. Add the DNS Server details to all systems
[root@secondarydns ~]# vi /etc/resolv.conf # Generated by NetworkManager search ostechnix.com nameserver 192.168.1.100 nameserver 192.168.1.101 nameserver 8.8.8.8
4. Test DNS Server
[root@secondarydns ~]# dig masterdns.unixmen.local ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21487 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.unixmen.local.INA ;; ANSWER SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 ;; AUTHORITY SECTION: unixmen.local.86400INNSmasterdns.unixmen.local. unixmen.local.86400INNSsecondarydns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; Query time: 15 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:27:57 2013 ;; MSG SIZE rcvd: 114
[root@secondarydns ~]# dig secondarydns.unixmen.local ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> secondarydns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20958 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;secondarydns.unixmen.local.INA ;; ANSWER SECTION: secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; AUTHORITY SECTION: unixmen.local.86400INNSmasterdns.unixmen.local. unixmen.local.86400INNSsecondarydns.unixmen.local. ;; ADDITIONAL SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 ;; Query time: 4 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:31:53 2013 ;; MSG SIZE rcvd: 114
[root@secondarydns ~]# nslookup unixmen.local Server:192.168.1.100 Address:192.168.1.100#53 Name:unixmen.local Address: 192.168.1.101 Name:unixmen.local Address: 192.168.1.102 Name:unixmen.local Address: 192.168.1.100
Client Side Configuration
Add the DNS server details in ‘/etc/resolv.conf’ file in all client systems
[root@client unixmen]# vi /etc/resolv.conf # Generated by NetworkManager search unixmen.local nameserver 192.168.1.100 nameserver 192.168.1.101 nameserver 8.8.8.8
Test DNS Server
[root@client unixmen]# dig masterdns.unixmen.local ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19496 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.unixmen.local.INA ;; ANSWER SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 ;; AUTHORITY SECTION: unixmen.local.86400INNSmasterdns.unixmen.local. unixmen.local.86400INNSsecondarydns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; Query time: 30 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:47:55 2013 ;; MSG SIZE rcvd: 114
[root@client unixmen]# dig secondarydns.unixmen.local ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> secondarydns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14852 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;secondarydns.unixmen.local.INA ;; ANSWER SECTION: secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; AUTHORITY SECTION: unixmen.local.86400INNSsecondarydns.unixmen.local. unixmen.local.86400INNSmasterdns.unixmen.local. ;; ADDITIONAL SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 ;; Query time: 8 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:48:38 2013 ;; MSG SIZE rcvd: 114
[root@client unixmen]# dig client.unixmen.local ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> client.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14604 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;client.unixmen.local.INA ;; ANSWER SECTION: client.unixmen.local.86400INA192.168.1.102 ;; AUTHORITY SECTION: unixmen.local.86400INNSmasterdns.unixmen.local. unixmen.local.86400INNSsecondarydns.unixmen.local. ;; ADDITIONAL SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; Query time: 5 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:49:11 2013 ;; MSG SIZE rcvd: 137
[root@client unixmen]# nslookup unixmen.local Server:192.168.1.100 Address:192.168.1.100#53 Name:unixmen.local Address: 192.168.1.102 Name:unixmen.local Address: 192.168.1.100 Name:unixmen.local Address: 192.168.1.101
Now the primary and secondary DNS servers are ready.
#######################################################==========================================================
Setting Up DNS Server On CentOS 7
DNS Server Installation
Scenario
For the purpose of this tutorial, I will be using three nodes. One will be acting as Master DNS server, the second system will be acting as Secondary DNS, and the third will be our DNS client. Here are my three systems details.
Primary (Master) DNS Server Details:
Operating System : CentOS 7 minimal server Hostname : masterdns.unixmen.local IP Address : 192.168.1.101/24
Secondary (Slave) DNS Server Details:
Operating System : CentOS 7 minimal server Hostname : secondarydns.unixmen.local IP Address : 192.168.1.102/24
Client Details:
Operating System : CentOS 6.5 Desktop Hostname : client.unixmen.local IP Address : 192.168.1.103/24
Setup Primary (Master) DNS Server
Install bind9 packages on your server.
yum install bind bind-utils -y
1. Configure DNS Server
Edit ‘/etc/named.conf’ file.
vi /etc/named.conf
Add the lines as shown in bold:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.101;}; ### Master DNS IP ###
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24;}; ### IP Range ###
allow-transfer{ localhost; 192.168.1.102; }; ### Slave DNS IP ###
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "unixmen.local" IN {
type master;
file "forward.unixmen";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Create Zone files
Create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.
2.1 Create Forward Zone
Create forward.unixmen file in the ‘/var/named’ directory.
vi /var/named/forward.unixmen
Add the following lines:
$TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN A 192.168.1.101 @ IN A 192.168.1.102 @ IN A 192.168.1.103 masterdns IN A 192.168.1.101 secondarydns IN A 192.168.1.102 client IN A 192.168.1.103
2.2 Create Reverse Zone
Create reverse.unixmen file in the ‘/var/named’ directory.
vi /var/named/reverse.unixmen
Add the following lines:
$TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN PTR unixmen.local. masterdns IN A 192.168.1.101 secondarydns IN A 192.168.1.102 client IN A 192.168.1.103 101 IN PTR masterdns.unixmen.local. 102 IN PTR secondarydns.unixmen.local. 103 IN PTR client.unixmen.local.
3. Start the DNS service
Enable and start DNS service:
systemctl enable named systemctl start named
4. Firewall Configuration
We must allow the DNS service default port 53 through firewall.
firewall-cmd --permanent --add-port=53/tcp
5. Restart Firewall
firewall-cmd --reload
6. Configuring Permissions, Ownership, and SELinux
Run the following commands one by one:
chgrp named -R /var/namedchown -v root:named /etc/named.confrestorecon -rv /var/namedrestorecon /etc/named.conf
7. Test DNS configuration and zone files for any syntax errors
Check DNS default configuration file:
named-checkconf /etc/named.conf
If it returns nothing, your configuration file is valid.
Check Forward zone:
named-checkzone unixmen.local /var/named/forward.unixmen
Sample output:
zone unixmen.local/IN: loaded serial 2011071001 OK
Check reverse zone:
named-checkzone unixmen.local /var/named/reverse.unixmen
Sample Output:
zone unixmen.local/IN: loaded serial 2011071001 OK
Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME="enp0s3" UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa" ONBOOT="yes" HWADDR="08:00:27:19:68:73" IPADDR0="192.168.1.101" PREFIX0="24" GATEWAY0="192.168.1.1" DNS="192.168.1.101" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,
vi /etc/resolv.conf
Add the name server ip address:
nameserver 192.168.1.101
Save and close the file.
Restart network service:
systemctl restart network
8. Test DNS Server
dig masterdns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.unixmen.local. IN A ;; ANSWER SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101 ;; AUTHORITY SECTION: unixmen.local. 86400 IN NS secondarydns.unixmen.local. unixmen.local. 86400 IN NS masterdns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102 ;; Query time: 0 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Wed Aug 20 16:20:46 IST 2014 ;; MSG SIZE rcvd: 125
nslookup unixmen.local
Sample Output:
Server: 192.168.1.101 Address: 192.168.1.101#53 Name: unixmen.local Address: 192.168.1.103 Name: unixmen.local Address: 192.168.1.101 Name: unixmen.local Address: 192.168.1.102
Now the Primary DNS server is ready to use.
It is time to configure our Secondary DNS server.
Setup Secondary(Slave) DNS Server
Install bind packages using the following command:
yum install bind bind-utils -y
1. Configure Slave DNS Server
Edit file ‘/etc/named.conf’:
vi /etc/named.conf
Make the changes as shown in bold.
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; };
.
.
.
.
zone "." IN {
type hint;
file "named.ca";
};
zone "unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.101; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.101; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Start the DNS Service
systemctl enable named systemctl start named
Now the forward and reverse zones are automatically replicated from Master DNS server to ‘/var/named/slaves/’ in Secondary DNS server.
ls /var/named/slaves/
Sample Output:
unixmen.fwd unixmen.rev
3. Add the DNS Server details
Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME="enp0s3" UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa" ONBOOT="yes" HWADDR="08:00:27:19:68:73" IPADDR0="192.168.1.102" PREFIX0="24" GATEWAY0="192.168.1.1" DNS1="192.168.1.101" DNS2="192.168.1.102" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,
vi /etc/resolv.conf
Add the name server ip address:
nameserver 192.168.1.101 nameserver 192.168.1.102
Save and close the file.
Restart network service:
systemctl restart network
4. Firewall Configuration
We must allow the DNS service default port 53 through firewall.
firewall-cmd --permanent --add-port=53/tcp
5. Restart Firewall
firewall-cmd --reload
6. Configuring Permissions, Ownership, and SELinux
chgrp named -R /var/namedchown -v root:named /etc/named.confrestorecon -rv /var/namedrestorecon /etc/named.conf
7. Test DNS Server
dig masterdns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18204 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.unixmen.local. IN A ;; ANSWER SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101 ;; AUTHORITY SECTION: unixmen.local. 86400 IN NS masterdns.unixmen.local. unixmen.local. 86400 IN NS secondarydns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102 ;; Query time: 0 msec ;; SERVER: 192.168.1.102#53(192.168.1.102) ;; WHEN: Wed Aug 20 17:04:30 IST 2014 ;; MSG SIZE rcvd: 125
dig secondarydns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> secondarydns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60819 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;secondarydns.unixmen.local. IN A ;; ANSWER SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102 ;; AUTHORITY SECTION: unixmen.local. 86400 IN NS masterdns.unixmen.local. unixmen.local. 86400 IN NS secondarydns.unixmen.local. ;; ADDITIONAL SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101 ;; Query time: 0 msec ;; SERVER: 192.168.1.102#53(192.168.1.102) ;; WHEN: Wed Aug 20 17:05:50 IST 2014 ;; MSG SIZE rcvd: 125
nslookup unixmen.local
Sample Output:
Server: 192.168.1.102 Address: 192.168.1.102#53 Name: unixmen.local Address: 192.168.1.101 Name: unixmen.local Address: 192.168.1.103 Name: unixmen.local Address: 192.168.1.102
Client Side Configuration
Add the DNS server details in ‘/etc/resolv.conf’ file in all client systems
vi /etc/resolv.conf
# Generated by NetworkManager search unixmen.local nameserver 192.168.1.101 nameserver 192.168.1.102
Restart network service or reboot the system.
Test DNS Server
Now, you can test the DNS server using any one of the following commands:
dig masterdns.unixmen.local
dig secondarydns.unixmen.local
dig client.unixmen.local
nslookup unixmen.local
That’s all about now. The primary and secondary DNS servers are ready to use.
Command (IF DNS not working)
# bind chrootadmin -d# bind chrootadmin -e
No comments:
Post a Comment