Home / Unlabelled / how to install dns server with centos Linux

how to install dns server with centos Linux



DNS stands for Domain Name System translates homname or URL into IP addresss for example if type test.com in browser the  DNS server are used used to translate to hostname like www.test.com to 172.16.1 sot it makes easy to remember the domain name instead of its IP address.

Secondary (Slave) DNS Server Detials:


Operating System     : CentOS 7 minimal server
Hostname             : secondarydns.test.com
IP Address           : 172.16.1.2/24



Client Details:


Operating System     : CentOS 6.5 Desktop  
Hostname             : client.unixmen.local
IP Address  : 172.16.1.2/24





setup primary (Master) DNS Sever

install bind9 package on your server.



Step :1



yum install bind bind-utils-y



Edit '/etc/named.conf



Add the lines as shown in bold:














//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 172.16.1.2;}; ### Master DNS IP ###
#    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 172.16.1.0/24;}; ### IP Range ###
    allow-transfer{ localhost; 192.16.1.2; };   ### Slave DNS IP ###

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "test.com" IN {
type master;
file "forward.test";
allow-update { none; };
};
zone "1.16.172.in-addr.arpa" IN {
type master;
file "reverse.test";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";














2. Create Zone files



Create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.



2.1 Create Forward Zone



Create forward.test file in the ‘/var/named’ directory.


vi /var/named/forward.test



Add the following lines:


$TTL 86400
@   IN  SOA     masterdns.test.com. root.test.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.test.com.

@       IN  NS          secondarydns.test.com.
@       IN  A           172.16.1.2
@       IN  A           172.16.1.3
@       IN  A           172.16.1.4
masterdns       IN  A   172.16.1.2
secondarydns    IN  A   172.16.1.2
client          IN  A   172.16.1.3



2.2 Create Reverse Zone



Create reverse.unixmen file in the ‘/var/named’ directory.


vi /var/named/reverse.test



Add the following lines:


$TTL 86400
@   IN  SOA     masterdns.test.com. root.test.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.test.com.
@       IN  NS          secondarydns.test.com.
@       IN  PTR         test.com.
masterdns       IN  A   172.16.1.2
secondarydns    IN  A   172.16.1.3
client          IN  A   172.16.1.4
101     IN  PTR         masterdns.test.com.
102     IN  PTR         secondarydns.test.com.
103     IN  PTR         client.test.com.



3. Start the DNS service



Enable and start DNS service:


systemctl enable named
systemctl start named



4. Firewall Configuration



We must allow the DNS service default port 53 through firewall.


firewall-cmd --permanent --add-port=53/tcp


firewall-cmd --permanent --add-port=53/udp



5. Restart Firewall


firewall-cmd --reload



6. Configuring Permissions, Ownership, and SELinux



Run the following commands one by one:


chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf



7. Test DNS configuration and zone files for any syntax errors



Check DNS default configuration file:


named-checkconf /etc/named.conf



If it returns nothing, your configuration file is valid.



Check Forward zone:


named-checkzone test.com /var/named/forward.test



Sample output:


zone test.com/IN: loaded serial 2011071001
OK



Check reverse zone:


named-checkzone unixmen.local /var/named/reverse.unixmen 




Sample Output:


zone test.com/IN: loaded serial 2011071001
OK



Add the DNS Server details in your network interface config file.


vi /etc/sysconfig/network-scripts/ifcfg-enp0s3


TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.101"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS="192.168.1.101"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"



Edit file /etc/resolv.conf,


vi /etc/resolv.conf



Add the name server ip address:


nameserver      192.168.1.101



Save and close the file.



Restart network service:


systemctl restart network



8. Test DNS Server


dig masterdns.unixmen.local



Sample Output:


; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.unixmen.local.    IN    A

;; ANSWER SECTION:
masterdns.unixmen.local. 86400    IN    A    192.168.1.101

;; AUTHORITY SECTION:
unixmen.local.        86400    IN    NS    secondarydns.unixmen.local.
unixmen.local.        86400    IN    NS    masterdns.unixmen.local.

;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 IN    A    192.168.1.102

;; Query time: 0 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Wed Aug 20 16:20:46 IST 2014
;; MSG SIZE  rcvd: 125


nslookup unixmen.local



Sample Output:


Server:        172.16.1.2
Address:    172.16.1.2#53

Name:    test.com
Address: 172.16.1.3
Name:    test.com
Address: 172.16.1.4
Name:    test.local
Address: 172.16.1.2



Now the Primary DNS server is ready to use.



It is time to configure our Secondary DNS server.








how to install dns server with centos Linux 
how to install dns server with centos Linux 
 
        Reviewed by http://hollywoods2017.blogspot.com/
        on 
        
August 20, 2019

 
        Rating: 5





















      

    






No comments:






































Subscribe to:

Post Comments
                      (
                      Atom
                      )
                    


















          



            
          































Powered by Blogger.