How to configure a DNS server in Rhel 6 | centos 6 using BIND | Step by Step

DNS (Domain Name System) is the core component of network infrastructure. The DNS service resolves hostname into ip address and vice versa.
For example if we type www.linux.hoit.asia in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.

Scenario
Here are my test setup scenario :
Operating System              : RHEL 6
Internal LAN IP of DNS Server : 192.168.10.2
Hostname : server1.howtoc.com

Indication
blue character : means linux command.
bold character : means you have to change/output in files to particulate line or paragraph.
Normal character : means output of linux command or files.

1. Setup a network-script files :
[root@server1 ~]# vim /etc/sysconfig/netwprk-scripts/ifcfg-eth0
DEVICE="eth0"
NM_CONTROLLED="yes"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
IPADDR=192.168.10.2
PREFIX=24
GATEWAY=10.102.1.1
DNS1=192.168.10.2
HWADDR=00:16:EC:38:25:3D

2. Setup a hosts file :
[root@server1  ~]# vim /etc/hosts
192.168.10.2 server1.howtoc.com server1 # Added by NetworkManager
127.0.0.1 localhost.localdomain localhost
::1 server1.howtoc.com server1 localhost6.localdomain6 localhost6

[root@server1 ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=server1.howtoc.com

3. Add the nameserver in resolve file :
[root@server1 ~]# vim /etc/resolve.conf

search howtoc.com
nameserver 192.168.10.2

4. Now time to install BIND packages from yum :
[root@server1  ~]# yum -y install bind*

[root@server1 ~]# updatedb

# Find the named.conf file(Main configuration file of BIND)
[root@server1 ~]# locate named.conf
/etc/named.conf
/usr/share/doc/bind-9.7.0/named.conf.default
/usr/share/doc/bind-9.7.0/sample/etc/named.conf
/usr/share/logwatch/default.conf/services/named.conf
/usr/share/man/man5/named.conf.5.gz

# Go to below path
[root@server1 ~]# cd /var/named/chroot/
[root@server1 chroot]# cd etc
[root@server1 etc]# pwd
/var/named/chroot/etc

5. Copy named.conf file from BIND lib. & Change the group of named.conf :
[root@server1  etc]# cp /usr/share/doc/bind-9.7.0/named.conf.default named.conf 
[root@server1 etc]# chgrp named named.conf
[root@server1 etc]# ll named.conf
f -rw-r--r--. 1 root named 930 Aug 3 07:58 named.conf

6. Edit the BIND configuration file :
[root@server1  etc]# vim  named.conf 

[root@server1 etc]# grep listen named.conf
listen-on port 53 { 127.0.0.1; };
Comment it # // listen-on-v6 port 53 { ::1; };

[root@server1 etc]# vim named.conf

[root@server1 etc]# grep listen named.conf

listen-on port 53 { 127.0.0.1; 192.168.10.2; };
Comment it # // listen-on-v6 port 53 { ::1; };

7. Restart the name(BIND) service :
[root@server1  etc]# /etc/init.d/named restart 
Stopping named: [ OK ]
Starting named: [ OK ]

8. Edit the named.conf file & add the zone :
# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1;192.168.10.2; };
/*listen-on-v6 port 53 { ::1; };*/
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;192.168.10.0/24; };
# transfer range ( set it if you have secondary DNS )
allow-transfer { localhost; 192.168.10.0/24; };,
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "howtoc.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";


9. Now edit the rfc1912.zones which define in named.conf :
# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "howtoc.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "10.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};

10. Copy the zone file from BIND Lib :
[root@server1 named]#cp named.localhost  forward.zone
[root@server1 named]#cp named.loopback reverse.zone

11. Edit the forward zone (name to ip Addr) :
[root@server1 named]#vim /var/named/forward.zone
$TTL 1D
@ IN SOA server1.howtoc.com. root.howtoc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS server1.howtoc.com.
IN A 192.168.10.2
server1 IN A 192.168.10.2

12. Edit the reverse zone (ip Addr to name) :
[root@server1 named]#vim /var/named/reverse.zone
$TTL 1D
@ IN SOA server1.howtoc.com. root.howtoc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS server1.howtoc.com.
IN PTR howtoc.com.
IN A 255.255.255.0
2 IN PTR server1.howtoc.com.

12. Change the group permission & restart the service :
[root@server1 named]#chgrp named  forward.zone
[root@server1 named]#chgrp named reverse.zone
[root@server1 named]#/etc/init.d/named restart

13. Test your DNS server using dig command :
@ forward lookup
[root@server1 named]# dig server1.howtoc.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> server1.howtoc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50351
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;server1.howtoc.com. IN A

;; ANSWER SECTION:
server1.howtoc.com. 86400 IN A 192.168.10.2

;; AUTHORITY SECTION:
howtoc.com. 86400 IN NS server1.howtoc.com.

;; Query time: 0 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Tue Oct 16 10:13:40 2012
;; MSG SIZE rcvd: 67

@ reverse lookup
[root@server1 named]# dig -x 192.168.10.2

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> -x 192.168.10.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45077
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;2.10.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
2.10.168.192.in-addr.arpa. 86400 IN PTR server1.howtoc.com.

;; AUTHORITY SECTION:
10.168.192.in-addr.arpa. 86400 IN NS server1.howtoc.com.

;; ADDITIONAL SECTION:
server1.howtoc.com. 86400 IN A 192.168.10.2

;; Query time: 1 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Tue Oct 16 10:13:08 2012
;; MSG SIZE rcvd: 106

@ Using nslookup command with also working in windows family
[root@server1 named]# nslookup
> server1.howtoc.com
Server: 192.168.10.2
Address: 192.168.10.2#53

Name: server1.howtoc.com
Address: 192.168.10.2
> 192.168.10.2
Server: 192.168.10.2
Address: 192.168.10.2#53

2.10.168.192.in-addr.arpa name = server1.howtoc.com.
>

Enjoy

Post a Comment

Mới hơn Cũ hơn