Setup DNS Server step by step in CentOS 6.3 / RHEL 6.3
INDEX
I. Scenario
1. Configure DNS Server
2. Create Zone files
2.1 Create Forward Zone
2.2 Create Reverse Zone
3. Start the bind service
4. Allow DNS Server through iptables or stop the iptables
5. Restart iptables to save the changes
6. Test syntax errors of DNS configuration and zone files
6.1 Check DNS Config file
6.2 Check zone files
7. Test DNS Server
7.1 Description about DIG Command
7.2 Methods
Scenario
Here are my test setup scenario :1) Primary(Master) DNS Server Details:
Hostname : masterdns.testserver.com
IP Address : 192.168.0.200/24
2) Secondary(Slave) DNS Server Details:
Hostname : slavedns.testserver.com
IP Address : 192.168.0.201/24
Setup Primary(Master) DNS Server
[root@masterdns ~]# yum install bind* -y
1. Configure DNS Server
The main configuration of the DNS will look like below. Edit and add the entries below which are marked as bold in this configuration files.
[root@masterdns ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.200;}; # Master DNS IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; }; ## IP Range
allow-transfer { localhost;192.168.0.201; }; ## Slave DNS IP
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "testserver.com" IN {
type master;
file "fwd.testserver.com";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "rev.testserver.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Create Zone files
Now we should create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.
2.1 Create Forward Zone
Create ‘fwd.testserver.com’ file in the‘/var/named’ directory and add the entries for forward zone as shown below.
[root@masterdns ~]# vim /var/named/fwd.testserver.com
$TTL 86400
@ IN SOA masterdns.testserver.com. root.testserver.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.testserver.com.
@ IN NS slavedns.testserver.com.
masterdns IN A 192.168.0.200
slavedns IN A 192.168.0.201
2.2 Create Reverse Zone
Create‘rev.testserver.com’file in the‘/var/named’directory and add the entries for reverse zone as shown below.
[root@masterdns ~]# vim /var/named/rev.testserver.com
$TTL 86400
@ IN SOA masterdns.testserver.com. root.testserver.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.testserver.com.
@ IN NS slavedns.testserver.com.
masterdns IN A 192.168.0.200
slavedns IN A 192.168.0.201
200 IN PTR masterdns.testserver.com.
201 IN PTR slavedns.testserver.com.
3. Start the bind service
[root@masterdns ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@masterdns ~]# chkconfig named on
4. Allow DNS Server through iptables or stop the iptables
Add the lines shown in bold letters in‘/etc/sysconfig/iptables’file. This will allow all clients to access the DNS server.
[root@masterdns ~]# vim /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
5. Restart iptables to save the changes
[root@masterdns ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
6. Test syntax errors of DNS configuration and zone files
6.1 Check DNS Config file
[root@masterdns ~]# named-checkconf /etc/named.conf6.2 Check zone files
[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones
[root@masterdns ~]# named-checkzone testserver.com /var/named/fwd.testserver.com
zone testserver.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone testserver.com /var/named/rev.testserver.com
zone testserver.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]#
7. Test DNS Server
DIG full-form/abbreviation is Domain Information Groper(DIG).
#dig hostname
Example :
[root@ts6741 ~]# dig www.google.com
; <> DiG 9.3.3rc2 <>www.google.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
http://www.google.com/. 43200 IN A 200.99.187.2
;; AUTHORITY SECTION:
http://www.google.com/. 43200 IN NS ns2.google.com.
http://www.google.com/. 43200 IN NS ns3.google.com.
http://www.google.com/. 43200 IN NS ns1.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 43200 IN A 222.54.11.86
ns2.google.com. 43200 IN A 220.225.37.222
ns3.google.com. 43200 IN A 203.199.147.233
;; Query time: 1 msec
;; SERVER: 222.54.11.86#53(222.54.11.86)
;; WHEN: Wed Nov 18 18:31:12 2009
;; MSG SIZE rcvd: 152
[root@ts6741 ~]#
The above out we given in color coding to explain one by one as shown below.
1.DIG version in Green (9.3).
2.Question section in blue (Here it will show what you asked DIG to show up?).
3.Answer secession in red (which will show you the answer for the query you asked) and query execute date and time in red.
4.Authority section in brown (Which will show you who given the answer) and Server info in brown (This will show what the port DNS serveris working).
5.Addition Section in light blue (It will show you if any additional info that DNS server provided).
6.Total Query time in green (Which will show how much time it takes to provide the answer).
Method A:
[root@masterdns ~]# dig masterdns.testserver.comMethod B:
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.testserver.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.testserver.com. IN A
;; ANSWER SECTION:
masterdns.testserver.com. 86400 IN A 192.168.0.200
;; AUTHORITY SECTION:
testserver.com. 86400 IN NS masterdns.testserver.com.
testserver.com. 86400 IN NS slavedns.testserver.com.
;; ADDITIONAL SECTION:
slavedns.testserver.com. 86400 IN A 192.168.0.201
;; Query time: 5 msec
;; SERVER: 192.168.0.200#53(192.168.0.200)
;; WHEN: Sun Mar 3 12:48:35 2013
;; MSG SIZE rcvd: 110
[root@masterdns ~]# dig -x 192.168.0.200Method C:
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.0.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
200.0.168.192.in-addr.arpa. 86400 IN PTR masterdns.testserver.com.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400 IN NS masterdns.testserver.com.
0.168.192.in-addr.arpa. 86400 IN NS slavedns.testserver.com.
;; ADDITIONAL SECTION:
masterdns.testserver.com. 86400 IN A 192.168.0.200
slavedns.testserver.com. 86400 IN A 192.168.0.201
;; Query time: 6 msec
;; SERVER: 192.168.0.200#53(192.168.0.200)
;; WHEN: Sun Mar 3 12:49:53 2013
;; MSG SIZE rcvd: 150
[root@masterdns ~]# nslookup masterdns
Server: 192.168.0.200
Address: 192.168.0.200#53
Name: masterdns.testserver.com
Address: 192.168.0.200
Thats it. Now the Primary DNS server is ready,Have a Good day!!!