Subscribe Us

Installation a Master DNS Server in CentOS 6 / RHEL 6

Tag Line:/etc/named.conf,/etc/resolv.conf,bind,zone files, Primary DNS server,RHEL6 ,Centos 6.
Setup DNS Server step by step in CentOS 6.3 / RHEL 6.3

INDEX
I. Scenario
1. Configure DNS Server
2. Create Zone files
2.1 Create Forward Zone
2.2 Create Reverse Zone
3. Start the bind service
4. Allow DNS Server through iptables or stop the iptables
5. Restart iptables to save the changes
6. Test syntax errors of DNS configuration and zone files
6.1 Check DNS Config file
6.2 Check zone files
7. Test DNS Server
7.1 Description about DIG Command
7.2 Methods

Scenario

Here are my test setup scenario :
1) Primary(Master) DNS Server Details:
Hostname             : masterdns.testserver.com
IP Address           : 192.168.0.200/24

2) Secondary(Slave) DNS Server Details:
Hostname             : slavedns.testserver.com
IP Address           : 192.168.0.201/24

Setup Primary(Master) DNS Server

[root@masterdns ~]# yum install bind* -y

1. Configure DNS Server
The main configuration of the DNS will look like below. Edit and add the entries below which are marked as bold in this configuration files.
[root@masterdns ~]# vim /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { 127.0.0.1; 192.168.0.200;}; # Master DNS IP
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24; };  ## IP Range
        allow-transfer  { localhost;192.168.0.201; };    ## Slave DNS IP
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone    "testserver.com" IN {
        type master;
        file "fwd.testserver.com";
        allow-update { none; };
};
zone    "0.168.192.in-addr.arpa" IN {
        type master;
        file "rev.testserver.com";
        allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


2. Create Zone files
Now we should create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.

2.1 Create Forward Zone
Create ‘fwd.testserver.com’ file in the‘/var/named’ directory and add the entries for forward zone as shown below.
[root@masterdns ~]# vim /var/named/fwd.testserver.com 
$TTL 86400
@   IN  SOA     masterdns.testserver.com. root.testserver.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@               IN  NS       masterdns.testserver.com.
@               IN  NS       slavedns.testserver.com.            
masterdns       IN  A        192.168.0.200
slavedns        IN  A        192.168.0.201

2.2 Create Reverse Zone
Create‘rev.testserver.com’file in the‘/var/named’directory and add the entries for reverse zone as shown below.
[root@masterdns ~]# vim /var/named/rev.testserver.com 
$TTL 86400
@   IN  SOA     masterdns.testserver.com. root.testserver.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@             IN  NS          masterdns.testserver.com.
@             IN  NS          slavedns.testserver.com.
masterdns     IN  A           192.168.0.200
slavedns      IN  A           192.168.0.201
200           IN  PTR         masterdns.testserver.com.
201           IN  PTR         slavedns.testserver.com.


3. Start the bind service
[root@masterdns ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@masterdns ~]# chkconfig named on

4. Allow DNS Server through iptables or stop the iptables
Add the lines shown in bold letters in‘/etc/sysconfig/iptables’file. This will allow all clients to access the DNS server.
[root@masterdns ~]# vim /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

5. Restart iptables to save the changes
[root@masterdns ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

6. Test syntax errors of DNS configuration and zone files
6.1 Check DNS Config file
[root@masterdns ~]# named-checkconf /etc/named.conf 
[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones 
6.2 Check zone files
[root@masterdns ~]# named-checkzone testserver.com /var/named/fwd.testserver.com 
zone testserver.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone testserver.com /var/named/rev.testserver.com 
zone testserver.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]#

7. Test DNS Server
DIG full-form/abbreviation is Domain Information Groper(DIG).
#dig hostname 
Example :
[root@ts6741 ~]# dig www.google.com
; <> DiG 9.3.3rc2 <>www.google.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
http://www.google.com/. 43200 IN A 200.99.187.2
;; AUTHORITY SECTION:
http://www.google.com/. 43200 IN NS ns2.google.com.
http://www.google.com/. 43200 IN NS ns3.google.com.
http://www.google.com/. 43200 IN NS ns1.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 43200 IN A 222.54.11.86
ns2.google.com. 43200 IN A 220.225.37.222
ns3.google.com. 43200 IN A 203.199.147.233
;; Query time: 1 msec
;; SERVER: 222.54.11.86#53(222.54.11.86)
;; WHEN: Wed Nov 18 18:31:12 2009
;; MSG SIZE rcvd: 152
[root@ts6741 ~]#

The above out we given in color coding to explain one by one as shown below.
1.DIG version in Green (9.3).
2.Question section in blue (Here it will show what you asked DIG to show up?).
3.Answer secession in red (which will show you the answer for the query you asked) and query execute date and time in  red.
4.Authority section in brown (Which will show you who given the answer) and Server info in  brown (This will show what the port DNS serveris working).
5.Addition Section in light blue (It will show you if any additional info that DNS server provided).
6.Total Query time in green (Which will show how much time it takes to provide the answer).

Method A:
[root@masterdns ~]# dig masterdns.testserver.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.testserver.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.testserver.com.       IN      A
;; ANSWER SECTION:
masterdns.testserver.com. 86400  IN      A       192.168.0.200
;; AUTHORITY SECTION:
testserver.com.          86400   IN      NS      masterdns.testserver.com.
testserver.com.          86400   IN      NS      slavedns.testserver.com.
;; ADDITIONAL SECTION:
slavedns.testserver.com. 86400   IN      A       192.168.0.201
;; Query time: 5 msec
;; SERVER: 192.168.0.200#53(192.168.0.200)
;; WHEN: Sun Mar  3 12:48:35 2013
;; MSG SIZE  rcvd: 110
Method B:
[root@masterdns ~]# dig -x 192.168.0.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.0.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.0.168.192.in-addr.arpa.    IN      PTR
;; ANSWER SECTION:
200.0.168.192.in-addr.arpa. 86400 IN    PTR     masterdns.testserver.com.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400   IN      NS      masterdns.testserver.com.
0.168.192.in-addr.arpa. 86400   IN      NS      slavedns.testserver.com.
;; ADDITIONAL SECTION:
masterdns.testserver.com. 86400  IN      A       192.168.0.200
slavedns.testserver.com. 86400   IN      A       192.168.0.201
;; Query time: 6 msec
;; SERVER: 192.168.0.200#53(192.168.0.200)
;; WHEN: Sun Mar  3 12:49:53 2013
;; MSG SIZE  rcvd: 150
Method C:
[root@masterdns ~]# nslookup masterdns
Server:         192.168.0.200
Address:        192.168.0.200#53
Name:   masterdns.testserver.com
Address: 192.168.0.200

Thats it. Now the Primary DNS server is ready,Have a Good day!!!

Post a Comment

7 Comments

  1. Good I get a success :)

    ReplyDelete
  2. Replication between master n slave on rhel6 please

    ReplyDelete
  3. Hi, yes this paragraph is really good and I have learned lot of things from it about blogging.
    thanks.

    My blog post - Surety Bond Gainesville Florida

    ReplyDelete
  4. Pretty nice post. I just stumbled upon your blog and wished to mention that I've really enjoyed browsing your blog posts.
    In any case I will be subscribing for your rss feed and I'm hoping you write again very soon!

    My site :: farms in long island for kids

    ReplyDelete
  5. Good day! Do you use Twitter? I'd like to follow you if that
    would be okay. I'm definitely enjoying your blog and look forward to new posts.


    Feel free to visit my homepage Safari tanzanie luxe

    ReplyDelete
  6. Thanks a bunch for sharing this with all of us you really recognize what you are speaking about!

    Bookmarked. Please also visit my website =).
    We can have a link trade agreement between us

    Feel free to visit my web-site; cialis

    ReplyDelete
  7. Nice and good article.It will helpful for interview perspective.I have suggested to my friends to go through this blog. Thanks for sharing this useful information. If you want to learn Linux course in online, please visit below site.
    Linux Online Training
    linux online course

    ReplyDelete