Setup DNS Server step by step in CentOS 6.3 / RHEL 6.3
INDEX
I. Scenario
1. Configure DNS Server
2. Create Zone files
2.1 Create Forward Zone
2.2 Create Reverse Zone
3. Start the bind service
4. Allow DNS Server through iptables or stop the iptables
5. Restart iptables to save the changes
6. Test syntax errors of DNS configuration and zone files
6.1 Check DNS Config file
6.2 Check zone files
7. Test DNS Server
7.1 Description about DIG Command
7.2 Methods
Scenario
Here are my test setup scenario :1) Primary(Master) DNS Server Details:
Hostname : masterdns.testserver.com IP Address : 192.168.0.200/24
2) Secondary(Slave) DNS Server Details:
Hostname : slavedns.testserver.com IP Address : 192.168.0.201/24
Setup Primary(Master) DNS Server
[root@masterdns ~]# yum install bind* -y
1. Configure DNS Server
The main configuration of the DNS will look like below. Edit and add the entries below which are marked as bold in this configuration files.
[root@masterdns ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.200;}; # Master DNS IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; }; ## IP Range
allow-transfer { localhost;192.168.0.201; }; ## Slave DNS IP
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "testserver.com" IN {
type master;
file "fwd.testserver.com";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "rev.testserver.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";2. Create Zone files
Now we should create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.
2.1 Create Forward Zone
Create ‘fwd.testserver.com’ file in the‘/var/named’ directory and add the entries for forward zone as shown below.
[root@masterdns ~]# vim /var/named/fwd.testserver.com $TTL 86400 @ IN SOA masterdns.testserver.com. root.testserver.com. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.testserver.com. @ IN NS slavedns.testserver.com. masterdns IN A 192.168.0.200 slavedns IN A 192.168.0.201
2.2 Create Reverse Zone
Create‘rev.testserver.com’file in the‘/var/named’directory and add the entries for reverse zone as shown below.
[root@masterdns ~]# vim /var/named/rev.testserver.com $TTL 86400 @ IN SOA masterdns.testserver.com. root.testserver.com. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.testserver.com. @ IN NS slavedns.testserver.com. masterdns IN A 192.168.0.200 slavedns IN A 192.168.0.201 200 IN PTR masterdns.testserver.com. 201 IN PTR slavedns.testserver.com.
3. Start the bind service
[root@masterdns ~]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] [root@masterdns ~]# chkconfig named on
4. Allow DNS Server through iptables or stop the iptables
Add the lines shown in bold letters in‘/etc/sysconfig/iptables’file. This will allow all clients to access the DNS server.
[root@masterdns ~]# vim /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
5. Restart iptables to save the changes
[root@masterdns ~]# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
6. Test syntax errors of DNS configuration and zone files
6.1 Check DNS Config file
[root@masterdns ~]# named-checkconf /etc/named.conf [root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones6.2 Check zone files
[root@masterdns ~]# named-checkzone testserver.com /var/named/fwd.testserver.com zone testserver.com/IN: loaded serial 2011071001 OK [root@masterdns ~]# named-checkzone testserver.com /var/named/rev.testserver.com zone testserver.com/IN: loaded serial 2011071001 OK [root@masterdns ~]#
7. Test DNS Server
DIG full-form/abbreviation is Domain Information Groper(DIG).
#dig hostname Example : [root@ts6741 ~]# dig www.google.com ; <> DiG 9.3.3rc2 <>www.google.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: http://www.google.com/. 43200 IN A 200.99.187.2 ;; AUTHORITY SECTION: http://www.google.com/. 43200 IN NS ns2.google.com. http://www.google.com/. 43200 IN NS ns3.google.com. http://www.google.com/. 43200 IN NS ns1.google.com. ;; ADDITIONAL SECTION: ns1.google.com. 43200 IN A 222.54.11.86 ns2.google.com. 43200 IN A 220.225.37.222 ns3.google.com. 43200 IN A 203.199.147.233 ;; Query time: 1 msec ;; SERVER: 222.54.11.86#53(222.54.11.86) ;; WHEN: Wed Nov 18 18:31:12 2009 ;; MSG SIZE rcvd: 152 [root@ts6741 ~]#
The above out we given in color coding to explain one by one as shown below.
1.DIG version in Green (9.3).
2.Question section in blue (Here it will show what you asked DIG to show up?).
3.Answer secession in red (which will show you the answer for the query you asked) and query execute date and time in red.
4.Authority section in brown (Which will show you who given the answer) and Server info in brown (This will show what the port DNS serveris working).
5.Addition Section in light blue (It will show you if any additional info that DNS server provided).
6.Total Query time in green (Which will show how much time it takes to provide the answer).
Method A:
[root@masterdns ~]# dig masterdns.testserver.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.testserver.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.testserver.com. IN A ;; ANSWER SECTION: masterdns.testserver.com. 86400 IN A 192.168.0.200 ;; AUTHORITY SECTION: testserver.com. 86400 IN NS masterdns.testserver.com. testserver.com. 86400 IN NS slavedns.testserver.com. ;; ADDITIONAL SECTION: slavedns.testserver.com. 86400 IN A 192.168.0.201 ;; Query time: 5 msec ;; SERVER: 192.168.0.200#53(192.168.0.200) ;; WHEN: Sun Mar 3 12:48:35 2013 ;; MSG SIZE rcvd: 110Method B:
[root@masterdns ~]# dig -x 192.168.0.200 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.0.200 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;200.0.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 200.0.168.192.in-addr.arpa. 86400 IN PTR masterdns.testserver.com. ;; AUTHORITY SECTION: 0.168.192.in-addr.arpa. 86400 IN NS masterdns.testserver.com. 0.168.192.in-addr.arpa. 86400 IN NS slavedns.testserver.com. ;; ADDITIONAL SECTION: masterdns.testserver.com. 86400 IN A 192.168.0.200 slavedns.testserver.com. 86400 IN A 192.168.0.201 ;; Query time: 6 msec ;; SERVER: 192.168.0.200#53(192.168.0.200) ;; WHEN: Sun Mar 3 12:49:53 2013 ;; MSG SIZE rcvd: 150Method C:
[root@masterdns ~]# nslookup masterdns Server: 192.168.0.200 Address: 192.168.0.200#53 Name: masterdns.testserver.com Address: 192.168.0.200
Thats it. Now the Primary DNS server is ready,Have a Good day!!!
7 Comments
Good I get a success :)
ReplyDeleteReplication between master n slave on rhel6 please
ReplyDeleteHi, yes this paragraph is really good and I have learned lot of things from it about blogging.
ReplyDeletethanks.
My blog post - Surety Bond Gainesville Florida
Pretty nice post. I just stumbled upon your blog and wished to mention that I've really enjoyed browsing your blog posts.
ReplyDeleteIn any case I will be subscribing for your rss feed and I'm hoping you write again very soon!
My site :: farms in long island for kids
Good day! Do you use Twitter? I'd like to follow you if that
ReplyDeletewould be okay. I'm definitely enjoying your blog and look forward to new posts.
Feel free to visit my homepage Safari tanzanie luxe
Thanks a bunch for sharing this with all of us you really recognize what you are speaking about!
ReplyDeleteBookmarked. Please also visit my website =).
We can have a link trade agreement between us
Feel free to visit my web-site; cialis
Nice and good article.It will helpful for interview perspective.I have suggested to my friends to go through this blog. Thanks for sharing this useful information. If you want to learn Linux course in online, please visit below site.
ReplyDeleteLinux Online Training
linux online course