Setup DNS Server Step by Step in Centos - Rhel -Scientific Linux
7
SETUP DNS SERVER STEP BY STEP IN CENTOS - RHEL - SCIENTIFIC LINUX DNS SERVER INSTALLATION IN CENTOS 6.5 This how-to tutorial will show you how to install and configure Primary and Secondary DNS server. The steps provided here were tested in CentOS 6.5 32 bit edition, but it should work in RHEL 6.x(x stands for version) and Scientific Linux 6.x too. Scenario Here are my test setup scenario [A] Primary(Master) DNS Server Details: Operating System : CentOS 6.5 32 bit (Minimal Server) Hostname : masterdns.ostechnix.com IP Address : 192.168.1.200/24 [B] Secondary(Slave) DNS Server Details: Operating System : CentOS 6.5 32 bit (Minimal Server) Hostname : slavedns.ostechnix.com IP Address : 192.168.1.201/24 SETUP PRIMARY(MASTER) DNS SERVER [root@masterdns ~]# yum install bind* -y 1. Configure DNS Server The main configuration of the DNS will look like below. Edit and add the entries below which were marked as bold in this configuration files. [root@masterdns ~]# vi /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.1.200;}; ## Master DNS IP ## listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.1.0/24; }; ## IP Range ## allow-transfer{ localhost; 192.168.1.201; }; ## Slave DNS IP ## recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run";
-
Upload
manaf-hasibuan -
Category
Documents
-
view
22 -
download
0
description
Setup DNS Server Step by Step in Centos - Rhel -Scientific Linux
Transcript of Setup DNS Server Step by Step in Centos - Rhel -Scientific Linux
SETUP DNS SERVER STEP BY STEP IN CENTOS - RHEL -
SCIENTIFIC LINUX
DNS SERVER INSTALLATION IN CENTOS 6.5 This how-to tutorial will show you how to install and configure Primary and Secondary DNS server. The
steps provided here were tested in CentOS 6.5 32 bit edition, but it should work in RHEL 6.x(x stands for
version) and Scientific Linux 6.x too.
Scenario
Here are my test setup scenario
[A] Primary(Master) DNS Server Details:
Operating System : CentOS 6.5 32 bit (Minimal Server)
Hostname : masterdns.ostechnix.com
IP Address : 192.168.1.200/24
[B] Secondary(Slave) DNS Server Details:
Operating System : CentOS 6.5 32 bit (Minimal Server)
Hostname : slavedns.ostechnix.com
IP Address : 192.168.1.201/24
SETUP PRIMARY(MASTER) DNS SERVER [root@masterdns ~]# yum install bind* -y
1. Configure DNS Server
The main configuration of the DNS will look like below. Edit and add the entries below which were marked
as bold in this configuration files. [root@masterdns ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.200;}; ## Master DNS IP
##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ## IP Range ##
allow-transfer{ localhost; 192.168.1.201; }; ## Slave DNS IP ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type master;
file "fwd.ostechnix.com";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "rev.ostechnix.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Create Zone files
Now we should create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.
[A] Create Forward Zone
Create ‘fwd.ostechnix.com’ file in the ‘/var/named’ directory and add the entries for forward zone as shown
below. [root@masterdns ~]# vi /var/named/fwd.ostechnix.com
$TTL 86400
@ IN SOA masterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@IN NS masterdns.ostechnix.com.
@IN NS slavedns.ostechnix.com.masterdns IN A 192.168.1.200
slavedns IN A 192.168.1.201
[B] Create Reverse Zone
Create ‘rev.ostechnix.com’ file in the ‘/var/named’ directory and add the entries for reverse zone as shown
below. [root@masterdns ~]# vi /var/named/rev.ostechnix.com
$TTL 86400
@ IN SOA masterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@IN NS masterdns.ostechnix.com.
@IN NS slavedns.ostechnix.com.
masterdnsIN A 192.168.1.200
slavedns IN A 192.168.1.201
200 IN PTR masterdns.ostechnix.com.
201 IN PTR slavedns.ostechnix.com.
3. Start the bind service
[root@masterdns ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@masterdns ~]# chkconfig named on
4. Allow DNS Server through iptables
Add the lines shown in bold letters in ‘/etc/sysconfig/iptables’ file. This will allow all clients to access the
DNS server. [root@masterdns ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
5. Restart iptables to save the changes
[root@masterdns ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
6. Test syntax errors of DNS configuration and zone files
[A] Check DNS Config file
[root@masterdns ~]# named-checkconf /etc/named.conf
[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones
[B] Check zone files
[root@masterdns ~]# named-checkzone ostechnix.com /var/named/fwd.ostechnix.com
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone ostechnix.com /var/named/rev.ostechnix.com
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]#
7. Test DNS Server
Method A:
[root@masterdns ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.ostechnix.com.INA
;; ANSWER SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 5 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 12:48:35 2013
;; MSG SIZE rcvd: 110
Method B:
[root@masterdns ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 12:49:53 2013
;; MSG SIZE rcvd: 150
Method C:
[root@masterdns ~]# nslookup masterdns
Server:192.168.1.200
Address:192.168.1.200#53
Name:masterdns.ostechnix.com
Address: 192.168.1.200
Thats it. Now the Primary DNS server is ready
SETUP SECONDARY(SLAVE) DNS SERVER [root@slavedns ~]# yum install bind* -y
1. Configure Slave DNS Server
Open the main configuration file ‘/etc/named.conf’ and add the lines as shown in bold letters. [root@slavedns ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.201; }; ## Slve DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ## IP Range ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type slave;
file "slaves/ostechnix.fwd";
masters { 192.168.1.200; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/ostechnix.rev";
masters { 192.168.1.200; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Start the DNS Service
[root@slavedns ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@slavedns ~]# chkconfig named on
Now the forward and reverse zones are automatically replicated from Master DNS server to Slave DNS
server.
To verify, goto DNS database location(i.e ‘/var/named/slaves’) and use command ‘ls’. [root@slavedns ~]# cd /var/named/slaves/
[root@slavedns slaves]# ls
ostechnix.fwd ostechnix.rev
The forward and reverse zones are automatically replicated from Master DNS. Now check the zone files
whether the correct zone files are replicated or not.
[A] Check Forward zone:
[root@slavedns slaves]# cat ostechnix.fwd
$ORIGIN .
$TTL 86400; 1 day
ostechnix.comIN SOAmasterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ; serial
3600 ; refresh (1 hour)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NSmasterdns.ostechnix.com.
NSslavedns.ostechnix.com.
$ORIGIN ostechnix.com.
masterdnsA192.168.1.200
slavedns A192.168.1.201
[B] Check Reverse zone:
[root@slavedns slaves]# cat ostechnix.rev
$ORIGIN .
$TTL 86400; 1 day
1.168.192.in-addr.arpaIN SOAmasterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ; serial
3600 ; refresh (1 hour)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NSmasterdns.ostechnix.com.
NSslavedns.ostechnix.com.
$ORIGIN 1.168.192.in-addr.arpa.
200PTRmasterdns.ostechnix.com.
201PTRslavedns.ostechnix.com.
masterdnsA192.168.1.200
slavedns A192.168.1.201
3. Add the DNS Server details to all systems
[root@slavedns ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search ostechnix.com
nameserver 192.168.1.200
nameserver 192.168.1.201
nameserver 8.8.8.8
4. Test DNS Server
Method A:
[root@slavedns ~]# dig slavedns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> slavedns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;slavedns.ostechnix.com.INA
;; ANSWER SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; Query time: 7 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 13:00:17 2013
;; MSG SIZE rcvd: 110
Method B:
[root@slavedns ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.ostechnix.com.INA
;; ANSWER SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 13 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 13:01:02 2013
;; MSG SIZE rcvd: 110
Method C:
[root@slavedns ~]# nslookup slavedns
Server:192.168.1.200
Address:192.168.1.200#53
Name:slavedns.ostechnix.com
Address: 192.168.1.201
Method D:
[root@slavedns ~]# nslookup masterdns
Server:192.168.1.200
Address:192.168.1.200#53
Name:masterdns.ostechnix.com
Address: 192.168.1.200
Method E:
[root@slavedns ~]# dig -x 192.168.1.201
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56991
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;201.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
201.1.168.192.in-addr.arpa. 86400 INPTRslavedns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 13:03:39 2013
;; MSG SIZE rcvd: 150
Method F:
[root@slavedns ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42968
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 4 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 13:04:15 2013
;; MSG SIZE rcvd: 150
