How to set up a DNS server on CentOS 6.5

DNS (Domain Name System) is a core component of the network infrastructure. The DNS service resolves host names to IP addresses and vice versa. For example, if you enter: www.ostechnix.com In the browser, the DNS server translates the domain name into a corresponding IP address. This makes it easier to remember domain names instead of IP addresses.

Installation of DNS server on CentOS 6.5

This how-to tutorial shows how to install and configure a primary and secondary DNS server. The instructions provided here have been tested on CentOS 6.5 32-bit, but should work on RHEL 6.x (where x represents the version) and Scientific Linux 6.x.

scenario

Here is my test configuration scenario

[A] Primary (master) DNS server details:

Operating System     : CentOS 6.5 32 bit (Minimal Server)
Hostname             : masterdns.ostechnix.com
IP Address           : 192.168.1.200/24

[B] Secondary (slave) DNS server details:

Operating System     : CentOS 6.5 32 bit (Minimal Server)
Hostname             : slavedns.ostechnix.com
IP Address           : 192.168.1.201/24  

Setting up a primary (master) DNS server

[[email protected] ~]# yum install bind* -y

1. Configure DNS server

The main configuration of DNS is as follows. Edit and add the following entries marked as bold in this configuration file:

[[email protected] ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.200;};                      ## Master DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };                      ## IP Range ##
allow-transfer{ localhost; 192.168.1.201; };                        ## Slave DNS IP ##  
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type master;
file "fwd.ostechnix.com";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "rev.ostechnix.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Create a zone file

Next, you need to create the forward and reverse zone files described in the “/etc/named.conf” file.
[A] Create forward zone
Create a “fwd.ostechnix.com” file in the “/ var / named” directory and add a forward zone entry as shown below.

[[email protected] ~]# vi /var/named/fwd.ostechnix.com 
$TTL 86400
@   IN  SOA     masterdns.ostechnix.com. root.ostechnix.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@IN  NS      masterdns.ostechnix.com.
@IN  NS     slavedns.ostechnix.com.masterdns     IN  A    192.168.1.200
slavedns     IN  A   192.168.1.201

[B] Create reverse zone
Create a “rev.ostechnix.com” file in the “/ var / named” directory and add a reverse zone entry as shown below.

[[email protected] ~]# vi /var/named/rev.ostechnix.com 
$TTL 86400
@   IN  SOA     masterdns.ostechnix.com. root.ostechnix.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@IN  NS      masterdns.ostechnix.com.
@IN  NS      slavedns.ostechnix.com.
masterdnsIN  A   192.168.1.200
slavedns IN  A   192.168.1.201
200       IN  PTR     masterdns.ostechnix.com.
201      IN  PTR    slavedns.ostechnix.com.

3. Start the bind service

[[email protected] ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[[email protected] ~]# chkconfig named on

4. Allow DNS server via iptables

Add a bold line to the “/ etc / sysconfig / iptables” file. This allows all clients to access the DNS server.

[[email protected] ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

5. Restart iptables and save changes

[[email protected] ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

6. Test DNS configuration and zone file for syntax errors

[A] Check DNS configuration file

[[email protected] ~]# named-checkconf /etc/named.conf 
[[email protected] ~]# named-checkconf /etc/named.rfc1912.zones

[B] Check the zone file

[[email protected] ~]# named-checkzone ostechnix.com /var/named/fwd.ostechnix.com 
zone ostechnix.com/IN: loaded serial 2011071001
OK
[[email protected] ~]# named-checkzone ostechnix.com /var/named/rev.ostechnix.com 
zone ostechnix.com/IN: loaded serial 2011071001
OK
[[email protected] ~]#

7. Testing the DNS server

Method A:

[[email protected] ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.ostechnix.com.INA
;; ANSWER SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 5 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 12:48:35 2013
;; MSG SIZE  rcvd: 110

Method B:

[[email protected] ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 12:49:53 2013
;; MSG SIZE  rcvd: 150

Method C:

[[email protected] ~]# nslookup masterdns
Server:192.168.1.200
Address:192.168.1.200#53
Name:masterdns.ostechnix.com
Address: 192.168.1.200

that's it. Your primary DNS server is now ready

Setting up a secondary (slave) DNS server

[[email protected] ~]# yum install bind* -y

1. Configure a slave DNS server

Open the main configuration file "/etc/named.conf" and add the lines shown in bold.

[[email protected] ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.201; };                    ## Slve DNS IP ##      
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };                     ## IP Range ##   
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type slave;
file "slaves/ostechnix.fwd";
masters { 192.168.1.200; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/ostechnix.rev";
masters { 192.168.1.200; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Start DNS service

[[email protected] ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[[email protected] ~]# chkconfig named on

Now the forward and reverse zones are automatically replicated from the master DNS server to the slave DNS servers.
To do this, navigate to the location of the DNS database (that is, "/ var / named / slaves") and use the command "ls".

[[email protected] ~]# cd /var/named/slaves/
[[email protected] slaves]# ls
ostechnix.fwd  ostechnix.rev

Forward and reverse zones are automatically replicated from the master DNS. Next, check the zone file to make sure that the correct zone file has been replicated.
[A] Check forward zone:

[[email protected] slaves]# cat ostechnix.fwd 
$ORIGIN .
$TTL 86400; 1 day
ostechnix.comIN SOAmasterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NSmasterdns.ostechnix.com.
NSslavedns.ostechnix.com.
$ORIGIN ostechnix.com.
masterdnsA192.168.1.200
slavedns A192.168.1.201

[B] Check reverse zone:

[[email protected] slaves]# cat ostechnix.rev 
$ORIGIN .
$TTL 86400; 1 day
1.168.192.in-addr.arpaIN SOAmasterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NSmasterdns.ostechnix.com.
NSslavedns.ostechnix.com.
$ORIGIN 1.168.192.in-addr.arpa.
200PTRmasterdns.ostechnix.com.
201PTRslavedns.ostechnix.com.
masterdnsA192.168.1.200
slavedns A192.168.1.201

3. Add DNS server details to all systems

[[email protected] ~]# vi /etc/resolv.conf 
# Generated by NetworkManager
search ostechnix.com
nameserver 192.168.1.200
nameserver 192.168.1.201
nameserver 8.8.8.8

4. Testing the DNS server

Method A:

[[email protected] ~]# dig slavedns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> slavedns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;slavedns.ostechnix.com.INA
;; ANSWER SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; Query time: 7 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:00:17 2013
;; MSG SIZE  rcvd: 110

Method B:

[[email protected] ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.ostechnix.com.INA
;; ANSWER SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 13 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:01:02 2013
;; MSG SIZE  rcvd: 110

Method C:

[[email protected] ~]# nslookup slavedns
Server:192.168.1.200
Address:192.168.1.200#53
Name:slavedns.ostechnix.com
Address: 192.168.1.201

Method D:

[[email protected] ~]# nslookup masterdns
Server:192.168.1.200
Address:192.168.1.200#53
Name:masterdns.ostechnix.com
Address: 192.168.1.200

Method E:

[[email protected] ~]# dig -x 192.168.1.201
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56991
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;201.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
201.1.168.192.in-addr.arpa. 86400 INPTRslavedns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:03:39 2013
;; MSG SIZE  rcvd: 150

Method F:

[[email protected] ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42968
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 4 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:04:15 2013
;; MSG SIZE  rcvd: 150

that's it. You are ready to use both the primary and secondary DNS servers. have a good day! ! !
.

Sidebar