How to set up a DNS server on CentOS 6.5
DNS (Domain Name System) is a core component of the network infrastructure. The DNS service resolves host names to IP addresses and vice versa. For example, if you enter: www.ostechnix.com In the browser, the DNS server translates the domain name into a corresponding IP address. This makes it easier to remember domain names instead of IP addresses.
Installation of DNS server on CentOS 6.5
This how-to tutorial shows how to install and configure a primary and secondary DNS server. The instructions provided here have been tested on CentOS 6.5 32-bit, but should work on RHEL 6.x (where x represents the version) and Scientific Linux 6.x.
scenario
Here is my test configuration scenario
[A] Primary (master) DNS server details:
Operating System : CentOS 6.5 32 bit (Minimal Server) Hostname : masterdns.ostechnix.com IP Address : 192.168.1.200/24
[B] Secondary (slave) DNS server details:
Operating System : CentOS 6.5 32 bit (Minimal Server) Hostname : slavedns.ostechnix.com IP Address : 192.168.1.201/24
Setting up a primary (master) DNS server
[[email protected] ~]# yum install bind* -y
1. Configure DNS server
The main configuration of DNS is as follows. Edit and add the following entries marked as bold in this configuration file:
[[email protected] ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.200;}; ## Master DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ## IP Range ##
allow-transfer{ localhost; 192.168.1.201; }; ## Slave DNS IP ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type master;
file "fwd.ostechnix.com";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "rev.ostechnix.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";2. Create a zone file
Next, you need to create the forward and reverse zone files described in the “/etc/named.conf” file.
[A] Create forward zone
Create a “fwd.ostechnix.com” file in the “/ var / named” directory and add a forward zone entry as shown below.
[[email protected] ~]# vi /var/named/fwd.ostechnix.com $TTL 86400 @ IN SOA masterdns.ostechnix.com. root.ostechnix.com. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @IN NS masterdns.ostechnix.com. @IN NS slavedns.ostechnix.com.masterdns IN A 192.168.1.200 slavedns IN A 192.168.1.201
[B] Create reverse zone
Create a “rev.ostechnix.com” file in the “/ var / named” directory and add a reverse zone entry as shown below.
[[email protected] ~]# vi /var/named/rev.ostechnix.com $TTL 86400 @ IN SOA masterdns.ostechnix.com. root.ostechnix.com. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @IN NS masterdns.ostechnix.com. @IN NS slavedns.ostechnix.com. masterdnsIN A 192.168.1.200 slavedns IN A 192.168.1.201 200 IN PTR masterdns.ostechnix.com. 201 IN PTR slavedns.ostechnix.com.
3. Start the bind service
[[email protected] ~]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] [[email protected] ~]# chkconfig named on
4. Allow DNS server via iptables
Add a bold line to the “/ etc / sysconfig / iptables” file. This allows all clients to access the DNS server.
[[email protected] ~]# vi /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
5. Restart iptables and save changes
[[email protected] ~]# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
6. Test DNS configuration and zone file for syntax errors
[A] Check DNS configuration file
[[email protected] ~]# named-checkconf /etc/named.conf [[email protected] ~]# named-checkconf /etc/named.rfc1912.zones
[B] Check the zone file
[[email protected] ~]# named-checkzone ostechnix.com /var/named/fwd.ostechnix.com zone ostechnix.com/IN: loaded serial 2011071001 OK [[email protected] ~]# named-checkzone ostechnix.com /var/named/rev.ostechnix.com zone ostechnix.com/IN: loaded serial 2011071001 OK [[email protected] ~]#
7. Testing the DNS server
Method A:
[[email protected] ~]# dig masterdns.ostechnix.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.ostechnix.com.INA ;; ANSWER SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 ;; AUTHORITY SECTION: ostechnix.com.86400INNSmasterdns.ostechnix.com. ostechnix.com.86400INNSslavedns.ostechnix.com. ;; ADDITIONAL SECTION: slavedns.ostechnix.com.86400INA192.168.1.201 ;; Query time: 5 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 12:48:35 2013 ;; MSG SIZE rcvd: 110
Method B:
[[email protected] ~]# dig -x 192.168.1.200 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;200.1.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com. 1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com. ;; ADDITIONAL SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 slavedns.ostechnix.com.86400INA192.168.1.201 ;; Query time: 6 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 12:49:53 2013 ;; MSG SIZE rcvd: 150
Method C:
[[email protected] ~]# nslookup masterdns Server:192.168.1.200 Address:192.168.1.200#53 Name:masterdns.ostechnix.com Address: 192.168.1.200
that's it. Your primary DNS server is now ready
Setting up a secondary (slave) DNS server
[[email protected] ~]# yum install bind* -y
1. Configure a slave DNS server
Open the main configuration file "/etc/named.conf" and add the lines shown in bold.
[[email protected] ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.201; }; ## Slve DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ## IP Range ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type slave;
file "slaves/ostechnix.fwd";
masters { 192.168.1.200; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/ostechnix.rev";
masters { 192.168.1.200; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";2. Start DNS service
[[email protected] ~]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] [[email protected] ~]# chkconfig named on
Now the forward and reverse zones are automatically replicated from the master DNS server to the slave DNS servers.
To do this, navigate to the location of the DNS database (that is, "/ var / named / slaves") and use the command "ls".
[[email protected] ~]# cd /var/named/slaves/ [[email protected] slaves]# ls ostechnix.fwd ostechnix.rev
Forward and reverse zones are automatically replicated from the master DNS. Next, check the zone file to make sure that the correct zone file has been replicated.
[A] Check forward zone:
[[email protected] slaves]# cat ostechnix.fwd $ORIGIN . $TTL 86400; 1 day ostechnix.comIN SOAmasterdns.ostechnix.com. root.ostechnix.com. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NSmasterdns.ostechnix.com. NSslavedns.ostechnix.com. $ORIGIN ostechnix.com. masterdnsA192.168.1.200 slavedns A192.168.1.201
[B] Check reverse zone:
[[email protected] slaves]# cat ostechnix.rev $ORIGIN . $TTL 86400; 1 day 1.168.192.in-addr.arpaIN SOAmasterdns.ostechnix.com. root.ostechnix.com. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NSmasterdns.ostechnix.com. NSslavedns.ostechnix.com. $ORIGIN 1.168.192.in-addr.arpa. 200PTRmasterdns.ostechnix.com. 201PTRslavedns.ostechnix.com. masterdnsA192.168.1.200 slavedns A192.168.1.201
3. Add DNS server details to all systems
[[email protected] ~]# vi /etc/resolv.conf # Generated by NetworkManager search ostechnix.com nameserver 192.168.1.200 nameserver 192.168.1.201 nameserver 8.8.8.8
4. Testing the DNS server
Method A:
[[email protected] ~]# dig slavedns.ostechnix.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> slavedns.ostechnix.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39096 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;slavedns.ostechnix.com.INA ;; ANSWER SECTION: slavedns.ostechnix.com.86400INA192.168.1.201 ;; AUTHORITY SECTION: ostechnix.com.86400INNSmasterdns.ostechnix.com. ostechnix.com.86400INNSslavedns.ostechnix.com. ;; ADDITIONAL SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 ;; Query time: 7 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:00:17 2013 ;; MSG SIZE rcvd: 110
Method B:
[[email protected] ~]# dig masterdns.ostechnix.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.ostechnix.com.INA ;; ANSWER SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 ;; AUTHORITY SECTION: ostechnix.com.86400INNSmasterdns.ostechnix.com. ostechnix.com.86400INNSslavedns.ostechnix.com. ;; ADDITIONAL SECTION: slavedns.ostechnix.com.86400INA192.168.1.201 ;; Query time: 13 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:01:02 2013 ;; MSG SIZE rcvd: 110
Method C:
[[email protected] ~]# nslookup slavedns Server:192.168.1.200 Address:192.168.1.200#53 Name:slavedns.ostechnix.com Address: 192.168.1.201
Method D:
[[email protected] ~]# nslookup masterdns Server:192.168.1.200 Address:192.168.1.200#53 Name:masterdns.ostechnix.com Address: 192.168.1.200
Method E:
[[email protected] ~]# dig -x 192.168.1.201 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.201 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56991 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;201.1.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 201.1.168.192.in-addr.arpa. 86400 INPTRslavedns.ostechnix.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com. 1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com. ;; ADDITIONAL SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 slavedns.ostechnix.com.86400INA192.168.1.201 ;; Query time: 6 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:03:39 2013 ;; MSG SIZE rcvd: 150
Method F:
[[email protected] ~]# dig -x 192.168.1.200 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42968 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;200.1.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com. 1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com. ;; ADDITIONAL SECTION: masterdns.ostechnix.com. 86400INA192.168.1.200 slavedns.ostechnix.com.86400INA192.168.1.201 ;; Query time: 4 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:04:15 2013 ;; MSG SIZE rcvd: 150
that's it. You are ready to use both the primary and secondary DNS servers. have a good day! ! !
.