DNS Server

Step by Step how to setup a DNS Server in RHEL 6.2/6.4/6.5 Using Bind

What is DNS Server ?
DNS = Domain Naming Service (or) Domain Name System DNS will resolve the host name for the particular IP address.

Primary DNS Server (or) Master DNS Server:
IP Address: 172.16.0.200
Hostname : masterdns.jitendrabauddha.com
Secondary DNS Server (or) Slave DNS Server:
IP Address : 172.16.0.201
Hostname : slavedns.jitendrabauddha.com
Nodes Machines :
IP Address : 172.16.0.205 ## Hostname : node1.jitendrabauddha.com
IP Address : 172.16.0.206 ## Hostname : node2.jitendrabauddha.com

1. Primary DNS Server (or) Master DNS Server :
[root@masterdns ~]# yum install bind* -y

1. Then Edit the Configuration of name server
[root@masterdns ~]# vim /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 172.16.0.200; }; # Master DNS Servers IP
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; 172.16.0.0/24; }; # IP Range of Hosts
allow-transfer { localhost; 172.16.0.201; }; # Slave DNS Servers IP
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;
managed-keys-directory “/var/named/dynamic”;
};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.ca”;
};
zone”jitendrabauddha.com” IN {
type master;
file “forward.zone”;
allow-update { none; };
};
zone”0.168.192.in-addr.arpa” IN {
type master;
file “reverse.zone”;
allow-update { none; };
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
Save and Exit the named.conf using wq!
1. Creat the Forward and Reserve Zone files as mentioned in named.conf
FORWARD ZONE :
________________________________________
a.) Create a Forward Zone file under /var/named in the name of forward.zone
There are Sample files under the /var/named/ Directory, Just make a Copy of that file and modify it as our need

b.) Make a Copy of sample file as below
[root@masterdns ~]# cp /var/named/named.localhost /var/named/forward.zone

c.) Edit the file forward.zone
[root@masterdns ~]# vim /var/named/forward.zone

$TTL 86400
@ IN SOA masterdns.jitendrabauddha.com. root.jitendrabauddha.com. (
2014051001 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum
)
@ IN NS masterdns.jitendrabauddha.com.
@ IN NS slavedns.jitendrabauddha.com.
@ IN A 172.16.0.200
@ IN A 172.16.0.201
@ IN A 172.16.0.205
@ IN A 172.16.0.206
masterdns IN A 172.16.0.200
slavedns IN A 172.16.0.201
node1 IN A 172.16.0.205
node2 IN A 172.16.0.206
RESERVE ZONE:
________________________________________
a.) Create a Reserver Zone file under /var/named in the name of reverse.zone
There are Sample files under the /var/named/ Directory, Just make a Copy of that file and modify it as our need

b.) Make a Copy of sample file as below
[root@masterdns ~]# cp /var/named/named.loopback /var/named/reverse.zone

c.) Edit the file reverse.zone
[root@masterdns ~]# vim /var/named/reverse.zone

$TTL 86400
@ IN SOA masterdns.jitendrabauddha.com. root.jitendrabauddha.com. (
2014051001 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum
)
@ IN NS masterdns.jitendrabauddha.com.
@ IN NS slavedns.jitendrabauddha.com.
@ IN PTR jitendrabauddha.com.
masterdns IN A 172.16.0.200
slavedns IN A 172.16.0.201
node1 IN A 172.16.0.205
node2 IN A 172.16.0.206
200 IN PTR masterdns.jitendrabauddha.com.
201 IN PTR slavedns.jitendrabauddha.com.
205 IN PTR node1.jitendrabauddha.com.
206 IN PTR node2.jitendrabauddha.com.
1. The files we created was in root group We need to change those files to named group
Here we can see the files which have the root group
a.) List the files and see the permissions and group of those created zone files
[root@masterdns ~]# ls -l /var/named/
total 40
drwxr-x—. 6 root named 4096 May 10 19:33 chroot
drwxrwx—. 2 named named 4096 Nov 16 2011 data
drwxrwx—. 2 named named 4096 Nov 16 2011 dynamic
-rw-r—–. 1 root root 550 May 10 20:19 forward.zone
-rw-r—–. 1 root named 1892 Feb 18 2008 named.ca
-rw-r—–. 1 root named 152 Dec 15 2009 named.empty
-rw-r—–. 1 root named 152 Jun 21 2007 named.localhost
-rw-r—–. 1 root named 168 Dec 15 2009 named.loopback
-rw-r—–. 1 root root 676 May 10 20:35 reverse.zone
drwxrwx—. 2 named named 4096 Nov 16 2011 slaves
b.) Change the group to named using below Command
[root@masterdns ~]# chgrp named /var/named/forward.zone
[root@masterdns ~]# chgrp named /var/named/reverse.zone
Here we can see the Output now which changed to named group
[root@masterdns ~]# ls -l /var/named/
total 40
drwxr-x—. 6 root named 4096 May 10 19:33 chroot
drwxrwx—. 2 named named 4096 Nov 16 2011 data
drwxrwx—. 2 named named 4096 Nov 16 2011 dynamic
-rw-r—–. 1 root named 550 May 10 20:19 forward.zone
-rw-r—–. 1 root named 1892 Feb 18 2008 named.ca
-rw-r—–. 1 root named 152 Dec 15 2009 named.empty
-rw-r—–. 1 root named 152 Jun 21 2007 named.localhost
-rw-r—–. 1 root named 168 Dec 15 2009 named.loopback
-rw-r—–. 1 root named 676 May 10 20:35 reverse.zone
drwxrwx—. 2 named named 4096 Nov 16 2011 slaves
c.) Then we need to check the Context of the files under
[root@masterdns ~]# ls -lZd /etc/named.conf
-rw-r—–. root named system_u:object_r:named_conf_t:s0 /etc/named.conf

/etc/named.conf
/var/named/forward.zone
/var/named/reverse.zone
It want to be in the context of named_conf_t
If its Different than this then we need to restore the context using
# restorecon /etc/named.conf
1. Now we need to Check for the Error in the conf file and Zone file
[root@masterdns ~]# named-checkconf /etc/named.conf

[root@masterdns ~]# named-checkzone jitendrabauddha.com /var/named/forward.zone
zone jitendrabauddha.com/IN: loaded serial 2014051001
OK

[root@masterdns ~]# named-checkzone 0.168.192.in-addr.arpa /var/named/reverse.zone
zone 0.168.192.in-addr.arpa/IN: loaded serial 2014051001
OK
1. Start the DNS Service
[root@masterdns ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
1. Make the named Service in runlevels
[root@masterdns ~]# chkconfig named on

[root@masterdns ~]# chkconfig –list named
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
1. Deploy iptables Rules to allow DNS service
Add the iptables rules
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 53 -j ACCEPT
iptables -A INPUT -p udp -m state –state NEW -m udp –dport 53 -j ACCEPT
iptables -A INPUT -j DROP
Save the iptables Using
[root@masterdns ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
Restart the iptables Service Using
[root@masterdns ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Make it to run in multi run levels
[root@masterdns ~]# chkconfig iptables on

[root@masterdns ~]# chkconfig –list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
1. Check the DNS server using Dig Command
[root@masterdns ~]# dig masterdns.jitendrabauddha.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s