Configure DNS with CentOS

Install BIND

 

[root@dlp ~]#

yum -y install bind bind-utils

 

[2] Configure BIND This example is done with grobal IP address [172.16.0.80/29], Private IP address [10.0.0.0/24], Domain name [server.world]. However, Please use your own IPs and domain name when you set config on your server. ( Actually, [172.16.0.80/29] is for private IP address, though. )

 

[root@dlp ~]#

echo ‘OPTIONS=”-4″‘ >> /etc/sysconfig/named

 

# set if you don’t use IPv6 ( if use, don’t set it )

[root@dlp ~]#

vi /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

 

options {

# make it comment ( listen all interfaces on the server )

 

#

listen-on port 53 { 127.0.0.1; };

 

# change ( if not use IPv6 )

 

listen-on-v6

{ none; };

 

directory

“/var/named”;

 

dump-file

“/var/named/data/cache_dump.db”;

 

statistics-file

“/var/named/data/named_stats.txt”;

 

memstatistics-file

“/var/named/data/named_mem_stats.txt”;

 

# query range ( set internal server and so on )

 

allow-query

{ localhost;

10.0.0.0/24;

};

 

# transfer range ( set it if you have secondary DNS )

 

allow-transfer { localhost; 10.0.0.0/24; };

 

recursion yes;

dnssec-enable yes;

 

dnssec-validation yes;

 

dnssec-lookaside auto;

/* Path to ISC DLV key */

 

bindkeys-file “/etc/named.iscdlv.key”;

 

managed-keys-directory “/var/named/dynamic”;

};

logging {

channel default_debug {

file “data/named.run”;

severity dynamic;

};

};

 

# change all from here

 

view “internal” {

match-clients {

localhost;

10.0.0.0/24;

};

zone “.” IN {

type hint;

file “named.ca”;

};

zone “server.world” IN {

type master;

file “server.world.lan”;

allow-update { none; };

};

zone “0.0.10.in-addr.arpa” IN {

type master;

file “0.0.10.db”;

allow-update { none; };

};

include “/etc/named.rfc1912.zones”;

include “/etc/named.root.key”;

};

view “external” {

match-clients { any; };

allow-query { any; };

recursion no;

zone “server.world” IN {

type master;

file “server.world.wan”;

allow-update { none; };

};

zone “80.0.16.172.in-addr.arpa” IN {

type master;

file “80.0.16.172.db”;

allow-update { none; };

};

};

 

# allow-query

⇒ query range you permit

# allow-transfer

⇒ the range you permit to transfer zone info

# recursion

⇒ allow or not to search recursively

# view “internal” { *** };

⇒ write for internal definition

# view “external” { *** };

⇒ write for external definition

# For How to write for reverse resolving, Write network address reversely like below.
# 10.0.0.0/24
# network address

⇒ 10.0.0.0

# range of network

⇒ 10.0.0.0 – 10.0.0.255

 

# how to write

⇒ 0.0.10.in-addr.arpa

# 172.16.0.80/29
# network address

⇒ 172.16.0.80

# range of network

⇒ 172.16.0.80 – 172.16.0.87

# how to write

⇒ 80.0.16.172.in-addr.arpa

 

For internal zone
This example uses internal address[10.0.0.0/24], domain name[server.world], but please use your own one when you set config on your server.

 

[root@dlp ~]#

vi /var/named/server.world.lan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name serve

 

IN  NS      dlp.server.world.

# internal IP address of name server

 

IN  A       10.0.0.30

# define Mail exchanger

 

IN  MX 10   dlp.server.world.

 

# define IP address and hostname

 

dlp     IN  A       10.0.0.30

 

[2] For external zone
This example uses external address[172.16.0.80/29], domain name[server.world], but please use your own one when you set config on your server.

 

[root@dlp ~]#

vi /var/named/server.world.wan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name server

 

IN  NS      dlp.server.world.

# external IP address of name server

 

IN  A       172.16.0.82

# define Mail exchanger

 

IN  MX 10   dlp.server.world.

 

# define IP address and hostname

 

dlp     IN  A       172.16.0.82

 

Set Zones for reverse resolution

 

  Create zone files that servers resolve domain names from IP address.
[3] For internal zone
This example uses internal address[10.0.0.0/24], domain name[server.world], but please use your own one when you set config on your server.

 

[root@dlp ~]#

vi /var/named/0.0.10.db

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name server

 

IN  NS      dlp.server.world.

 

# define range that this domain name is in

 

IN  PTR     server.world.

IN  A       255.255.255.0

 

# define IP address and hostname

 

30      IN  PTR     dlp.server.world.

 

[4] For external zone
This example uses external address[172.16.0.80/29], domain name[server.world], but please use your own one when you set config on your server.

 

[root@dlp ~]#

vi /var/named/80.0.16.172.db

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name server

 

IN  NS      dlp.server.world.

 

# define range that this domain name is in

 

IN  PTR     server.world.

IN  A       255.255.255.248

 

# define IP address and hostname

 

82      IN  PTR     dlp.server.world.

 

 

Configute chroot environment. Simply install “bind-chroot” package to do so. If you edit named.conf or other zone files on chroot environment, edit configuration files under /var/named/chroot/.

 

[root@dlp ~]#

yum -y install bind-chroot

[root@dlp ~]#

/etc/rc.d/init.d/named restart

 

Stopping named:

[ OK ]

Starting named:

[ OK ]

[root@dlp ~]#

ll /var/named/chroot/etc

 

total 28

-rw-r–r– 1 root root   331 Jul  9 11:17 localtime

drwxr-x— 2 root named 4096 Nov 11  2010 named

-rw-r—– 1 root named 1550 Jul  9 23:19 named.conf

-rw-r–r– 1 root named  601 Nov 11  2010 named.iscdlv.key

-rw-r—– 1 root named  931 Jun 21  2007 named.rfc1912.zones

drwxr-xr-x 3 root root  4096 Jul  9 23:30 pki

-rw-r—– 1 root named   77 Jul  9 23:02 rndc.key

[root@dlp ~]#

ll /var/named/chroot/var/named

 

total 40

-rw-r–r– 1 root  root   359 Jul  9 23:25 0.0.10.db

drwxr-x— 6 root  named 4096 Jul  9 23:30 chroot

drwxrwx— 2 named named 4096 Jul  9 23:25 data

drwxrwx— 2 named named 4096 Jul  9 23:26 dynamic

-rw-r—– 1 root  named 1892 Feb 18  2008 named.ca

-rw-r—– 1 root  named  152 Dec 15  2009 named.empty

-rw-r—– 1 root  named  152 Jun 21  2007 named.localhost

-rw-r—– 1 root  named  168 Dec 15  2009 named.loopback

-rw-r–r– 1 root  root   350 Jul  9 23:24 server.world.lan

drwxrwx— 2 named named 4096 Nov 11  2010 slaves

 

 

Set CNAME record in zone file.

 

[root@dlp ~]#

vi /var/named/server.world.lan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

# update serial

 

2011071002  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

IN  NS      dlp.server.world.

IN  A       10.0.0.30

IN  MX 10   dlp.server.world.

 

dlp     IN  A       10.0.0.30

# [ aliase IN CNAME server’s name ]

 

ftp     IN  CNAME   dlp.server.world.

 

[root@dlp ~]#

rndc reload

 

server reload successful

[root@dlp ~]#

dig ftp.server.world.

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> ftp.server.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;ftp.server.world.

IN

A

;; ANSWER SECTION:
ftp.server.world.

86400

IN

CNAME

dlp.server.world.

 

dlp.server.world.

86400

IN

A

10.0.0.30

;; AUTHORITY SECTION:

server.world.

86400

IN

NS

dlp.server.world.

;; Query time: 0 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Sun Jul 10 23:32:48 2011
;; MSG SIZE rcvd: 82

 

 

ollowing example shows an environment that master DNS is “dlp.server.world”, Slave DNS is “ns.example.host”.
[1] Write config in Zone file on Master DNS.

 

[root@dlp ~]#

vi /etc/named.conf

# add secondary DNS server in the section below

 

allow-transfer { localhost;

172.16.0.85;

};

[root@dlp ~]#

vi /var/named/server.world.wan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

# update serial

 

2011071003  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

IN  NS      dlp.server.world.

# add slave name server

 

IN  NS      ns.example.host.

IN  A       172.16.0.82

IN  MX 10   dlp.server.world.

 

dlp     IN  A       172.16.0.82

 

[root@dlp ~]#

rndc reload

server reload successful

 

[2] Configuration on Slave DNS.

 

[root@ns ~]#

vi /etc/named.conf

# add lines like below

 

zone “server.world” IN {

type slave;

masters { 172.16.0.82; };

file “slaves/server.world.wan”;

notify no;

};

 

[root@ns ~]#

rndc reload

server reload successful
[root@ns ~]#

ls /var/named/slaves

server.world.wan

# zone file in master DNS has been just transfered

 

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *