Saturday, April 21, 2018

Configure DNS in Linux

DNS = Domain Naming Service (or) Domain Name System DNS will resolve the host name for the particular IP address.
- WINS provides only netbios to IP but not from IP to netbios
- DNS & WINS reduces the broadcast
- Host file located in /etc/hosts

 => Zone
  - Storage database which contains all the records.
  1. Forward lookup Zone
      - Used for resolving hostnames to IP
      - Maintains host to IP mapping info
  2. Revers lookup Zone
      - Used to resolve IP to hostname
      - Maintains IP to host mapping info

=> Records
  1. PTR Record                                             /Reverse lookup Zone
      - Maps IP to Hostname
  2. SOA Record                                             /Forward lookup Zone
      - First Record in any zone file
      - Primary and Start Of Authority
  3. NS Record                                               /Forward lookup Zone
      - Name server
      - Identifies the DNS servers for each zone
  4. MX Record                                              /Forward lookup Zone
      - Maps domain name to a mail server
      - Mail Exchange
  5. A Record (Address Record)                      /Forward lookup Zone   
      - Maps hostname to an IP address
      - Client Side
  6. SRV Record                                             /Forward lookup Zone
      - Service Record
  7. CNAME Record (Canonical Name)
      - Maps an alias name to a hostname

=> Packages
   - bind*
   - caching-nameserver-*.rpm

 => Port number
   - 53

 => Configuration file
   - /etc/named.caching-nameserve.conf
   - /etc/named.rtc1912.zones

 => Daemon/Service
   - named

Primary(Master) DNS Server Details:
Operating System     : CentOS 6.5 server
Hostname             : masterdns.rhce.local 
IP Address       : 192.168.1.100/24[Installation on Server Side]

Secondary(Slave) DNS Server Details:

Operating System     : CentOS 6.5 server
Hostname             : secondarydns.rhce.local
IP Address           : 192.168.1.101/24

 Client Details:
Operating System     : CentOS 6.5 Desktop  
Hostname             : Client.rhce.local
IP Address           : 192.168.1.102/24

 Setup Primary(Master) DNS Server
[root@masterdns ~]# yum install bind* -y

1. Configure DNS Server

Add the lines as shown below in ‘/etc/named.conf’ file
[root@master ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.100; }; ### Master DNS IP ###
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; }; ### IP Range ### 
allow-transfer{ localhost; 192.168.1.101; };   ### Slave DNS IP ###
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"rhce.local" IN {
type master;
file "forward.rhce";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.rhce";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Create Zone files

Create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.

2.1 Create Forward Zone

Create forward.rhce file in the ‘/var/named’ directory.
[root@master ~]# vi /var/named/forward.rhce
$TTL 86400
@   IN  SOA     master.rhce.local. root.rhce.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          master.rhce.local.
@       IN  NS          secondary.rhce.local.
@       IN  A           192.168.1.100
@       IN  A           192.168.1.101
@       IN  A           192.168.1.102
master       IN  A   192.168.1.100
secondary    IN  A   192.168.1.101
client          IN  A   192.168.1.102

2.2 Create Reverse Zone

Create reverse.rhce file in the ‘/var/named’ directory.
[root@master ~]# vi /var/named/reverse.rhce

$TTL 86400
@   IN  SOA     master.rhce.local. root.rhce.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          master.rhce.local.
@       IN  NS          secondary.rhce.local.
@       IN  PTR         rhce.local.
master       IN  A   192.168.1.100
secondary    IN  A   192.168.1.101
client          IN  A   192.168.1.102
100     IN  PTR         master.rhce.local.
101     IN  PTR         secondary.rhce.local.
102     IN  PTR         client.rhce.local.

3. Start the DNS service

[root@master ~]# service named start
Starting named:                                            [  OK  ]
[root@master ~]# chkconfig named on

4. Adjust iptables to allow DNS server from outside of the network

Add the lines as shown below in ‘/etc/sysconfig/iptables’ file.
[root@master ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

5. Restart iptables

[root@master ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

6. Test DNS configuration and zone files for any syntax errors

[root@master ~]# named-checkconf /etc/named.conf 
[root@master ~]# named-checkzone rhce.local /var/named/forward.rhce 
zone rhce.local/IN: loaded serial 2011071001
OK
[root@master ~]# named-checkzone rhce.local /var/named/reverse.rhce
zone rhce.local/IN: loaded serial 2011071001
OK

7. Test DNS Server

[root@master ~]# dig master.rhce.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> master.rhce.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49834
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;master.rhce.local.INA
;; ANSWER SECTION:
master.rhce.local. 86400INA192.168.1.100
;; AUTHORITY SECTION:
rhce.local.86400INNSsecondary.rhce.local.
rhce.local.86400INNSmaster.rhce.local.
;; ADDITIONAL SECTION:
secondary.rhce.local. 86400 INA192.168.1.101
;; Query time: 6 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:07:56 2013
;; MSG SIZE  rcvd: 114
[root@master ~]# nslookup rhce.local
Server:192.168.1.100
Address:192.168.1.100#53
Name:rhce.local
Address: 192.168.1.102
Name:rhce.local
Address: 192.168.1.100
Name:rhce.local
Address: 192.168.1.101

Now the Primary DNS server is ready to use.

Setup Secondary(Slave) DNS Server

[root@secondary ~]# yum install bind* -y

1. Configure Slave DNS Server

Open the main configuration file ‘/etc/named.conf’ and add the lines as shown below.
[root@secondary ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.101; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"rhce.local" IN {
type slave;
file "slaves/rhce.fwd";
masters { 192.168.1.100; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/rhce.rev";
masters { 192.168.1.100; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Start the DNS Service

[root@secondary ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@secondary ~]# chkconfig named on

Now the forward and reverse zones are automatically replicated from Master DNS server to ‘/var/named/slaves/’ in Secondary DNS server.
[root@secondary ~]# ls /var/named/slaves/
rhce.fwd  rhce.rev
[root@secondary ~]# cat /var/named/slaves/rhce.fwd 
$ORIGIN .
$TTL 86400; 1 day
rhce.localIN SOAmasterdns.rhce.local. root.rhce.local. (
2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NS master.rhce.local.
NS secondary.rhce.local.
A192.168.1.100
A192.168.1.101
A192.168.1.102
$ORIGIN rhce.local.
clientA192.168.1.102
masterA192.168.1.100
secondaryA192.168.1.101
[root@secondary ~]# cat /var/named/slaves/rhce.rev 
$ORIGIN .
$TTL 86400; 1 day
1.168.192.in-addr.arpaIN SOAmaster.rhce.local. root.rhce.local. (
2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NS master.rhce.local.
NS secondary.rhce.local.
PTRrhce.local.
$ORIGIN 1.168.192.in-addr.arpa.
100PTRmaster.rhce.local.
101PTRsecondary.rhce.local.
102PTRclient.rhce.local.
clientA192.168.1.102
masterA192.168.1.100
secondaryA192.168.1.101

3. Add the DNS Server details to all systems

[root@secondary ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search rhce.com
nameserver 192.168.1.100
nameserver 192.168.1.101
nameserver 8.8.8.8

4. Test DNS Server

[root@secondary ~]# dig masterdns.rhce.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> master.rhce.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21487
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;master.rhce.local.INA
;; ANSWER SECTION:
master.rhce.local. 86400INA192.168.1.100
;; AUTHORITY SECTION:
rhce.local.86400INNSmaster.rhce.local.
rhce.local.86400INNSsecondary.rhce.local.
;; ADDITIONAL SECTION:
secondary.rhce.local. 86400 INA192.168.1.101
;; Query time: 15 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:27:57 2013
;; MSG SIZE  rcvd: 114
[root@secondary ~]# dig secondary.rhce.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> secondary.rhce.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;secondary.rhce.local.INA
;; ANSWER SECTION:
secondary.rhce.local. 86400 INA192.168.1.101
;; AUTHORITY SECTION:
rhce.local.86400INNSmaster.rhce.local.
rhce.local.86400INNSsecondary.rhce.local.
;; ADDITIONAL SECTION:
master.rhce.local. 86400INA192.168.1.100
;; Query time: 4 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:31:53 2013
;; MSG SIZE  rcvd: 114
[root@secondary ~]# nslookup rhce.local
Server:192.168.1.100
Address:192.168.1.100#53
Name:rhce.local
Address: 192.168.1.101
Name:rhce.local
Address: 192.168.1.102
Name:rhce.local
Address: 192.168.1.100
Client Side Configuration
Add the DNS server details in ‘/etc/resolv.conf’ file in all client systems
[root@client rhce]# vi /etc/resolv.conf
# Generated by NetworkManager
search rhce.local
nameserver 192.168.1.100
nameserver 192.168.1.101
nameserver 8.8.8.8

Test DNS Server

[root@client rhce]# dig master.rhce.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> master.rhce.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;master.rhce.local.INA
;; ANSWER SECTION:
master.rhce.local. 86400INA192.168.1.100
;; AUTHORITY SECTION:
rhce.local.86400INNSmaster.rhce.local.
rhce.local.86400INNSsecondary.rhce.local.
;; ADDITIONAL SECTION:
secondary.rhce.local. 86400 INA192.168.1.101
;; Query time: 30 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:47:55 2013
;; MSG SIZE  rcvd: 114
[root@client rhce]# dig secondary.rhce.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> secondary.rhce.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14852
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;secondary.rhce.local.INA
;; ANSWER SECTION:
secondary.rhce.local. 86400 INA192.168.1.101
;; AUTHORITY SECTION:
rhce.local.86400INNSsecondary.rhce.local.
rhce.local.86400INNSmaster.rhce.local.
;; ADDITIONAL SECTION:
master.rhce.local. 86400INA192.168.1.100
;; Query time: 8 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:48:38 2013
;; MSG SIZE  rcvd: 114
[root@client rhce]# dig client.rhce.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> client.rhce.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14604
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;client.rhce.local.INA
;; ANSWER SECTION:
client.rhce.local.86400INA192.168.1.102
;; AUTHORITY SECTION:
rhce.local.86400INNSmaster.rhce.local.
rhce.local.86400INNSsecondary.rhce.local.
;; ADDITIONAL SECTION:
master.rhce.local. 86400INA192.168.1.100
secondary.rhce.local. 86400 INA192.168.1.101
;; Query time: 5 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:49:11 2013
;; MSG SIZE  rcvd: 137
[root@client rhce]# nslookup rhce.local
Server:192.168.1.100
Address:192.168.1.100#53
Name:rhce.local
Address: 192.168.1.102
Name:rhce.local
Address: 192.168.1.100
Name:rhce.local
Address: 192.168.1.101

Now the primary and secondary DNS servers are ready to use.
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)