Setting Up DNS Server on CentOS 7

 

Setting Up DNS Server on CentOS 7

 

Scenario

 

Primary (Master) DNS Server Details:

Operating System     : CentOS 7 minimal server Hostname                   : ns1.example.com IP Address                  : 10.0.0.15/24

 

Client Details:

Operating System     : CentOS 7 Hostname                   : client.example.com IP Address                  : 10.0.0.14/24

 

Sequence 1. Setup Primary (Master) DNS Server

1. Install bind9 packages on your server.

yum install bind bind-utils -y

2. Configure DNS Server by editing 

   ‘/etc/named.conf’

vi /etc/named.conf options {

   listen-on port 53 { 127.0.0.1; 10.0.0.15;}; # Master DNS IP

   directory     "/var/named";    dump-file     "/var/named/data/cache_dump.db";    statistics-file "/var/named/data/named_stats.txt";    memstatistics-file "/var/named/data/named_mem_stats.txt";

   allow-query     { localhost; 10.0.0.0/24;}; # IP Range

   recursion yes;    dnssec-enable yes;    dnssec-validation yes;    dnssec-lookaside auto;    bindkeys-file "/etc/named.iscdlv.key";  managed-keys-directory "/var/named/dynamic";     pid-file "/run/named/named.pid";    session-keyfile "/run/named/session.key"; }; logging {        channel default_debug {                file "data/named.run";                severity dynamic;        }; }; zone "." IN {    type hint;    file "named.ca"; };

zone "example.com" IN {

type master;

file "forward.example";

allow-update { none; };

};

zone "0.0.10.in-addr.arpa" IN {

type master;

file "reverse.example";

allow-update { none; };

};

include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

3. Create Zone files. Create forward and reverse zone files which we mentioned in the 

   ‘/etc/named.conf’

   • Create Forward Zone “

     example”

     file in

     ‘/var/named’

      directory.

vi /var/named/forward.example $TTL 86400 @   IN  SOA     ns1.example.com. root.example.com. (       2011071001  ;Serial       3600        ;Refresh       1800        ;Retry       604800      ;Expire       86400       ;Minimum TTL ) @       IN  NS          ns1.example.com. @       IN  A           10.0.0.15 @       IN  A           10.0.0.102 @       IN  A           10.0.0.14 ns1       IN  A   10.0.0.15 client          IN  A   10.0.0.14

• • Create Reverse Zone file “example”  in ‘/var/named’ directory.

vi /var/named/reverse.example $TTL 86400 @   IN  SOA     ns1.example.com. root.example.com. (       2011071001  ;Serial       3600        ;Refresh       1800        ;Retry       604800      ;Expire       86400       ;Minimum TTL ) @       IN  NS          ns1.example.com. @       IN  PTR         example.com. ns1       IN  A   10.0.0.15 client          IN  A   10.0.0.14 14     IN  PTR         ns1.example.com. 15     IN  PTR         client.example.com.

4. Enable and start DNS service:

systemctl enable named systemctl start named

5. Firewall Configuration. We must allow the DNS service default port 53 through firewall.

firewall-cmd --permanent --add-port=53/tcp firewall-cmd --permanent --add-port=53/udp firewall-cmd --reload

6. Configuring Permissions, Ownership, and SELinux

chgrp named -R /var/named chown -v root:named /etc/named.conf restorecon -rv /var/named restorecon /etc/named.conf

7. Test DNS configuration and zone files for any syntax errors

# named-checkconf /etc/named.conf

If it returns nothing, your configuration file is valid.

Check Forward zone:

# named-checkzone example.com /var/named/forward.example Sample output: zone example.com/IN: loaded serial 2011071001 OK

Check reverse zone:

# named-checkzone example.com /var/named/reverse.example  Sample Output: zone example.com/IN: loaded serial 2011071001 OK

8. Add the DNS Server details in your network interface config file.

vi /etc/sysconfig/network-scripts/ifcfg-enp0s3 TYPE="Ethernet" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME="enp0s3" UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa" ONBOOT="yes" HWADDR="08:00:27:19:68:73" IPADDR0="10.0.0.15" PREFIX0="24" GATEWAY0="10.0.0.1" DNS="10.0.0.15" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes"

9. Edit file /etc/resolv.conf,

vi /etc/resolv.conf nameserver      10.0.0.15

10. Restart network service:

systemctl restart network

 

Sequence 2. Test DNS Server

[the_ad id="2469"]

dig ns1.example.com

Sample Output:

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> ns1.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ns1.example.com.    IN    A ;; ANSWER SECTION: ns1.example.com. 86400    IN    A    10.0.0.15 ;; AUTHORITY SECTION: example.com.        86400    IN    NS    ns1.example.com. ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; SERVER: 10.0.0.15#53(10.0.0.15) ;; WHEN: Wed Aug 20 16:20:46 IST 2014 ;; MSG SIZE  rcvd: 125 nslookup example.com