Setup DNS Server step by step in CentOS 6 3





Posted on by SK • Posted in CentOS, DNS, Linux, RHEL, Scientific Linux14 Comments

DNS (Domain Name System) is the core component of network infrastructure. The DNS service resolves hostname into ip address and vice versa. For example if we type http://www.ostechnix.com in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.

This how-to tutorial will shows you how to install and configure Primary and Scondary DNS server. The steps provided here are tested in CentOS 6.3 32 bit edition, but it should work in RHEL 6.x(x stands for version) and Scientific Linux 6.x too.

Here are my test setup scenario

Operating System     : CentOS 6.3 32 bit (Minimal Server)

Hostname             : masterdns.ostechnix.com

IP Address           : 192.168.1.200/24

Operating System     : CentOS 6.3 32 bit (Minimal Server)

Hostname             : slavedns.ostechnix.com

IP Address           : 192.168.1.201/24  

[root@masterdns ~]# yum install bind* -y

The main configuration of the DNS will look like below. Edit and add the entries below which are marked as bold in this configuration files.

[root@masterdns ~]# vi /etc/named.conf 

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

listen-on port 53 { 127.0.0.1; 192.168.1.200;}; ## Master DNS IP ##

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query     { localhost; 192.168.1.0/24; }; ## IP Range ##

allow-transfer { localhost; 192.168.1.201; }; ## Slave DNS IP ##

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

type hint;

file "named.ca";

};

zone "ostechnix.com" IN {

type master;

file "fwd.ostechnix.com";

allow-update { none; };

};

zone "1.168.192.in-addr.arpa" IN {

type master;

file "rev.ostechnix.com";

allow-update { none; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

Now we should create forward and reverse zone files which we mentioned in the `/etc/named.conf' file.

Create `fwd.ostechnix.com' file in the `/var/named' directory and add the entries for forward zone as shown below.

[root@masterdns ~]# vi /var/named/fwd.ostechnix.com 

$TTL 86400

@   IN  SOA     masterdns.ostechnix.com. root.ostechnix.com. (

        2011071001  ;Serial

        3600        ;Refresh

        1800        ;Retry

        604800      ;Expire

        86400       ;Minimum TTL

)

@ IN  NS      masterdns.ostechnix.com.

@ IN  NS     slavedns.ostechnix.com.

masterdns     IN  A    192.168.1.200

slavedns IN A 192.168.1.201

Create `rev.ostechnix.com' file in the `/var/named' directory and add the entries for reverse zone as shown below.

[root@masterdns ~]# vi /var/named/rev.ostechnix.com 

$TTL 86400

@   IN  SOA     masterdns.ostechnix.com. root.ostechnix.com. (

        2011071001  ;Serial

        3600        ;Refresh

        1800        ;Retry

        604800      ;Expire

        86400       ;Minimum TTL

)

@ IN  NS      masterdns.ostechnix.com.

@ IN  NS      slavedns.ostechnix.com.

masterdns IN  A   192.168.1.200

slavedns IN  A   192.168.1.201

200     IN  PTR     masterdns.ostechnix.com.

201 IN  PTR    slavedns.ostechnix.com.

[root@masterdns ~]# service named start

Generating /etc/rndc.key:                                  [  OK  ]

Starting named:                                            [  OK  ]

[root@masterdns ~]# chkconfig named on

Add the lines shown in bold letters in `/etc/sysconfig/iptables' file. This will allow all clients to access the DNS server.

[root@masterdns ~]# vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

[root@masterdns ~]# service iptables restart

iptables: Flushing firewall rules:                         [  OK  ]

iptables: Setting chains to policy ACCEPT: filter          [  OK  ]

iptables: Unloading modules:                               [  OK  ]

iptables: Applying firewall rules:                         [  OK  ]

[root@masterdns ~]# named-checkconf /etc/named.conf 

[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones 

[root@masterdns ~]# named-checkzone ostechnix.com /var/named/fwd.ostechnix.com 

zone ostechnix.com/IN: loaded serial 2011071001

OK

[root@masterdns ~]# named-checkzone ostechnix.com /var/named/rev.ostechnix.com 

zone ostechnix.com/IN: loaded serial 2011071001

OK

[root@masterdns ~]#

[root@masterdns ~]# dig masterdns.ostechnix.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:

;masterdns.ostechnix.com. IN A

;; ANSWER SECTION:

masterdns.ostechnix.com. 86400 IN A 192.168.1.200

;; AUTHORITY SECTION:

ostechnix.com. 86400 IN NS masterdns.ostechnix.com.

ostechnix.com. 86400 IN NS slavedns.ostechnix.com.

;; ADDITIONAL SECTION:

slavedns.ostechnix.com. 86400 IN A 192.168.1.201

;; Query time: 5 msec

;; SERVER: 192.168.1.200#53(192.168.1.200)

;; WHEN: Sun Mar  3 12:48:35 2013

;; MSG SIZE  rcvd: 110

[root@masterdns ~]# dig -x 192.168.1.200

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;200.1.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:

200.1.168.192.in-addr.arpa. 86400 IN PTR masterdns.ostechnix.com.

;; AUTHORITY SECTION:

1.168.192.in-addr.arpa. 86400 IN NS masterdns.ostechnix.com.

1.168.192.in-addr.arpa. 86400 IN NS slavedns.ostechnix.com.

;; ADDITIONAL SECTION:

masterdns.ostechnix.com. 86400 IN A 192.168.1.200

slavedns.ostechnix.com. 86400 IN A 192.168.1.201

;; Query time: 6 msec

;; SERVER: 192.168.1.200#53(192.168.1.200)

;; WHEN: Sun Mar  3 12:49:53 2013

;; MSG SIZE  rcvd: 150

[root@masterdns ~]# nslookup masterdns

Server: 192.168.1.200

Address: 192.168.1.200#53

Name: masterdns.ostechnix.com

Address: 192.168.1.200

Thats it. Now the Primary DNS server is ready

[root@slavedns ~]# yum install bind* -y

Open the main configuration file `/etc/named.conf' and add the lines as shown in bold letters.

[root@slavedns ~]# vi /etc/named.conf 

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

listen-on port 53 { 127.0.0.1; 192.168.1.201; }; ## Slve DNS IP ##

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query     { localhost; 192.168.1.0/24; }; ## IP Range ##

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

type hint;

file "named.ca";

};

zone "ostechnix.com" IN {

type slave;

file "slaves/ostechnix.fwd";

masters { 192.168.1.200; };

};

zone "1.168.192.in-addr.arpa" IN {

type slave;

file "slaves/ostechnix.rev";

masters { 192.168.1.200; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

[root@slavedns ~]# service named start

Generating /etc/rndc.key:                                  [  OK  ]

Starting named:                                            [  OK  ]

[root@slavedns ~]# chkconfig named on

Now the forward and reverse zones are automatically replicated from Master DNS server to Slave DNS server. 

To verify, goto DNS database location(i.e `/var/named/slaves') and use command `ls'.

[root@slavedns ~]# cd /var/named/slaves/

[root@slavedns slaves]# ls

ostechnix.fwd  ostechnix.rev

The forward and reverse zones are automatically replicated from Master DNS. Now check the zone files whether the correct zone files are replicated or not.

[root@slavedns slaves]# cat ostechnix.fwd 

$ORIGIN .

$TTL 86400 ; 1 day

ostechnix.com IN SOA masterdns.ostechnix.com. root.ostechnix.com. (

2011071001 ; serial

3600       ; refresh (1 hour)

1800       ; retry (30 minutes)

604800     ; expire (1 week)

86400      ; minimum (1 day)

)

NS masterdns.ostechnix.com.

NS slavedns.ostechnix.com.

$ORIGIN ostechnix.com.

masterdns A 192.168.1.200

slavedns A 192.168.1.201

[root@slavedns slaves]# cat ostechnix.rev 

$ORIGIN .

$TTL 86400 ; 1 day

1.168.192.in-addr.arpa IN SOA masterdns.ostechnix.com. root.ostechnix.com. (

2011071001 ; serial

3600       ; refresh (1 hour)

1800       ; retry (30 minutes)

604800     ; expire (1 week)

86400      ; minimum (1 day)

)

NS masterdns.ostechnix.com.

NS slavedns.ostechnix.com.

$ORIGIN 1.168.192.in-addr.arpa.

200 PTR masterdns.ostechnix.com.

201 PTR slavedns.ostechnix.com.

masterdns A 192.168.1.200

slavedns A 192.168.1.201

[root@slavedns ~]# vi /etc/resolv.conf 

# Generated by NetworkManager

search ostechnix.com

nameserver 192.168.1.200

nameserver 192.168.1.201

nameserver 8.8.8.8

[root@slavedns ~]# dig slavedns.ostechnix.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> slavedns.ostechnix.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39096

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:

;slavedns.ostechnix.com. IN A

;; ANSWER SECTION:

slavedns.ostechnix.com. 86400 IN A 192.168.1.201

;; AUTHORITY SECTION:

ostechnix.com. 86400 IN NS masterdns.ostechnix.com.

ostechnix.com. 86400 IN NS slavedns.ostechnix.com.

;; ADDITIONAL SECTION:

masterdns.ostechnix.com. 86400 IN A 192.168.1.200

;; Query time: 7 msec

;; SERVER: 192.168.1.200#53(192.168.1.200)

;; WHEN: Sun Mar  3 13:00:17 2013

;; MSG SIZE  rcvd: 110

[root@slavedns ~]# dig masterdns.ostechnix.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:

;masterdns.ostechnix.com. IN A

;; ANSWER SECTION:

masterdns.ostechnix.com. 86400 IN A 192.168.1.200

;; AUTHORITY SECTION:

ostechnix.com. 86400 IN NS masterdns.ostechnix.com.

ostechnix.com. 86400 IN NS slavedns.ostechnix.com.

;; ADDITIONAL SECTION:

slavedns.ostechnix.com. 86400 IN A 192.168.1.201

;; Query time: 13 msec

;; SERVER: 192.168.1.200#53(192.168.1.200)

;; WHEN: Sun Mar  3 13:01:02 2013

;; MSG SIZE  rcvd: 110

[root@slavedns ~]# nslookup slavedns

Server: 192.168.1.200

Address: 192.168.1.200#53

Name: slavedns.ostechnix.com

Address: 192.168.1.201

[root@slavedns ~]# nslookup masterdns

Server: 192.168.1.200

Address: 192.168.1.200#53

Name: masterdns.ostechnix.com

Address: 192.168.1.200

[root@slavedns ~]# dig -x 192.168.1.201

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.201

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56991

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;201.1.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:

201.1.168.192.in-addr.arpa. 86400 IN PTR slavedns.ostechnix.com.

;; AUTHORITY SECTION:

1.168.192.in-addr.arpa. 86400 IN NS masterdns.ostechnix.com.

1.168.192.in-addr.arpa. 86400 IN NS slavedns.ostechnix.com.

;; ADDITIONAL SECTION:

masterdns.ostechnix.com. 86400 IN A 192.168.1.200

slavedns.ostechnix.com. 86400 IN A 192.168.1.201

;; Query time: 6 msec

;; SERVER: 192.168.1.200#53(192.168.1.200)

;; WHEN: Sun Mar  3 13:03:39 2013

;; MSG SIZE  rcvd: 150

[root@slavedns ~]# dig -x 192.168.1.200

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42968

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;200.1.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:

200.1.168.192.in-addr.arpa. 86400 IN PTR masterdns.ostechnix.com.

;; AUTHORITY SECTION:

1.168.192.in-addr.arpa. 86400 IN NS slavedns.ostechnix.com.

1.168.192.in-addr.arpa. 86400 IN NS masterdns.ostechnix.com.

;; ADDITIONAL SECTION:

masterdns.ostechnix.com. 86400 IN A 192.168.1.200

slavedns.ostechnix.com. 86400 IN A 192.168.1.201

;; Query time: 4 msec

;; SERVER: 192.168.1.200#53(192.168.1.200)

;; WHEN: Sun Mar  3 13:04:15 2013

;; MSG SIZE  rcvd: 150




Wyszukiwarka

Podobne podstrony:
automating with step 7 in lad and fbd simatic (1)
automating with step 7 in lad and fbd simatic (1)
Every Step In Canning
chirurgia 03.03 3006 urazy gAowy by SHU ., In Search of Sunrise 1 - 9, In Search of Sunrise 10 Austr
Stories by Authors in Scotland
The Effect of DNS Delays on Worm Propagation in an IPv6 Internet
Beowulf, Byrhtnoth, and the Judgment of God Trial by Combat in Anglo Saxon England
Setup Guide Server side synchronization for CRM Online and Exchange Server
Ebook Underworld Survival Guide Steal This Book(Banned By Us In The 70 s) Very Useful
Possession by Hearts In Strangeness
Lower utilization of cervical cancer screening by nurses in Taiwan
corel draw 10 step by step learning ebook gdb7h4vpmqfmtcqjt6hcag3bj4jdxptnc67pvly GDB7H4VPMQFMTCQJT6
Here is how to reflash CARPROG Mcu AT91SAM7S256 step by step
Draw Paper Dolls step by step
hardering Cisco step by step
Here is how to reflash?RPROG Mcu AT91SAM7S256 step by step

więcej podobnych podstron