Setup DNS Server step by step in CentOS 6.3 / RHEL 6.3 / Scientific Linux 6.3
Posted on by SK • Posted in CentOS, DNS, Linux, RHEL, Scientific Linux • 14 Comments
DNS (Domain Name System) is the core component of network infrastructure. The DNS service resolves hostname into ip address and vice versa. For example if we type http://www.ostechnix.com in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.
DNS Server Installation in CentOS 6.3
This how-to tutorial will shows you how to install and configure Primary and Scondary DNS server. The steps provided here are tested in CentOS 6.3 32 bit edition, but it should work in RHEL 6.x(x stands for version) and Scientific Linux 6.x too.
Scenario
Here are my test setup scenario
[A] Primary(Master) DNS Server Details:
Operating System : CentOS 6.3 32 bit (Minimal Server)
Hostname : masterdns.ostechnix.com
IP Address : 192.168.1.200/24
[B] Secondary(Slave) DNS Server Details:
Operating System : CentOS 6.3 32 bit (Minimal Server)
Hostname : slavedns.ostechnix.com
IP Address : 192.168.1.201/24
Setup Primary(Master) DNS Server
[root@masterdns ~]# yum install bind* -y
1. Configure DNS Server
The main configuration of the DNS will look like below. Edit and add the entries below which are marked as bold in this configuration files.
[root@masterdns ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.200;}; ## Master DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ## IP Range ##
allow-transfer { localhost; 192.168.1.201; }; ## Slave DNS IP ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ostechnix.com" IN {
type master;
file "fwd.ostechnix.com";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "rev.ostechnix.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Create Zone files
Now we should create forward and reverse zone files which we mentioned in the `/etc/named.conf' file.
[A] Create Forward Zone
Create `fwd.ostechnix.com' file in the `/var/named' directory and add the entries for forward zone as shown below.
[root@masterdns ~]# vi /var/named/fwd.ostechnix.com
$TTL 86400
@ IN SOA masterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.ostechnix.com.
@ IN NS slavedns.ostechnix.com.
masterdns IN A 192.168.1.200
slavedns IN A 192.168.1.201
[B] Create Reverse Zone
Create `rev.ostechnix.com' file in the `/var/named' directory and add the entries for reverse zone as shown below.
[root@masterdns ~]# vi /var/named/rev.ostechnix.com
$TTL 86400
@ IN SOA masterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.ostechnix.com.
@ IN NS slavedns.ostechnix.com.
masterdns IN A 192.168.1.200
slavedns IN A 192.168.1.201
200 IN PTR masterdns.ostechnix.com.
201 IN PTR slavedns.ostechnix.com.
3. Start the bind service
[root@masterdns ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@masterdns ~]# chkconfig named on
4. Allow DNS Server through iptables
Add the lines shown in bold letters in `/etc/sysconfig/iptables' file. This will allow all clients to access the DNS server.
[root@masterdns ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
5. Restart iptables to save the changes
[root@masterdns ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
6. Test syntax errors of DNS configuration and zone files
[A] Check DNS Config file
[root@masterdns ~]# named-checkconf /etc/named.conf
[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones
[B] Check zone files
[root@masterdns ~]# named-checkzone ostechnix.com /var/named/fwd.ostechnix.com
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone ostechnix.com /var/named/rev.ostechnix.com
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]#
7. Test DNS Server
Method A:
[root@masterdns ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.ostechnix.com. IN A
;; ANSWER SECTION:
masterdns.ostechnix.com. 86400 IN A 192.168.1.200
;; AUTHORITY SECTION:
ostechnix.com. 86400 IN NS masterdns.ostechnix.com.
ostechnix.com. 86400 IN NS slavedns.ostechnix.com.
;; ADDITIONAL SECTION:
slavedns.ostechnix.com. 86400 IN A 192.168.1.201
;; Query time: 5 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 12:48:35 2013
;; MSG SIZE rcvd: 110
Method B:
[root@masterdns ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 IN PTR masterdns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS masterdns.ostechnix.com.
1.168.192.in-addr.arpa. 86400 IN NS slavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400 IN A 192.168.1.200
slavedns.ostechnix.com. 86400 IN A 192.168.1.201
;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 12:49:53 2013
;; MSG SIZE rcvd: 150
Method C:
[root@masterdns ~]# nslookup masterdns
Server: 192.168.1.200
Address: 192.168.1.200#53
Name: masterdns.ostechnix.com
Address: 192.168.1.200
Thats it. Now the Primary DNS server is ready
Setup Secondary(Slave) DNS Server
[root@slavedns ~]# yum install bind* -y
1. Configure Slave DNS Server
Open the main configuration file `/etc/named.conf' and add the lines as shown in bold letters.
[root@slavedns ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.201; }; ## Slve DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ## IP Range ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ostechnix.com" IN {
type slave;
file "slaves/ostechnix.fwd";
masters { 192.168.1.200; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/ostechnix.rev";
masters { 192.168.1.200; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Start the DNS Service
[root@slavedns ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@slavedns ~]# chkconfig named on
Now the forward and reverse zones are automatically replicated from Master DNS server to Slave DNS server.
To verify, goto DNS database location(i.e `/var/named/slaves') and use command `ls'.
[root@slavedns ~]# cd /var/named/slaves/
[root@slavedns slaves]# ls
ostechnix.fwd ostechnix.rev
The forward and reverse zones are automatically replicated from Master DNS. Now check the zone files whether the correct zone files are replicated or not.
[A] Check Forward zone:
[root@slavedns slaves]# cat ostechnix.fwd
$ORIGIN .
$TTL 86400 ; 1 day
ostechnix.com IN SOA masterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ; serial
3600 ; refresh (1 hour)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS masterdns.ostechnix.com.
NS slavedns.ostechnix.com.
$ORIGIN ostechnix.com.
masterdns A 192.168.1.200
slavedns A 192.168.1.201
[B] Check Reverse zone:
[root@slavedns slaves]# cat ostechnix.rev
$ORIGIN .
$TTL 86400 ; 1 day
1.168.192.in-addr.arpa IN SOA masterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ; serial
3600 ; refresh (1 hour)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS masterdns.ostechnix.com.
NS slavedns.ostechnix.com.
$ORIGIN 1.168.192.in-addr.arpa.
200 PTR masterdns.ostechnix.com.
201 PTR slavedns.ostechnix.com.
masterdns A 192.168.1.200
slavedns A 192.168.1.201
3. Add the DNS Server details to all systems
[root@slavedns ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search ostechnix.com
nameserver 192.168.1.200
nameserver 192.168.1.201
nameserver 8.8.8.8
4. Test DNS Server
Method A:
[root@slavedns ~]# dig slavedns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> slavedns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;slavedns.ostechnix.com. IN A
;; ANSWER SECTION:
slavedns.ostechnix.com. 86400 IN A 192.168.1.201
;; AUTHORITY SECTION:
ostechnix.com. 86400 IN NS masterdns.ostechnix.com.
ostechnix.com. 86400 IN NS slavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400 IN A 192.168.1.200
;; Query time: 7 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 13:00:17 2013
;; MSG SIZE rcvd: 110
Method B:
[root@slavedns ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.ostechnix.com. IN A
;; ANSWER SECTION:
masterdns.ostechnix.com. 86400 IN A 192.168.1.200
;; AUTHORITY SECTION:
ostechnix.com. 86400 IN NS masterdns.ostechnix.com.
ostechnix.com. 86400 IN NS slavedns.ostechnix.com.
;; ADDITIONAL SECTION:
slavedns.ostechnix.com. 86400 IN A 192.168.1.201
;; Query time: 13 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 13:01:02 2013
;; MSG SIZE rcvd: 110
Method C:
[root@slavedns ~]# nslookup slavedns
Server: 192.168.1.200
Address: 192.168.1.200#53
Name: slavedns.ostechnix.com
Address: 192.168.1.201
Method D:
[root@slavedns ~]# nslookup masterdns
Server: 192.168.1.200
Address: 192.168.1.200#53
Name: masterdns.ostechnix.com
Address: 192.168.1.200
Method E:
[root@slavedns ~]# dig -x 192.168.1.201
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56991
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;201.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
201.1.168.192.in-addr.arpa. 86400 IN PTR slavedns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS masterdns.ostechnix.com.
1.168.192.in-addr.arpa. 86400 IN NS slavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400 IN A 192.168.1.200
slavedns.ostechnix.com. 86400 IN A 192.168.1.201
;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 13:03:39 2013
;; MSG SIZE rcvd: 150
Method F:
[root@slavedns ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42968
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 IN PTR masterdns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS slavedns.ostechnix.com.
1.168.192.in-addr.arpa. 86400 IN NS masterdns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400 IN A 192.168.1.200
slavedns.ostechnix.com. 86400 IN A 192.168.1.201
;; Query time: 4 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar 3 13:04:15 2013
;; MSG SIZE rcvd: 150