Embedded Files
Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP
Application: Name Resulation
Name => IP (www.btcl.gov.bd => 180.211.129.60)
IP => Name (180.211.129.60=> www.btcl.gov.bd)
Resolver:
---------
=> Global (DNS) - Automatically
=> Local (hosts) - Manually
Types of DNS Server:
--------------------
=> Recursive DNS Servers
=> Authoritative DNS Servers
=> Caching DNS Server
Daemon: named
Packages: bind,bind-utils
Port: 53
Protocol: TCP and UdP
Configuration file:
=> /etc/sysconfig/network-scripts/ifcfg-eth0
=> /etc/hosts
=> /etc/hostname
=> /etc/named.conf
=> /etc/named.rfc1912.zones
=> /var/named/named.localhost (Forward Zone)
=> /var/named/named.looback (Reverse Zone)
Step 01: Set Static Host Name and Reboot:
----------------------------------------
[root@serverX ~]# hostname
[root@serverX ~]# vim /etc/hostname
mail.worldcm.net
[root@serverX ~]# logout
[root@mail ~]# hostname
Step 02: Set Static IP Address and DNS:
-------------------------------------------------------
# hostnamectl set-hostname mail
# echo "192.168.0.14 mail.worldcm.net mail " >> /etc/hosts
# cat /etc/hosts
-----------------------------------------------------
[root@mail ~]# ifconfig
or
[root@mail ~]# ip addr
[root@mail ~]# cd /etc/sysconfig/network-scripts/
[root@mail network-scripts]# ls
[root@mail network-scripts]# vim ifcfg-eth0 ; your Interface name
DEVICE=eth0
HWADDR=AA:BB:CC:DD:EE:FF
TYPE=Ethernet
BOOTPROTO=none
IPADDR=192.168.80.82+X
NETMASK=255.255.255.0
GATEWAY=192.168.8.1
ONBOOT=yes
DNS1=192.168.80.1+X
[root@mail network-scripts]# systemctl stop NetworkManager.service
[root@mail network-scripts]# systemctl disable NetworkManager.service
[root@mail network-scripts]# systemctl restart network.service
[root@mail network-scripts]# ip addr
[root@mail network-scripts]# ping 192.168.80.82
[root@mail network-scripts]# ping 8.8.8.8
[root@mail network-scripts]# cat /etc/resolv.conf ;verify
nameserver 192.168.80.82+X
search worldcm.net
Step 02: Local resolver entry:
------------------------------
[root@serverX ~]# vim /etc/hosts
1 127.0.0.0 localhost.localdomain localhost.localdomain
2 ::1
==================== New Entry ========================
3 192.168.80.82+X mail.worldcm.net mail
4 192.168.80.81+x desktopX.worldcm.net desktopX
5 192.168.80.80 gw.worldcm.net gw
***save and exit
[root@serverX ~]# ping mail
[root@serverX ~]# ping gw
[root@serverX ~]# ping desktopX
Step 03: Install Required RPM:
------------------------------
[root@mail ~]# yum install bind* -y
# yum install bind bind-utils
Step 04: Allow DNS Server IP and Network:
----------------------------------------
[root@mail ~]# vim /etc/named.conf
11 listen-on port 53 { 127.0.0.1; 192.168.80.82; };
12 # listen-on-v6 port 53 { ::1; };
17 allow-query { localhost; 192.168.80.0/24; };
Step 06: Set Forward and Reverse Zones:
---------------------------------------
[root@mail ~]# vim /etc/named.rfc1912.zones
:set nu
19 zone "worldcm.net" IN {
20 type master;
21 file "worldcm.net.for";
22 allow-update { none; };
23 };
31 zone "80.168.192.in-addr.arpa" IN {
32 type master;
33 file "worldcm.net.rev";
34 allow-update { none; };
35 };
Step 07: Create Forward and Reverse Zone Files:
-----------------------------------------------
[root@mail ~]# cd /var/named/
[root@mail named]# ls
[root@mail named]# cp named.localhost worldcm.net.for
[root@mail named]# cp named.loopback worldcm.net.rev
OR
#cp /var/named/named.localhost /var/named/chroot/var/named/worldcm.net.for
#cp /var/named/named.loopback /var/named/chroot/var/named/worldcm.net.rev
[root@mail named]# ls -l
Step 08: Set Ownership to Forward and Reverse Zone Files:
---------------------------------------------------------
[root@mail named]# ll worldcm.net.*
-rw-r-----. 1 root root 152 Mar 21 13:59 worldcm.net.for
-rw-r-----. 1 root root 168 Mar 21 13:59 worldcm.net.rev
[root@mail named]# chgrp named worldcm.net.*
[root@mail named]# ll worldcm.net.*
-rw-r-----. 1 root named 152 Mar 21 13:59 worldcm.net.for
-rw-r-----. 1 root named 168 Mar 21 13:59 worldcm.net.rev
Step 09: Edit Forward Zone File:
--------------------------------
[root@mail named]# vim worldcm.net.for
$TTL 1D
@ IN SOA mail.worldcm.net. root.worldcm.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS mail.worldcm.net.
IN A 172.25.11.200+X
mail IN A 172.25.11.200+X
www IN A 172.25.11.202 ;(optional)
ftp IN A 172.25.11.203 ;(optional)
blog IN CNAME mail.worldcm.net. ;(optional)
webmail IN CNAME mail.worldcm.net. ;(optional)
----------------------------OR----------------------------------------
[root@mail ~]# vi /var/named/worldcm.net.for
$TTL 1D
@ IN SOA mail.worldcm.net. root.worldcm.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS mail.worldcm.net.
mail IN A 192.168.80.82
@ IN MX 10 mail.worldcm.net.
worldcm.net. IN MX 10 mail.worldcm.net.
www IN CNAME mail
ftp IN CNAME mail
-------------------------------------------------------------
$TTL 1D
@ IN SOA mail.worldcm.net. root.worldcm.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS mail.worldcm.net.
mail IN A 192.168.1.17
@ IN MX 10 mail.worldcm.net.
worldcm.net. IN MX 10 mail.worldcm.net.
www IN CNAME mail
ftp IN CNAME mail
--------------------------------------------------------------
Note:
-----
SOA - Start of Authority
IN - Internet
NS - Name Server (DNS Server)
A - Host Record (IP Address)
AAAA - Host Record (IPv6 Address)
root - email admin (root@worldcm.net)
PTR - Pointer (Reverse Lookup)
CNAME - Canonical Name
MX - Mail Exchanger Record
Step 10: Edit Reverse Zone File:
--------------------------------
[root@mail named]# vim worldcm.net.rev
$TTL 1D
@ IN SOA mail.worldcm.net. root.worldcm.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS mail.worldcm.net.
200+X IN PTR mail.worldcm.net.
----------------------------OR----------------------------------------
[root@mail ~]# vi /var/named/worldcm.net.rev
$TTL 1D
@ IN SOA mail.worldcm.net. root.worldcm.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS mail.worldcm.net.
@ IN PTR worldcm.net
82 IN PTR mail.worldcm.net
mail IN A 192.168.80.82
--------------------------------------------------------------
Step 11: Service restart and configured active at boot time:
------------------------------------------------------------
[root@mail named]# systemctl restart named.service
[root@mail named]# systemctl enable named.service
Check Status:
-------------
[root@mail named]# systemctl status named.service
Allow DNS Through Firewall:
---------------------------
[root@mail named]# systemctl enable firewalld.service
[root@mail named]# systemctl restart firewalld.service
[root@mail named]# systemctl stop firewalld.service
[root@mail named]# firewall-cmd --permanent --add-service=dns
[root@mail named]# firewall-cmd --reload
Step 12: Checking DNS
---------------------
[root@mail named]# nslookup mail.worldcm.net
Server: 192.168.80.82
Address: 192.168.80.82
Name: mail.worldcm.net
Address: 172.25.11.200+X
[root@mail named]# dig -x 192.168.80.82 ; here -X is option
status: NOERROR
[root@mail named]# dig mail.worldcm.net
status: NOERROR
[root@mail named]# ping www.google.com
======================= Thank you ======================\
###############################################################################################
[root@nsX named]# vim example.com.for $TTL 1D @ IN SOA nsX.example.com. root.example.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS nsX.example.com. IN A 172.25.11.200+X nsX IN A 172.25.11.200+X www IN A 172.25.11.202 ;(optional) ftp IN A 172.25.11.203 ;(optional) blog IN CNAME nsX.example.com. ;(optional) webmail IN CNAME nsX.example.com. ;(optional) Note: ----- SOA - Start of Authority IN - Internet NS - Name Server (DNS Server) A - Host Record (IP Address) AAAA - Host Record (IPv6 Address) root - email admin (root@example.com) PTR - Pointer (Reverse Lookup) CNAME - Canonical Name MX - Mail Exchanger Record Step 10: Edit Reverse Zone File: -------------------------------- [root@nsX named]# vim example.com.rev $TTL 1D @ IN SOA nsX.example.com. root.example.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS nsX.example.com. 200+X IN PTR nsX.example.com. 202 IN PTR www.example.com. ;(optional) 203 IN PTR ftp.example.com. ;(optional) Step 11: Service restart and configured active at boot time: ------------------------------------------------------------ [root@nsX named]# systemctl restart named.service [root@nsX named]# systemctl enable named.service
######################################################################################
Quick Start: Setup CentOS 7 as a DNS Server
In this tutorial, I'll be showing you simply steps using which you can create and configure a functional DNS Server on your CentOS 7 system.
System Details:
Base OS: CentOS 7 64 Bit (Minimal ISO)
HOSTNAME: master.cloud.com
IPADDRESS: 192.168.0.15
Steps:
First of all, make sure your system has a static IP address assigned to it and a fully qualified domain name.
Next, install the DNS packages:
# yum install bind bind-utils
Edit the "named.conf" file and edit the content as shown below:
# vi /etc/named.conf
# Replace the content in RED with your values
options {
listen-on port 53 { 127.0.0.1; 192.168.0.15;}; ## DNS Server IP
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24;}; # IP Subnet
# Add the following lines before the include statement as shown
zone "cloud.com" IN {
type master;
file "forward.cloud";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "reverse.cloud";
allow-update { none; };
};
Save the file and exit the editor.
Next, we create the Zone files. There will be two files created, one for the forward lookup and one for the reverse lookup. These files are created in the /var/named directory and their names should be same as mentioned in the named.conf file (Earlier steps)
Forward Zone Lookup File:
# vi /var/named/forward.cloud
Add the following content as shown. Replace the content marked in RED with your matching requirements.
$TTL 86400
@ IN SOA master.cloud.com. root.cloud.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS master.cloud.com.
@ IN A 192.168.0.15
@ IN A 192.168.0.102
@ IN A 192.168.0.103
master IN A 192.168.0.15
client1 IN A 192.168.0.101
client2 IN A 192.168.0.102
Save and exit the editor.
Reverse Zone Lookup File:
# vi /var/named/reverse.cloud
$TTL 86400
@ IN SOA master.cloud.com. root.cloud.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS master.cloud.com.
@ IN PTR cloud.com
master IN A 192.168.0.15
client1 IN A 192.168.0.101
client2 IN A 192.168.0.102
15 IN PTR master.cloud.com
101 IN PTR client1.cloud.com
102 IN PTR client2.cloud.com
Save and exit the editor.
Enable and start the DNS service:
# systemctl enable named
# systemctl start named
Enable the ports on the Firewall and reload the firewall
# firewall-cmd --permanent --add-port=53/tcp
# firewall-cmd --reload
Verify your DNS:
Check DNS default configuration file for errors:
# named-checkconf /etc/named.conf
Next, check both the forward and reverse lookup files for any errors as well.
# named-checkzone cloud.com /var/named/forward.cloud
# named-checkzone cloud.com /var/named/reverse.cloud
Once checked, modify the network interface file and add the DNS details as shown below:
DNS1=192.168.0.15
NOTE: In my case, I am using multiple DNSs. You can assign multiple DNS values using as shown in the image below.
Alternatively, you can even add the DNS entry in the /etc/resolv.conf file as well for name resolution.
# vi /etc/resolv.conf
nameserver 192.168.0.15
Restart your network to apply the changes
# systemctl restart network
Test the DNS:
Run the following commands to verify whether the DNS can resolve the hostnames correctly or not.
# dig master.cloud.com
You can alternatively run nslookup to verify your Zones
# nslookup cloud.com
DONE
################################################################################################
DNS Server On CentOS 7
DNS Server On CentOS 7
DNS Server Installation
DNS Server Installation
Scenario
Scenario
For the purpose of this tutorial, I will be using three nodes. One will be acting as Master DNS server, the second system will be acting as Secondary DNS, and the third will be our DNS client. Here are my three systems details.
Primary (Master) DNS Server Details:
Operating System : CentOS 7 minimal server Hostname : masterdns.unixmen.local IP Address : 192.168.1.101/24
Secondary (Slave) DNS Server Details:
Operating System : CentOS 7 minimal server Hostname : secondarydns.unixmen.local IP Address : 192.168.1.102/24
Client Details:
Operating System : CentOS 6.5 Desktop Hostname : client.unixmen.local IP Address : 192.168.1.103/24
Setup Primary (Master) DNS Server
Setup Primary (Master) DNS Server
Install bind9 packages on your server.
yum install bind bind-utils -y
1. Configure DNS Server
1. Configure DNS Server
Edit ‘/etc/named.conf’ file.
vi /etc/named.conf
Add the lines as shown in bold:
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.1.101;}; ### Master DNS IP ### # listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.1.0/24;}; ### IP Range ### allow-transfer{ localhost; 192.168.1.102; }; ### Slave DNS IP ### /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "unixmen.local" IN { type master; file "forward.unixmen"; allow-update { none; }; }; zone "1.168.192.in-addr.arpa" IN { type master; file "reverse.unixmen"; allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
2. Create Zone files
2. Create Zone files
Create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.
2.1 Create Forward Zone
Create forward.unixmen file in the ‘/var/named’ directory.
vi /var/named/forward.unixmen
Add the following lines:
$TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN A 192.168.1.101 @ IN A 192.168.1.102 @ IN A 192.168.1.103 masterdns IN A 192.168.1.101 secondarydns IN A 192.168.1.102 client IN A 192.168.1.103
2.2 Create Reverse Zone
Create reverse.unixmen file in the ‘/var/named’ directory.
vi /var/named/reverse.unixmen
Add the following lines:
$TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN PTR unixmen.local. masterdns IN A 192.168.1.101 secondarydns IN A 192.168.1.102 client IN A 192.168.1.103 101 IN PTR masterdns.unixmen.local. 102 IN PTR secondarydns.unixmen.local. 103 IN PTR client.unixmen.local.
3. Start the DNS service
3. Start the DNS service
Enable and start DNS service:
systemctl enable named systemctl start named
4. Firewall Configuration
4. Firewall Configuration
We must allow the DNS service default port 53 through firewall.
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
5. Restart Firewall
5. Restart Firewall
firewall-cmd --reload
6. Configuring Permissions, Ownership, and SELinux
6. Configuring Permissions, Ownership, and SELinux
Run the following commands one by one:
chgrp named -R /var/namedchown -v root:named /etc/named.conf restorecon -rv /var/named restorecon /etc/named.conf
7. Test DNS configuration and zone files for any syntax errors
7. Test DNS configuration and zone files for any syntax errors
Check DNS default configuration file:
named-checkconf /etc/named.conf
If it returns nothing, your configuration file is valid.
Check Forward zone:
named-checkzone unixmen.local /var/named/forward.unixmen
Sample output:
zone unixmen.local/IN: loaded serial 2011071001 OK
Check reverse zone:
named-checkzone unixmen.local /var/named/reverse.unixmen
Sample Output:
zone unixmen.local/IN: loaded serial 2011071001 OK
Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME="enp0s3" UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa" ONBOOT="yes" HWADDR="08:00:27:19:68:73" IPADDR0="192.168.1.101" PREFIX0="24" GATEWAY0="192.168.1.1" DNS="192.168.1.101" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,
vi /etc/resolv.conf
Add the name server ip address:
nameserver 192.168.1.101
Save and close the file.
Restart network service:
systemctl restart network
8. Test DNS Server
8. Test DNS Server
dig masterdns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.unixmen.local. IN A ;; ANSWER SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101 ;; AUTHORITY SECTION: unixmen.local. 86400 IN NS secondarydns.unixmen.local. unixmen.local. 86400 IN NS masterdns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102 ;; Query time: 0 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Wed Aug 20 16:20:46 IST 2014 ;; MSG SIZE rcvd: 125
nslookup unixmen.local
Sample Output:
Server: 192.168.1.101 Address: 192.168.1.101#53 Name: unixmen.local Address: 192.168.1.103 Name: unixmen.local Address: 192.168.1.101 Name: unixmen.local Address: 192.168.1.102
Now the Primary DNS server is ready to use.
It is time to configure our Secondary DNS server.
Setup Secondary(Slave) DNS Server
Setup Secondary(Slave) DNS Server
Install bind packages using the following command:
yum install bind bind-utils -y
1. Configure Slave DNS Server
1. Configure Slave DNS Server
Edit file ‘/etc/named.conf’:
vi /etc/named.conf
Make the changes as shown in bold.
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.1.102; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.1.0/24; }; . . . . zone "." IN { type hint; file "named.ca"; }; zone "unixmen.local" IN { type slave; file "slaves/unixmen.fwd"; masters { 192.168.1.101; }; }; zone "1.168.192.in-addr.arpa" IN { type slave; file "slaves/unixmen.rev"; masters { 192.168.1.101; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
2. Start the DNS Service
2. Start the DNS Service
systemctl enable named systemctl start named
Now the forward and reverse zones are automatically replicated from Master DNS server to ‘/var/named/slaves/’ in Secondary DNS server.
ls /var/named/slaves/
Sample Output:
unixmen.fwd unixmen.rev
3. Add the DNS Server details
3. Add the DNS Server details
Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME="enp0s3" UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa" ONBOOT="yes" HWADDR="08:00:27:19:68:73" IPADDR0="192.168.1.102" PREFIX0="24" GATEWAY0="192.168.1.1" DNS1="192.168.1.101" DNS2="192.168.1.102" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,
vi /etc/resolv.conf
Add the name server ip address:
nameserver 192.168.1.101 nameserver 192.168.1.102
Save and close the file.
Restart network service:
systemctl restart network
4. Firewall Configuration
4. Firewall Configuration
We must allow the DNS service default port 53 through firewall.
firewall-cmd --permanent --add-port=53/tcp
5. Restart Firewall
5. Restart Firewall
firewall-cmd --reload
6. Configuring Permissions, Ownership, and SELinux
6. Configuring Permissions, Ownership, and SELinux
chgrp named -R /var/namedchown -v root:named /etc/named.conf restorecon -rv /var/named restorecon /etc/named.conf
7. Test DNS Server
7. Test DNS Server
dig masterdns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18204 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.unixmen.local. IN A ;; ANSWER SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101 ;; AUTHORITY SECTION: unixmen.local. 86400 IN NS masterdns.unixmen.local. unixmen.local. 86400 IN NS secondarydns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102 ;; Query time: 0 msec ;; SERVER: 192.168.1.102#53(192.168.1.102) ;; WHEN: Wed Aug 20 17:04:30 IST 2014 ;; MSG SIZE rcvd: 125
dig secondarydns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> secondarydns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60819 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;secondarydns.unixmen.local. IN A ;; ANSWER SECTION: secondarydns.unixmen.local. 86400 IN A 192.168.1.102 ;; AUTHORITY SECTION: unixmen.local. 86400 IN NS masterdns.unixmen.local. unixmen.local. 86400 IN NS secondarydns.unixmen.local. ;; ADDITIONAL SECTION: masterdns.unixmen.local. 86400 IN A 192.168.1.101 ;; Query time: 0 msec ;; SERVER: 192.168.1.102#53(192.168.1.102) ;; WHEN: Wed Aug 20 17:05:50 IST 2014 ;; MSG SIZE rcvd: 125
nslookup unixmen.local
Sample Output:
Server: 192.168.1.102 Address: 192.168.1.102#53 Name: unixmen.local Address: 192.168.1.101 Name: unixmen.local Address: 192.168.1.103 Name: unixmen.local Address: 192.168.1.102
Client Side Configuration
Client Side Configuration
Add the DNS server details in ‘/etc/resolv.conf’ file in all client systems
vi /etc/resolv.conf
# Generated by NetworkManager search unixmen.local nameserver 192.168.1.101 nameserver 192.168.1.102
Restart network service or reboot the system.
Test DNS Server
Test DNS Server
Now, you can test the DNS server using any one of the following commands:
dig masterdns.unixmen.local
dig secondarydns.unixmen.local
dig client.unixmen.local
nslookup unixmen.local
That’s all about now. The primary and secondary DNS servers are ready to use.
-------------------------------
nstall and Configure Caching-Only DNS Server in RHEL/CentOS 7
nstall and Configure Caching-Only DNS Server in RHEL/CentOS 7
My Testing Environment
DNS server : dns.tecmintlocal.com (Red Hat Enterprise Linux 7.1) Server IP Address : 192.168.0.18 Client : node1.tecmintlocal.com (CentOS 7.1) Client IP Address : 192.168.0.29
Step 1: Installing Cache-Only DNS Server in RHEL/CentOS 7
Step 1: Installing Cache-Only DNS Server in RHEL/CentOS 7
1. The Cache-Only DNS server, can be installed via the bind package. If you don’t remember the package name, you can do a quick search for the package name using the command below.
# yum search bind
Search DNS Bind Package
2. In the above result, you will see several packages. From those, we need to choose and install only bind and bind-utils packages using following yum command.
# yum install bind bind-utils -y
Install DNS Bind in RHEL/CentOS 7
Step 2: Configure Cache-Only DNS in RHEL/CentOS 7
Step 2: Configure Cache-Only DNS in RHEL/CentOS 7
3. Once DNS packages are installed we can go ahead and configure DNS. Open and edit /etc/named.conf using your preferred text editor. Make the changes suggested below (or you can use your settings as per your requirements).
listen-on port 53 { 127.0.0.1; any; }; allow-query { localhost; any; }; allow-query-cache { localhost; any; };
Configure Cache-Only DNS in CentOS and RHEL 7
These directives instruct the DNS server to listen on UDP port 53, and to allow queries and caches responses from localhost and any other machine that reaches the server.
4. It is important to note that the ownership of this file must be set to root:named and also if SELinux is enabled, after editing the configuration file we need to make sure that its context is set to named_conf_t as shown in Fig. 4 (same thing for the auxiliary file /etc/named.rfc1912.zones):
# ls -lZ /etc/named.conf # ls -lZ /etc/named.rfc1912.zones
Otherwise, configure the SELinux context before proceeding:
# semanage fcontext -a -t named_conf_t /etc/named.conf # semanage fcontext -a -t named_conf_t /etc/named.rfc1912.zones
5. Additionally, we need to test the DNS configuration now for some syntax error before starting the bind service:
# named-checkconf /etc/named.conf
6. After the syntax verification results seems perfect, restart the named service to take new changes into effect and also make the service to auto start across system boots, and then check its status:
# systemctl restart named # systemctl enable named # systemctl status named
Configure and Start DNS Named Service
7. Next, open the port 53 on the firewall.
# firewall-cmd --add-port=53/udp # firewall-cmd --add-port=53/udp --permanent
Open DNS Port 53 on Firewall
Step 3: Chroot Cache-Only DNS Server in RHEL and CentOS 7
Step 3: Chroot Cache-Only DNS Server in RHEL and CentOS 7
8. If you wish to deploy the Cache-only DNS server within chroot environment, you need to have the package chroot installed on the system and no further configuration is needed as it by default hard-link to chroot.
# yum install bind-chroot -y
Once chroot package has been installed, you can restart named to take the new changes into effect:
# systemctl restart named
9. Next, create a symbolic link (also named /etc/named.conf) inside /var/named/chroot/etc/:
# ln -s /etc/named.conf /var/named/chroot/etc/named.conf
Step 4: Configure DNS on Client Machine
Step 4: Configure DNS on Client Machine
10. Add the DNS Cache servers IP 192.168.0.18 as resolver to the client machine. Edit /etc/sysconfig/network-scripts/ifcfg-enp0s3 as shown in the following figure:
DNS=192.168.0.18
Configure DNS on Client Machine
And /etc/resolv.conf as follows:
nameserver 192.168.0.18
11. Finally it’s time to check our cache server. To do this, you can use dig utility or nslookup command.
Choose any website and query it twice (we will use facebook.com as an example). Note that with dig the second time the query is completed much faster because it is being served from the cache.
# dig facebook.com
Check Cache only DNS Queries
You can also use nslookup to verify that the DNS server is working as expected.
# nslookup facebook.com
Checking DNS Query with nslookup
-----------------------------------------------------------------
Page updated
Google Sites
Report abuse