DNS(DOMAIN NAME SYSTEM) SERVER
DNS (Domain Name Server) used for name resolving to any hosts that means it translates domain names into IP addresses. Domain names are alphabetic, they’re easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address.
Master DNS servers (or Primary Server) are the original zone data handlers and Slave DNS server (or Secondary Server) are just a backup servers which is used to replicate the same zone information from the master servers.
Master DNS servers translates domain names into IP addresses or vise-versa and slave DNS server acts as a backup in case the Master DNS server fails.
Outline of DNS Server:
Package : bind
Configuration File : /etc/named.conf
Usage : To Resolve IP into hostname and vice-versa
Port number : 53
Document Root : /var/named/
Daemon : named
My setup:
We use 4 systems, Two machines as server setup(master and slave) and other two machines as a client machines (Linux as well as window). Let look at below details for more understanding.
DNS server ip address and hostname(Centos7):192.168.1.10 (server1.ittroubleshooter.in)
DNS slave ip address and hostname(Centos7):192.168.1.11 (server2.ittroubleshooter.in)
DNS Client ip address and hostname(RHEL7): 192.168.1.12 (client1.ittroubleshooter.in)
DNS Client ip address and hostname(Window7): 192.168.1.13 (client2.ittroubleshooter.in)
Step by Step configuration of DNS Master
1) Check and install the package for DNS.
The package which is to be installed for DNS is bind, bind-utils and bind-chroot.
#rpm -qa bind
[root@server1 ~]# rpm -qa bind [root@server1 ~]#
To install the bind9 package use yum command. If you are not configured the YUM server, refer the link. (Configure the Yum Server in Centos7/RHEL7/Fedora22)
#yum install bind* -y
[root@server1 ~]# yum install bind* Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Package 32:bind-license-9.9.4-29.el7.noarch already installed and latest version Package 32:bind-libs-lite-9.9.4-29.el7.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package bind.x86_64 32:9.9.4-29.el7 will be installed . . . . postgresql-libs x86_64 9.2.13-1.el7_1 Centos7 230 k Transaction Summary ================================================================= Install 13 Packages (+1 Dependent package) Total download size: 6.2 M Installed size: 16 M Is this ok [y/d/N]: y Downloading packages:
2) Verify the IP address and Hostname of Master DNS server.
Before moving ahead, First verify the IP address and Hostname of Master DNS Server. If you want to see how to configure IP address and hostname on centos/rhel7, refer below link. (Setting up static IP address on CentOS/RHEL7)
[root@server1 ~]# hostname server1.ittroubleshooter.in [root@server1 ~]# ifconfig enp0s3 enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::a00:27ff:fed5:b2a2 prefixlen 64 scopeid 0x20<link> ether 08:00:27:d5:b2:a2 txqueuelen 1000 (Ethernet) RX packets 1620 bytes 145932 (142.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2110 bytes 2512240 (2.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@server1 ~]#
3)Edit the configuration file “/etc/named.conf”.
Before the edit that take the backup of configuration file.
[root@server1 ~]# cp -v /etc/named.conf /tmp/named.conf.backup ‘/etc/named.conf’ -> ‘/tmp/named.conf.backup’ [root@server1 ~]#
Now Edit the /etc/named.conf file with our name server’s IP Address, network range for clients and define zone files in master configuration ‘named.conf‘ file.
#vim /etc/named.conf
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.10; }; /* Where 192.168.1.10 is our Name server's IP Adress or Master DNS Server IP.*/
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; /* 192.168.1.0/24 is the network's range from where clients can query the DNS Server.*/
allow-transfer { localhost; 192.168.1.11; }; /* Here we need to our Slave DNS server IP.*/
recursion no; /* If its set to yes, recursive queries will make the server into DDOS attack. */
dnssec-enable yes;
. . . . . . . . .
zone "." IN {
type hint;
file "named.ca";
};
##### Define forward & reverse Zone file ##############
zone"ittroubleshooter.in" IN { /* Where "ittroubleshooter.in" is the name of our domain.*/
type master; /* As this system was configured for a master server, for upcoming slave server this will be slave. */
file "ittroubleshooter.fwd.zone"; /* "ittroubleshooter.fwd.zone" is the name of the forward lookup zone file.*/
allow-update { none; }; /* If none will set. it won’t use Dynamic DNS */
};
zone"1.168.192.in-addr.arpa" IN { /* "1.168.192.in-addr.arpa" is the reverse order of our domain network. */
type master;
file "ittroubleshooter.rev.zone";
allow-update { none; };
};
########################################################
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
4) Navigate to /var/named directory and create a master zones files.
Navigate to /var/named/ directory, Copy the named.localhost and named.loopback files with the same permission as “ittroubleshooter.fwd.zone” “ittroubleshooter.rev.zone” respectively.
[root@server1 ~]# cd /var/named [root@server1 named]# cp -pv named.localhost ittroubleshooter.fwd.zone ‘named.localhost’ -> ‘ittroubleshooter.fwd.zone’ [root@server1 named]# cp -pv named.loopback ittroubleshooter.rev.zone ‘named.loopback’ -> ‘ittroubleshooter.rev.zone’ [root@server1 named]#
Verify the permissions;
[root@server1 named]# ll
total 24
drwxr-x---. 7 root named 56 Oct 26 01:01 chroot
drwxr-x---. 7 root named 56 Oct 26 01:01 chroot_sdb
drwxrwx---. 2 named named 6 Nov 20 2015 data
drwxrwx---. 2 named named 6 Nov 20 2015 dynamic
drwxrwx---. 2 root named 6 Nov 20 2015 dyndb-ldap
-rw-r-----. 1 root named 759 Oct 26 01:26 ittroubleshooter.fwd.zone
-rw-r-----. 1 root named 909 Oct 26 01:32 ittroubleshooter.rev.zone
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Nov 20 2015 slaves
[root@server1 named]#
Edit “ittroubleshooter.fwd.zone”(Forward lookup) file as follows.
#vim ittroubleshooter.fwd.zone
$TTL 1D @ IN SOA server1.ittroubleshooter.in. root.ittroubleshooter.in. ( 01 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum ; #### Name servers ########### @ IN NS server1.ittroubleshooter.in. @ IN NS server2.ittroubleshooter.in. ; #### Resolve Name server hostname to IP Adress ####### @ IN A 192.168.1.10 @ IN A 192.168.1.11 ; ##### Hosts in this Domain ####### @ IN A 192.168.1.12 @ IN A 192.168.1.13 ; ##### Hostname Name maps to IP Adress Using "A" record ###### server1 IN A 192.168.1.10 server2 IN A 192.168.1.11 client1 IN A 192.168.1.12 client2 IN A 192.168.1.13 ~ ~ :wq
Details about the fields used above;
A – An A record maps a domain name to the IP address (IPv4) of the computer hosting the domain.
PTR – The PTR record resolves the IP address to a domain/hostname.
CNAME – CNAME stands for Canonical Name. CNAME records can be used to alias one name to another.
MX – It stands for mail exchange record, an entry in a domain name database that identifies the mail server that is responsible for handling e-mails for that domain name.
NS – An name server record allows you to delegate a subdomain of your domain to another name server.
SOA – It stands for start of authority, indicates authority for the domain.
TXT – Generic text record
SRV – Service location record
RP – Responisible person
HINFO – Host information record with CPU type and operting system.
Now create reverse lookup file, we have already made a copy of “named.loopback” file in the name of ittroubleshooter.rev.zone
Edit “ittroubleshooter.rev.zone”(reverse lookup) file as follows.
#vim ittroubleshooter.rev.zone
$TTL 1D @ IN SOA server1.ittroubleshooter.in. root.ittroubleshooter.in. ( 01 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum ;#### Name servers ##### @ IN NS server1.ittroubleshooter.in. @ IN NS server2.ittroubleshooter.in. @ IN PTR ittroubleshooter.in. ; #### Resolve Name server hostname to IP Adress ####### server1 IN A 192.168.1.10 server2 IN A 192.168.1.11 ; ##### Hosts in this Domain ####### client1 IN A 192.168.1.12 client2 IN A 192.168.1.13 ; ##### Hostname Name maps to IP Adress Using "PTR" record ###### 10 IN PTR server1.ittroubleshooter.in. 11 IN PTR server2.ittroubleshooter.in. 12 IN PTR client1.ittroubleshooter.in. 13 IN PTR client2.ittroubleshooter.in. ~ ~ :wq
5) check whether the zones files are consistent or not.
To check the consistency of zones files the command is #named-checkconf <domain name> zone file
[root@server1 named]# named-checkconf /etc/named.conf [root@server1 named]# named-checkzone ittroubleshooter.in /var/named/ittroubleshooter.fwd.zone zone ittroubleshooter.in/IN: loaded serial 1 OK [root@server1 named]# named-checkzone ittroubleshooter.in /var/named/ittroubleshooter.rev.zone zone ittroubleshooter.in/IN: loaded serial 1 OK [root@server1 named]#
6) Allow DNS service on firewall.
[root@server1 named]# firewall-cmd --add-port=53/udp --permanent success [root@server1 named]# firewall-cmd --add-port=53/tcp --permanent success [root@server1 named]# firewall-cmd --reload success [root@server1 named]#
7) Start and enable the DNS service.
# systemctl start named.service && systemctl enable named.service
[root@server1 named]# systemctl start named.service && systemctl enable named.service Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service. [root@server1 named]#
Now we’ve done with DNS Master server configuration, check whether it is resolving IP to hostname and hostname to IP using various commands.
[root@server1 ~]# dig server1.ittroubleshooter.in ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> server1.ittroubleshooter.in ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24839 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;server1.ittroubleshooter.in. IN A ;; ANSWER SECTION: server1.ittroubleshooter.in. 86400 IN A 192.168.1.10 ;; AUTHORITY SECTION: ittroubleshooter.in. 86400 IN NS server2.troubleshooter.in. ittroubleshooter.in. 86400 IN NS server1.troubleshooter.in. ;; Query time: 0 msec ;; SERVER: 192.168.1.10#53(192.168.1.10) ;; WHEN: Wed Oct 26 02:18:49 EDT 2016 ;; MSG SIZE rcvd: 131 [root@server1 ~]#
check with giving IP of hostname.
#dig -x 192.168.1.10
[root@server1 ~]# dig -x 192.168.1.10 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 192.168.1.10 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16359 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;10.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 10.1.168.192.in-addr.arpa. 86400 IN PTR server1.ittroubleshooter.in. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 86400 IN NS server1.ittroubleshooter.in. 1.168.192.in-addr.arpa. 86400 IN NS server2.ittroubleshooter.in. ;; ADDITIONAL SECTION: server1.ittroubleshooter.in. 86400 IN A 192.168.1.10 server2.ittroubleshooter.in. 86400 IN A 192.168.1.11 ;; Query time: 0 msec ;; SERVER: 192.168.1.10#53(192.168.1.10) ;; WHEN: Wed Oct 26 02:19:30 EDT 2016 ;; MSG SIZE rcvd: 163 [root@server1 ~]#
Add the DNS Master Server details in your network interface config file.
#nmtui
Or Edit file /etc/resolv.conf;
#vi /etc/resolv.conf
# Generated by NetworkManager search ittroubleshooter.in nameserver 192.168.1.10 ~ ~ :wq
Restart network service;
[root@server1 ~]# systemctl restart network
Step by Step configuration of DNS Slave Server
1) Check and install the package for DNS.
The package which is to be installed for DNS is bind, bind-utils and bind-chroot.
#rpm -qa bind
[root@server2 ~]# rpm -qa bind [root@server2 ~]#
To install the bind9 package use yum command.
#yum install bind bind-utils
[root@server2 ~]# yum install bind bind-utils Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package bind.x86_64 32:9.9.4-29.el7 will be installed . . . . Transaction Summary =============================================== Install 2 Packages (+1 Dependent package) Total download size: 3.0 M Installed size: 7.3 M Is this ok [y/d/N]: y Downloading packages:
2) Verify the IP address and Hostname of Slave DNS server.
Check the hostname and IP Address using below commands.
[root@server2 ~]# hostname server2.ittroubleshooter.in [root@server2 ~]# ifconfig enp0s3 enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.11 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::a00:27ff:fe9d:5e61 prefixlen 64 scopeid 0x20<link> ether 08:00:27:9d:5e:61 txqueuelen 1000 (Ethernet) RX packets 6914 bytes 9293165 (8.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1770 bytes 2374822 (2.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@server2 ~]#
3) Edit the configuration file “/etc/named.conf”.
#vim /etc/named.conf
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.11; }; /*"Where 192.168.1.11 is our Slave DNS Server IP." */
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24;}; /* 192.168.1.0/24 is the network's range from where clients can query the DNS Server.*/
recursion no;
dnssec-enable yes;
. . . . .
zone "." IN {
type hint;
file "named.ca";
};
##### Define Slave forward & reverse Zone file ##############
zone"ittroubleshooter.in" IN {
type slave;
file "slaves/ittroubleshooter.fwd.zone";
masters { 192.168.1.10; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/ittroubleshooter.rev.zone";
masters { 192.168.1.10; }; };
###########################################################
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
4) Start and enable the DNS service.
# systemctl start named.service && systemctl enable named.service
[root@server2 ~]# systemctl restart named.service && systemctl enable named.service Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service. [root@server2 ~]#
Now the forward and reverse zones are automatically replicated from Master DNS server to Secondary DNS server (/var/named/slaves directory).
[root@server2 ~]# ll /var/named/slaves/ total 8 -rw-r--r--. 1 named named 522 Oct 26 02:56 ittroubleshooter.fwd.zone -rw-r--r--. 1 named named 858 Oct 26 02:56 ittroubleshooter.rev.zone [root@server2 ~]#
5) Allow DNS service on firewall.
[root@server2 ~]# firewall-cmd --add-port=53/udp --permanent success [root@server2 ~]#firewall-cmd --reload success [root@server2 ~]#
Add the DNS Master and Slave details in your network interface config file.
#nmtui
Or Edit file /etc/resolv.conf;
#vim /etc/resolv.conf
nameserver 192.168.1.10 nameserver 192.168.1.11 ~ ~ :wq
Restart network service;
[root@server2 ~]# systemctl restart network
Now we’ve done with DNS Slave server configuration.
Configure DNS Server on Client (Linux) Side
1) Edit the /etc/resolv.conf file.
Add the DNS server details in “resolv.conf” file in all Client systems.
#vim /etc/resolv.conf
# Generated by NetworkManager search ittroubleshooter.in nameserver 192.168.1.10 nameserver 192.168.1.11 ~ ~ :wq
2) Restart network service.
[root@client1 ~]# systemctl restart network
3) Verify DNS server.
Using dig & nslookup command you can verify the DNS queries.
[root@client1 ~]# nslookup client1 Server: 192.168.1.10 Address: 192.168.1.10#53 Name: client1.ittroubleshooter.in Address: 192.168.1.12 [root@client1 ~]# nslookup 192.168.1.12 Server: 192.168.1.10 Address: 192.168.1.10#53 12.1.168.192.in-addr.arpa name = client1.ittroubleshooter.in. [root@client1 ~]#
Configure DNS Server on Client (Window) Side
In our case we are using window 7 machine.First go to start–> run–> type “ncpa.cpl”. Select the network adapter and go to properties.It will popup the new window,Select the “Internet Protocol Version 4” option and click on properties, refer below screen shot.
Fill the entries on preferred DNS server and Alternate DNS server option, refer below screen shot.
Verify DNS server.
Use nslookup command you can verify the DNS queries, refer below screen shot;
Hope this post will help Linux/Unix beginners. Please share you feedback and Comments.!!!
Leave a Reply
Be the First to Comment!