DNS (Domain Name System) is one of the most dependable service in a network. All of us know that the DNS service resolves hostname into ip address and vice versa. The DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.
Primary(Master) DNS Server Details:
Hostname : server01.avr.com
IP Address : 192.168.22.2
Subnetmask : 255.255.255.0
Secondary(Slave) DNS Server Details:
Hostname : server02.avr.com
IP Address : 192.168.22.3
Subnetmask : 255.255.255.0
# yum install bind* -y
2. Configure DNS Server
#vim /etc/named.conf
options {
listen-on port 53 { 192.168.22.2; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.22.0/24; };
allow-recursion { 192.168.22.0/24; };
allow-transfer { 192.168.22.3; };
recursion yes;
forwarders { 192.168.10.1; }; // DNS provided by ISP
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
3. Create forward and reverse lookup zones
# vim /etc/named.rfc1912.zones
zone "avr.com" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "22.168.192.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
4. Edit the zone records file
Forward lookup zone file
# vim /var/named/named.localhost
$TTL 1D
@ IN SOA server01.avr.com. root.server01.avr.com. (
2 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server01.avr.com.
NS server02.avr.com.
server01 A 192.168.22.2
server02 A 192.168.22.3
windesk01 A 192.168.22.12
Reverse lookup zone file
# vim /var/named/named.loopback
$TTL 1D
@ IN SOA server01.avr.com. root.server01.avr.com. (
2 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server01.avr.com.
NS server02.avr.com.
2 PTR server01.avr.com
3 PTR server02.avr.com
12 PTR windesk01.avr.com
5. Check the named configuration
# named-checkconf /etc/named.conf
# echo $?
0
# named-checkconf /etc/named.rfc1912.zones
# echo $?
0
6.Check zone configuration
Forward lookup zone configuration
# named-checkzone flz /var/named/named.localhost
zone flz/IN: loaded serial 2
OK
Reverse lookup zone configuration
# named-checkzone rlz /var/named/named.loopback
zone rlz/IN: loaded serial 2
OK
7. Add the following exception rules to firewall to accept DNS requests from the network 192.168.22.0/24
#iptables -t filter -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
#iptables -t filter -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
#service iptables save
#service iptables restart
8. Make your server as DNS client itself.
#vim /etc/resolv.conf
search avr.com
nameserver 192.168.22.2
nameserver 192.168.10.1
9. Enable IP Forwarding
#vim /etc/sysctl.conf
--> Modify the following line set ( 0 to 1)
net.ipv4.ip_forward = 1
#sysctl -p
10. Finally start the service
#service named start
#chkconfig named on
# yum install bind* -y
2. Configure DNS Server
#vim /etc/named.conf
options {
listen-on port 53 { 192.168.22.3; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.22.0/24; };
allow-recursion { 192.168.22.0/24; };
allow-transfer { none; };
recursion yes;
forwarders { 192.168.10.1; }; // DNS provided by ISP
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
3. Create forward and reverse lookup zones
# vim /etc/named.rfc1912.zones
zone "avr.com" IN {
type slave;
file "slaves/named.localhost";
masters { 192.168.22.2; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "22.168.192.in-addr.arpa" IN {
type slave;
file "slaves/named.loopback";
masters { 192.168.22.2; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
4. This step is not required for slave DNS, because the zone records will het updated automatically form master DNS (i.e 192.168.22.2)
5. Check the named configuration
# named-checkconf /etc/named.conf
# echo $?
0
# named-checkconf /etc/named.rfc1912.zones
# echo $?
0
6.Similar to step no.4 this step is not required for slave DNS, because the zone records will het updated automatically form master DNS (i.e 192.168.22.2). Note that the zone record files will be downloaded to the location "/var/named/slaves/ " on slave DNS as we configured it so in Step:3.
7. Add the following exception rules to firewall to accept DNS requests from the network 192.168.22.0/24
#iptables -t filter -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
#iptables -t filter -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
#service iptables save
#service iptables restart
8. Make your server as DNS client itself.
#vim /etc/resolv.conf
search avr.com
nameserver 192.168.22.3
nameserver 192.168.22.2
9. Enable IP Forwarding
#vim /etc/sysctl.conf
--> Modify the following line set ( 0 to 1)
net.ipv4.ip_forward = 1
#sysctl -p
10. Finally start the service
#service named start
#chkconfig named on
DNS Server Installation in RHEL6
In this article we will see how to install and configure Primary and Scondary DNS server. The steps provided here are tested in RHEL6 64 bit edition.Scenario
Domain Name : avr.comPrimary(Master) DNS Server Details:
Hostname : server01.avr.com
IP Address : 192.168.22.2
Subnetmask : 255.255.255.0
Secondary(Slave) DNS Server Details:
Hostname : server02.avr.com
IP Address : 192.168.22.3
Subnetmask : 255.255.255.0
Setup Primary(Master) DNS Server
1. Install DNS server# yum install bind* -y
2. Configure DNS Server
#vim /etc/named.conf
options {
listen-on port 53 { 192.168.22.2; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.22.0/24; };
allow-recursion { 192.168.22.0/24; };
allow-transfer { 192.168.22.3; };
recursion yes;
forwarders { 192.168.10.1; }; // DNS provided by ISP
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
3. Create forward and reverse lookup zones
# vim /etc/named.rfc1912.zones
zone "avr.com" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "22.168.192.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
4. Edit the zone records file
Forward lookup zone file
# vim /var/named/named.localhost
$TTL 1D
@ IN SOA server01.avr.com. root.server01.avr.com. (
2 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server01.avr.com.
NS server02.avr.com.
server01 A 192.168.22.2
server02 A 192.168.22.3
windesk01 A 192.168.22.12
Reverse lookup zone file
# vim /var/named/named.loopback
$TTL 1D
@ IN SOA server01.avr.com. root.server01.avr.com. (
2 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server01.avr.com.
NS server02.avr.com.
2 PTR server01.avr.com
3 PTR server02.avr.com
12 PTR windesk01.avr.com
5. Check the named configuration
# named-checkconf /etc/named.conf
# echo $?
0
# named-checkconf /etc/named.rfc1912.zones
# echo $?
0
6.Check zone configuration
Forward lookup zone configuration
# named-checkzone flz /var/named/named.localhost
zone flz/IN: loaded serial 2
OK
Reverse lookup zone configuration
# named-checkzone rlz /var/named/named.loopback
zone rlz/IN: loaded serial 2
OK
7. Add the following exception rules to firewall to accept DNS requests from the network 192.168.22.0/24
#iptables -t filter -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
#iptables -t filter -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
#service iptables save
#service iptables restart
8. Make your server as DNS client itself.
#vim /etc/resolv.conf
search avr.com
nameserver 192.168.22.2
nameserver 192.168.10.1
9. Enable IP Forwarding
#vim /etc/sysctl.conf
--> Modify the following line set ( 0 to 1)
net.ipv4.ip_forward = 1
#sysctl -p
10. Finally start the service
#service named start
#chkconfig named on
Setup Secondery(Slave) DNS Server
1. Install DNS server# yum install bind* -y
2. Configure DNS Server
#vim /etc/named.conf
options {
listen-on port 53 { 192.168.22.3; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.22.0/24; };
allow-recursion { 192.168.22.0/24; };
allow-transfer { none; };
recursion yes;
forwarders { 192.168.10.1; }; // DNS provided by ISP
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
3. Create forward and reverse lookup zones
# vim /etc/named.rfc1912.zones
zone "avr.com" IN {
type slave;
file "slaves/named.localhost";
masters { 192.168.22.2; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "22.168.192.in-addr.arpa" IN {
type slave;
file "slaves/named.loopback";
masters { 192.168.22.2; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
4. This step is not required for slave DNS, because the zone records will het updated automatically form master DNS (i.e 192.168.22.2)
5. Check the named configuration
# named-checkconf /etc/named.conf
# echo $?
0
# named-checkconf /etc/named.rfc1912.zones
# echo $?
0
6.Similar to step no.4 this step is not required for slave DNS, because the zone records will het updated automatically form master DNS (i.e 192.168.22.2). Note that the zone record files will be downloaded to the location "/var/named/slaves/ " on slave DNS as we configured it so in Step:3.
7. Add the following exception rules to firewall to accept DNS requests from the network 192.168.22.0/24
#iptables -t filter -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
#iptables -t filter -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
#service iptables save
#service iptables restart
8. Make your server as DNS client itself.
#vim /etc/resolv.conf
search avr.com
nameserver 192.168.22.3
nameserver 192.168.22.2
9. Enable IP Forwarding
#vim /etc/sysctl.conf
--> Modify the following line set ( 0 to 1)
net.ipv4.ip_forward = 1
#sysctl -p
10. Finally start the service
#service named start
#chkconfig named on
0 comments:
Post a Comment