Install & Configure DNS service in RHEL6

         DNS (Domain Name System) is one of the most dependable service in a network. All of us know that the DNS service resolves hostname into ip address and vice versa.  The DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.

DNS Server Installation in RHEL6

         In this article we will see how to install and configure Primary and Scondary DNS server. The steps provided here are tested in RHEL6 64 bit edition.

Scenario

Domain Name : avr.com

Primary(Master) DNS Server Details:

Hostname             : server01.avr.com
IP Address           : 192.168.22.2
Subnetmask          : 255.255.255.0

Secondary(Slave) DNS Server Details:

Hostname             : server02.avr.com
IP Address           : 192.168.22.3
Subnetmask          : 255.255.255.0

Setup Primary(Master) DNS Server

1. Install DNS server
# yum install bind* -y

2. Configure DNS Server
#vim /etc/named.conf

options {
        listen-on port 53 { 192.168.22.2; };
//      listen-on-v6 port 53 { ::1; };    
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.22.0/24; };
        allow-recursion { 192.168.22.0/24; };
        allow-transfer  { 192.168.22.3; };
        recursion yes;
        forwarders { 192.168.10.1; };   // DNS provided by ISP
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";

3. Create forward and reverse lookup zones
# vim /etc/named.rfc1912.zones

zone "avr.com" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "22.168.192.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};


4. Edit the zone records file
Forward lookup zone file
# vim /var/named/named.localhost

$TTL 1D
@       IN SOA  server01.avr.com. root.server01.avr.com. (
                                        2       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                NS      server01.avr.com.
                NS      server02.avr.com.
server01        A       192.168.22.2
server02        A       192.168.22.3
windesk01       A       192.168.22.12

Reverse lookup zone file
# vim /var/named/named.loopback

$TTL 1D
@       IN SOA  server01.avr.com. root.server01.avr.com. (
                                        2       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      server01.avr.com.
        NS      server02.avr.com.
2       PTR     server01.avr.com
3       PTR     server02.avr.com
12      PTR     windesk01.avr.com


5. Check the named configuration
# named-checkconf /etc/named.conf
# echo $?
0

# named-checkconf /etc/named.rfc1912.zones
# echo $?
0

6.Check zone configuration
Forward lookup zone configuration
# named-checkzone flz /var/named/named.localhost
zone flz/IN: loaded serial 2
OK

Reverse lookup zone configuration
# named-checkzone rlz /var/named/named.loopback
zone rlz/IN: loaded serial 2
OK

7. Add the following exception rules to firewall to accept DNS requests from the network 192.168.22.0/24
#iptables -t filter -A INPUT -p tcp -m state --state NEW --dport 53  -j ACCEPT
#iptables -t filter -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
#service iptables save
#service iptables restart

8. Make your server as DNS client itself.
#vim /etc/resolv.conf
search avr.com
nameserver 192.168.22.2
nameserver 192.168.10.1

9. Enable IP Forwarding
#vim /etc/sysctl.conf
      --> Modify the following line set ( 0 to 1)
net.ipv4.ip_forward = 1
#sysctl -p

10. Finally start the service
#service named start
#chkconfig named on


Setup Secondery(Slave) DNS Server

1. Install DNS server
# yum install bind* -y

2. Configure DNS Server
#vim /etc/named.conf

options {
        listen-on port 53 { 192.168.22.3; };
//      listen-on-v6 port 53 { ::1; };    
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.22.0/24; };
        allow-recursion { 192.168.22.0/24; };
        allow-transfer  { none; };
        recursion yes;
        forwarders { 192.168.10.1; };   // DNS provided by ISP
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";

3. Create forward and reverse lookup zones
# vim /etc/named.rfc1912.zones

zone "avr.com" IN {
        type slave;
        file "slaves/named.localhost";
        masters { 192.168.22.2; };
};
zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "22.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/named.loopback";
        masters { 192.168.22.2; };
};
zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

4. This step is not required for slave DNS, because the zone records will het updated automatically form master DNS (i.e 192.168.22.2)


5. Check the named configuration
# named-checkconf /etc/named.conf
# echo $?
0

# named-checkconf /etc/named.rfc1912.zones
# echo $?
0

6.Similar to step no.4 this step is not required for slave DNS, because the zone records will het updated automatically form master DNS (i.e 192.168.22.2). Note that the zone record files will be downloaded to the location "/var/named/slaves/ " on slave DNS as we configured it so in Step:3.

7. Add the following exception rules to firewall to accept DNS requests from the network 192.168.22.0/24

#iptables -t filter -A INPUT -p tcp -m state --state NEW --dport 53  -j ACCEPT
#iptables -t filter -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT

#service iptables save
#service iptables restart

8. Make your server as DNS client itself.
#vim /etc/resolv.conf
search avr.com
nameserver 192.168.22.3
nameserver 192.168.22.2

9. Enable IP Forwarding
#vim /etc/sysctl.conf
      --> Modify the following line set ( 0 to 1)
net.ipv4.ip_forward = 1
#sysctl -p

10. Finally start the service
#service named start
#chkconfig named on

0 comments:

Post a Comment