The IP Addresses in the listing below is for the Google public DNS servers You could use your local ISP or OpenDNS or some other public name server as your forwarder. It is not necessary to define any forwarders and, in that case, BIND would use the Internet root servers as defined in the file /var/named/named.ca. A caching-only DNS server, which stores recent requests like a proxy server. It otherwise refers to other DNS servers. A forwarding-only DNS server, which refers all, requests to other DNS servers. CONFIGURE DNS SERVER. In this example we will configure a dns server and will test from client side. For this example we are using three systems one linux server one linux clients and one window clients.
Domain Name Service (DNS) is an internet service that maps IP addresses to fully qualified domain names (FQDN) and vice versa.
BIND stands for Berkley Internet Naming Daemon.
BIND is the most common program used for maintaining a name server on Linux.
In this tutorial, we will explain how to install and configure a DNS server.
If you are new to DNS, you should first understand the fundamentals of DNS and how it works.
If you are new to DNS, you should first understand the fundamentals of DNS and how it works.
1. Network Information
In this tutorial, we are going to setup a local DNS server for the network shown in the below diagram.
We’ll use “thegeekstuff.net” domain as an example for this DNS installation. “mail”, “web”, “ns” are the hosts that resides within this domain.
It is possible to configure a single system to act as a caching name server, primary/master and secondary/slave. We will configure this DNS as a Primay/Master as well as Caching DNS server.
We’ll be installing DNS server on “10.42.0.83”.
2. Install Bind
Install the bind9 package using the appropriate package management utilities for your Linux distributions.
On Debian/Ubuntu flavors, do the following:
On Redhat/CentOS/Fedora flavors, do the following:
All the DNS configurations are stored under /etc/bind directory. The primary configuration is /etc/bind/named.conf which will include other needed files. The file named /etc/bind/db.root describes the root nameservers in the world.
3. Configure Cache NameServer
The job of a DNS caching server is to query other DNS servers and cache the response. Next time when the same query is given, it will provide the response from the cache. The cache will be updated periodically.
Please note that even though you can configure bind to work as a Primary and as a Caching server, it is not advised to do so for security reasons. Having a separate caching server is advisable.
All we have to do to configure a Cache NameServer is to add your ISP (Internet Service Provider)’s DNS server or any OpenDNS server to the file /etc/bind/named.conf.options. For Example, we will use google’s public DNS servers, 8.8.8.8 and 8.8.4.4.
Uncomment and edit the following line as shown below in /etc/bind/named.conf.options file.
After the above change, restart the DNS server.
4. Test the Cache NameServer
You can use the dig command to test DNS services. DIG command examples explains more about how to perform DNS lookups.
Now when the second time you execute the dig, there should be an improvement in the Query time. As you see below, it took only 3 msec the second time, as it is getting the info from our caching DNS server.
5. Configure Primary/Master Nameserver
Next, we will configure bind9 to be the Primary/Master for the domain/zone “thegeekstuff.net”.
As a first step in configuring our Primary/Master Nameserver, we should add Forward and Reverse resolution to bind9.
To add a DNS Forward and Reverse resolution to bind9, edit /etc/bind9/named.conf.local.
Now the file /etc/bind/db.thegeekstuff.net will have the details for resolving hostname to IP address for this domain/zone, and the file /etc/bind/db.10 will have the details for resolving IP address to hostname.
6. Build the Forward Resolution for Primary/Master NameServer
Now we will add the details which is necessary for forward resolution into /etc/bind/db.thegeekstuff.net.
First, copy /etc/bind/db.local to /etc/bind/db.thegeekstuff.net
Next, edit the /etc/bind/db.thegeekstuff.net and replace the following.
- In the line which has SOA: localhost. – This is the FQDN of the server in charge for this domain. I’ve installed bind9 in 10.42.0.83, whose hostname is “ns”. So replace the “localhost.” with “ns.thegeekstuff.net.”. Make sure it end’s with a dot(.).
- In the line which has SOA: root.localhost. – This is the E-Mail address of the person who is responsible for this server. Use dot(.) instead of @. I’ve replaced with lak.localhost.
- In the line which has NS: localhost. – This is defining the Name server for the domain (NS). We have to change this to the fully qualified domain name of the name server. Change it to “ns.thegeekstuff.net.”. Make sure you have a “.” at the end.
Next, define the A record and MX record for the domain. A record is the one which maps hostname to IP address, and MX record will tell the mailserver to use for this domain.
Once the changes are done, the /etc/bind/db.thegeekstuff.net file will look like the following:
6. Build the Reverse Resolution for Primary/Master NameServer
We will add the details which are necessary for reverse resolution to the file /etc/bind/db.10. Copy the file /etc/bind/db.127 to /etc/bind/db.10
Next, edit the /etc/bind/db.10 file, and basically changing the same options as /etc/bind/db.thegeekstuff.net
Next, for each A record in /etc/bind/db.thegeekstuff.net, add a PTR record.
Whenever you are modifying the file db.thegeekstuff.net and db.10, you need to increment the “Serial” number as well. Typically admin uses DDMMYYSS for serial numbers and when they modify, the change the serial number appropriately.
Finally, restart the bind9 service:
7. Test the DNS server
Now we have configured the DNS server for our domain. We will test our DNS server by pinging mail.thegeekstuff.net from web.thegeekstuff.net.
If the ping is success, then we have configured the DNS successfully.
You can also use nslookup and dig to test DNS servers.
On web.thegeekstuff.net server, add the following to /etc/resolv.conf
Now ping, mail.thegeekstuff.net, which should resolve the address appropriately from the DNS server that we just configured.
> Add your comment
If you enjoyed this article, you might also like..
Next post: How to Add Hyper-V Role on Windows Server 2008/2012 to Run Hyper-V Manager
Previous post: Happy New Year 2014 – From Geek and the Dolls
DNS (Domain Name System), also known as a nameserver, is a network system that associates host names with their respective IP addresses. For users, this has the advantage that they can refer to machines on the network by names that are usually easier to remember than the numerical network addresses. For system administrators, using the nameserver allows them to change the IP address for a host without ever affecting the name-based queries, or to decide which machines handle these queries.
DNS is usually implemented using one or more centralized servers that are authoritative for certain domains. When a client host requests information from a nameserver, it usually connects to port 53. The nameserver then attempts to resolve the name requested. If it does not have an authoritative answer, or does not already have the answer cached from an earlier query, it queries other nameservers, called root nameservers, to determine which nameservers are authoritative for the name in question, and then queries them to get the requested name.
Lets take up the scenario to setup the DNS Server..
Master DNS Server – 1
Secondary DNS Server – 1 ( Optional )
Client Server – 1 ( With 4 IP’s )
Here, I have used 4 different network segment IP Address, On HOW to show the configuration for reverse DNS setup.
STEP :1
[[email protected] ~] # yum install bind* -y
As I have configured yum repo, I am using yum to install the packages.
And the output as below :
STEP :2 ( Configure DNS SERVER )
Now, adding the changes as highlighted in color text in /etc/named.conf file:
[[email protected] ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. //options { listen-on port 53 { 192.168.28.130; }; ### Master DNS IP ADDRESS ### listen-on-v6 port 53 { ::1; }; directory “/var/named”; dump-file “/var/named/data/cache_dump.db”; statistics-file “/var/named/data/named_stats.txt”; memstatistics-file “/var/named/data/named_mem_stats.txt”; allow-query { 192.168.0.0/24; 192.168.1.0/24; 192.168.2.0/24; 192.168.3.0/24; }; ### IP RANGE ### allow-transfer { 192.168.28.131; }; ### SLAVE IP ADDRESS ### recursion no;dnssec-enable yes; dnssec-validation yes;/* Path to ISC DLV key */ bindkeys-file “/etc/named.iscdlv.key”;managed-keys-directory “/var/named/dynamic”; };logging { channel default_debug { file “data/named.run”; severity dynamic; }; };zone “.” IN { type hint; file “named.ca”; }; ## Define our Forward and Reverse Zone file here for quickfixlinux.local zone “quickfixlinux.local” IN { type master; file “quickfixlinux.fwd.zone”; allow-update { none; }; }; zone “0.168.192.in-addr.arpa” IN { type master; file “quickfixlinux.rev-MG.zone”; ### Management IP ADDRESS ### allow-update { none;}; }; zone “1.168.192.in-addr.arpa” IN { type master; file “quickfixlinux.rev-PD.zone”; ### Production IP ADDRESS ### allow-update { none;}; }; zone “2.168192.in-addr.arpa” IN { type master; file “quickfixlinux.rev-BK.zone”; ### Backup IP ADDRESS ### allow-update { none;}; }; zone “3.168.192.in-addr.arpa” IN { type master; file “quickfixlinux.rev-PR.zone”; ### Provisioning IP ADDRESS ### allow-update { none;}; };include “/etc/named.rfc1912.zones”; include “/etc/named.root.key”; |
STEP 3:
Creating Master Zone files:
3.1 Creating quickfixlinux.fwd.zone as defined in /etc/named.conf file
Here are going to use a existing sample files to create the forward and reverse zone files:
[[email protected] ~]# cp /var/named/named.localhost /var/named/quickfixlinux.fwd.zone
[[email protected] ~]# cp /var/named/named.loopback /var/named/quickfixlinux.rev-MG.zone
[[email protected] ~]# cp /var/named/named.loopback /var/named/quickfixlinux.rev-PD.zone
[[email protected] ~]# cp /var/named/named.loopback /var/named/quickfixlinux.rev-BK.zone
[[email protected] ~]# cp /var/named/named.loopback /var/named/quickfixlinux.rev-PR.zone
3.2 Create Reverse DNS zone entries as per /etc/named.conf file:
Now, you need to create the similar Reverse zone files for PD,BK and PR accordingly with reference on this MG zone file.
STEP 4:
Need to change the group permission of the newly created zone files:
[[email protected] ~]# chgrp named /var/named/quickfixlinux.fwd.zone
[[email protected] ~]# chgrp named /var/named/quickfixlinux.rev-MG.zone
[[email protected] ~]# chgrp named /var/named/quickfixlinux.rev-PD.zone
[[email protected] ~]# chgrp named /var/named/quickfixlinux.rev-BK.zone
[[email protected] ~]# chgrp named /var/named/quickfixlinux.rev-PR.zone
[[email protected] ~]# chgrp named /var/named/quickfixlinux.rev-MG.zone
[[email protected] ~]# chgrp named /var/named/quickfixlinux.rev-PD.zone
[[email protected] ~]# chgrp named /var/named/quickfixlinux.rev-BK.zone
[[email protected] ~]# chgrp named /var/named/quickfixlinux.rev-PR.zone
STEP 5:
Checking the zone files for any errors:
[[email protected] ~]# named-checkconf /etc/named.conf
[[email protected] ~]# named-checkzone masterdns.quickfixlinux.local /var/named/quickfixlinux.fwd.zone
[[email protected] ~]# named-checkzone masterdns.quickfixlinux.local /var/named/quickfixlinux.rev-MG.zone
[[email protected] ~]# named-checkzone masterdns.quickfixlinux.local /var/named/quickfixlinux.rev-PD.zone
[[email protected] ~]# named-checkzone masterdns.quickfixlinux.local /var/named/quickfixlinux.rev-BK.zone
[[email protected] ~]# named-checkzone masterdns.quickfixlinux.local /var/named/quickfixlinux.rev-PR.zone
[[email protected] ~]# named-checkzone masterdns.quickfixlinux.local /var/named/quickfixlinux.fwd.zone
[[email protected] ~]# named-checkzone masterdns.quickfixlinux.local /var/named/quickfixlinux.rev-MG.zone
[[email protected] ~]# named-checkzone masterdns.quickfixlinux.local /var/named/quickfixlinux.rev-PD.zone
[[email protected] ~]# named-checkzone masterdns.quickfixlinux.local /var/named/quickfixlinux.rev-BK.zone
[[email protected] ~]# named-checkzone masterdns.quickfixlinux.local /var/named/quickfixlinux.rev-PR.zone
OUTPUT:
STEP 6:
Now, start up the named service:
[[email protected] ~]# chkconfig named on
[[email protected] ~]# /etc/init.d/named start
Starting named: [ OK ]
Starting named: [ OK ]
STEP 7:
Open up the firewall for port 53, either external or internal firewall’s.
STEP 8 :
Add the Master DNS IP Address in /etc/resolv.conf file.
[[email protected] ~] # vim /etc/resolv.conf
nameserver 192.168.28.130
Now, we can check the status of the masterdns for Forward zone using the dig command