Differences

This shows you the differences between two versions of the page.

--- eduardo:linux:dns [2014/11/17 10:06] – old revision restored eduardo
+++ eduardo:linux:dns [2024/02/23 08:20] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
+====== BIND DNS ======
+===== Check BIND Install =====
+<code>
+bash# rpm -q bind
+ package bind is not installed
+bash# rpm -q bind-chroot
+ package bind-chroot is not installed
+</code>
+===== Install Bind =====
+Bind packages are available under default yum repositories. To install packages simple execute below command.
+<code>
+bash# yum -y install bind bind-chroot
+</code>
+===== Configure FQDN =====
+Edit the /etc/hosts file and replace the ip address and domain name with yours ipaddress and domain name
+<code>
+bash# vi /etc/hosts
+.168.122.9 ns1.example.com ns1
+</code>
+Edit the /etc/sysconfig/network and replace HOSTNAME value
+<code>
+bash# vi /etc/sysconfig/network
+HOSTNAME=ns1
+</code>
+Restart the network service
+<code>
+bash# /etc/init.d/network restart
+</code>
+Now check Hostname and FQDN you are getting properly.
+Once logout and re-login or Restart the server
+<code>
+bash# hostname
+ns1
+bash# hostname -f
+ns1.example.com
+</code>
+Edit /etc/resolv.conf file
+<code>
+bash# vi /etc/resolv.conf
+domain example.com
+search example.com
+nameserver 192.168.122.9
+bash#
+</code>
+===== Config =====
+Copy sample configuration file
+<code>
+bash# cd /var/named/chroot/etc/
+bash# cp /usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones .
+bash# cp /usr/share/doc/bind-9.8.2/sample/etc/named.conf .
+</code>
+===== Master DNS Server =====
+Edit named.conf
+<code>
+bash# vi /var/named/chroot/etc/named.conf
+#######remove old contents and  paste the below given contents ########
+include "/etc/rndc.key";
+options {
+    directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named .
+    forwarders {192.168.122.10; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.122.10
+};
+//Forward zone section for example.com
+zone "example.com" IN {
+    type master;
+    file "example.com.forward-zone"; //forward zone files in /var/named
+    allow-update { none; };
+};
+// Reverse Zone Section for example.com
+zone "122.168.192.in-addr.arpa" IN {
+    type master; // Declaring as DNS Master Server
+    file "example.com.reverse-zone"; // reverse zone files in /var/named
+    allow-update { none; };
+};
+</code>
+Create Forward Zone and Reverse zone file.
+<code>
+bash# vi /var/named/chroot/var/named/example.com.forward-zone
+; comment is given by symbol ; ,hence this line is commented
+; IN SOA we give Start Of Authority email id in this pattern, username.domainname.tld eg. admin.example.com
+; FQDN must have period (.) sign at trailing end,see given below "IN NS ns1.example.com."
+$TTL 1D
+@ IN SOA ns1.example.com sharadchhetri.example.com. (
+  ; serial
+D ; refresh
+H ; retry
+W ; expire
+H ) ; minimum
+    IN NS ns1.example.com.
+    IN A 192.168.122.9
+NS1 IN A 192.168.122.9
+www IN A 192.168.122.11
+</code>
+Reverse Zone File:
+<code>
+bash# vi /var/named/chroot/var/named/example.com.reverse-zone
+;Reverse Zone File for example.com
+; do not forget to use period (.) at trailing end of FQDN
+$TTL 1D
+@ IN SOA  ns1.example.com sharadchhetri.example.com. (
+       ; serial
+D      ; refresh
+H      ; retry
+W      ; expire
+H )    ; minimum
+         NS     ns1.example.com.
+    IN  PTR    ns1.example.com.
+   IN  PTR    www.example.com.
+</code>
+Changing ownership and group of files.
+<code>
+bash# cd /var/named/chroot/var/named
+chown named:named example.com.*
+</code>
+Restart the named service. When you first time restart the named service,new rndc.key file will be generated and named service will take time to restart
+<code>
+bash# /etc/init.d/named restart
+</code>
+===== Slave DNS Server =====
+On Master DNS Server. Update named.conf
+<code>
+options {
+    ....
+    notify yes;
+    also-notify { 202.84.190.10; };
+    allow-transfer { 202.84.190.10; };
+    ....
+};
+</code>
+Create named.conf file in /var/named/chroot/etc
+<code>
+bash# vi /var/named/chroot/etc/named.conf
+// named.rfc1912.zones:
+//
+// Provided by Red Hat caching-nameserver package
+//
+// ISC BIND named zone configuration for zones recommended by
+// RFC 1912 section 4.1 : localhost TLDs and address zones
+// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
+// (c)2007 R W Franks
+//
+// See /usr/share/doc/bind*/sample/ for example named configuration files.
+//
+####### New line Addition ########
+include "/etc/rndc.key";
+options {
+    directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named .
+    forwarders {192.168.122.9; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.56.122.9
+};
+//Forward zone section for example.com
+zone "example.com" IN {
+    type slave;        file "example.com.forward-zone"; //forward zone files
+    file "slaves/example.com.forward-zone"; // reverse zone file
+    masters {192.168.122.9; };
+};
+// Reverse Zone Section for example.com
+zone "122.168.192.in-addr.arpa" IN {
+    type slave; // Declaring as DNS Slave Server
+    file "slaves/example.com.reverse-zone"; // reverse zone file
+    masters {192.168.122.9; };
+};
+</code>
+Change the permission of /var/named/chroot/var/named directory.
+So that when we restart the named service in ns2, bydefault all zone file will be transfer.
+<code>
+bash# chmod 770 /var/named/chroot/var/named
+</code>
+Restart the named service
+<code>
+bash# /etc/init.d/named restart
+</code>
+Now check all zone files are bydefault transfered to slave DNS server
+<code>
+bash# ls -l /var/named/chroot/var/named/
+total 40
+drwxr-x--- 6 root  named 4096 Jul 18 23:23 chroot
+drwxrwx--- 2 named named 4096 Mar 29 04:18 data
+drwxrwx--- 2 named named 4096 Mar 29 04:18 dynamic
+-rw-r--r-- 1 named named  378 Jul 20 16:58 example.com.forward-zone
+-rw-r--r-- 1 named named  452 Jul 20 17:01 example.com.reverse-zone
+-rw-r----- 1 root  named 1892 Feb 18  2008 named.ca
+-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
+-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
+-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
+drwxrwx--- 2 named named 4096 Mar 29 04:18 slaves
+bash#
+</code>
+Whenever you do any update in master DNS server in zone files increase the serial otherwise slave will not get update from master.
+After this ,restart the named service by using command /etc/init.d/named restart
+<code>
+bash# cat /var/named/chroot/var/named/example.com.reverse-zone
+$ORIGIN .
+$TTL 86400 ; 1 day
+.168.192.in-addr.arpa IN SOA ns1.example.com.122.168.192.in-addr.arpa. sharadchhetri.example.com. (
+          ; serial
+      ; refresh (1 day)
+       ; retry (1 hour)
+     ; expire (1 week)
+      ; minimum (3 hours) )
+    NS ns1.example.com.
+    NS ns2.example.com.
+    $ORIGIN 122.168.192.in-addr.arpa.
+PTR ns2.example.com.
+PTR www.example.com.
+PTR ns1.example.com.
+bash#
+</code>
+===== Firewall Rule =====
+DNS servers communicate over port 53 UDP.  The firewall must be configured to allow UDP on both source and destination ports 53.
+<code>
+[bash]# iptables -I INPUT -p udp --dport 53 -j ACCEPT
+[bash]# service iptables save
+</code>
+To allow zone transfer, add the following on master. As zone transfer uses TCP instead of UDP
+<code>
+[bash]# iptables -I INPUT -p tcp --dport 53 -j ACCEPT
+[bash]# service iptables save
+</code>
+===== Auto start =====
+You should now set the runlevels required for the DNS service, then restart it.
+<code>
+[bash]# chkconfig --level 2345 named on
+[bash]# /etc/init.d/named restart
+</code>
+You can check which runlevels the service will be active with the following command.
+<code>
+[bash]# chkconfig --list named
+</code>