WikiOld

User Tools

Site Tools

Trace: ntpd adduser dns
eduardo:linux:dns

Table of Contents

BIND DNS

Check BIND Install

bash# rpm -q bind
 package bind is not installed 

bash# rpm -q bind-chroot
 package bind-chroot is not installed

Install Bind

Bind packages are available under default yum repositories. To install packages simple execute below command. 

bash# yum -y install bind bind-chroot

Configure FQDN

Edit the /etc/hosts file and replace the ip address and domain name with yours ipaddress and domain name 

bash# vi /etc/hosts

192.168.122.9 ns1.example.com ns1

Edit the /etc/sysconfig/network and replace HOSTNAME value 

bash# vi /etc/sysconfig/network 

HOSTNAME=ns1

Restart the network service 

bash# /etc/init.d/network restart

Now check Hostname and FQDN you are getting properly. Once logout and re-login or Restart the server 

bash# hostname

ns1 

bash# hostname -f

ns1.example.com

Edit /etc/resolv.conf file 

bash# vi /etc/resolv.conf  

domain example.com
search example.com

nameserver 192.168.122.9

bash#

Config

Copy sample configuration file 

bash# cd /var/named/chroot/etc/

bash# cp /usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones .
bash# cp /usr/share/doc/bind-9.8.2/sample/etc/named.conf .

Master DNS Server

Edit named.conf 

bash# vi /var/named/chroot/etc/named.conf 

#######remove old contents and  paste the below given contents ######## 
include "/etc/rndc.key"; 

options {        
    directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named .        
    forwarders {192.168.122.10; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.122.10
};  

//Forward zone section for example.com 
zone "example.com" IN {        
    type master;        
    file "example.com.forward-zone"; //forward zone files in /var/named        
    allow-update { none; };
}; 

// Reverse Zone Section for example.com 
zone "122.168.192.in-addr.arpa" IN {        
    type master; // Declaring as DNS Master Server        
    file "example.com.reverse-zone"; // reverse zone files in /var/named        
    allow-update { none; };
};

Create Forward Zone and Reverse zone file. 

bash# vi /var/named/chroot/var/named/example.com.forward-zone

; comment is given by symbol ; ,hence this line is commented
; IN SOA we give Start Of Authority email id in this pattern, username.domainname.tld eg. admin.example.com
; FQDN must have period (.) sign at trailing end,see given below "IN NS ns1.example.com." 

$TTL 1D
@ IN SOA ns1.example.com sharadchhetri.example.com. ( 
    0  ; serial 
    1D ; refresh 
    1H ; retry 
    1W ; expire 
    3H ) ; minimum 

    IN NS ns1.example.com. 
    IN A 192.168.122.9
NS1 IN A 192.168.122.9
www IN A 192.168.122.11

Reverse Zone File: 

bash# vi /var/named/chroot/var/named/example.com.reverse-zone 

;Reverse Zone File for example.com
; do not forget to use period (.) at trailing end of FQDN 

$TTL 1D 

@ IN SOA  ns1.example.com sharadchhetri.example.com. (                                        
     0       ; serial                                        
     1D      ; refresh                                        
     1H      ; retry                                        
     1W      ; expire                                        
     3H )    ; minimum        
     
         NS     ns1.example.com.
9    IN  PTR    ns1.example.com.
11   IN  PTR    www.example.com.

Changing ownership and group of files. 

bash# cd /var/named/chroot/var/named 

chown named:named example.com.*

Restart the named service. When you first time restart the named service,new rndc.key file will be generated and named service will take time to restart 

bash# /etc/init.d/named restart

Slave DNS Server

On Master DNS Server. Update named.conf 

options {
    ....
    notify yes;
    also-notify { 202.84.190.10; };
    allow-transfer { 202.84.190.10; };
    ....
};

Create named.conf file in /var/named/chroot/etc 

bash# vi /var/named/chroot/etc/named.conf  

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package 
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// 

####### New line Addition ######## 

include "/etc/rndc.key"; 

options {        
    directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named .        
    forwarders {192.168.122.9; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.56.122.9
};  

//Forward zone section for example.com 

zone "example.com" IN {        
    type slave;        file "example.com.forward-zone"; //forward zone files   
    file "slaves/example.com.forward-zone"; // reverse zone file   
    masters {192.168.122.9; };
}; 

// Reverse Zone Section for example.com 

zone "122.168.192.in-addr.arpa" IN {        
    type slave; // Declaring as DNS Slave Server        
    file "slaves/example.com.reverse-zone"; // reverse zone file   
    masters {192.168.122.9; };
};

Change the permission of /var/named/chroot/var/named directory.

So that when we restart the named service in ns2, bydefault all zone file will be transfer. 

bash# chmod 770 /var/named/chroot/var/named

Restart the named service 

bash# /etc/init.d/named restart

Now check all zone files are bydefault transfered to slave DNS server 

bash# ls -l /var/named/chroot/var/named/

total 40
drwxr-x--- 6 root  named 4096 Jul 18 23:23 chroot
drwxrwx--- 2 named named 4096 Mar 29 04:18 data
drwxrwx--- 2 named named 4096 Mar 29 04:18 dynamic
-rw-r--r-- 1 named named  378 Jul 20 16:58 example.com.forward-zone
-rw-r--r-- 1 named named  452 Jul 20 17:01 example.com.reverse-zone
-rw-r----- 1 root  named 1892 Feb 18  2008 named.ca
-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx--- 2 named named 4096 Mar 29 04:18 slaves

bash#

Whenever you do any update in master DNS server in zone files increase the serial otherwise slave will not get update from master.

After this ,restart the named service by using command /etc/init.d/named restart 

bash# cat /var/named/chroot/var/named/example.com.reverse-zone 

$ORIGIN .
$TTL 86400 ; 1 day
122.168.192.in-addr.arpa IN SOA ns1.example.com.122.168.192.in-addr.arpa. sharadchhetri.example.com. ( 
    2          ; serial 
    86400      ; refresh (1 day) 
    3600       ; retry (1 hour) 
    604800     ; expire (1 week) 
    10800      ; minimum (3 hours) ) 
    
    NS ns1.example.com. 
    NS ns2.example.com.
    $ORIGIN 122.168.192.in-addr.arpa.
10 PTR ns2.example.com.
11 PTR www.example.com.
9 PTR ns1.example.com.

bash#

Firewall Rule

DNS servers communicate over port 53 UDP. The firewall must be configured to allow UDP on both source and destination ports 53. 

[bash]# iptables -I INPUT -p udp --dport 53 -j ACCEPT

[bash]# service iptables save

To allow zone transfer, add the following on master. As zone transfer uses TCP instead of UDP 

[bash]# iptables -I INPUT -p tcp --dport 53 -j ACCEPT

[bash]# service iptables save

Auto start

You should now set the runlevels required for the DNS service, then restart it. 

[bash]# chkconfig --level 2345 named on
[bash]# /etc/init.d/named restart

You can check which runlevels the service will be active with the following command. 

[bash]# chkconfig --list named
eduardo/linux/dns.txt · Last modified: 2024/02/23 08:20 by 127.0.0.1