Setup DNS Server step by step in CentOS 6.3 / RHEL 6.3
DNS (Domain Name System) is the core component of network infrastructure. The DNS service resolves hostname into ip address and vice versa. For example if we type http://www.rmohan.com in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.
DNS Server Installation in CentOS 6.3:
This how-to tutorial will shows you how to install and configure DNS server. In this scenario my dns server FQDN (Fully Qualified Domain Name) and
ip-address are webserver.rmohan.com and 192.168.1.100 respectively. The steps provided here are tested in CentOS 6.3, but it should work in RHEL 6.x(x stands for version) and Scientific Linux 6.x too.
Prerequisites:
Before proceed, check the following properly.
1. Check FQDN (Fully Qualified Name) of the server.
[root@webserver ~]# hostname
webserver.rmohan.com
2. Check IP Address of the Server.
[root@webserver ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 08:00:27:1B:84:3A
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe1b:843a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7785 errors:0 dropped:0 overruns:0 frame:0
TX packets:3635 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:729396 (712.3 KiB) TX bytes:461240 (450.4 KiB)
3. Enter the resolver IP (DNS Server IP i.e 192.168.1.100 in our example) in /etc/resolv.conf file.
[root@webserver ~]# nano /etc/resolv.conf
# Generated by NetworkManager
search rmohan.com
nameserver 192.168.1.100
4. Disable Firewall.
[root@webserver ~]# service iptables stop
[root@webserver ~]# chkconfig iptables off
[root@webserver ~]# service ip6tables stop
[root@webserver ~]# chkconfig ip6tables off
5.Disable selinux.
Set SELINUX=disabled to disable the Selinux in the /etc/selinux/config file..
[root@webserver ~]# nano /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
Reboot the server to save the changes.
6.Check Firewall and Selinux Status:
[root@webserver ~]# service iptables status
iptables: Firewall is not running.
[root@webserver ~]# service ip6tables status
ip6tables: Firewall is not running.
[root@webserver ~]# sestatus
SELinux status: disabled
Well, all the services are disabled now.
Install bind9 package:
[root@webserver ~]# yum install bind*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
localrepo | 1.3 kB 00:00 …
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package bind.i686 32:9.8.2-0.10.rc1.el6 will be installed
–> Processing Dependency: portreserve for package: 32:bind-9.8.2-0.10.rc1.el6.i686
—> Package bind-chroot.i686 32:9.8.2-0.10.rc1.el6 will be installed
—> Package bind-devel.i686 32:9.8.2-0.10.rc1.el6 will be installed
—> Package bind-dyndb-ldap.i686 0:1.1.0-0.9.b1.el6 will be installed
—> Package bind-libs.i686 32:9.8.2-0.10.rc1.el6 will be installed
—> Package bind-sdb.i686 32:9.8.2-0.10.rc1.el6 will be installed
–> Processing Dependency: libpq.so.5 for package: 32:bind-sdb-9.8.2-0.10.rc1.el6.i686
—> Package bind-utils.i686 32:9.8.2-0.10.rc1.el6 will be installed
–> Running transaction check
—> Package portreserve.i686 0:0.0.4-9.el6 will be installed
—> Package postgresql-libs.i686 0:8.4.11-1.el6_2 will be installed
–> Finished Dependency Resolution
Dependencies Resolved
===================================================
Package Arch Version Repository Size
===================================================
Installing:
bind i686 32:9.8.2-0.10.rc1.el6 localrepo 4.0 M
bind-chroot i686 32:9.8.2-0.10.rc1.el6 localrepo 70 k
bind-devel i686 32:9.8.2-0.10.rc1.el6 localrepo 375 k
bind-dyndb-ldap i686 1.1.0-0.9.b1.el6 localrepo 63 k
bind-libs i686 32:9.8.2-0.10.rc1.el6 localrepo 881 k
bind-sdb i686 32:9.8.2-0.10.rc1.el6 localrepo 305 k
bind-utils i686 32:9.8.2-0.10.rc1.el6 localrepo 180 k
Installing for dependencies:
portreserve i686 0.0.4-9.el6 localrepo 22 k
postgresql-libs i686 8.4.11-1.el6_2 localrepo 201 k
Transaction Summary
===================================================
Install 9 Package(s)
Total download size: 6.0 M
Installed size: 13 M
Is this ok [y/N]: y
Downloading Packages:
——————————————————————————–
Total 16 MB/s | 6.0 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : 32:bind-libs-9.8.2-0.10.rc1.el6.i686 1/9
Installing : portreserve-0.0.4-9.el6.i686 2/9
Installing : 32:bind-9.8.2-0.10.rc1.el6.i686 3/9
Installing : postgresql-libs-8.4.11-1.el6_2.i686 4/9
Installing : 32:bind-chroot-9.8.2-0.10.rc1.el6.i686 5/9
Installing : 32:bind-devel-9.8.2-0.10.rc1.el6.i686 6/9
Installing : 32:bind-sdb-9.8.2-0.10.rc1.el6.i686 7/9
Installing : bind-dyndb-ldap-1.1.0-0.9.b1.el6.i686 8/9
Installing : 32:bind-utils-9.8.2-0.10.rc1.el6.i686 9/9
Verifying : 32:bind-utils-9.8.2-0.10.rc1.el6.i686 1/9
Verifying : 32:bind-chroot-9.8.2-0.10.rc1.el6.i686 2/9
Verifying : 32:bind-devel-9.8.2-0.10.rc1.el6.i686 3/9
Verifying : postgresql-libs-8.4.11-1.el6_2.i686 4/9
Verifying : 32:bind-sdb-9.8.2-0.10.rc1.el6.i686 5/9
Verifying : portreserve-0.0.4-9.el6.i686 6/9
Verifying : 32:bind-9.8.2-0.10.rc1.el6.i686 7/9
Verifying : 32:bind-libs-9.8.2-0.10.rc1.el6.i686 8/9
Verifying : bind-dyndb-ldap-1.1.0-0.9.b1.el6.i686 9/9
Installed:
bind.i686 32:9.8.2-0.10.rc1.el6 bind-chroot.i686 32:9.8.2-0.10.rc1.el6
bind-devel.i686 32:9.8.2-0.10.rc1.el6 bind-dyndb-ldap.i686 0:1.1.0-0.9.b1.el6
bind-libs.i686 32:9.8.2-0.10.rc1.el6 bind-sdb.i686 32:9.8.2-0.10.rc1.el6
bind-utils.i686 32:9.8.2-0.10.rc1.el6
Dependency Installed:
portreserve.i686 0:0.0.4-9.el6 postgresql-libs.i686 0:8.4.11-1.el6_2
Complete!
Configuration:
The main configuration of the DNS will look like below. Edit and add the entries below which are marked as bold in this configuration files.
[root@webserver ~]# nano /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.100; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; 192.168.1.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;
managed-keys-directory “/var/named/dynamic”;
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “.” IN {
type hint;
file “named.ca”;
};
zone “rmohan.com” IN {
type master;
file “fwd.rmohan.com”;
allow-update { none; };
};
zone “1.168.192.in-addr.arpa” IN {
type master;
file “rev.rmohan.com”;
allow-update { none; };
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
Create Zone files:
Now we should create forward and reverse zone files which we mentioned in the /etc/named.conf file.
Create Forward Zone:
Create fwd.rmohan.com file in the /var/named directory and add the entries for forward zone as shown below.
[root@webserver ~]# nano /var/named/fwd.rmohan.com
$TTL 86400
@ IN SOA webserver.rmohan.com. root.rmohan.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS webserver.rmohan.com.
IN A 192.168.1.100
webserver IN A 192.168.1.100
Save and exit the file by pressing the keys CTRL+O and CTRL+X.
Create Reverse Zone:
Create rev.rmohan.com file in the /var/named directory and add the entries for reverse zone as shown below.
[root@webserver ~]# nano /var/named/rev.rmohan.com
$TTL 86400
@ IN SOA webserver.rmohan.com. root.rmohan.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS webserver.rmohan.com.
IN PTR rmohan.com.
IN A 255.255.255.0
100 IN PTR webserver.rmohan.com.
Save and exit by pressing the keys CTRL+O and CTRL+X.
Start the bind service.
[root@webserver ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@webserver ~]# chkconfig named on
Test DNS Server:
[root@webserver ~]# dig webserver.rmohan.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> webserver.rmohan.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 217
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;webserver.rmohan.com. IN A
;; ANSWER SECTION:
webserver.rmohan.com. 86400 IN A 192.168.1.100
;; AUTHORITY SECTION:
rmohan.com. 86400 IN NS webserver.rmohan.com.
;; Query time: 3 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Jan 25 16:50:45 2013
;; MSG SIZE rcvd: 72
[root@webserver ~]# dig -x 192.168.1.100
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> -x 192.168.1.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3272
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;100.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.1.168.192.in-addr.arpa. 86400 IN PTR webserver.rmohan.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS webserver.rmohan.com.
;; ADDITIONAL SECTION:
webserver.rmohan.com. 86400 IN A 192.168.1.100
;; Query time: 4 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Jan 25 16:52:13 2013
;; MSG SIZE rcvd: 112
If you get all the four sections QUESTION, ANSWER, AUTHORITY, ADDITIONAL as 1, you’re done. Otherwise check the steps again for any mistakes.
Thats it. Have a good day!!!
Recent Comments