Thursday, 13 June 2013

How to Setup DNS Server in Linux


Step by Step Guide for setting up a DNS Server in Red Hat / CentOS / Fedora


The following guide will help you setup your very own fully functional local DNS Server for your Linux Operating Systems. 

I have also prepared a GUIDE for setting up a CentOS based LDAP server. you can view that HERE

In this guide, we are going to use CentOS as the base OS for setting up our DNS server, however the same steps should be applicable on most Linux OS platforms as well such as Red Hat, Fedora etc.

The diagram below depicts the layout of our test domain a.k.a "cloud.com". We are going to set up a Primary / Master DNS along with a Client to test whether the DNS was successfully setup or not.




Machine Details:

Primary / Master DNS Server:
OS: CentOS 6.3 64 Bit
Host name: masterdns.cloud.com 
IP: 192.168.50.128
Subnet: 255.255.255.0

Secondary / Fail Safe DNS Server:
OS: CentOS 6.3 64 Bit
Host name: slavedns.cloud.com 
IP: 192.168.50.129
Subnet: 255.255.255.0

Test Client Server:
OS: CentOS 6.3 64 Bit
Host Name: client.cloud.com
IP: 192.168.50.130
Subnet: 255.255.255.0

Setting up the Master DNS Server:

First, we need to install the DNS software. In this case, we are using Bind. Bind is a popular Linux-based DNS server and is widely used all over the world.

Execute the following command in your Master DNS server:

NOTE: The following commands have been executed using root privileges.

# yum install bind*


Once installed, we configure the DNS Server. To do this, we need to edit a configuration file with some parameters:

# vi /etc/named.conf


Make ONLY the changes that are highlighted below:

NOTE: Replace the Master DNS Server IP address with your own Master Server's IP address. If you plan to setup a Secondary DNS, then fill in the Slave DNS IP Address as shown below, else ignore the setting. Provide your Forward and Reverse Lookup zones as required.
 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.50.128;}; ### Provide your Master DNS IP ###
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.50.0/24;}; ### IP Address Range ### 
allow-transfer{ localhost; 192.168.50.129;};   ### Slave DNS IP Address ###
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
### Forward Lookup Zone ###
zone"cloud.com" IN {
type master;
file "forward.cloud";
allow-update { none; };
};
### Reverse Lookup Zone ###
zone"50.168.192.in-addr.arpa" IN {
type master;
file "reverse.cloud";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
 
 
Once edited, we now need to create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.

Create forward.cloud file in the ‘/var/named’ directory.

NOTE: Make ONLY the changes that are highlighted below:
# vi /var/named/forward.cloud
 
$TTL 86400
@   IN  SOA     masterdns.cloud.com. root.cloud.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.cloud.com.
@       IN  NS          slavedns.cloud.com.
@       IN  A           192.168.50.128
@       IN  A           192.168.50.129
@       IN  A           192.168.50.130

masterdns       IN  A   192.168.50.128
slavedns    IN  A   192.168.50.129
client          IN  A   192.168.50.130


Similarly, create reverse.cloud file in the ‘/var/named’ directory.

NOTE: Make ONLY the changes that are highlighted below:

# vi /var/named/reverse.cloud  
 
$TTL 86400
@   IN  SOA     masterdns.cloud.com. root.cloud.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.cloud.com.
@       IN  NS          slavedns.cloud.com.
@       IN  PTR         cloud.com. 

masterdns       IN  A   192.168.50.128
slavedns    IN  A   192.168.50.129
client          IN  A   192.168.50.130
 
128     IN  PTR         masterdns.cloud.com.
129     IN  PTR         slavedns.cloud.com.
130     IN  PTR         client.cloud.com.



If all's gone well, then we are now ready to start the DNS service:

# service named start

# chkconfig named on


You can test the DNS configuration and the Zone files for any errors by running the following commands:

# named-checkconf /etc/named.conf  
 
# named-checkzone unixmen.local /var/named/forward.cloud
 
# named-checkzone unixmen.local /var/named/reverse.cloud 
 
 
You can test your DNS server by running the following command. 
You should receive the output with a "NOERROR" status as shown:

# dig masterdns.cloud.com


You can alternatively run 'nslookup' to verify your DNS settings

# nslookup cloud.com

# nslookup masterdns.cloud.com



Setting up the Slave DNS Server (OPTIONAL):

Once our Master DNS is set up, setting up a secondary or slave DNS Server is optional, but its always a good practice to have one in place. Installing a Slave DNS server is no different for that of the Master, just a few configurations differ.

To get started, first install bind on the slave DNS Server machine:

# yum install bind*

Once installed, we configure the DNS Server. To do this, we need to edit a configuration file with some parameters:

# vi /etc/named.conf

Make ONLY the changes that are highlighted below:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.50.129;}; ### Provide your Slave DNS IP ###
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.50.0/24;}; ### IP Address Range ### 
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
### Forward Lookup Zone ###
zone"cloud.com" IN {
type slave;
file "slaves/cloud.fwd";
masters { 192.168.1.100; };
masters {192.168.50.128;};
};
### Reverse Lookup Zone ###
zone"50.168.192.in-addr.arpa" IN {
type slave;
file "slaves/cloud.rev";
masters {192.168.50.128;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
 
Once done, save the file and exit the editor.


If all's gone well, then we are now ready to start the DNS service:

# service named start

# chkconfig named on


You can see that once the service is started, the Forward and Reverse lookup zone files are automatically copied form the Master DNS to /var/named/slaves folder in the Slave DNS Server.

You can test your DNS server by running the following command. 
You should receive the output with a "NOERROR" status as shown:

# dig slavedns.cloud.com



 
# vi /etc/named.conf  // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.1.101;}; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db";         statistics-file "/var/named/data/named_stats.txt";         memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query     { localhost; 192.168.1.0/24;}; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging {         channel default_debug {                 file "data/named.run";                 severity dynamic;         }; }; zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type slave; file "slaves/unixmen.fwd"; masters { 192.168.1.100; }; }; zone"1.168.192.in-addr.arpa" IN { type slave; file "slaves/unixmen.rev"; masters { 192.168.1.100; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; - See more at: http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/#sthash.y1dxQ5YU.dpuf
Setting up the Clients:

Once our Master DNS and Slave DNS is set up, we can now configure our Linux Clients against this Domain:

In all your 'Client' machines, simply add the following entries in the following file:
# vi /etc/resolv.conf
search cloud.com
### Master DNS ###
search 192.168.50.128
### Slave DNS ###
search 192.168.50.129


Save the file and exit the editor. You should now be able to see your 'Client' Machine's FQDN as well as shown below:

NOTE: You will have to manually add each Client in your Master DNS forward and reverse files. This will help in providing a FQDN to your clients.


Thats all for now.. hope this tutorial guides you to set up your DNS successfully.. 

If you want to know how to setup your own LDAP server on CentOS as well, then you can refer THIS GUIDE



No comments :

Post a Comment