Sie sind auf Seite 1von 12

DNS Server Configuration In Centos and

Redhat Linux 6
Leave a reply
1
inShare
0
DNS server: DNS stands for Domain Name System, It is used to convert the human readable
address (www.openpy.com, google.com) to machine readable address(Numeric, Like
192.168.1.254 ) and vice versa, In this Post we are going to Configure the Primary and
Secondary DNS server, To do Configure we will follow the following setup
PRIMARY DNS=ns1.openpy.com
IPADDRESS= 192.168.1.254

1
2

PRIMARY DNS=ns1.openpy.com
IPADDRESS= 192.168.1.254
SECONDAY DNS=ns2.openpy.c
IPADDRESS=192.168.1.254

1
2

SECONDAY DNS=ns2.openpy.com
IPADDRESS=192.168.1.254

Our First step is to Install the Necessary Package, To configure the DNS server we are using the
Bind Package.
STEP I
Install the necessary package
# yum install bind -y

# yum install bind -y

After installing Edit the /etc/named.conf file according to your Network Configuration, we are
using the network address of 192.168.1.0 with the Default SubnetMask

options {
listen-on port 53 { 192
listen-on-v6 port 53 {
directory "/var/named

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

options {
listen-on port 53 { 192.168.1.254; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any ; };
allow-transfer { 192.168.1.253; };
recursion yes;
forwarders { 8.8.8.8; 4.4.4.4; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "openpy.com" IN {
type master;
file "forward.zone";
allow-update {none;};
};
zone "1.168.192.in-addr.arpa" IN {
type master;

42
file "reverse.zone";
43
allow-update { none; };
44
};
45
46 include "/etc/named.rfc1912.zones";
47
48 include "/etc/named.root.key";
STEP II
The second step will be to Create the forward and reverse zone file
#cd /var/named/
# vim forw ard.zone

1
2

#cd /var/named/
# vim forward.zone

Copy the followings line to configure the forward.zone


$TTL 8600
@
IN SOA

1
2
3
4
5
6
7
8
9
10
11
12
13

ns1.openpy

$TTL 8600
@ IN SOA ns1.openpy.com. root.openpy.com. (
3 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.openpy.com.
@
IN NS ns2.openpy.com.
ns1
IN
A 192.168.1.254
ns2
IN A 192.168.1.253
server IN
A 192.168.1.254
slave IN A 192.168.1.253

STEP III
Now step 3 will be to create the Reverse zone uNder the file /var/named/reverse.zone. To create
Reverse zone paste the following line of code to reverse.zone file

# cd /var/named
# vim reverse.zone

1
2

# cd /var/named
# vim reverse.zone
$TTL 8600
@
IN SOA

1
2
3
4
5
6
7
8
9
10
11
12
13

ns1.openpy

$TTL 8600
@ IN SOA ns1.openpy.com. root.server.openpy.com. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.openpy.com.
@ IN NS ns2.openpy.com.
254 IN PTR ns1.openpy.com.
253 IN PTR ns2.openpy.com.
server IN CNAME ns1
slave IN CNAME ns2

Now check our syntax of the fil


checking the syntax for named.

1
2

Now check our syntax of the file


checking the syntax for named.conf file
#named-checkconf /var/named.

#named-checkconf /var/named.conf

Againg to Check the syntax for zone file issue the following command

# named-checkzone /var/named
# named-checkzone /var/named

1
2

# named-checkzone /var/named/forward.zone
# named-checkzone /var/named/reverse.zone

STEP IV
After Performing all of these steps, we need to configure the firewall rules, the use of IPtables
as we know Named server use the TCP and UDP port no 53
so Open Both UDP and TCP port 53
# iptables -F
# iptables -I INPUT -j DROP
# iptables -A INPUT -m state --s
#iptables - A INPUT -p tcp --dpo

1
2
3
4
5

# iptables -F
# iptables -I INPUT -j DROP
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables - A INPUT -p tcp --dport 53 -j ACCEPT
#iptables -A INPUT -p upd --dport 53 -j ACCEPT

Now save the iptables by issuing the command called


# service iptables save

# service iptables save

STEP V
After all of these STEPS, now other step is start the name server, To start the name server issue
the following command
#service named start
#chkconfig named on

#service named start

#chkconfig named on

STEP VI: Creating the Secondary Name Server


to Configure slave DNS (ns2.openpy.com)
Install the Bind Package in ns2 machine(192.168.1.253)
# yum install bind -y

# yum install bind -y

Now its time to Configure the Slave file


move to /etc/ directory and open named.conf file by favorite editor
vim named.conf

vim named.conf

we are Putting the following lines of code in named.conf file


//
// named.conf
//
// Provided by Red Hat bind pac

1
2
3
4
5
6
7
8
9
10
11
12
13
14

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 192.168.1.0/24 ;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.1.0/24; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "openpy.com" IN {
type slave;
file "slaves/server.fwd";
masters { 192.168.1.254; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/server.rev";
masters { 192.168.1.254; };
};

After Doing Restart your ns2 server by issuing the command below

# service named restart

# service named restart

Before starting the name server you can also check for the file Configuration syntax check,which
I have mentioned above
After, starting named server, move to /var/named/slaves directory
# cd /var/named/slaves

# cd /var/named/slaves

After Moving in this directory,perform the ls command you can see that the zone files are
replicated form the NS1 server
# ls
server.fw d reverse.fw d

1
2

# ls
server.fwd reverse.fwd

so after all these steps we are almost done !!!!!!!!


Time to Configure the Client
To configure the client, change to directory /etc/ and open the resolve.conf file, In my case I am
using the Vim Editor
#cd /etc/
# vim resolve.conf

1
2

#cd /etc/
# vim resolve.conf

After Opening the resolve.conf file put the following line of code in resolve.cof file

nameserver 192.168.1.254
nameserver 192.168.1.253
domain openpy.com
search openpy.com

1
2
3
4

nameserver 192.168.1.254
nameserver 192.168.1.253
domain openpy.com
search openpy.com

After Doing this now, Its time to check Our Primary and Secondary DNS server, To Check we
will perform the series of diffrent methods as shown below. you can use any one of them
Method 1: Using the Dig Command
# dig ns1.openpy.com

# dig ns1.openpy.com

you can see the output of Method 1 use of DIG command


as shown here
; <<>> DiG 9.8.2rc1-RedHat-9.8
;; global options: +cmd
;; Got answ er:
;; ->>HEADER<<- opcode: QUER

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

; &lt;&lt;&gt;&gt; DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 &lt;&lt;&gt;&gt;


ns1.openpy.com
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 31544
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;ns1.openpy.com.
IN

;; ANSWER SECTION:
ns1.openpy.com.
8600

IN

;; AUTHORITY SECTION:
openpy.com.
8600 IN NS

192.168.1.254

ns1.openpy.com.

16
17
18
19
20
21
22
23

openpy.com.

8600

IN

NS

;; ADDITIONAL SECTION:
ns2.openpy.com.
8600 IN

ns2.openpy.com.
A

192.168.1.253

;; Query time: 2 msec


;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon Jan 20 10:56:04 2014
;; MSG SIZE rcvd: 96

Againg when I do dig to ns2.example.com you can see the output, in such way that the
authorative server is ns2.example.com
dig ns2.openpy.com
; <<>> DiG 9.8.2rc1-RedHat-9.8
;; global options: +cmd

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

dig ns2.openpy.com
; &lt;&lt;&gt;&gt; DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 &lt;&lt;&gt;&gt;
ns2.openpy.com
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 16258
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;ns2.openpy.com.
IN

;; ANSWER SECTION:
ns2.openpy.com.
8600

IN

;; AUTHORITY SECTION:
openpy.com.
8600 IN NS
openpy.com.
8600 IN NS
;; ADDITIONAL SECTION:
ns1.openpy.com.
8600 IN

192.168.1.253

ns1.openpy.com.
ns2.openpy.com.
A

192.168.1.254

;; Query time: 1 msec


;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon Jan 20 10:57:26 2014
;; MSG SIZE rcvd: 96

You can also do Dig for IP address as shown below

dig -x 192.168.1.253
; <<>> DiG 9.8.2rc1-RedHat-9.8
;; global options: +cmd

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

dig -x 192.168.1.253
; &lt;&lt;&gt;&gt; DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 &lt;&lt;&gt;&gt; -x
192.168.1.253
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 40838
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;253.1.168.192.in-addr.arpa.

IN

PTR

;; ANSWER SECTION:
253.1.168.192.in-addr.arpa. 8600 IN

PTR

;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 8600
1.168.192.in-addr.arpa. 8600

NS
NS

;; ADDITIONAL SECTION:
ns1.openpy.com.
8600 IN
ns2.openpy.com.
8600 IN

IN
IN

ns2.openpy.com.
ns2.openpy.com.
ns1.openpy.com.

A 192.168.1.254
A 192.168.1.253

;; Query time: 1 msec


;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon Jan 20 10:59:17 2014
;; MSG SIZE rcvd: 136

METHOD 2: Use of Nslookup Command


we can also use the Nsloolup command for hostname and Ip address verification as shown below
# nslookup server.openpy.com

# nslookup server.openpy.com

The output look like

[root@slave ~]# nslookup


> slave.openpy.com
Server:
192.168.1.2
Address: 192.168.1.254#53

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

[root@slave ~]# nslookup


&gt; slave.openpy.com
Server:
192.168.1.254
Address: 192.168.1.254#53
Name: slave.openpy.com
Address: 192.168.1.253
&gt; server.openpy.com
Server:
192.168.1.254
Address: 192.168.1.254#53
Name: server.openpy.com
Address: 192.168.1.254
&gt; ns2.openpy.com
Server:
192.168.1.254
Address: 192.168.1.254#53
Name: ns2.openpy.com
Address: 192.168.1.253
&gt; ns1.openpy.com
Server:
192.168.1.254
Address: 192.168.1.254#53
Name: ns1.openpy.com
Address: 192.168.1.254
&gt; 192.168.1.253
Server:
192.168.1.254
Address: 192.168.1.254#53
253.1.168.192.in-addr.arpa name = ns2.openpy.com.
&gt; 192.168.1.254
Server:
192.168.1.254
Address: 192.168.1.254#53
254.1.168.192.in-addr.arpa
&gt;

name = ns1.openpy.com.