What is DNS?
DNS is called as Domain name system. DNS is name resolution service which resolves human friendly name (such as Example Web Page) into IP address (192.168.0.10) DNS is a hirarchical distributed database that contains
resolving of domain name into IP address.
Why DNS?
Because people and applications try to connect the network computer by specifying name. DNS has superior scalability,security and compatibility with internet.
Different types of DNS servers are:-
1. Primary DNS server
A primary DNS server is created when a primary zone is added. It is a DNS server which holds primary zones for a perticular domain. Primary DNS server acts as the zone's central point of update. Newly created zones are always this type.
2. Seconday DNS server
It is a DNS server hosting a secondary zone is called as secondary DNS server. That can be any number of secondary servers for a primary. If primary server is down then a secondary server provides a name resolution in zone until the primary server is available.
3. Caching only serves
This type of DNS servers does not have any zones in it, and purely depends on
caching. They contain the information of what has been cached while resolving
queries.
4. Stub servers
It is a DNS server hosting a stub zone. This kind of servers has a copy of a zone
containing only a list of the authoritative DNS servers for its master zone.
5. Forwarders
Forwarders is the process of resolving external queries using forwarders. It reduces network traffic on WAN links. It acts as a firewall which provides a
layer of security from external network.
Here we are going to setup a Primary DNS server on a RHEL6/ CENTOS6 server.
Scenario
This is the setup of a typical organization Example.com. It consists of web server, mail server, ftp server on the internal network. The internal network uses 172.16.0.0/16 IP addressing scheme. We need to setup a primary DNS server that is best suited for my network.
I used a RHEL6 x86_64 bit server to host the dns server named server.example.com. The server has 2 nics eth0 and eth1 which are connected to internet and internal network respectively. The server's network configuration is
eth0
IP address - 192.168.1.254
Subnet mask - 255.255.255.0
Gateway - 192.168.1.1 ------->>>> address of internet modem
DNS server - 192.168.1.1 ------->>>> address of internet modem
eth1
IP address - 172.16.0.1
Subnet mask - 255.255.255.0
DNS server - 172.16.0.1
Setting up DNS server
Packages required - bind-9.7.0-5.P2.el6.x86_64.rpm
bind-chroot-9.7.0-5.P2.el6.x86_64.rpm
For setting dns server we need to install the BIND package using yum repo.
[root@server ~]# yum install bind*
or simply
[root@server ~]# yum install bind
If you have correctly configure your yum repository with your installation media, above command will install BIND dns server components.
Configuration files - /etc/named.conf
/var/named/chroot/etc/named.conf
By default,BIND is configured as caching only name server and allows queries from localhost.We need to modify the file "/var/named/chroot/etc/named.conf" file to allow queries from any outside client and listen over all interfaces for incoming connections.
And also we should have to create zones for our domain "example.com". So for that make your configuration file "/var/named/chroot/etc/named.conf" as like below.
[root@server ~]# vim /var/named/chroot/etc/named.conf
=========================================
// Red Hat BIND Configuration Tool
// Default initial "Caching Only" name server configuration
acl "example" { 172.16.0.0/16; };
options {
listen-on port 53 { 172.16.0.1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-recursion { example; };
allow-transfer { none; };
allow-query { any; };
notify no;
transfer-format many-answers;
interface-interval 0;
max-transfer-time-in 60;
version "Not Available";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv.isc.org.;
};
// a caching only nameserver config
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; rndc-key; };
};
server 172.16.0.1 {
keys { rndckey; };
};
zone "." IN {
type hint;
file "named.root";
};
// Now register your domain name and database/zone file
// record better before the line "include /etc/rndc.key"
// You can include separate zone entry
// file with "include /etc/myinternalzonefile.zones" within this named.conf file.
//Name Zone Registration
zone "example.com" IN {
type master;
file "example.for";
allow-transfer { none; };
};
// Reverse Zone Rsegistration
zone "0.16.172.in-addr.arpa" IN {
type master;
file "example.rev";
allow-transfer { none; };
};
//include the rndc key like below (copy-past from rndc.key created earlier)
key rndckey {
algorithm hmac-md5;
secret "Hi1V+y3WixmfEfGqrebKRA==";
};
key rndc-key {
algorithm hmac-md5;
secret "AoXEyjm6UUKu4cKqFoFMRg==";
};
trusted-keys {
dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh";
};
=================================================================================================
save and quit. (Esc:wq)
Here we have said that the forward zone file is "example.for" whose exact location is "/var/named/chroot/var/named/example.for" and also for the reverse zone is "/var/named/chroot/var/named/example.rev".
So edit these files as below.
[root@server ~]# vim /var/named/chroot/var/named/example.for
========================================
$TTL 86400
@ IN SOA server.example.com. hostmaster.example.com. (
2010041106 ; Serial
1H ; Refresh
1M ; Retry
1W ; Expire
1D ; Minimum Time to TTL
)
IN NS server.example.com.
server IN A 172.16.0.1
@ IN MX 10 mail.example.com.
server IN A 172.16.0.1
www IN CNAME server
mail IN CNAME server
pop IN CNAME server
station1 IN A 172.16.0.101
station2 IN A 172.16.0.102
station3 IN A 172.16.0.103
station4 IN A 172.16.0.104
station5 IN A 172.16.0.105
www1 IN CNAME station1
www2 IN CNAME station2
www3 IN CNAME station3
www4 IN CNAME station4
www5 IN CNAME station5
=========================================
save and quit (Esc :wq)
and
[root@server ~]# vim /var/named/chroot/var/named/example.rev
=========================================
$TTL 86400
@ IN SOA server.example.com. hostmaster.example.com. (
2010041102; Serial
1H; Refresh
1M; Retry
1W; Expire
1D; Minimum TimeToLive
)
IN NS server.example.com.
1 IN PTR server.example.com.
=========================================
save and quit (Esc :wq)
Thats all done. Now you can check the syntax of your current configuration.
[root@server ~]# named-checkzone example.com /var/named/chroot/var/named/example.for
[root@server ~]# named-checkzone example.com /var/named/chroot/var/named/example.rev
This will display the errors you have done.
Client side configuration
Check your "/etc/resolv.conf" file
[root@server ~]# vim /etc/resolv.conf
========================================
# Generated by NetworkManager
search example.com
nameserver 172.16.0.1
nameserver 192.168.1.1
========================================
check "/etc/hosts" file
[root@server ~]# vim /etc/hosts
========================================
192.168.1.254 server.example.com server # Added by NetworkManager
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
172.16.0.1 server.example.com server
========================================
also your "/etc/sysconfig/network" file
[root@server ~]# vim /etc/sysconfig/network
========================================
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=server.example.com
========================================
Now start the service bind.
[root@server ~]# service named start
[root@server ~]# chkconfig named on
Verify that your dns server is answer queries using "nslookup" and "dig" tools.
[root@server ~]# dig example.com NS
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> example.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 86400 IN NS server.example.com.
;; ADDITIONAL SECTION:
server.example.com. 86400 IN A 172.16.0.1
;; Query time: 0 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Wed Oct 5 17:37:10 2011
;; MSG SIZE rcvd: 66
[root@server ~]# nslookup server.example.com
Server: 172.16.0.1
Address: 172.16.0.1#53
Name: server.example.com
Address: 172.16.0.1
[root@server ~]# nslookup www.example.com
Server: 172.16.0.1
Address: 172.16.0.1#53
www.example.com canonical name = server.example.com.
Name: server.example.com
Address: 172.16.0.1
[root@server ~]# dig server.example.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> server.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33948
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;server.example.com. IN A
;; ANSWER SECTION:
server.example.com. 86400 IN A 172.16.0.1
;; AUTHORITY SECTION:
example.com. 86400 IN NS server.example.com.
;; Query time: 17 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Wed Oct 5 17:35:50 2011
;; MSG SIZE rcvd: 66
[root@server ~]# dig www.example.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17712
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.example.com. IN A
;; ANSWER SECTION:
www.example.com. 86400 IN CNAME server.example.com.
server.example.com. 86400 IN A 172.16.0.1
;; AUTHORITY SECTION:
example.com. 86400 IN NS server.example.com.
;; Query time: 0 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Wed Oct 5 17:36:08 2011
;; MSG SIZE rcvd: 84
[root@server ~]# nslookup 172.16.0.1
Server: 172.16.0.1
Address: 172.16.0.1#53
1.0.16.172.in-addr.arpa name = server.example.com.
Thats all done with your dns server.
Note:- If you find problems in configuring using these steps use webmin utility so that you configure it graphically...
DNS is called as Domain name system. DNS is name resolution service which resolves human friendly name (such as Example Web Page) into IP address (192.168.0.10) DNS is a hirarchical distributed database that contains
resolving of domain name into IP address.
Why DNS?
Because people and applications try to connect the network computer by specifying name. DNS has superior scalability,security and compatibility with internet.
Different types of DNS servers are:-
1. Primary DNS server
A primary DNS server is created when a primary zone is added. It is a DNS server which holds primary zones for a perticular domain. Primary DNS server acts as the zone's central point of update. Newly created zones are always this type.
2. Seconday DNS server
It is a DNS server hosting a secondary zone is called as secondary DNS server. That can be any number of secondary servers for a primary. If primary server is down then a secondary server provides a name resolution in zone until the primary server is available.
3. Caching only serves
This type of DNS servers does not have any zones in it, and purely depends on
caching. They contain the information of what has been cached while resolving
queries.
4. Stub servers
It is a DNS server hosting a stub zone. This kind of servers has a copy of a zone
containing only a list of the authoritative DNS servers for its master zone.
5. Forwarders
Forwarders is the process of resolving external queries using forwarders. It reduces network traffic on WAN links. It acts as a firewall which provides a
layer of security from external network.
Here we are going to setup a Primary DNS server on a RHEL6/ CENTOS6 server.
Scenario
This is the setup of a typical organization Example.com. It consists of web server, mail server, ftp server on the internal network. The internal network uses 172.16.0.0/16 IP addressing scheme. We need to setup a primary DNS server that is best suited for my network.
I used a RHEL6 x86_64 bit server to host the dns server named server.example.com. The server has 2 nics eth0 and eth1 which are connected to internet and internal network respectively. The server's network configuration is
eth0
IP address - 192.168.1.254
Subnet mask - 255.255.255.0
Gateway - 192.168.1.1 ------->>>> address of internet modem
DNS server - 192.168.1.1 ------->>>> address of internet modem
eth1
IP address - 172.16.0.1
Subnet mask - 255.255.255.0
DNS server - 172.16.0.1
Setting up DNS server
Packages required - bind-9.7.0-5.P2.el6.x86_64.rpm
bind-chroot-9.7.0-5.P2.el6.x86_64.rpm
For setting dns server we need to install the BIND package using yum repo.
[root@server ~]# yum install bind*
or simply
[root@server ~]# yum install bind
If you have correctly configure your yum repository with your installation media, above command will install BIND dns server components.
Configuration files - /etc/named.conf
/var/named/chroot/etc/named.conf
By default,BIND is configured as caching only name server and allows queries from localhost.We need to modify the file "/var/named/chroot/etc/named.conf" file to allow queries from any outside client and listen over all interfaces for incoming connections.
And also we should have to create zones for our domain "example.com". So for that make your configuration file "/var/named/chroot/etc/named.conf" as like below.
[root@server ~]# vim /var/named/chroot/etc/named.conf
=========================================
// Red Hat BIND Configuration Tool
// Default initial "Caching Only" name server configuration
acl "example" { 172.16.0.0/16; };
options {
listen-on port 53 { 172.16.0.1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-recursion { example; };
allow-transfer { none; };
allow-query { any; };
notify no;
transfer-format many-answers;
interface-interval 0;
max-transfer-time-in 60;
version "Not Available";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv.isc.org.;
};
// a caching only nameserver config
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; rndc-key; };
};
server 172.16.0.1 {
keys { rndckey; };
};
zone "." IN {
type hint;
file "named.root";
};
// Now register your domain name and database/zone file
// record better before the line "include /etc/rndc.key"
// You can include separate zone entry
// file with "include /etc/myinternalzonefile.zones" within this named.conf file.
//Name Zone Registration
zone "example.com" IN {
type master;
file "example.for";
allow-transfer { none; };
};
// Reverse Zone Rsegistration
zone "0.16.172.in-addr.arpa" IN {
type master;
file "example.rev";
allow-transfer { none; };
};
//include the rndc key like below (copy-past from rndc.key created earlier)
key rndckey {
algorithm hmac-md5;
secret "Hi1V+y3WixmfEfGqrebKRA==";
};
key rndc-key {
algorithm hmac-md5;
secret "AoXEyjm6UUKu4cKqFoFMRg==";
};
trusted-keys {
dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh";
};
=================================================================================================
save and quit. (Esc:wq)
Here we have said that the forward zone file is "example.for" whose exact location is "/var/named/chroot/var/named/example.for" and also for the reverse zone is "/var/named/chroot/var/named/example.rev".
So edit these files as below.
[root@server ~]# vim /var/named/chroot/var/named/example.for
========================================
$TTL 86400
@ IN SOA server.example.com. hostmaster.example.com. (
2010041106 ; Serial
1H ; Refresh
1M ; Retry
1W ; Expire
1D ; Minimum Time to TTL
)
IN NS server.example.com.
server IN A 172.16.0.1
@ IN MX 10 mail.example.com.
server IN A 172.16.0.1
www IN CNAME server
mail IN CNAME server
pop IN CNAME server
station1 IN A 172.16.0.101
station2 IN A 172.16.0.102
station3 IN A 172.16.0.103
station4 IN A 172.16.0.104
station5 IN A 172.16.0.105
www1 IN CNAME station1
www2 IN CNAME station2
www3 IN CNAME station3
www4 IN CNAME station4
www5 IN CNAME station5
=========================================
save and quit (Esc :wq)
and
[root@server ~]# vim /var/named/chroot/var/named/example.rev
=========================================
$TTL 86400
@ IN SOA server.example.com. hostmaster.example.com. (
2010041102; Serial
1H; Refresh
1M; Retry
1W; Expire
1D; Minimum TimeToLive
)
IN NS server.example.com.
1 IN PTR server.example.com.
=========================================
save and quit (Esc :wq)
Thats all done. Now you can check the syntax of your current configuration.
[root@server ~]# named-checkzone example.com /var/named/chroot/var/named/example.for
[root@server ~]# named-checkzone example.com /var/named/chroot/var/named/example.rev
This will display the errors you have done.
Client side configuration
Check your "/etc/resolv.conf" file
[root@server ~]# vim /etc/resolv.conf
========================================
# Generated by NetworkManager
search example.com
nameserver 172.16.0.1
nameserver 192.168.1.1
========================================
check "/etc/hosts" file
[root@server ~]# vim /etc/hosts
========================================
192.168.1.254 server.example.com server # Added by NetworkManager
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
172.16.0.1 server.example.com server
========================================
also your "/etc/sysconfig/network" file
[root@server ~]# vim /etc/sysconfig/network
========================================
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=server.example.com
========================================
Now start the service bind.
[root@server ~]# service named start
[root@server ~]# chkconfig named on
Verify that your dns server is answer queries using "nslookup" and "dig" tools.
[root@server ~]# dig example.com NS
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> example.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 86400 IN NS server.example.com.
;; ADDITIONAL SECTION:
server.example.com. 86400 IN A 172.16.0.1
;; Query time: 0 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Wed Oct 5 17:37:10 2011
;; MSG SIZE rcvd: 66
[root@server ~]# nslookup server.example.com
Server: 172.16.0.1
Address: 172.16.0.1#53
Name: server.example.com
Address: 172.16.0.1
[root@server ~]# nslookup www.example.com
Server: 172.16.0.1
Address: 172.16.0.1#53
www.example.com canonical name = server.example.com.
Name: server.example.com
Address: 172.16.0.1
[root@server ~]# dig server.example.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> server.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33948
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;server.example.com. IN A
;; ANSWER SECTION:
server.example.com. 86400 IN A 172.16.0.1
;; AUTHORITY SECTION:
example.com. 86400 IN NS server.example.com.
;; Query time: 17 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Wed Oct 5 17:35:50 2011
;; MSG SIZE rcvd: 66
[root@server ~]# dig www.example.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17712
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.example.com. IN A
;; ANSWER SECTION:
www.example.com. 86400 IN CNAME server.example.com.
server.example.com. 86400 IN A 172.16.0.1
;; AUTHORITY SECTION:
example.com. 86400 IN NS server.example.com.
;; Query time: 0 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: Wed Oct 5 17:36:08 2011
;; MSG SIZE rcvd: 84
[root@server ~]# nslookup 172.16.0.1
Server: 172.16.0.1
Address: 172.16.0.1#53
1.0.16.172.in-addr.arpa name = server.example.com.
Thats all done with your dns server.
Note:- If you find problems in configuring using these steps use webmin utility so that you configure it graphically...
No comments:
Post a Comment