CentOS Building a DNS server, Installing BIND

DNS Request

February 26, 2014 • Blog - Ender's Endeavors • Views: 3168

What to Expect

This guide will walk you through setting up a DNS server and BIND on a CentOS 6.5 server. In this guide you will learn:

  • Basic System Configuation
  • The basics of a DNS server running BIND
  • Adding Slave DNS servers for backup
  • Maintenance Operations
  • Setting up DNS forwarders
  • Securing a DNS server

Assumptions:

  • A fresh install of CentOS 6.5
  • Basic Linux knowledge, directory traversal, text editor, etc
  • # denotes a comment

PRIMARY server details:

Operating System: CentOS 6.5
FQDN: mercury.sol.local
IP Address: 192.168.2.230
Network: 192.168.2.0/24

SECONDARY server details:

Operating System: CentOS 6.5
FQDN: venus.sol.local
IP Address: 192.168.2.231
Network: 192.168.2.0/24

*note* CentOS uses vi instead of nano if you are unfamiliar with how to use vi here is a 5 min tutorial on vi. I prefer to use nano:

yum install nano -y

Basic System Configuration

Make sure your system is up to date:

yum update -y

Hostname

We start by changing the host name of the server, keep in mind that if you are trying to build a great home network lab all your hosts should follow a unified naming scheme keeping everything organized. In this example we will use celestial bodies. If you have trouble coming up with naming schemes of your own NamingSchemes is a great resource.

You do this by editing the file /etc/sysconfig/network and modify the HOSTNAME line. Enter the FQDN here; in my example, I will call the host “mercury” with parent domain “sol.local” as such my file looks like:

NETWORKING=yes 
HOSTNAME=mercury.sol.local

You also need to modify the entries in the file /etc/hosts; in particular you need to make sure that all of the aliases for 127.0.0.1 (your local loopback) are appropriate. As an example, we can set that file to look like

127.0.0.1 localhost localhost.localdomain mercury mercury.sol.local
::1 localhost localhost.localdomain mercury mercury.sol.local

so that any of the four names “localhost”, “localhost.localdomain”, “mercury” and “mercury.sol.local” will resolve to 127.0.0.1

Now reboot your box* by typing: reboot

*The reason we did not use the hostname command is because changes made using it are NOT persistent. As soon as your reboot the configuration files are re-read. As such, reboot now and verify that your changes have been made correctly.

Static Networking

Since this will be our master DNS server it STRONGLY advised to use a static IP address.

Edit the file /etc/sysconfig/network-scripts/ifcfg-eth0

nano /etc/sysconfig/network-scripts/ifcfg-eth0
to look like:
DEVICE="eth0"
HWADDR=A4:BA:DB:37:F1:04
TYPE=Ethernet
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
ONBOOT=yes
NM_CONTROLLED="yes"
BOOTPROTO=static
IPADDR=192.168.2.230
NETMASK=255.255.255.0
IPV6INIT=no

Notice we disabled IPv6 for this host, the UUID and HWADDR will be different on your machines that is fine leave them as is.

Now we configure the default gateway:

nano /etc/sysconfig/network
to look like:
NETWORKING=yes
HOSTNAME=mercury.sol.local
GATEWAY=192.168.2.1
Next restart  the network interface:
/etc/init.d/network restart
now configure the parent DNS server for this machine:
nano /etc/resolv.conf
#we set 2 nameservers up here a primary and secondary in case of failure for redundancy
nameserver 8.8.8.8        #8.8.8.8 is Google's public DNS service
nameserver 192.168.2.1    #Replace with your nameserver IP

Installing BIND:

Install Bind on PRIMARY and SECONDARY DNS server

[root@mercury ~]# yum install bind-* -y 
[root@venus ~]# yum install bind-* -y

Configure /etc/named.conf on PRIMARY DNS server

[root@mercury ~]#nano /etc/named.conf 
options {     
    listen-on port 53 { 127.0.0.1; 192.168.2.230; };
    # PRIMARY Bind DNS IP Address
    listen-on-v6 port 53 { ::1; };     
    directory     "/var/named";     
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query    
    {localhost; 192.168.2.0/24; };# NETWORK the DNS server will serve
     allow-transfer {
         localhost; 192.168.2.230; 
     }; # SECONDARY Bind DNS IP Address allows transfer of records
     recursion no; 
     # turning off prevents your server from 
     # being abused in reflection DDoS attacks
     dnssec-enable yes;
     dnssec-validation yes;
     dnssec-lookaside auto;

     /* Path to ISC DLV key */
     bindkeys-file "/etc/named.iscdlv.key";
     managed-keys-directory "/var/named/dynamic"; 
};
    zone "sol.local" IN {
    # FORWARD Zone file and configuration
            type master;
            file "fwd.sol.local";
            allow-update { none; };
    };
    zone "2.168.192.in-addr.arpa" IN {
    # REVERSE Zone file and configuration
            type master;
            file "rev.sol.local";
            allow-update { none; };
    };
    include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

Create FORWARD Zone file (/var/named/fwd.sol.local) on PRIMARY DNS server

[root@mercury ~]# nano /var/named/fwd.geekpeek.net 
$TTL 86400 @   IN  SOA    
mercury.sol.local.
root.sol.local.
(         
    2014022501  ;Serial
    3600        ;Refresh
    1800        ;Retry
    604800      ;Expire        
    86400       ;Minimum TTL 
) 
@ IN NS mercury.sol.local.
@ IN NS venus.sol.local.
mercury IN A 192.168.2.230
venus   IN A 192.168.2.231

Create REVERSE Zone file (/var/named/rev.sol.local) on PRIMARY DNS server

[root@mercury ~]# nano /var/named/rev.sol.local
$TTL 86400 @   IN  SOA mercury.sol.local. root.sol.local.
(         
         2014022501  ;Serial
         3600        ;Refresh
         1800        ;Retry
         604800      ;Expire        
         86400       ;Minimum TTL 
) 
@ IN NS mercury.sol.local.
@ IN NS venus.sol.local.
mercury IN A 192.168.2.230
venus   IN A 192.168.2.231
230     IN  PTR mercury.sol.local.
231     IN  PTR venus.sol.local.

Check Bind configuration and Zone files on PRIMARY DNS server

Resolve errors as needed

[root@mercury ~]# named-checkconf /etc/named.conf 
[root@mercury ~]# named-checkzone sol.local /var/named/fwd.sol.local zone
sol.local/IN: loaded serial 2014022501 
OK 
[root@mercury ~]# named-checkzone sol.local /var/named/rev.sol.local zone
sol.local/IN: loaded serial 2014002501 
OK

Start Bind on PRIMARY DNS server and make it start at boot

[root@mercury ~]# chkconfig named on 
[root@mercury ~]# /etc/init.d/named start 
Generating rndc.key                                      [  OK  ]
Starting named:                                          [  OK  ]

Configure /etc/named.conf on SECONDARY DNS server

Repeat process as we did above with the PRIMARY server except with the secondary server information. In the name.conf file make sure to select type slave:

# FORWARD Zone file and configuration
zone "sol.local" IN {                      
        type slave;
        file "slaves/sol.local.fwd";
        masters { 192.168.2.230; };
};

# REVERSE Zone file and configuration
zone "2.168.192.in-addr.arpa" IN {           
        type slave;
        file "slaves/sol.local.rev";
        masters { 192.168.2.230; };
};

Start Bind on SECONDARY DNS; make it start at boot and check that REVERSE and FORWARD Zone files were created on SECONDARY DNS server

[root@venus ~]# chkconfig named 
[root@venus ~]# /etc/init.d/named start

Congratulations you are good to go!

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *