Q. How to configure dns server in linux ?Q. step by step dns server configuration in linux ?
domain name, domain name system, domain name server, dns, dns server, dns full form, dns in hindi, dns configuration, dns configuration in hindi, dns server is not responding, dns server address, dns zones, dns entry
IP - 10.20.2.33
Hostname - khandwa.lokesh.com
OS - CentOS 6
PORT - 53
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. It's convert ip to name or name to ip.
Package install by Yum
yum install bind*
Open configuration file & Update
vi /etc/named.conf
// NAMED.CONF
//
// PROVIDED BY RED HAT BIND PACKAGE TO CONFIGURE THE ISC BIND NAMED(8) DNS
// SERVER AS A CACHING ONLY NAMESERVER (AS A LOCALHOST DNS RESOLVER ONLY).
//
// SEE /USR/SHARE/DOC/BIND*/SAMPLE/ FOR EXAMPLE NAMED CONFIGURATION FILES.
//
OPTIONS {
LISTEN-ON PORT 53 { 127.0.0.1; 10.20.2.33; }; ### MASTER DNS IP ###
LISTEN-ON-V6 PORT 53 { ::1; };
DIRECTORY "/VAR/NAMED";
DUMP-FILE "/VAR/NAMED/DATA/CACHE_DUMP.DB";
STATISTICS-FILE "/VAR/NAMED/DATA/NAMED_STATS.TXT";
MEMSTATISTICS-FILE "/VAR/NAMED/DATA/NAMED_MEM_STATS.TXT";
ALLOW-QUERY { LOCALHOST; ANY; }; ### ANY ###
ALLOW-TRANSFER{ LOCALHOST; 10.20.2.34; }; #SLAVE DNS IP IF WE HAVE SLAVE DNS OTHERVISE DISABLE IT
RECURSION YES;
DNSSEC-ENABLE YES;
DNSSEC-VALIDATION YES;
DNSSEC-LOOKASIDE AUTO;
/* PATH TO ISC DLV KEY */
BINDKEYS-FILE "/ETC/NAMED.ISCDLV.KEY";
MANAGED-KEYS-DIRECTORY "/VAR/NAMED/DYNAMIC";
};
LOGGING {
CHANNEL DEFAULT_DEBUG {
FILE "DATA/NAMED.RUN";
SEVERITY DYNAMIC;
};
};
ZONE "." IN {
TYPE HINT;
FILE "NAMED.CA";
};
INCLUDE "/ETC/NAMED.RFC1912.ZONES";
INCLUDE "/ETC/NAMED.ROOT.KEY";
Configure Zone file in
vi /etc/named.rfc1912.zone
ZONE "LOKESH.COM" IN { #CHANGE YOUR DOMAIN NAME #
TYPE MASTER;
FILE "FORWARD.ZONE"; # FORWARD ZONE FILE #
ALLOW-UPDATE { NONE; };
};
ZONE "LOCALHOST" IN {
TYPE MASTER;
FILE "NAMED.LOCALHOST";
ALLOW-UPDATE { NONE; };
};
ZONE "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" IN {
TYPE MASTER;
FILE "NAMED.LOOPBACK";
ALLOW-UPDATE { NONE; };
};
ZONE "33.2.20.10.IN-ADDR.ARPA2.20.10.IN-ADDR.ARPA" IN { # SET YOUR DNS IP
TYPE MASTER;
FILE "REVERSE.ZONEREVERSE.ZONE"; # REVERSE ZONE FILE #
ALLOW-UPDATE { NONE; };
}
ZONE "0.IN-ADDR.ARPA" IN {
TYPE MASTER;
FILE "NAMED.EMPTY";
ALLOW-UPDATE { NONE; };
Create forward & reverse Zone files
Copy named.localhost & named.loopback file
cp /var/named/named.localhost /var/named/forward.zonecp /var/named/named.loopback /var/named/reverse.zone
Configure Forward Zone
vi /var/named/forward.zone
$TTL 1D
@ IN SOA KHANDWA.LOKESH.COM. RNAME.INVALID. (
0 ;SERIAL
1D ;REFRESH
1H ;RETRY
1W ;EXPIRE
3H ;MINIMUM
)
NS @
A 127.0.0.1
@ IN NS KHANDWA.LOKESH.COM.
@ IN NS SECONDARYDNS.LOKESH.COM. # SERCONDRY DNS NAME #
@ IN A 10.20.2.33
@ IN A 10.20.2.34# SECONDRY DNS IP #
@ IN A 10.20.2..102
KHANDWA IN A 10.20.2.33
SECONDARYDNS IN A 10.20.2.34
CLIENT IN A 10.20.2.102
Configure Reverse Zone
vi /var/named/reverse.zone
$TTL 1D
@ IN SOA KHANDWA.LOKESH.COM. RNAME.INVALID. (
0 ;SERIAL
1D ;REFRESH
1H ;RETRY
1W ;EXPIRE
3H ) ;MINIMUM
)
NS @
A 127.0.0.1
@ IN NS KHANDWA.LOKESH.COM.
@ IN NS SECONDARYDNS.LOKESH.COM.
@ IN PTR LOKESH.COM.
MASTERDNS IN A 10.20.2.33
SECONDARYDNS IN A 10.20.2.34
CLIENT IN A 10.20.2.102
33 IN PTR KHANDWA.LOKESH.COM.
34 IN PTR SECONDARYDNS.LOKESH.COM.
102 IN PTR CLIENT.LOKESH.COM.
To test DNS configuration and zone files
named-checkconf /etc/named.confnamed-checkzone lokesh.com /var/named/forward.zonenamed-checkzone lokesh.com /var/named/reverse.zone
Start the DNS service
service named startchkconfig named on
Adjust iptables to allow DNS server from outside of the network
vi /etc/sysconfig/iptables
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -P UDP -M STATE --STATE NEW --DPORT 53 -J ACCEPT # ADD LINE #
-A INPUT -P TCP -M STATE --STATE NEW --DPORT 53 -J ACCEPT #ADD LINE #
-A INPUT -M STATE --STATE ESTABLISHED,RELATED -J ACCEPT
To Restart Service
service iptables restart
To test DNS Server using dig command
dig khandwa.lokesh.com
; <<>> DIG 9.8.2RC1-REDHAT-9.8.2-0.30.RC1.EL6_6.3 <<>> KHANDWA.LOKESH.COM
;; GLOBAL OPTIONS: +CMD
;; GOT ANSWER:
;; ->>HEADER<<- OPCODE: QUERY, STATUS: NOERROR, ID: 11151
;; FLAGS: QR AA RD RA; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;KHANDWA.LOKESH.COM. IN A
;; ANSWER SECTION:
KHANDWA.LOKESH.COM. 86400 IN A 10.20.2.33
;; AUTHORITY SECTION:
LOKESH.COM. 86400 IN NS KHANDWA.LOKESH.COM.
;; QUERY TIME: 0 MSEC
;; SERVER: 10.20.2.33#53(10.20.2.33)
;; WHEN: SAT JUL 11 21:26:14 2015
;; MSG SIZE RCVD: 66
nslookup lokesh.com
Server: 10.20.2.33
Address: 10.20.2.33#53
Command for Check MX Record
host -t mx [hostname]
host -t MX khandwa.lokesh.com
Some Useful DNS Record
| Type | Value | Description | Function |
|---|---|---|---|
| A | 1 | Address record | Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host. |
| AAAA | 28 | IPv6 Address record | Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host. |
| CNAME | 5 | Canonical name record | Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. |
| DNSKEY | 48 | DNS Key Record | The key record used in DNSSEC. Uses the same format as the KEY record. |
| LOC | 29 | Location record | Specifies a geographical location associated with a domain name |
| MX | 15 | Mail exchange record | Maps a domain name to a list of message transfer agents for that domain |
| NS | 2 | Name server record | Delegates a DNS zone to use the given authoritative name servers |
| PTR | 12 | Pointer record | Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD. |
| SOA | 6 | Start of [a zone of] authority record | Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone. |
