Q. How to configure dns server in linux ?Q. step by step dns server configuration in linux ?
IP - 10.20.2.33
Hostname - khandwa.lokesh.com
OS - CentOS 6
PORT - 53
Hostname - khandwa.lokesh.com
OS - CentOS 6
PORT - 53
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. It's convert ip to name or name to ip.
Package install by Yum
# Yum install bind*
Open configuration file & Configure
#vi /etc/named.conf
// NAMED.CONF
//
// PROVIDED BY RED HAT BIND PACKAGE TO CONFIGURE THE ISC BIND NAMED(8) DNS
// SERVER AS A CACHING ONLY NAMESERVER (AS A LOCALHOST DNS RESOLVER ONLY).
//
// SEE /USR/SHARE/DOC/BIND*/SAMPLE/ FOR EXAMPLE NAMED CONFIGURATION FILES.
//
OPTIONS {
LISTEN-ON PORT 53 { 127.0.0.1; 10.20.2.33; }; ### MASTER DNS IP ###
LISTEN-ON-V6 PORT 53 { ::1; };
DIRECTORY "/VAR/NAMED";
DUMP-FILE "/VAR/NAMED/DATA/CACHE_DUMP.DB";
STATISTICS-FILE "/VAR/NAMED/DATA/NAMED_STATS.TXT";
MEMSTATISTICS-FILE "/VAR/NAMED/DATA/NAMED_MEM_STATS.TXT";
ALLOW-QUERY { LOCALHOST; ANY; }; ### ANY ###
ALLOW-TRANSFER{ LOCALHOST; 10.20.2.34; }; #SLAVE DNS IP IF WE HAVE SLAVE DNS OTHERVISE DISABLE IT
RECURSION YES;
DNSSEC-ENABLE YES;
DNSSEC-VALIDATION YES;
DNSSEC-LOOKASIDE AUTO;
/* PATH TO ISC DLV KEY */
BINDKEYS-FILE "/ETC/NAMED.ISCDLV.KEY";
MANAGED-KEYS-DIRECTORY "/VAR/NAMED/DYNAMIC";
};
LOGGING {
CHANNEL DEFAULT_DEBUG {
FILE "DATA/NAMED.RUN";
SEVERITY DYNAMIC;
};
};
ZONE "." IN {
TYPE HINT;
FILE "NAMED.CA";
};
INCLUDE "/ETC/NAMED.RFC1912.ZONES";
INCLUDE "/ETC/NAMED.ROOT.KEY";
//
// PROVIDED BY RED HAT BIND PACKAGE TO CONFIGURE THE ISC BIND NAMED(8) DNS
// SERVER AS A CACHING ONLY NAMESERVER (AS A LOCALHOST DNS RESOLVER ONLY).
//
// SEE /USR/SHARE/DOC/BIND*/SAMPLE/ FOR EXAMPLE NAMED CONFIGURATION FILES.
//
OPTIONS {
LISTEN-ON PORT 53 { 127.0.0.1; 10.20.2.33; }; ### MASTER DNS IP ###
LISTEN-ON-V6 PORT 53 { ::1; };
DIRECTORY "/VAR/NAMED";
DUMP-FILE "/VAR/NAMED/DATA/CACHE_DUMP.DB";
STATISTICS-FILE "/VAR/NAMED/DATA/NAMED_STATS.TXT";
MEMSTATISTICS-FILE "/VAR/NAMED/DATA/NAMED_MEM_STATS.TXT";
ALLOW-QUERY { LOCALHOST; ANY; }; ### ANY ###
ALLOW-TRANSFER{ LOCALHOST; 10.20.2.34; }; #SLAVE DNS IP IF WE HAVE SLAVE DNS OTHERVISE DISABLE IT
RECURSION YES;
DNSSEC-ENABLE YES;
DNSSEC-VALIDATION YES;
DNSSEC-LOOKASIDE AUTO;
/* PATH TO ISC DLV KEY */
BINDKEYS-FILE "/ETC/NAMED.ISCDLV.KEY";
MANAGED-KEYS-DIRECTORY "/VAR/NAMED/DYNAMIC";
};
LOGGING {
CHANNEL DEFAULT_DEBUG {
FILE "DATA/NAMED.RUN";
SEVERITY DYNAMIC;
};
};
ZONE "." IN {
TYPE HINT;
FILE "NAMED.CA";
};
INCLUDE "/ETC/NAMED.RFC1912.ZONES";
INCLUDE "/ETC/NAMED.ROOT.KEY";
Configure Zone file in
#vi /etc/named.rfc1912.zone
ZONE "LOKESH.COM" IN { #CHANGE YOUR DOMAIN NAME #
TYPE MASTER;
FILE "FORWARD.ZONE"; # FORWARD ZONE FILE #
ALLOW-UPDATE { NONE; };
};
ZONE "LOCALHOST" IN {
TYPE MASTER;
FILE "NAMED.LOCALHOST";
ALLOW-UPDATE { NONE; };
};
ZONE "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" IN {
TYPE MASTER;
FILE "NAMED.LOOPBACK";
ALLOW-UPDATE { NONE; };
};
ZONE "33.2.20.10.IN-ADDR.ARPA2.20.10.IN-ADDR.ARPA" IN { # SET YOUR DNS IP
TYPE MASTER;
FILE "REVERSE.ZONEREVERSE.ZONE"; # REVERSE ZONE FILE #
ALLOW-UPDATE { NONE; };
}
ZONE "0.IN-ADDR.ARPA" IN {
TYPE MASTER;
FILE "NAMED.EMPTY";
ALLOW-UPDATE { NONE; };
TYPE MASTER;
FILE "FORWARD.ZONE"; # FORWARD ZONE FILE #
ALLOW-UPDATE { NONE; };
};
ZONE "LOCALHOST" IN {
TYPE MASTER;
FILE "NAMED.LOCALHOST";
ALLOW-UPDATE { NONE; };
};
ZONE "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" IN {
TYPE MASTER;
FILE "NAMED.LOOPBACK";
ALLOW-UPDATE { NONE; };
};
ZONE "33.2.20.10.IN-ADDR.ARPA2.20.10.IN-ADDR.ARPA" IN { # SET YOUR DNS IP
TYPE MASTER;
FILE "REVERSE.ZONEREVERSE.ZONE"; # REVERSE ZONE FILE #
ALLOW-UPDATE { NONE; };
}
ZONE "0.IN-ADDR.ARPA" IN {
TYPE MASTER;
FILE "NAMED.EMPTY";
ALLOW-UPDATE { NONE; };
Create forward & reverse Zone files
Copy named.localhost & named.loopback file
# cp /var/named/named.localhost /var/named/forward.zone
# cp /var/named/named.loopback /var/named/reverse.zone
#vi /var/named/forward.zone
$TTL 1D
@ IN SOA KHANDWA.LOKESH.COM. RNAME.INVALID. (
0 ;SERIAL
1D ;REFRESH
1H ;RETRY
1W ;EXPIRE
3H ;MINIMUM
)
NS @
A 127.0.0.1
@ IN NS KHANDWA.LOKESH.COM.
@ IN NS SECONDARYDNS.LOKESH.COM. # SERCONDRY DNS NAME #
@ IN A 10.20.2.33
@ IN A 10.20.2.34# SECONDRY DNS IP #
@ IN A 10.20.2..102
KHANDWA IN A 10.20.2.33
SECONDARYDNS IN A 10.20.2.34
CLIENT IN A 10.20.2.102
@ IN SOA KHANDWA.LOKESH.COM. RNAME.INVALID. (
0 ;SERIAL
1D ;REFRESH
1H ;RETRY
1W ;EXPIRE
3H ;MINIMUM
)
NS @
A 127.0.0.1
@ IN NS KHANDWA.LOKESH.COM.
@ IN NS SECONDARYDNS.LOKESH.COM. # SERCONDRY DNS NAME #
@ IN A 10.20.2.33
@ IN A 10.20.2.34# SECONDRY DNS IP #
@ IN A 10.20.2..102
KHANDWA IN A 10.20.2.33
SECONDARYDNS IN A 10.20.2.34
CLIENT IN A 10.20.2.102
# vi /var/named/reverse.zone
$TTL 1D
@ IN SOA KHANDWA.LOKESH.COM. RNAME.INVALID. (
0 ;SERIAL
1D ;REFRESH
1H ;RETRY
1W ;EXPIRE
3H ) ;MINIMUM
)
NS @
A 127.0.0.1
@ IN NS KHANDWA.LOKESH.COM.
@ IN NS SECONDARYDNS.LOKESH.COM.
@ IN PTR LOKESH.COM.
MASTERDNS IN A 10.20.2.33
SECONDARYDNS IN A 10.20.2.34
CLIENT IN A 10.20.2.102
33 IN PTR KHANDWA.LOKESH.COM.
34 IN PTR SECONDARYDNS.LOKESH.COM.
102 IN PTR CLIENT.LOKESH.COM.
@ IN SOA KHANDWA.LOKESH.COM. RNAME.INVALID. (
0 ;SERIAL
1D ;REFRESH
1H ;RETRY
1W ;EXPIRE
3H ) ;MINIMUM
)
NS @
A 127.0.0.1
@ IN NS KHANDWA.LOKESH.COM.
@ IN NS SECONDARYDNS.LOKESH.COM.
@ IN PTR LOKESH.COM.
MASTERDNS IN A 10.20.2.33
SECONDARYDNS IN A 10.20.2.34
CLIENT IN A 10.20.2.102
33 IN PTR KHANDWA.LOKESH.COM.
34 IN PTR SECONDARYDNS.LOKESH.COM.
102 IN PTR CLIENT.LOKESH.COM.
Test DNS configuration and zone files for any syntax errors
# named-checkconf /etc/named.conf
# named-checkzone lokesh.com /var/named/forward.zone
# named-checkzone lokesh.com /var/named/reverse.zone
Start the DNS service
#service named start
#chkconfig named on
Adjust iptables to allow DNS server from outside of the network
#vi /etc/sysconfig/iptables
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -P UDP -M STATE --STATE NEW --DPORT 53 -J ACCEPT # ADD LINE #
-A INPUT -P TCP -M STATE --STATE NEW --DPORT 53 -J ACCEPT #ADD LINE #
-A INPUT -M STATE --STATE ESTABLISHED,RELATED -J ACCEPT
:OUTPUT ACCEPT [0:0]
-A INPUT -P UDP -M STATE --STATE NEW --DPORT 53 -J ACCEPT # ADD LINE #
-A INPUT -P TCP -M STATE --STATE NEW --DPORT 53 -J ACCEPT #ADD LINE #
-A INPUT -M STATE --STATE ESTABLISHED,RELATED -J ACCEPT
Now Restart Serveci
#service iptables restart
Test DNS Server
[root@khandwa ~]# dig khandwa.lokesh.com
; <<>> DIG 9.8.2RC1-REDHAT-9.8.2-0.30.RC1.EL6_6.3 <<>> KHANDWA.LOKESH.COM
;; GLOBAL OPTIONS: +CMD
;; GOT ANSWER:
;; ->>HEADER<<- OPCODE: QUERY, STATUS: NOERROR, ID: 11151
;; FLAGS: QR AA RD RA; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;KHANDWA.LOKESH.COM. IN A
;; ANSWER SECTION:
KHANDWA.LOKESH.COM. 86400 IN A 10.20.2.33
;; AUTHORITY SECTION:
LOKESH.COM. 86400 IN NS KHANDWA.LOKESH.COM.
;; QUERY TIME: 0 MSEC
;; SERVER: 10.20.2.33#53(10.20.2.33)
;; WHEN: SAT JUL 11 21:26:14 2015
;; MSG SIZE RCVD: 66
;; GLOBAL OPTIONS: +CMD
;; GOT ANSWER:
;; ->>HEADER<<- OPCODE: QUERY, STATUS: NOERROR, ID: 11151
;; FLAGS: QR AA RD RA; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;KHANDWA.LOKESH.COM. IN A
;; ANSWER SECTION:
KHANDWA.LOKESH.COM. 86400 IN A 10.20.2.33
;; AUTHORITY SECTION:
LOKESH.COM. 86400 IN NS KHANDWA.LOKESH.COM.
;; QUERY TIME: 0 MSEC
;; SERVER: 10.20.2.33#53(10.20.2.33)
;; WHEN: SAT JUL 11 21:26:14 2015
;; MSG SIZE RCVD: 66
[root@khandwa ~]# nslookup lokesh.com
Server: 10.20.2.33Address: 10.20.2.33#53
Command for Check MX Record
[root@khandwa ~]# host -t mx [hostname]
[root@khandwa ~]# host -t MX khandwa.lokesh.com
[root@khandwa ~]# host -t MX khandwa.lokesh.com
Some Useful DNS Record
| Type | Value | Description | Function |
|---|---|---|---|
| A | 1 | Address record | Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host. |
| AAAA | 28 | IPv6 Address record | Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host. |
| CNAME | 5 | Canonical name record | Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. |
| DNSKEY | 48 | DNS Key Record | The key record used in DNSSEC. Uses the same format as the KEY record. |
| LOC | 29 | Location record | Specifies a geographical location associated with a domain name |
| MX | 15 | Mail exchange record | Maps a domain name to a list of message transfer agents for that domain |
| NS | 2 | Name server record | Delegates a DNS zone to use the given authoritative name servers |
| PTR | 12 | Pointer record | Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD. |
| SOA | 6 | Start of [a zone of] authority record | Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone. |
