How to configure BIND-9.8 DNS server in Red Hat Linux 6 (RHEL-6)
Step by Step ways to configure BIND-9.8 in RHEL-6
I will use chroot i.e.jail environment for configuring dns server as it is considered to be much more safer than normal bind.
NOTE: Please take a copy of the original configuration file before making any changes to it.
Pre-requisites:
Make sure you have all the required packages
# rpm -q bind
package bind is not installed
# rpm -q bind-chroot
package bind-chroot is not installed
Install the required package using yum
# yum -y install bind bind-chroot
By default all the bind files would not be copied inside chroot so we will have to manually do that
Next copy the required files inside chroot directory.
NOTE: Use -p argument along with cp command to preserve the permission and ownership of all the files and directories
# cp -rvpf /etc/named.* /var/named/chroot/etc/
`/etc/named.conf' -> `/var/named/chroot/etc/named.conf'
`/etc/named.iscdlv.key' -> `/var/named/chroot/etc/named.iscdlv.key'
`/etc/named.rfc1912.zones' -> `/var/named/chroot/etc/named.rfc1912.zones'
`/etc/named.root.key' -> `/var/named/chroot/etc/named.root.key'
# cp -rvpf named.* chroot/var/named/
`named.ca' -> `chroot/var/named/named.ca'
`named.empty' -> `chroot/var/named/named.empty'
`named.localhost' -> `chroot/var/named/named.localhost'
`named.loopback' -> `chroot/var/named/named.loopback'
# cp -prvf data/ chroot/var/named/
`data/' -> `chroot/var/named/data'
# cp -prvf dynamic/ chroot/var/named/
`dynamic/' -> `chroot/var/named/dynamic'
# cp -prvf slaves/ chroot/var/named/
`slaves/' -> `chroot/var/named/slaves'
Now lets start editing our main configuration file
# cd /var/named/chroot/etc/
# vi named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.1.11; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Change the IP Address of your local machine in the resolv.conf file and ifcfg-eth file
# vi /etc/resolv.conf
search example
nameserver 192.168.1.11
NOTE: DNS entry has to made in ifcfg-eth file only for Red Hat Linux 6 and above. For Red Hat Linux 5
DNS entry is made only in resolv.conf file
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=192.168.1.11
Verify your hostname
# vi /ets/sysconfig/network
HOSTNAME=test2.example.com
Run this command on the terminal
# hostname test2.example.com
If you use the below command on the terminal your hostname should reflect as STD out
# hostname
test2.example.com
Restart your network services
# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 192.168.1.11 is already in use for device eth0...
[ OK ]
# service named restart
Stopping named: [ OK ]
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
NOTE: In case your system stucks at
Generating /etc/rndc.key:
Try this command
# rndc-confgen -a -r /dev/urandom
wrote key file "/etc/rndc.key"
and again retry to restart your named services
References
Generating rndc key
Verify your Internet Connection
# ping google.com
PING google.com (74.125.236.71) 56(84) bytes of data.
64 bytes from maa03s05-in-f7.1e100.net (74.125.236.71): icmp_seq=1 ttl=56 time=223 ms
64 bytes from maa03s05-in-f7.1e100.net (74.125.236.71): icmp_seq=2 ttl=56 time=319 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1349ms
rtt min/avg/max/mdev = 223.861/271.853/319.846/47.995 ms
So our DNS server is working fine now let us configure forward and reverse zone
# vi /var/named/chroot/etc/named.rfc1912.zones
(Make new entry as shown below)
# Forward Zone Entry #
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};
# Reverse Zone Entry #
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
allow-update { none; };
};
Create the zone files as mentioned in named.rfc1912.zones file above
Now if you view named.localhost and named.loopback file inside /var/named/chroot/var/named, then you will notice that they resemble to forward and reverse lookup file respectively. So instead of creating new file we will just copy the content from their respective duplicates
# pwd
/var/named/chroot/var/named
# cp -p named.loopback 192.168.1.zone
# cp -p named.localhost example.com.zone
Forward Zone file
# vi example.com.zone
$TTL 1D
@ IN SOA example.com. hostmaster.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS example.com.
IN A 192.168.1.11
test2 IN CNAME example.com.
www IN CNAME example.com.
Reverse Zone file
# vi 192.168.1.zone
$TTL 1D
@ IN SOA example.com. hostmaster.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS example.com.
11 IN PTR example.com.
Verify the permissions
IMPORTANT NOTE:
The permission on all the bind related files should be 640 and for all directories it should be 770 with root as user owner and named as group owner
# ll
total 36
-rw-r-----. 1 root named 207 Mar 14 18:36 192.168.1.zone
drwxrwx---. 2 named named 4096 Jan 20 23:10 data
drwxrwx---. 2 named named 4096 Jan 20 23:10 dynamic
-rw-r-----. 1 root named 242 Mar 14 18:32 example.com.zone
-rw-r-----. 1 root named 1892 Feb 18 2008 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 20 23:10 slaves
Restart named services
# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
Verify both the zones
# nslookup example.com
Server: 192.168.1.11
Address: 192.168.1.11#53
Name: example.com
Address: 192.168.1.11
# dig -x 192.168.1.11
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -x 192.168.1.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60861
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;11.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
11.1.168.192.in-addr.arpa. 86400 IN PTR example.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS example.com.
;; ADDITIONAL SECTION:
example.com. 86400 IN A 192.168.1.11
;; Query time: 2 msec
;; SERVER: 192.168.1.11#53(192.168.1.11)
;; WHEN: Fri Mar 14 18:35:24 2014
;; MSG SIZE rcvd: 98
So we are getting outputs for forward and reverse lookup entries.
Everything is working as expected. :)
