Getting started with BIND - how to build and run named with a basic. Planning to run an authoritative server, adding zone statements and creating zone files for.
Configure Cache-Only DNS in CentOS and RHEL 7These directives instruct the DNS server to listen on UDP port 53, and to allow queries and caches responses from localhost and any other machine that reaches the server.4. It is important to note that the ownership of this file must be set to root:named and also if SELinux is enabled, after editing the configuration file we need to make sure that its context is set to namedconft as shown in Fig. 4 (same thing for the auxiliary file /etc/named.rfc1912.zones): # ls -lZ /etc/named.conf# ls -lZ /etc/named.rfc1912.zonesOtherwise, configure the SELinux context before proceeding: # semanage fcontext -a -t namedconft /etc/named.conf# semanage fcontext -a -t namedconft /etc/named.rfc1912.zones5. Additionally, we need to test the DNS configuration now for some syntax error before starting the bind service: # named-checkconf /etc/named.conf6. After the syntax verification results seems perfect, restart the named service to take new changes into effect and also make the service to auto start across system boots, and then check its status: # systemctl restart named# systemctl enable named# systemctl status named. Open DNS Port 53 on Firewall Step 3: Chroot Cache-Only DNS Server in RHEL and CentOS 78.
If you wish to deploy the Cache-only DNS server within chroot environment, you need to have the package chroot installed on the system and no further configuration is needed as it by default hard-link to chroot. # yum install bind-chroot -yOnce chroot package has been installed, you can restart named to take the new changes into effect: # systemctl restart named9. Next, create a symbolic link (also named /etc/named.conf) inside /var/named/chroot/etc/: # ln -s /etc/named.conf /var/named/chroot/etc/named.confStep 4: Configure DNS on Client Machine10. Add the DNS Cache servers IP 192.168.0.18 as resolver to the client machine.
Edit /etc/sysconfig/network-scripts/ifcfg-enp0s3 as shown in the following figure: DNS=192.168.0.18.
(DNS) is the root of the internet that translates the domain name to IP Address and vice versa. BIND9 (Berkeley Internet Name Domain) package provides the functionality of name to IP conversion.This post will guide you to configure on.
EnvironmentDomain: itzgeek.localPrimary Name Server: (It is the master server, and all DNS records are created here.)Server Name: ns1.itzgeek.localIP Address: 192.168.1.10Secondary Name Server: (It is a slave server, gets DNS records from the Master server. You can have multiple slave DNS server in your environment. Slave server acts as a backup DNS server and serves clients DNS requests if the primary server goes down.)Server Name: ns2.itzgeek.localIP Address: 192.168.1.20In this post, we set up only the primary DNS server. If you are implementing the secondary NDS server, then take a look at configuring slave DNS server on Ubuntu 18.04.READ: How To Configure Slave DNS server on Ubuntu 18.04 PrerequisitesSwitch to the root user. Su -OR sudo su -Update the repository index. Apt updateMake sure both primary and secondary DNS servers have a static IP address. SOA – Start of AuthorityNS – Name ServerA – A recordMX – Mail for ExchangeCN – Canonical NameDomain names should end with a dot (.).
Cp /etc/bind/db.local /etc/bind/fwd.itzgeek.local.dbEdit the zone. Nano /etc/bind/fwd.itzgeek.local.dbUpdate the content shown below. Whenever you change any records in the lookup file, make sure you update the serial number to some random number, higher than current.;; BIND data file for local loopback interface;$TTL 604800@ IN SOA ns1.itzgeek.local. (20; Serial604800; Refresh86400; Retry2419200; Expire604800 ); Negative Cache TTL;;@ IN NS localhost.;@ IN A 127.0.0.1;@ IN AAAA::1;Name Server InformationIN NS ns1.itzgeek.local.IN NS ns2.itzgeek.local.;IP address of Name Serverns1 IN A 192.168.1.10ns2 IN A 192.168.1.20;Mail Exchangeritzgeek.local. IN MX 10 mail.itzgeek.local.;A - Record HostName To Ip Addresswww IN A 192.168.1.100mail IN A 192.168.1.150@ IN A 192.168.1.200;CNAME recordftp IN CNAME www.itgeek.local.Reverse Zone lookup file:Copy the sample entries to the zone file called rev.itzgeek.local.db for reverse zone under /etc/bind directory and create reverse pointers for the above forward zone records.PTR – PointerSOA – Start of Authority cp /etc/bind/db.127 /etc/bind/rev.itzgeek.local.dbEdit the reverse zone file. Nano /etc/bind/rev.itzgeek.local.dbUpdate the content shown below.
Whenever you change any DNS records in the lookup file, make sure to update the serial number to some random number, higher than the current one.;; BIND reverse data file for local loopback interface;$TTL 604800@ IN SOA itzgeek.local. (20; Serial604800; Refresh86400; Retry2419200; Expire604800 ); Negative Cache TTL;;@ IN NS localhost.;1.0.0 IN PTR localhost.;Name Server InformationIN NS ns1.itzgeek.local.IN NS ns2.itzgeek.local.;Reverse lookup for Name Server10 IN PTR ns1.itzgeek.local.20 IN PTR ns2.itzgeek.local.;PTR Record IP address to HostName100 IN PTR www.itzgeek.local.150 IN PTR mail.itzgeek.local.200 IN PTR itzgeek.local.Check BIND Configuration SyntaxUse named-checkconf command to check the syntax and named.conf. files for any errors.
Named-checkconfCommand will return to the shell if there are no errors.Also, you can use named-checkzone to check the syntax errors in zone files. For the forward zone named-checkzone itzgeek.local /etc/bind/fwd.itzgeek.local.dbOutput: zone itzgeek.local/IN: loaded serial 20OK For the reverse zone named-checkzone 1.168.192.in-addr.arpa /etc/bind/rev.itzgeek.local.dbOutput: zone 1.168.192.in-addr.arpa/IN: loaded serial 20OKRestart bind service. Systemctl restart bind9Enable it on system startup.
Systemctl enable bind9Check the status of bind9 service. Systemctl status bind9Output: ●bind9.service - BIND Domain Name ServerLoaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)Active: active (running) since Sun 2018-06-17 13:33:05 UTC; 21s agoDocs: man:named(8)Main PID: 2683 (named)Tasks: 4 (limit: 2323)CGroup: /system.slice/bind9.service└─2683 /usr/sbin/named -f -u bindJun 17 13:33:05 server named2683: network unreachable resolving './NS/IN': 2001:500:3::42#53Jun 17 13:33:05 server named2683: managed-keys-zone: Key 19036 for zone.
Acceptance timer complete: key now trJun 17 13:33:05 server named2683: managed-keys-zone: Key 20326 for zone. Read the below tutorial to set DNS server IP in Linux.READ:READ:READ:Use the dig command to check the forward zone.
Dig www.itzgeek.localIf you get command not found, then install bind-utils package.Output:; DiG 9.11.3-1ubuntu1.1-Ubuntu www.itzgeek.local;; global options: +cmd;; Got answer:;; WARNING:.local is reserved for Multicast DNS;; You are currently testing what happens when an mDNS query is leaked to DNS;; -HEADER. Dig -x 192.168.1.100Output:; DiG 9.11.3-1ubuntu1.1-Ubuntu -x 192.168.1.100;; global options: +cmd;; Got answer:;; -HEADER.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |