BIND DNS

Installation and Configuration of BIND DNS


Overview


In this article we are going to cover -

  • DNS Server Installation and Configuration
  • DNS Zone Configuration
  • Forward and Reverse Lookup Files


Prerequisites


  • Two CentOS/any Linux OS installed machine.
  • Proper networking access between the machines and outside world.

In this article we are using the below machine:

  • Master DNS Server - CentOS Linux release 7.2.1511 (192.168.20.17)
  • DNS Client -  CentOS Linux release 7.2.1511 (192.168.20.18)


Brief Overview of DNS


Domain Name Server (DNS) is used to resolve the IP address into host-names and host-names into the IP address. The domain name needs to get translated into IP address. DNS matches human-friendly domain names like "test.com" to computer-friendly IP addresses like 12.34.56.78. This happens in a special text file called a zone file, which lists domains and their corresponding IP addresses (and a few other things). A zone file is like a phone book that matches names with street addresses.


DNS Records:


Each DNS have Zone file which contains a number of records. Here is the list of the most common records:

  • A Record: The Address Mapping record (A) specifies IP address (IPv4) for given host. A records are used for conversion of domain names to corresponding IP addresses.
  • AAAA Record: The IP Version 6 Address records (AAAA) also called quad-A record specifies IPv6 address for given host. So it works the same way as the A record and the difference is the type of IP address.
  • CNAME Record: Canonical Name records (CNAME) specifies a domain name that has to be queried in order to resolve the original DNS query. Therefore CNAME records are used for creating aliases of domain names. CNAME records are truly useful when we want to alias our domain to an external domain.
  • MX Record: Mail ex-changer record (MX) specifies a mail exchange server for a DNS domain name. The information is used by Simple Mail Transfer Protocol (SMTP) to route emails to proper hosts. Typically, there are more than one mail exchange server for a DNS domain and each of them have set priority.
  • NS Record: Name Server records (NS) specifies an authoritative name server for given host.
  • PTR Record: Reverse-lookup Pointer records (PTR) is opposite to forward DNS resolution (A and AAAA DNS records), the PTR record is used to look up domain names based on an IP address.
  • SOA Record: Start of Authority records (SOA) specifies core information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.



Brief Overview of BIND


BIND stands for Berkeley Internet Name Domain. BIND is an open source software that provide the facility to publish your Domain Name System (DNS) information on the internet and provide the DNS query resolution for the users. It is most commonly used and oldest DNS server.



DNS Server Installation and Configuration


We are installing the BIND DNS software on the Master DNS Server (192.168.20.17) here but before that we need to do the some basic setting on DNS master server.


Static IP configured on the DNS server NIC is recommended here.

[root@localhost somesh]# grep -w BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-enp0s3
BOOTPROTO=none
 
[root@localhost somesh]# cat /etc/hosts
127.0.0.1        localhost localhost.localdomain localhost4 localhost4.localdomain4
::1              localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.20.17    master.somesh.home master
 
[root@localhost somesh]# hostnamectl set-hostname master.somesh.home
 
[root@localhost somesh]# hostname
master.somesh.home
 
[root@localhost somesh]# sestatus
SELinux status:  enabled
 
[root@localhost somesh]# yum -y install bind bind-utils
 
[root@localhost somesh]# rpm -q bind bind-utils
bind-9.9.4-51.el7_4.1.x86_64
bind-utils-9.9.4-51.el7_4.1.x86_64
 
[root@master somesh]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
 
[root@master somesh]# systemctl status named
 
[root@master somesh]# systemctl status firewalld
 
[root@master somesh]# firewall-cmd --zone=public --add-port=53/tcp --permanent
 
[root@master somesh]# firewall-cmd --zone=public --add-port=53/udp --permanent
 
[root@master somesh]# firewall-cmd --reload

Once the firewall rules is configured then we can check the port connectivity with the nmap utility. Using nmap we can test both the tcp and udp connectivity.

[root@master somesh]# yum -y install nmap
 
[root@master somesh]# nmap -p 53 192.168.20.17
Starting Nmap 6.40 ( http://nmap.org ) at 2017-08-03 00:54 IST
Nmap scan report for 192.168.20.17
Host is up (0.000059s latency).
PORT   STATE  SERVICE
53/tcp closed domain
Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
 
[root@master somesh]# grep -w "listen-on port 53" /etc/named.conf
listen-on port 53 { 127.0.0.1; };
 
[root@master somesh]# nmap -sU -p 53 192.168.20.17
Starting Nmap 6.40 ( http://nmap.org ) at 2017-08-03 00:55 IST
Nmap scan report for 192.168.20.17
Host is up (0.000054s latency).
PORT   STATE  SERVICE
53/udp closed domain
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds


Enable DNS IP to Accept the DNS Request


We have done the installations and basic configuration of the Master DNS server in the previous step. Now we need to enable the DNS configuration to accept the request on DNS server IP.

[root@master somesh]# systemctl stop named

 

[root@master somesh]# systemctl status named

 

[root@master somesh]# cp -p /etc/named.conf /etc/named.conf-orignal


We need to change the named.conf file with the below configuration in the section " listen-on port 53" and "allow-query".

[root@master somesh]# vim /etc/named.conf
options {
        listen-on port 53 { 127.0.0.1;192.168.20.17; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
}
 
[root@master somesh]# grep -w "listen-on port 53" /etc/named.conf
listen-on port 53 { 127.0.0.1;192.168.20.17; };
 
[root@master somesh]# grep -w "allow-query" /etc/named.conf
allow-query     { any; };
 

After change in configuration start the named service again and test the connectivity on port 53.

[root@master somesh]# systemctl start named
 
[root@master somesh]# systemctl status named
 
[root@master somesh]# netstat -tulpn|grep 53
tcp      0      0 192.168.20.17:53        0.0.0.0:*               LISTEN      15582/named
udp      0      0 192.168.20.17:53        0.0.0.0:*                           15582/named
 
[root@master somesh]# nmap -p 53 192.168.20.17
Starting Nmap 6.40 ( http://nmap.org ) at 2017-08-03 01:12 IST
Nmap scan report for 192.168.20.17
Host is up (-1700s latency).
PORT   STATE SERVICE
53/tcp open  domain
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
 
[root@master somesh]# nmap -sU -p 53 192.168.20.17
Starting Nmap 6.40 ( http://nmap.org ) at 2017-08-03 01:12 IST
Nmap scan report for 192.168.20.17
Host is up (0.00029s latency).
PORT   STATE SERVICE
53/udp open  domain
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

 



DNS Zone Configuration


To run the DNS services the infrastructure configuration setup is completed. For forward and reverse lookup files we will update the named.conf file and add the below mentioned entry before the include statements.


The Zone file is a simple text file that contains the mappings between the IP address and domain names. Zone file is very important for the DNS system because DNS system uses this file whenever user request for certain domain to find out the correspondence IP address.


[root@master somesh]# cp -p /etc/named.conf /etc/named.conf-beforezone
 
[root@master somesh]# vi /etc/named.conf

zone "somesh.home" IN {

type master;
file "forward.somesh";
allow-update { none;};

};

 

zone “20.168.192.in-addr.arpa" IN {

type master;
file "reverse.somesh";
allow-update { none;};

};

 

Forward and Reverse Lookup Files


Forward Lookup File: This lookup file is used to find the IP address of the domain name. In simple, Domain Name to IP Address.

Reverse Lookup File: This lookup file is used to find the domain name of the IP address. In simple, IP address to Domain Name.


[root@master somesh]# vi /var/named/forward.somesh
$TTL 86400
@    IN SOA    master.somesh.home. root.somesh.home. (
                    2017122801    ; serial
                    3600          ; refresh
                    1800          ; retry
                    604800        ; expire
                    86400         ; minimum
            )
 
@    IN    NS    master.somesh.home.
@    IN    A     192.168.20.17
@    IN    A     192.168.20.18
 
master    IN    A    192.168.20.17
client    IN    A    192.168.20.18

 

 

[root@master somesh]# vi /var/named/reverse.somesh
$TTL 86400
@    IN SOA    master.somesh.home. root.somesh.home. (
                    2017122801    ; serial
                    3600          ; refresh
                    1800          ; retry
                    604800        ; expire
                    86400         ; minimum
            )
 
@    IN    NS    master.somesh.home.
@    IN    PTR   somesh.home.
 
master    IN    A    192.168.20.17
client    IN    A    192.168.20.18
 
17    IN    PTR    master.somesh.home.
18    IN    PTR    client.somesh.home.
 

 

 

[root@master somesh]# tail -15 /etc/named.conf
 
zone "somesh.home" IN {
    type master;
    file "forward.somesh";
    allow-update { none;};
};
 
zone "20.168.192.in-addr.arpa" IN {
    type master;
    file "reverse.somesh";
    allow-update { none;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
 
 
[root@master somesh]# grep directory /etc/named.conf
directory     "/var/named";
 
Change the permission and ownership of the bind configuration files.

[root@master somesh]# systemctl stop named
 
[root@master somesh]# chgrp named -R /var/named
 
[root@master somesh]# chown -v root:named /etc/named.conf
ownership of ‘/etc/named.conf’ retained as root:named
 
[root@master somesh]# ls -l /etc/named.conf
-rw-r-----. 1 root named 1904 Aug  3 03:25 /etc/named.conf
 
[root@master somesh]# ls -ld /var/named
drwxr-x---. 5 root named 4096 Aug  3 03:28 /var/named
 
[root@master somesh]# restorecon -rv /var/named
 
[root@master somesh]# restorecon /etc/named.conf
 

Before start the named service we can check the syntax of the config file using below command.

[root@master somesh]# /usr/sbin/named-checkconf -z /etc/named.conf
zone somesh.home/IN: loaded serial 2017122801
zone 20.168.192.in-addr-arpa/IN: loaded serial 2017122801
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0

Syntax is OK, Now start the named service.

[root@master somesh]# systemctl start named
 
[root@master somesh]# systemctl status named



DNS Server Testing


Our DNS server is ready. It's time to test now. For testing we are using the DNS Client (192.168.20.18) machine here. We can try to resolve the client.somesh.home from our DNS Server.


[root@client somesh]# hostnamectl set-hostname client.somesh.home
 
[root@localhost somesh]# cat /etc/resolv.conf
# Generated by NetworkManager
search somesh.home
nameserver 192.168.0.1          (This is generated by the NetworkManager but we are not using this)
 
[root@localhost somesh]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
 
[root@localhost somesh]# systemctl stop NetworkManager
 
[root@localhost somesh]# cat /etc/resolv.conf
# Generated by NetworkManager
search somesh.home
nameserver 192.168.20.17
 
[root@localhost somesh]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

(No local ip entry here in /etc/hosts file)

 
[root@localhost somesh]# ping client
PING client.somesh.home (192.168.20.18) 56(84) bytes of data.
64 bytes from 192.168.20.18: icmp_seq=1 ttl=64 time=0.029 ms
64 bytes from 192.168.20.18: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 192.168.20.18: icmp_seq=3 ttl=64 time=0.054 ms

 

[root@localhost somesh]# nslookup client
Server:        192.168.20.17
Address:    192.168.20.17#53
 
Name:    client.somesh.home
Address: 192.168.20.18
 
 
[root@localhost somesh]# nslookup 192.168.20.18
Server:        192.168.20.17
Address:    192.168.20.17#53
 
18.20.168.192.in-addr.arpa    name = client.somesh.home.

Now we can see that our DNS server is working fine. It's resolve the IP address to host-name and host-name to IP address.



Leave a Reply

Your email address will not be published. Required fields are marked *