This has been installed and configured on Centos 6.5 but set up should be similar on other Linux distributions. Make sure that you configure your firewall to allow DNS requests through, this can be done through system-config-firewall
- Install the BIND packages
yum install bind bind-utils - Edit the /etc/named.conf to look as below// named.conf
- Create the /var/named.local file to look exactly as below$TTL 86400@ IN SOA localhost. root.localhost. (19970227002880014400360000086400)IN NS localhost.1 IN PTR localhost. *NOTE* Do not forget trailing dots (highlighted in yellow) as this is a very common cause for errors. This appear in ALL zone files
- Create the /var/named/slaves/network.fwd file to look as below. If you are not wanting any dynamic updates to your zone files put them in /var/named as this will mean that all updates will be blocked by SELinux
$TTL 86400
@ IN SOA linux1.network. root.linux1.network. (20081014012880014400360000086400)
IN NS linux1.network.
localhost IN A 127.0.0.1linux1 IN A 192.168.100.2linux2 IN A 192.168.100.3The sections highlighted in yellow need to be set as the FQDN of the hosting DNS server. Root is the user "mail" address for messages to be passed onto. DO NOT FORGET THE TRAILING DOTS! The sections highlighted in blue are your zone entries, put as many entries in here as you wish as these will be resolved by the DNS server. In this case if you perform "nslookup linux2" from linux1 it will resolve it to 192.168.100.3 - Create the /var/named/slaves/network.rev file to look as below.
$TTL 86400
@ IN SOA linux1.network. root.linux1.network. (20081014012880014400360000086400)
IN NS linux1.network.3 IN PTR linux2.network. The sections highlighted in yellow need to be set as the FQDN of the hosting DNS server. Root is the user "mail" address for messages to be passed onto. DO NOT FORGET THE TRAILING DOTS! The sections highlighted in blue are your reverse lookup zone entries, these should match your forward look up zone file. The number at the start of the entry is the last octet of the IP address for the machine you adding, for example the bottom entry will mean that linux2.network. is mapped to 192.168.100.3 as we specified the first 3 octets of the network address in the named.conf file. - Edit your resolv.conf file to reflect the change of DNS servers to use, or use system-config-network or the network manager (but hey we're on Linux, use the command line wherever possible) Resolv.conf nameserver 192.168.100.2 nameserver 8.8.8.8 The above tells the server to resolve DNS queries first by asking itself then asking 8.8.8.8
- Restart the named and network services and set BIND to start on system startup service network restart service named restart chkconfig named on
- Check your configurations by pinging a local machine on your network and then a website. This should resolve the DNS name into an IP address
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
directory "/var/named";
};
acl "windowsadservers" {
192.168.100.3/24;
192.168.100.5/24;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "network.local" IN {
type master;
file "slaves/network.fwd";
allow-update { "windowsadservers"; };
};
zone "100.168.192,in-addr.arpa" IN {
type master;
file "slaves/network.rev";
allow-update { "windowsadservers"; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
The section highlighted in yellow is the context for any files mentioned here, unless explicitly specified otherwise.
The section highlighted in blue is the access control list for machines that can update the DNS server. This should only be set if you plan to have something dynamically updating DNS such as AD
The section highlighted in green is the FQDN of your network and authoritative zone that your DNS server is responsible for (You may also notice that the ACL list is mentioned here, this specifies what zones the server(s) can update)
The section highlighted in red is the network address for your network, typed backward, eg 192.168.100.0 would be 100.168.192 (note the last octet is omitted)
- Install the required packages on the DNS slave server
yum install bind bind-utils - Edit the /etc/named.conf file on the slave DNS server to read as below//// named.conf for Red Hat caching-nameserver//options {directory "/var/named";query-source port 53;transfer-source 192.168.100.3;};acl "windowsadservers" {192.168.100.3/24;192.168.100.5/24;};zone "0.0.127.in-addr.arpa" IN {type slave;file "slaves/named.local";allow-transfer { 192.168.100.2; };masters { 192.168.100.2; };allow-update { none; };};zone "network.local" IN {type slave;file "slaves/network.fwd";allow-update { "windowsadservers"; };allow-transfer { 192.168.100.2; };masters { 192.168.100.2; };};zone "100.168.192,in-addr.arpa" IN {type slave;file "slaves/network.rev";allow-update { "windowsadservers"; };allow-transfer { 192.168.100.2; };masters { 192.168.100.2; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";The section highlighted in yellow is the IP address of this slave server
Make sure the port specified in blue is opened on any firewalls between this and the main DNS server The IP addresses in green should be the same as the main DNS server. This allows the transfer of any DNS entries received or added while the master is offline. We specify the master of the zone to be the IP addresses in green.
- Edit the /etc/named.conf file on the main DNS server
//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options {directory "/var/named";allow-transfer { 192.168.100.3; 192.168.100.1; };};acl "windowsadservers" {192.168.100.3/24;192.168.100.5/24;};zone "." IN {type hint;file "named.ca";};zone "0.0.127.in-addr.arpa" IN {type master;file "slaves/named.local";allow-update { none; };};zone "network.local" IN {type master;file "slaves/network.fwd";allow-update { "windowsadservers"; };};zone "100.168.192,in-addr.arpa" IN {type master;file "slaves/network.rev";allow-update { "windowsadservers"; };}; The IP address in yellow should be the IP of your slave server. The other IP address is the IP of the virtual network card that all traffic passes through in my home lab, this is a work around I found when I was having permission denied errors when trying to get the 2 servers to talk to each other. I am using virt-manager and KVM to run this network, I am not sure what the outcome on other virtulisation platforms is like (please comment if you find other obscurities with other OSs or hypervisors/virtual machine manager Note the named.local file has moved location so that it can be replicated as well. - Create the files on the slave server for the entries to be saved in, the ones specified in the /etc/named.conf
touch /var/named/slaves/network.local
touch /var/named/slaves/named.fwd
touch /var/named/slaves/named.rev - Restart the BIND service and add it to startup on the slave server
- Add this new server to your resolv.conf or other network config method
And that is simply it. You are now a master of DNS on linux based operating systems and can get paid to set them up
As any normal, questions, comments etc post in comment, tweet them or put it on the Facebook page
No comments:
Post a Comment