Categories

Redhat 7 – DNS server

Configuration DNS master Redhat 7 exemple

DNS redhat 7

https://www.techinformant.in/dns-server-configuration-on-rhelcentos-7​​ ​​ 

DNS Server Configuration on RHEL 7

What is DNS.?

The DNS it stands for Domain Name Server (DNS) is used to translate/resolve hostnames into IP addresses, and the IP address into Hostnames. DNS zones are used to translate IP addresses into hostnames. It is also used to deliver additional types of information to DNS clients. An increasing number of services depend on DNS, which is why configuring DNS is an important task for Linux administrators.

Understanding the DNS  Records:

–Each DNS  Zone file contain a number of records like A ,PTR,CNAME,MX,HINFO,NS  and SOA records. 

A Record: The Address record holds The IP Address of the hostname.It resolves IP into Hostname.

PTR Record: The Pointer Record resolves hostname into IP

CNAME: cname allows multiple names  for each TCP/IP Address

MX RECORD: it stands for mail exchange record, It’s responsible for Mail Hostnames.

HINFO:  this record holds Hosts TCP/IP Address

NS RECORD: The Name Server record simply specifies the other name servers for the domain.

SOA RECORD: It stands Start of authority. This record identifies the zone and some parameters like the source host, serial number, refresh time, retry time, A expire time. Time To Live (TTL)

In-detailed some Important Resource Record Types and it’s used.

Resource Record

Usage

 

A (IPv4 address)

Maps a hostname to an IPv4 address

AAAA (IPv6 address)

Maps a hostname to an IPv6 address.

CNAME (canonical name)

An alias for one name to another name that should have an A or AAAA record.

NS (name server)

Maps a domain name to a DNS name server that is authoritative for the DNS zone.

PTR (pointer)

Maps an IP address (v4 or v6) to a hostname.

MX (mail exchange)

Indicates which MTA mail servers are used within a DNS

domain.

SOA (start of authority

Contains generic information about how a DNS zone works. It contains information about who is responsible for the administration of the domain.

TXT (text)

Maps a name to human readable text. This type of resource record is for instance used by protocols like Send Policy Framework, which in email is used to verify the name of the domain an email message was received from.

SRV (service)

Indicates which host to contact for specific services such as LDAP and Kerberos.

DNS have two Zone files:

What is Zone?

 Zones contain all domain information. Basically, the zone refers to the branch of the DNS tree for which a specific name server is responsible.

Zones are two types

1.forward lookup Zone– it contain IP address to hostname information

2.Reverse lookup Zone: it contains hostname to IP address information.

Now Let’s Start the Installation and Configuration of DNS Server on CentOS/RHEL 7.

Table of Contents

  • Setup Information

  • Pre-Requisite Infrastructure Configuration

  • Static IP for DNS server.

  • Local Host File on the DNS Server

  • SELINUX status.

  • DNS Server Software Installation.

  • Enabling DNS IP to access the DNS requests.

  • Firewall Settings.

  • DNS Server Configuration.

  • DNS Zone Files.

  • Configure permissions and ownerships on bind configuration files.

  • Perform Syntax check Validation on the Config files.

  • Start the BIND services.

  • DNS Server Testing.

1. Setup Details

In this lab setup, we are going to install and configure the BIND DNS service named. DNS server listens to the DNS requests on port 53, which is the default port for name resolution service

Operating System:                 RHEL or CentOS 7 (x86_64)

Name Server Software:      BIND (Berkeley Internet Name Domain)

Master DNS Server:              master.opensky.home / 192.168.1.202

DNS Client:                               centos-client / 90.10.10.50

DNS Port:                                  53 (Default)

Platform:                                   VMware Workstation

RPM Sources:                        CentOS Yum Repository

2. Pre-Requisite Infrastructure Configuration

2.1 Static IP for Master DNS server. 

This is must and recommended to have a static IP configured on the DNS NIC.

To Configure Static IP/Connection for the network adaptor enp0s8 using with nmcli(NetworkManager Command-line Interface). Follow below commands. 

[root@master ~]# nmcli connection add con-name eth0 ifname enp0s8 type ethernet autoconnect yes ip4 192.168.1.202/24 gw4 192.168.1.1
[root@master ~]# nmcli connection modify eth0 ipv4.dns 192.168.1.202,8.8.8.8
[root@master ~]# nmcli connection modify eth0 ipv4.method manual

After Configuring the Static IP for Network Device. Now Let’s down & up to Check the status of the Network Connections.

[root@master ~]# nmcli connection down eth0
[root@master ~]# nmcli connection up eth0

Restart the Network connections.

[root@master ~]# systemctl restart network.service

Verifying The Network Settings and IP address configuration: 

[root@master ~]# grep -w BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-eth0

BOOTPROTO=static

[root@master ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0https://i0.wp.com/www.techinformant.in/wp-content/uploads/2017/01/Network1.jpg

 

For static IP configuration on RHEL/CentOS 7, just click hereThis article will give you complete details about configuring the static IP.

2.2 Local Host File on the DNS Server

To set hostname resolution, DNS is typically used. Configuring DNS not only for hostname resolution it will help us control to communicate with DNS Clients. Apart from DNS, you can configure host name resolution in the  /etc/hosts file. Setting up an /etc/hosts file is easy; just make sure that it contains at least two columns. The first column has the IP address of the specific host, and the second column specifies the hostname Ex: localhost.localdoamin  localhost.

Configuring the Static Hostname for DNS Server using the hostnamectl command.

[root@master ~]# hostnamectl set-hostname master.opensky.home

(or) You can set using this like

[root@master ~]# hostnamectl set-hostname master.opensky.home  –static

Add The  entry in /etc/hosts file like below  to resolve the  FQDN name with IP address

[root@master ~]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.1.202     master.opensky.home     master

Verifying the Hostname details:

[root@master ~]# hostnamectl statushttps://i0.wp.com/www.techinformant.in/wp-content/uploads/2017/01/Hostname.jpg

 

2.3 SELINUX status

In my setup, I have kept the selinux disabled, it’s up to you whether you want to keep it enabled or disabled.

[root@master ~]# sestatus

SELinux status:                 disabled

3. DNS Server Software Installation

To install DNS packages we will use the yum command, as yum takes care to install the dependency packages by itself if any. If you want to Configure Local Yum Repository on RHEL Versions just click here: Yum Repository Configuration on RHEL/CentOs 7

[root@master ~]# yum install bind bind-utils

[root@master ~]# rpm -q bind bind-utils

4. Enabling DNS IP to accept the DNS requests

Once the DNS bind packages are installed, next step is to enable the DNS configuration to enable named service to accept the request on DNS Server IP. In our lab setup, it is 192.168.1.202. To perform these changes manually edit the /etc/named.conf file.

Before editing the Default configuration, make sure take a back of original configuration file.

Before: editing the default configuration file of /etc/named.conf

[root@master ~]# grep -w “listen-on port 53” /etc/named.conf

       ​​ listen-on port 53 { 127.0.0.1; };

 [root@master ~]# grep -w “allow-query” /etc/named.conf

       ​​ allow-query     { localhost; };

After Editing

[root@master ~]# grep -w “listen-on port 53” /etc/named.conf

       ​​ listen-on port 53 { 127.0.0.1;192.168.1.202; };

[root@master ~]# grep -w “allow-query” /etc/named.conf

        allow-query     { any; };

[root@master ~]#

Once we have made the above changes, we can start the named service to ensure that changes worked fine and service started without any problem.

Starting and Verifying the DNS (Named) Service.

[root@master ~]# systemctl enable named.service

[root@master ~]# systemctl start named.service

[root@master ~]# systemctl status named.service

Once the named service is started, we can check if named services are listening on DNS server IP on port 53 for both TCP and UDP protocols.

 [root@master ~]# netstat -antu | grep -w 53

tcp        0      0 90.10.10.20:53          0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN

tcp6       0      0 ::1:53                  :::*                    LISTEN

udp        0      0 90.10.10.20:53          0.0.0.0:*

udp        0      0 127.0.0.1:53            0.0.0.0:*

udp6       0      0 ::1:53                  :::*

[root@master ~]#DNS Server

Above outputs confirms that DNS server is listening on loopback, DNS IP on port 53 for TCP and UDP protocols.

5. Firewall Settings

In enterprise setup generally, operating system firewall is kept off as enterprise firewalls are there to keep the network secure. In this lab setup, I am not going to disable the local firewall as we don’t have enterprise firewalls here.

We will create firewall rules to accept the tcp/udp requests on port 53 reload the firewall rules.

[root@master ~]# firewall-cmd –zone=public –add-port=53/tcp –permanent

[root@master ~]# firewall-cmd –zone=public –add-port=53/udp –permanent

[root@master ~]# firewall-cmd –reload

Once firewall rules configured and loaded, we can test it using nmap command.  The beauty of nmap utility is we can test both tcp and udp connectivity.

 

Or Firewall DISABLED

#systemctl stop firewalld.service
#systemctl disable firewalld.service

 

[root@master ~]# nmap -p 53 90.10.10.20

Host is up (-2100s latency).

PORT   STATE SERVICE

53/tcp open  domain

Nmap was done: 1 IP address (1 host up) scanned in 0.04 secondsDNS Server

Verifying UDP port

[root@master ~]# nmap -sU -p 53 192.168.1.202

Host is up (0.00075s latency).

PORT   STATE SERVICE

53/udp open  domain

Nmap was done: 1 IP address (1 host up) scanned in 0.03 seconds

[root@master ~]#

6. DNS Server Configuration

So now we have infrastructure configuration setup completed to run the DNS services. Let’s define our zone file for our opensky.home domain.

6.1 DNS Zone Files

First, we will update the /etc/named.conf for the names of forward and reverse lookup files. To do this edit the /etc/named.conf file and add the following entries before include statements.

zone “opensky.home” IN {

type master;

file “forward.opensky”;

allow-update { none; };

};

zone “1.168.192.in-addr.arpa” IN {

type master;

file “reverse.opensky”;

allow-update { none; };

};

Now create forward and reverse lookup files with the following contents

[root@master ~]# cat /var/named/forward.opensky

$TTL 86400

@ IN SOA master.opensky.home. root.opensky.home. (

             2011071001 ;Serial

             3600 ;Refresh

             1800 ;Retry

             604800 ;Expire

             86400 ;Minimum TTL

       )

@    IN     NS     master.opensky.home.

@    IN     A       192.168.1.202

@    IN     A       192.168.1.205

master              IN       A       192.168.1.202

centos-client       IN       A       192.168.1.205DNS Server

Reverse lookup file

[root@master ~]# cat /var/named/reverse.opensky

$TTL 86400

@ IN SOA master.opensky.home. root.opensky.home. (

             2011071001 ;Serial

             3600 ;Refresh

             1800 ;Retry

             604800 ;Expire

             86400 ;Minimum TTL

       )

@    IN     NS     master.opensky.home.

@    IN     PTR    opensky.home.

master              IN       A       90.10.10.20

centos-client       IN       A       90.10.10.50

20       IN     PTR   master.opensky.home.

50       IN     PTR   centos-client.opensky.home.

[root@master ~]#DNS Server

7. Configure permissions and ownerships on bind configuration files

[root@master ~]# chgrp named -R /var/named

[root@master ~]# chown -v root:named /etc/named.conf

ownership of ‘/etc/named.conf’ retained as root:named

[root@master ~]# restorecon -rv /var/named

[root@master ~]# restorecon /etc/named.conf

8. Perform Syntax check Validation on the Config files

Use named-checkconf to validate the files for the syntax errors.

[root@master ~]# /usr/sbin/named-checkconf -z /etc/named.conf

zone opensky.home/IN: loaded serial 2011071001

zone 10.10.90.in-addr.arpa/IN: loaded serial 2011071001

zone localhost.localdomain/IN: loaded serial 0

zone localhost/IN: loaded serial 0

zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0

zone 1.0.0.127.in-addr.arpa/IN: loaded seria 0

zone 0.in-addr.arpa/IN: loaded serial 0

[root@master ~]#

9. Start the BIND services

Perform a clean start of the named service for these setting to take effect and ensure there are no configuration issues

[root@master ~]# systemctl stop named.service

[root@master ~]# systemctl start named.service

[root@master ~]# systemctl status named.service

10. DNS Server Testing

At this stage, we can use our DNS server to resolve the domain opensky.home

So test it externally, we will update the DNS resolver file on the client.

 [root@centos-client /]# cat /etc/resolv.conf

# Generated by NetworkManager
search opensky.home
nameserver 192.168.1.202
nameserver 8.8.8.8
nameserver 192.168.1.1

Verify the DNS Client details and communication between DNS Master Server and Client

[root@centos-client /]# nslookup centos-client

Checking from Client side, with Name and & Server IP Address

[root@centos-client /]# nslookup 192.168.1.202

 

[root@centos-client /]# dig 192.168.1.202    & opensky.home

 

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

This site uses Akismet to reduce spam. Learn how your comment data is processed.