DNS Server Configuration on RHEL 7 What is DNS.? The DNS it stands for Domain Name Server (DNS) is used to translate/resolve hostnames into IP addresses, and the IP address into Hostnames. DNS zones are used to translate IP addresses into hostnames. It is also used to deliver additional types of information to DNS clients. An increasing number of services depend on DNS, which is why configuring DNS is an important task for Linux administrators. Understanding the DNS Records: –Each DNS Zone file contain a number of records like A ,PTR,CNAME,MX,HINFO,NS and SOA records. A Record: The Address record holds The IP Address of the hostname.It resolves IP into Hostname. PTR Record: The Pointer Record resolves hostname into IP CNAME: cname allows multiple names for each TCP/IP Address MX RECORD: it stands for mail exchange record, It’s responsible for Mail Hostnames. HINFO: this record holds Hosts TCP/IP Address NS RECORD: The Name Server record simply specifies the other name servers for the domain. SOA RECORD: It stands Start of authority. This record identifies the zone and some parameters like the source host, serial number, refresh time, retry time, A expire time. Time To Live (TTL) In-detailed some Important Resource Record Types and it’s used. A (IPv4 address) | Maps a hostname to an IPv4 address | AAAA (IPv6 address) | Maps a hostname to an IPv6 address. | CNAME (canonical name) | An alias for one name to another name that should have an A or AAAA record. | NS (name server) | Maps a domain name to a DNS name server that is authoritative for the DNS zone. | PTR (pointer) | Maps an IP address (v4 or v6) to a hostname. | MX (mail exchange) | Indicates which MTA mail servers are used within a DNS domain. | SOA (start of authority | Contains generic information about how a DNS zone works. It contains information about who is responsible for the administration of the domain. | TXT (text) | Maps a name to human readable text. This type of resource record is for instance used by protocols like Send Policy Framework, which in email is used to verify the name of the domain an email message was received from. | SRV (service) | Indicates which host to contact for specific services such as LDAP and Kerberos. |
DNS have two Zone files: What is Zone? Zones contain all domain information. Basically, the zone refers to the branch of the DNS tree for which a specific name server is responsible. Zones are two types 1.forward lookup Zone– it contain IP address to hostname information 2.Reverse lookup Zone: it contains hostname to IP address information. Now Let’s Start the Installation and Configuration of DNS Server on CentOS/RHEL 7. Table of Contents Setup Information Pre-Requisite Infrastructure Configuration Static IP for DNS server. Local Host File on the DNS Server SELINUX status. DNS Server Software Installation. Enabling DNS IP to access the DNS requests. Firewall Settings. DNS Server Configuration. DNS Zone Files. Configure permissions and ownerships on bind configuration files. Perform Syntax check Validation on the Config files. Start the BIND services. DNS Server Testing.
1. Setup Details In this lab setup, we are going to install and configure the BIND DNS service named. DNS server listens to the DNS requests on port 53, which is the default port for name resolution service Operating System: RHEL or CentOS 7 (x86_64) Name Server Software: BIND (Berkeley Internet Name Domain) Master DNS Server: master.opensky.home / 192.168.1.202 DNS Client: centos-client / 90.10.10.50 DNS Port: 53 (Default) Platform: VMware Workstation RPM Sources: CentOS Yum Repository |
2. Pre-Requisite Infrastructure Configuration 2.1 Static IP for Master DNS server. This is must and recommended to have a static IP configured on the DNS NIC. To Configure Static IP/Connection for the network adaptor enp0s8 using with nmcli(NetworkManager Command-line Interface). Follow below commands. [root@master ~]# nmcli connection add con-name eth0 ifname enp0s8 type ethernet autoconnect yes ip4 192.168.1.202/24 gw4 192.168.1.1
[root@master ~]# nmcli connection modify eth0 ipv4.dns 192.168.1.202,8.8.8.8
[root@master ~]# nmcli connection modify eth0 ipv4.method manual After Configuring the Static IP for Network Device. Now Let’s down & up to Check the status of the Network Connections. [root@master ~]# nmcli connection down eth0
[root@master ~]# nmcli connection up eth0 Restart the Network connections. [root@master ~]# systemctl restart network.service Verifying The Network Settings and IP address configuration: [root@master ~]# grep -w BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-eth0 BOOTPROTO=static [root@master ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 |
For static IP configuration on RHEL/CentOS 7, just click here. This article will give you complete details about configuring the static IP. 2.2 Local Host File on the DNS Server To set hostname resolution, DNS is typically used. Configuring DNS not only for hostname resolution it will help us control to communicate with DNS Clients. Apart from DNS, you can configure host name resolution in the /etc/hosts file. Setting up an /etc/hosts file is easy; just make sure that it contains at least two columns. The first column has the IP address of the specific host, and the second column specifies the hostname Ex: localhost.localdoamin localhost. Configuring the Static Hostname for DNS Server using the hostnamectl command. [root@master ~]# hostnamectl set-hostname master.opensky.home (or) You can set using this like [root@master ~]# hostnamectl set-hostname master.opensky.home –static Add The entry in /etc/hosts file like below to resolve the FQDN name with IP address [root@master ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.202 master.opensky.home master |
Verifying the Hostname details: [root@master ~]# hostnamectl status |
2.3 SELINUX status In my setup, I have kept the selinux disabled, it’s up to you whether you want to keep it enabled or disabled. [root@master ~]# sestatus SELinux status: disabled |
3. DNS Server Software Installation To install DNS packages we will use the yum command, as yum takes care to install the dependency packages by itself if any. If you want to Configure Local Yum Repository on RHEL Versions just click here: Yum Repository Configuration on RHEL/CentOs 7 [root@master ~]# yum install bind bind-utils [root@master ~]# rpm -q bind bind-utils |
4. Enabling DNS IP to accept the DNS requests Once the DNS bind packages are installed, next step is to enable the DNS configuration to enable named service to accept the request on DNS Server IP. In our lab setup, it is 192.168.1.202. To perform these changes manually edit the /etc/named.conf file. Before editing the Default configuration, make sure take a back of original configuration file. Before: editing the default configuration file of /etc/named.conf [root@master ~]# grep -w “listen-on port 53” /etc/named.conf listen-on port 53 { 127.0.0.1; }; [root@master ~]# grep -w “allow-query” /etc/named.conf allow-query { localhost; }; |
After Editing [root@master ~]# grep -w “listen-on port 53” /etc/named.conf listen-on port 53 { 127.0.0.1;192.168.1.202; }; [root@master ~]# grep -w “allow-query” /etc/named.conf allow-query { any; }; [root@master ~]# |
Once we have made the above changes, we can start the named service to ensure that changes worked fine and service started without any problem. Starting and Verifying the DNS (Named) Service. [root@master ~]# systemctl enable named.service [root@master ~]# systemctl start named.service [root@master ~]# systemctl status named.service |
Once the named service is started, we can check if named services are listening on DNS server IP on port 53 for both TCP and UDP protocols. [root@master ~]# netstat -antu | grep -w 53 tcp 0 0 90.10.10.20:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp6 0 0 ::1:53 :::* LISTEN udp 0 0 90.10.10.20:53 0.0.0.0:* udp 0 0 127.0.0.1:53 0.0.0.0:* udp6 0 0 ::1:53 :::* [root@master ~]# |
Above outputs confirms that DNS server is listening on loopback, DNS IP on port 53 for TCP and UDP protocols. 5. Firewall Settings In enterprise setup generally, operating system firewall is kept off as enterprise firewalls are there to keep the network secure. In this lab setup, I am not going to disable the local firewall as we don’t have enterprise firewalls here. We will create firewall rules to accept the tcp/udp requests on port 53 reload the firewall rules. [root@master ~]# firewall-cmd –zone=public –add-port=53/tcp –permanent [root@master ~]# firewall-cmd –zone=public –add-port=53/udp –permanent [root@master ~]# firewall-cmd –reload |
Once firewall rules configured and loaded, we can test it using nmap command. The beauty of nmap utility is we can test both tcp and udp connectivity. Or Firewall DISABLED #systemctl stop firewalld.service
#systemctl disable firewalld.service [root@master ~]# nmap -p 53 90.10.10.20 Host is up (-2100s latency). PORT STATE SERVICE 53/tcp open domain Nmap was done: 1 IP address (1 host up) scanned in 0.04 seconds |
Verifying UDP port [root@master ~]# nmap -sU -p 53 192.168.1.202 Host is up (0.00075s latency). PORT STATE SERVICE 53/udp open domain Nmap was done: 1 IP address (1 host up) scanned in 0.03 seconds [root@master ~]# |
6. DNS Server Configuration So now we have infrastructure configuration setup completed to run the DNS services. Let’s define our zone file for our opensky.home domain. 6.1 DNS Zone Files First, we will update the /etc/named.conf for the names of forward and reverse lookup files. To do this edit the /etc/named.conf file and add the following entries before include statements. zone “opensky.home” IN { type master; file “forward.opensky”; allow-update { none; }; }; zone “1.168.192.in-addr.arpa” IN { type master; file “reverse.opensky”; allow-update { none; }; }; |
Now create forward and reverse lookup files with the following contents [root@master ~]# cat /var/named/forward.opensky $TTL 86400 @ IN SOA master.opensky.home. root.opensky.home. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS master.opensky.home. @ IN A 192.168.1.202 @ IN A 192.168.1.205 master IN A 192.168.1.202 centos-client IN A 192.168.1.205 |
Reverse lookup file [root@master ~]# cat /var/named/reverse.opensky $TTL 86400 @ IN SOA master.opensky.home. root.opensky.home. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS master.opensky.home. @ IN PTR opensky.home. master IN A 90.10.10.20 centos-client IN A 90.10.10.50 20 IN PTR master.opensky.home. 50 IN PTR centos-client.opensky.home. [root@master ~]# |
7. Configure permissions and ownerships on bind configuration files [root@master ~]# chgrp named -R /var/named [root@master ~]# chown -v root:named /etc/named.conf ownership of ‘/etc/named.conf’ retained as root:named [root@master ~]# restorecon -rv /var/named [root@master ~]# restorecon /etc/named.conf |
8. Perform Syntax check Validation on the Config filesUse named-checkconf to validate the files for the syntax errors. [root@master ~]# /usr/sbin/named-checkconf -z /etc/named.conf zone opensky.home/IN: loaded serial 2011071001 zone 10.10.90.in-addr.arpa/IN: loaded serial 2011071001 zone localhost.localdomain/IN: loaded serial 0 zone localhost/IN: loaded serial 0 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 zone 1.0.0.127.in-addr.arpa/IN: loaded seria 0 zone 0.in-addr.arpa/IN: loaded serial 0 [root@master ~]# |
9. Start the BIND servicesPerform a clean start of the named service for these setting to take effect and ensure there are no configuration issues [root@master ~]# systemctl stop named.service [root@master ~]# systemctl start named.service [root@master ~]# systemctl status named.service |
10. DNS Server TestingAt this stage, we can use our DNS server to resolve the domain opensky.home So test it externally, we will update the DNS resolver file on the client. [root@centos-client /]# cat /etc/resolv.conf # Generated by NetworkManager
search opensky.home
nameserver 192.168.1.202
nameserver 8.8.8.8
nameserver 192.168.1.1 |
Verify the DNS Client details and communication between DNS Master Server and Client [root@centos-client /]# nslookup centos-client |
Checking from Client side, with Name and & Server IP Address [root@centos-client /]# nslookup 192.168.1.202 |
[root@centos-client /]# dig 192.168.1.202 & opensky.home |
| 
Comments