Tuesday, 14 April 2015

Configure DNS Server for a Domain in RHEL7

A DNS Server (name server) resolves host names to ip addresses and vice versa. A DNS Server are of several types:

Caching-only DNS server: which stores recent requests like a proxy server. It refers to  other DNS servers for requests not in its current cache.

Forward-only DNS server: A forward only server caches values and queries forwarders, but it never queries anyone else. If the forwarders do not respond, queries will fail.

Authoritative Name Server: An official representative of a zone. Authoritative Name Servers are of 2 types:

Primary (Master) Server: stores the zone files on disk. Modifications to zone files are made ONLY on the Primary Server. Each zone has one master name server.

Secondary (Slave) Server: Secondary servers retrieve information about the zone through a zone transfer from the master server or from another secondary server. DNS information about a zone is never modified directly on the secondary server

In this tutorial, we configure a Master Server for the domain 'mycompany.com'

Consider the following scenario:

DNS Server HostName: meru.mycompany.com
DNS Server IP Address: 192.168.122.1/24
DNS Domain Name : mycompany.com

DNS Server Configuration:


1) Install DNS Server
[root@meru ~]# yum -y install bind bind-utils

2) Edit the configuration file '/etc/named.conf' and make the following changes.

//The network interface on which to listen for queries
listen-on port 53 { 127.0.0.1; 192.168.122.1; };    

//Clients allowed to query the DNS Server  
allow-query     { localhost; 192.168.122.0/24; };  

//Restrict zone transfer to the IP Address of the Slave Name Server
allow-transfer { 192.168.122.2; };

// Forward any unresolved requests to your ISP's name server. Or use google server  8.8.8.8 or 8.8.4.4.
forwarders { 8.8.4.4; }; 

//Add the zone declaration for the domain 'mycompany.com' at the end of the file. 
// forward zone declaration
zone "mycompany.com" IN {
      type master;
      file "named.mycompany.com";
};


//reverse zone declaration
zone "122.168.192.in-addr.arpa" IN {
        type master;
        file "named.122.168.192.in-addr.arpa";
};


3)Create the forward zone definition file '/var/named/named.mycompany.com' as shown below. 

$TTL 1D
@       IN SOA  meru.mycompany.com. root.meru.mycompany.com. (
                                        0      
; serial
                                        1D     
; refresh
                                        1H     
; retry
                                        1W     
; expire
                                        3H )   
; minimum
        IN      NS      meru.mycompany.com.   
; DNS Server for the domain mycompany.com
        IN      MX      10      meru.mycompany.com.  
; Mail Server for the domain mycompany.com

meru        IN      A            192.168.122.1   
;IP Address of meru
server1    IN      A            192.168.122.2 
;IP Address of server1  
server2    IN      A            192.168.122.3  ;IP Address of server2

www         IN      CNAME   meru            ;Alias for meru


5) Create the reverse zone definition file '/var/named/named.122.168.192.in-addr.arpa' as shown below. 

$TTL 1D
@       IN SOA  root.meru.mycompany.com. meru.mycompany.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      meru.mycompany.com.

1       IN      PTR     meru.mycompany.com.
2       IN      PTR     server1.mycompany.com.
3       IN      PTR     server2.mycompany.com.


4) Check the config file and zone files for errors.
[root@meru ~]# named-checkconf

[root@meru ~]# named-checkzone mycompany.com /var/named/named.mycompany.com

[root@meru ~]# named-checkzone 122.168.192.in-addr.arpa /var/named/named.122.168.192.in-addr.arpa

5) Open Firewall Ports. UDP/53 for DNS queries, TCP/53 for Zone Transfer.
[root@meru ~]# firewall-cmd --zone=public --add-service=dns --permanent
[root@meru ~]# firewall-cmd --reload


6) Start the DNS Server
[root@meru ~]# systemctl start named

7) Enable at boot
[root@meru ~]# systemctl enable named

8) Check status
[root@meru ~]# rndc status
        CPUs found: 4
        worker threads: 4
        UDP listeners per interface: 4
        number of zones: 104
        recursive clients: 0/0/1000
        tcp clients: 0/100
        server is up and running



Client Configuration


1) Install packages
[root@server1 ~]# yum -y install bind-utils

2) Edit the file '/etc/resolv.conf'. Add the following line
          nameserver 192.168.122.1

3) Query the DNS Server
[root@server1 ~]# dig @192.168.122.1 server2.mycompany.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> @192.168.122.1 server2.mycompany.com
; (1 server found)
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;server2.mycompany.com.        IN    A

;; ANSWER SECTION:
server2.mycompany.com.    86400    IN    A    192.168.122.3




[root@meru ~]# dig  @localhost -x 192.168.122.2
 ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> @localhost -x 192.168.122.2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.122.168.192.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
2.122.168.192.in-addr.arpa. 86400 IN    PTR    server1.mycompany.com.

No comments:

Post a Comment