Tuesday 14 April 2015

Configure DNS Server for a Domain in RHEL7

A DNS Server (name server) resolves host names to ip addresses and vice versa. A DNS Server are of several types:

Caching-only DNS server: which stores recent requests like a proxy server. It refers to  other DNS servers for requests not in its current cache.

Forward-only DNS server: A forward only server caches values and queries forwarders, but it never queries anyone else. If the forwarders do not respond, queries will fail.

Authoritative Name Server: An official representative of a zone. Authoritative Name Servers are of 2 types:

Primary (Master) Server: stores the zone files on disk. Modifications to zone files are made ONLY on the Primary Server. Each zone has one master name server.

Secondary (Slave) Server: Secondary servers retrieve information about the zone through a zone transfer from the master server or from another secondary server. DNS information about a zone is never modified directly on the secondary server

In this tutorial, we configure a Master Server for the domain 'mycompany.com'

Consider the following scenario:

DNS Server HostName: meru.mycompany.com
DNS Server IP Address: 192.168.122.1/24
DNS Domain Name : mycompany.com

DNS Server Configuration:


1) Install DNS Server
[root@meru ~]# yum -y install bind bind-utils

2) Edit the configuration file '/etc/named.conf' and make the following changes.

//The network interface on which to listen for queries
listen-on port 53 { 127.0.0.1; 192.168.122.1; };    

//Clients allowed to query the DNS Server  
allow-query     { localhost; 192.168.122.0/24; };  

//Restrict zone transfer to the IP Address of the Slave Name Server
allow-transfer { 192.168.122.2; };

// Forward any unresolved requests to your ISP's name server. Or use google server  8.8.8.8 or 8.8.4.4.
forwarders { 8.8.4.4; }; 

//Add the zone declaration for the domain 'mycompany.com' at the end of the file. 
// forward zone declaration
zone "mycompany.com" IN {
      type master;
      file "named.mycompany.com";
};


//reverse zone declaration
zone "122.168.192.in-addr.arpa" IN {
        type master;
        file "named.122.168.192.in-addr.arpa";
};


3)Create the forward zone definition file '/var/named/named.mycompany.com' as shown below. 

$TTL 1D
@       IN SOA  meru.mycompany.com. root.meru.mycompany.com. (
                                        0      
; serial
                                        1D     
; refresh
                                        1H     
; retry
                                        1W     
; expire
                                        3H )   
; minimum
        IN      NS      meru.mycompany.com.   
; DNS Server for the domain mycompany.com
        IN      MX      10      meru.mycompany.com.  
; Mail Server for the domain mycompany.com

meru        IN      A            192.168.122.1   
;IP Address of meru
server1    IN      A            192.168.122.2 
;IP Address of server1  
server2    IN      A            192.168.122.3  ;IP Address of server2

www         IN      CNAME   meru            ;Alias for meru


5) Create the reverse zone definition file '/var/named/named.122.168.192.in-addr.arpa' as shown below. 

$TTL 1D
@       IN SOA  root.meru.mycompany.com. meru.mycompany.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      meru.mycompany.com.

1       IN      PTR     meru.mycompany.com.
2       IN      PTR     server1.mycompany.com.
3       IN      PTR     server2.mycompany.com.


4) Check the config file and zone files for errors.
[root@meru ~]# named-checkconf

[root@meru ~]# named-checkzone mycompany.com /var/named/named.mycompany.com

[root@meru ~]# named-checkzone 122.168.192.in-addr.arpa /var/named/named.122.168.192.in-addr.arpa

5) Open Firewall Ports. UDP/53 for DNS queries, TCP/53 for Zone Transfer.
[root@meru ~]# firewall-cmd --zone=public --add-service=dns --permanent
[root@meru ~]# firewall-cmd --reload


6) Start the DNS Server
[root@meru ~]# systemctl start named

7) Enable at boot
[root@meru ~]# systemctl enable named

8) Check status
[root@meru ~]# rndc status
        CPUs found: 4
        worker threads: 4
        UDP listeners per interface: 4
        number of zones: 104
        recursive clients: 0/0/1000
        tcp clients: 0/100
        server is up and running



Client Configuration


1) Install packages
[root@server1 ~]# yum -y install bind-utils

2) Edit the file '/etc/resolv.conf'. Add the following line
          nameserver 192.168.122.1

3) Query the DNS Server
[root@server1 ~]# dig @192.168.122.1 server2.mycompany.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> @192.168.122.1 server2.mycompany.com
; (1 server found)
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;server2.mycompany.com.        IN    A

;; ANSWER SECTION:
server2.mycompany.com.    86400    IN    A    192.168.122.3




[root@meru ~]# dig  @localhost -x 192.168.122.2
 ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> @localhost -x 192.168.122.2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.122.168.192.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
2.122.168.192.in-addr.arpa. 86400 IN    PTR    server1.mycompany.com.

1 comment:

  1. SSN FULLZ AVAILABLE

    Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.

    >>1$ each SSN+DOB
    >>3$ each with SSN+DOB+DL
    >>5$ each for premium fullz (700+ credit score with replacement guarantee)

    Prices are negotiable in bulk order
    Serious buyer contact me no time wasters please
    Bulk order will be preferable

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    OTHER STUFF YOU CAN GET

    SSN+DOB Fullz
    CC's with CVV's (vbv & non-vbv)
    USA Photo ID'S (Front & back)

    All type of tutorials available
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SQL Injector
    Premium Accounts (Netflix, Pornhub, etc)
    Paypal Logins
    Bitcoin Cracker
    SMTP Linux Root
    DUMPS with pins track 1 and 2
    WU & Bank transfers
    Socks, rdp's, vpn
    Php mailer
    Server I.P's
    HQ Emails with passwords
    All types of tools & tutorials.. & much more

    Looking for long term business
    For trust full vendor, feel free to contact

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    ReplyDelete