In this step-by-step tutorial I’ll try to make it as faster as I can in the way you will not waste your entire life reading to make something working.
I’ll not explain every detail and what is a DNS Server (but I promisse I can make a post regarding this topic for those who don’t know).
This Post is to make you do what you need to do without bla bla bla.
The initial setup in my case is:
Hostname: ns.zlab.com
IPADDR=192.168.193.2
NETMASK=255.255.255.0
GATEWAY=192.168.193.1
DNS1=8.8.8.8
DNS2=8.8.4.4
First of all, make a clean centOS 7 installation and update it with:
yum update -yReboot
shutdown -rf nowDone this, you will need to install the bind packages and configure some files.
yum install bind bind-utils -yThan, you will need to create the zones directory (where you’ll place the files regarding your DNS zones ;-)).
mkdir /etc/named/zonesOn /etc/named.conf you will need it to be like this (pay attention on piece of text in bold – that’s what you’ll need to adapt in order to fit your needs).
vi /etc/named.confCopy the code above, adapt to your needs, paste and save.
Note that what was modified:
The server IP Address: 192.168.192.2
The allow-query session to: any
Add the code block with Google’s DNS Forward Information (You can use your Preferred DNS).
forwarders {
8.8.8.8;
8.8.4.4;
};Add the line that will include the file with the zone information itself.
include "/etc/named/named.conf.local";The final version should looks like this:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; 192.168.193.2; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";After that, let’s create the /etc/named/named.conf.local file.
vi /etc/named/named.conf.localThis must the the content (please adapt it to your needs, the lines you need to adjust are in bold).
zone "zlab.com" {
type master;
file "/etc/named/zones/zlab.com";
};
zone "193.168.192.in-addr.arpa" {
type master;
file "/etc/named/zones/db.192.168.193"; # 192.168.193.0/24 subnet
};Than, create the zone files, in my case is zlab.com and db.192.168.193.
vi /etc/named/zones/zlab.comThe content should be like this (change according to your needs) :
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA zlab.com. admin.zlab.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.zlab.com.
ns.zlab.com. IN A 192.168.193.2Note that this line
ns.zlab.com. IN A 192.168.193.2is the record about your DNS server itself. I’ll need to add the rest of your infrastructure using the same schema, example:
ns.zlab.com. IN A 192.168.193.2
ldap.zlab.com. IN A 192.168.193.10
w10.zlab.com. IN A 192.168.193.20Save the file and edit the reverse zone file, in my case db.192.168.193 file.
vi /etc/named/zones/db.192.168.193The content should be like this (change according to your needs) :
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA zlab.com. admin.zlab.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.
; also list other computers
10 IN PTR ns.zlab.com. ; 192.168.193.2
Note that this line
10 IN PTR ns.zlab.com. ; 192.168.193.2
is the record about your DNS server itself. I’ll need to add the rest of your infrastructure using the same schema, example:
10 IN PTR ns.zlab.com. ; 192.168.193.2
10 IN PTR ldap.zlab.com. ; 192.168.193.10
10 IN PTR w10.zlab.com. ; 192.168.193.20Save the file.
Change the server DNS to 127.0.0.1 so your network config should look like this:
IPADDR=192.168.193.2
NETMASK=255.255.255.0
GATEWAY=192.168.193.1
DNS1=127.0.0.1
Restart the bind daemon.
systemctl restart namedMake it enabled in the system (to be enabled after reboot)
systemctl enable namedSet firewall rules:
firewall-cmd --permanent --new-service=named
firewall-cmd --permanent --zone=public --add-port=53/tcp
firewall-cmd --permanent --zone=public --add-port=53/udp
firewall-cmd --reloadNow is the best part, make it work on your infrastructure!
It’s really simple now!
Where you in normal situation would setup Google or your Internet Provider DNS, you set the DNS Server IP Address.
Example for linux centOS machines:
IPADDR=192.168.193.X
NETMASK=255.255.255.0
GATEWAY=192.168.193.1
DNS1=192.168.193.2
You’ll need to adapt it according to your client Operational System.
Hope it helps you.
JBCORTEZF 