Install the required packages:
[root@nan ~]# yum install -y bind bind-utils bind-libs
Ensure that the service is set to start on system boot:
[root@nan ~]# chkconfig named on
Otherwise start the service
[root@nan ~]# service named start
Use the iptables command to create your firewall rules:
[root@nan ~]# iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT
[root@nan ~]# iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT
Save the rules you just created:
[root@nan ~]# service iptables save
SELinux Boolean provides protection to the DNS service.
You need to adjust it for the DNS service to work properly.
Query for the Boolean value you need to change:
[root@nan ~]# getsebool -a | grep named_dis
named_disable_trans --> off
Disable the SELinux protection:
[root@nan ~]# setsebool -P named_disable_trans=1
Verify that the Boolean has changed:
[root@nan ~]# getsebool -a | grep named_dis
named_disable_trans --> on
Check the context type
[root@nan ~]# chcon -t named_conf_t /etc/named.conf
Verify with this command:
[root@nan ~]# ls -Z /etc | grep named.conf
Configuring a DNS Server
To begin configuring the DNS server, check out these key config files for a
BIND server:
/etc/named.conf Main config file
/etc/rndc.key Key file
/etc/rndc.conf Key config file
/usr/share/doc/bind-9*/sample Directory that holds sample files
Verify that the localhost is used for DNS queries on
[root@nan ~]# cat /etc/resolv.conf
# Generated by NetworkManager
domain localdomain
search localdomain server.com
nameserver 192.168.16.2
nameserver 192.168.25.111 // Add the name server IP address
Configure BIND IP address [192.168.25.111/24], Domain name [nan.server.com]. However, Please use your own IPs and domain name when you set config on your server.
[root@nan ~]# cat /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
# Add the ip address in listen-on port
# If You want all port means make # line
listen-on port 53 { 127.0.0.1; 192.168.25.111;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
# set any in allow-query allow-query { any; };
#allow-query-cache { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
#Our sample domain is server.com defined herezone "server.com" IN {
type master;
file "server.zone";
allow-update{none;};
};
zone "example.com" IN {
type master;
file "example.zone";
allow-update{none;};
};
zone "111.25.168.192.in-addr.arpa" IN {
type master;
file "111.25.168.192.db";
allow-update{none;};
};
include "/etc/named.rfc1912.zones";
Now that you have
an /etc/named.conf file, you need to create the zone files.
Before going any further, you should also understand the different
types of resource records used with DNS and why each one is important.
types of resource records used with DNS and why each one is important.
A Maps the hostname to an IP address
NS Contains the IP address or CNAME of the nameserver
MX Defines where mail for a particular domain goes
PTR Maps the IP address to a hostname
SOA Contains general administrative control for the domain
CNAME Used as an alias
In the /var/named directory, you can set up the following example.com.zone file:
[root@nan ~]# cat /var/named/server.zone
$TTL 3D
@ IN SOA nan.server.com. root.nan.server.com. (
20111004123 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS nan.server.com.
nan IN A 192.168.25.111
Everything is now in place for you to begin using your DNS server. Before starting the service, however, make sure that the config files don’t have any syntax errors.
You can use the configtest option of the named command to accom-
plish this:
# service named configtest
Because no errors are displayed, you can start the service:
# service named start
For verification
[root@nan ~]# dig nan.server.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> nan.server.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35679
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;nan.server.com. IN A
;; Query time: 1 msec
;; SERVER: 192.168.25.111#53(192.168.25.111)
;; WHEN: Wed Oct 12 14:00:51 2011
;; MSG SIZE rcvd: 32
