Tuesday, October 11, 2011

DNS Server


Install the required packages:

[root@nan ~]# yum install -y bind bind-utils bind-libs


Ensure that the service is set to start on system boot:

[root@nan ~]# chkconfig named on


Otherwise start the service


[root@nan ~]# service named start


Use the iptables command to create your firewall rules:

[root@nan ~]# iptables -I INPUT  -p udp -m udp --dport 53 -j ACCEPT
[root@nan ~]# iptables -I INPUT  -p tcp -m tcp --dport 53 -j ACCEPT


Save the rules you just created:

[root@nan ~]# service iptables save


SELinux Boolean provides protection to the DNS service.
You need to adjust it for the DNS service to work properly.

Query for the Boolean value you need to change:

[root@nan ~]# getsebool -a | grep named_dis
named_disable_trans --> off

Disable the SELinux protection:

[root@nan ~]# setsebool -P named_disable_trans=1

Verify that the Boolean has changed:

[root@nan ~]# getsebool -a | grep named_dis
named_disable_trans --> on

Check the context type

[root@nan ~]# chcon -t named_conf_t /etc/named.conf

Verify with this command:

[root@nan ~]# ls -Z /etc | grep named.conf

Configuring a DNS Server

To begin configuring the DNS server, check out these key config files for a
BIND server:

/etc/named.conf                            Main config file
/etc/rndc.key                                 Key file
/etc/rndc.conf                               Key config file
/usr/share/doc/bind-9*/sample     Directory that holds sample files


Verify that the localhost is used for DNS queries on

[root@nan ~]# cat /etc/resolv.conf

# Generated by NetworkManager
domain localdomain
search localdomain server.com
nameserver 192.168.16.2
nameserver 192.168.25.111   // Add the name server IP address

Configure BIND  IP address [192.168.25.111/24], Domain name [nan.server.com]. However, Please use your own IPs and domain name when you set config on your server.

[root@nan ~]# cat /etc/named.conf

// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    # Add the ip address in listen-on port
    # If You want all port means make # line
    listen-on port 53 { 127.0.0.1; 192.168.25.111;};
    # listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
   # set any in allow-query 
    allow-query     { any; };
    #allow-query-cache    { any; };
    recursion yes;
 
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};
#Our sample domain is server.com defined here

zone    "server.com" IN {
    type master;
    file "server.zone";
    allow-update{none;};
};
zone "example.com" IN {
    type master;
    file "example.zone";
    allow-update{none;};
};
zone "111.25.168.192.in-addr.arpa" IN {
    type master;
    file    "111.25.168.192.db";
    allow-update{none;};
};
include "/etc/named.rfc1912.zones";

Now that you have
an /etc/named.conf file, you need to create the zone  files.

Before going any further, you should also understand the different
types of resource records used with DNS and why each one is important.


A            Maps the hostname to an IP address
NS         Contains the IP address or CNAME of the nameserver
MX         Defines where mail for a particular domain goes
PTR       Maps the IP address to a hostname
SOA       Contains general administrative control for the domain
CNAME Used as an alias

In the /var/named directory, you can set up the following example.com.zone file:

[root@nan ~]# cat /var/named/server.zone
$TTL 3D
@    IN    SOA    nan.server.com.    root.nan.server.com. (
                    20111004123    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
@    IN    NS    nan.server.com.
nan    IN    A    192.168.25.111

Everything is now in place for you to begin using your DNS server. Before starting the service, however, make sure that the config files don’t have any syntax errors.

You can use the configtest option of the named command to accom-
plish this:

# service named configtest


Because no errors are displayed, you can start the service:


# service named start


For verification

[root@nan ~]# dig nan.server.com

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> nan.server.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35679
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nan.server.com.            IN    A

;; Query time: 1 msec
;; SERVER: 192.168.25.111#53(192.168.25.111)
;; WHEN: Wed Oct 12 14:00:51 2011
;; MSG SIZE  rcvd: 32
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)