Domain Name Service (DNS)
is an internet service that maps IP addresses to fully qualified domain names
(FQDN) and vice versa. BIND stands for Berkley Internet Naming Daemon. BIND is
the most common program used for maintaining a nameserver on Linux.
Each computer on the Internet is assigned a unique
address, called an IP address. A typical IP address looks like this:
199.123.456.7
It is very difficult to keep in mind the IP addresses of all the websites we visit daily. Words are easier to remember than strings of numbers. This is where domain names come into the picture. When you visit a website, all you need to know is its URL. Computers remember numbers, and DNS helps us convert the URL into an IP address that the computer can understand.
When you type in domain.com into your browser, the browser first needs to get the IP address of www.domain.com. The browser contacts a DNS server to query the location of the server where the webpages are stored. Think of it as a directory service of IP address.
The classic phonebook directory analogy, you need to find the company "Joe's Bookstore", you look in the directory and see that it is located on 123 Main Street. Then you go to the address to visit the store.
It is very difficult to keep in mind the IP addresses of all the websites we visit daily. Words are easier to remember than strings of numbers. This is where domain names come into the picture. When you visit a website, all you need to know is its URL. Computers remember numbers, and DNS helps us convert the URL into an IP address that the computer can understand.
When you type in domain.com into your browser, the browser first needs to get the IP address of www.domain.com. The browser contacts a DNS server to query the location of the server where the webpages are stored. Think of it as a directory service of IP address.
The classic phonebook directory analogy, you need to find the company "Joe's Bookstore", you look in the directory and see that it is located on 123 Main Street. Then you go to the address to visit the store.
# yum install bind* -y
# vim /etc/named.conf
listen-on port 53 {
192.168.1.1; };
allow-query { any; };
go to the end of file and type the below
configuration
zone "dynamite.com" IN {
type master;
file "dynamite.com";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type
master;
file
"dynamite.com.rz";
allow-update
{ none; };
};
Save and exit the file
# cd /var/named
# vim dynamite.com
$TTL 1D
@ IN
SOA dynamite.com dns-admin.dynamite.com. (
20111024 ;
serial
1D ; refresh
1H ; retry
1W ; expire
3H
) ; minimum
@ IN NS dns.dynamite.com.
dns IN A 192.168.1.1
client IN A 192.168.1.10
# vim dynamite.com.rz
$TTL 1D
@ IN SOA dns.dynamite.com. dns-admin.dynamite.com. (
20111024 ;
serial
1D ; refresh
1H ; retry
1W ; expire
3H
) ; minimum
1.168.192.in-addr.arpa. IN NS dns.dynamite.com.
1 IN PTR dns.dynamite.com
10 IN PTR client.dynamite.com
# chown root.named dynamite.com
# chown root.named dynamite.com.rz
# chkconfig named on
# service named start
Check whether DNS queries has been resolved or not
using the following commands
# dig dns.dynamite.com
# nslookup client.dynamite.com
# nslookup 192.168.1.1
How to configure a DNS server in Rhel 6 | centos 6 using BIND | Step by Step
DNS (Domain Name System) is the core component of
network infrastructure. The DNS service resolves hostname into ip address and
vice versa.
For example if we type a test website in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.
For example if we type a test website in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.
Scenario
Here are my test setup scenario :
Here are my test setup scenario :
Operating System : RHEL 6
Internal LAN IP of DNS Server :
192.168.10.2
Hostname : testserver.myspace.com
Indicationblue character : means linux command.
bold character : means you have to change/output in files to particulate line or paragraph.
Normal character : means output of linux command or files.
1. Setup a network-script files :
[root@server1 ~]# vim
/etc/sysconfig/netwprk-scripts/ifcfg-eth0
DEVICE="eth0"
NM_CONTROLLED="yes"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
IPADDR=192.168.10.2
PREFIX=24
GATEWAY=10.102.1.1
DNS1=192.168.10.2
HWADDR=00:16:EC:38:25:3D
2. Setup a hosts file :
[root@server1 ~]# vim /etc/hosts
192.168.10.2 testserver.myspace.com
server1 # Added by
NetworkManager
127.0.0.1 localhost.localdomain
localhost
::1 testserver.myspace.com server1
localhost6.localdomain6 localhost6
[root@server1 ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=testserver.myspace.com
3. Add the nameserver in resolve file :[root@server1 ~]# vim /etc/resolve.conf
search howtoc.com
nameserver
192.168.10.2
4. Now time to install BIND packages from yum :
[root@server1 ~]# yum -y install bind*
[root@server1 ~]# updatedb
#
Find the named.conf file(Main configuration file of BIND)
[root@server1 ~]# locate named.conf
/etc/named.conf
/usr/share/doc/bind-9.7.0/named.conf.default
/usr/share/doc/bind-9.7.0/sample/etc/named.conf
/usr/share/logwatch/default.conf/services/named.conf
/usr/share/man/man5/named.conf.5.gz
# Go to below path
[root@server1 ~]# cd /var/named/chroot/
[root@server1 chroot]# cd etc
[root@server1 etc]# pwd
/var/named/chroot/etc
5. Copy named.conf file from BIND lib. & Change the group of named.conf :
[root@server1 etc]# cp /usr/share/doc/bind-9.7.0/named.conf.default named.conf
[root@server1 etc]# chgrp named named.conf
[root@server1 etc]# ll named.conf
f -rw-r--r--. 1 root named 930 Aug 3 07:58 named.conf
6. Edit the BIND configuration file :
[root@server1 etc]# vim named.conf
[root@server1 etc]# grep listen named.conf
listen-on port 53 { 127.0.0.1;
};
Comment it # // listen-on-v6 port 53 { ::1; };
[root@server1 etc]# vim named.conf
[root@server1 etc]# grep listen named.conf
listen-on port 53 { 127.0.0.1; 192.168.10.2;
};
Comment it # // listen-on-v6 port 53 { ::1; };
7. Restart the name(BIND) service :
[root@server1 etc]# /etc/init.d/named restart
Stopping named: [ OK ]
Starting named: [ OK ]
8. Edit the named.conf file & add the zone :
# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the
ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost
DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named
configuration files.
//
options {
listen-on port 53 { 127.0.0.1;192.168.10.2;
};
/*listen-on-v6 port 53 { ::1;
};*/
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file
"/var/named/data/named_stats.txt";
memstatistics-file
"/var/named/data/named_mem_stats.txt";
allow-query {
localhost;192.168.10.0/24; };
#
transfer range ( set it if you have secondary DNS
)
allow-transfer { localhost; 192.168.10.0/24;
};,
recursion yes;
dnssec-enable yes;
dnssec-validation
yes;
dnssec-lookaside
auto;
/*
Path to ISC DLV key */
bindkeys-file
"/etc/named.iscdlv.key";
};
logging {
channel default_debug
{
file
"data/named.run";
severity
dynamic;
};
};
zone "." IN {
type
hint;
file
"named.ca";
};
zone "howtoc.com" IN
{
type
master;
file
"forward.zone";
allow-update { none;
};
};
zone "10.168.192.in-addr.arpa" IN
{
type
master;
file
"reverse.zone";
allow-update { none;
};
};
# vim /etc/named.rfc1912.zones
//
named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones
recommended by
// RFC 1912 section 4.1 : localhost TLDs and address
zones
// and
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named
configuration files.
//
zone "howtoc.com" IN
{
type
master;
file
"forward.zone";
allow-update { none;
};
};
zone "localhost" IN {
type
master;
file
"named.localhost";
allow-update { none;
};
};
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN
{
type
master;
file
"named.loopback";
allow-update { none;
};
};
zone "10.168.192.in-addr.arpa" IN
{
type
master;
file
"reverse.zone";
allow-update { none;
};
};
zone "0.in-addr.arpa" IN
{
type
master;
file
"named.empty";
allow-update { none;
};
};
10. Copy the zone file from BIND Lib :
[root@server1 named]#cp named.localhost forward.zone
[root@server1 named]#cp named.loopback
reverse.zone
11. Edit the forward zone (name to ip Addr) :
[root@server1 named]#vim
/var/named/forward.zone
$TTL 1D
@ IN SOA testserver.myspace.com. root.howtoc.com.
(
0
; serial
1D
; refresh
1H
; retry
1W ;
expire
3H
) ; minimum
IN NS
testserver.myspace.com.
IN A 192.168.10.2
server1 IN A 192.168.10.2
12. Edit the reverse zone (ip Addr to name) :
[root@server1 named]#vim
/var/named/reverse.zone
$TTL 1D
@ IN SOA testserver.myspace.com. root.howtoc.com.
(
0
; serial
1D
; refresh
1H
; retry
1W
; expire
3H
) ; minimum
IN NS
testserver.myspace.com.
IN PTR
howtoc.com.
IN A
255.255.255.0
2 IN PTR
testserver.myspace.com.
12. Change the group permission & restart the service :
[root@server1 named]#chgrp named forward.zone
[root@server1 named]#chgrp named reverse.zone
[root@server1 named]#/etc/init.d/named restart
13. Test your DNS server using dig command :@ forward lookup
[root@server1 named]# dig
testserver.myspace.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6
<<>> testserver.myspace.com
;; global options:
+cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 50351
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY:
1, ADDITIONAL: 0
;; QUESTION SECTION:
;testserver.myspace.com. IN A
;; ANSWER SECTION:
testserver.myspace.com. 86400 IN A 192.168.10.2
;; AUTHORITY
SECTION:
howtoc.com. 86400 IN NS testserver.myspace.com.
;; Query time: 0 msec
;; SERVER:
192.168.10.2#53(192.168.10.2)
;; WHEN: Tue Oct 16 10:13:40
2012
;; MSG SIZE rcvd: 67
@ reverse lookup
[root@server1 named]# dig -x
192.168.10.2
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6
<<>> -x 192.168.10.2
;; global options:
+cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 45077
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY:
1, ADDITIONAL: 1
;; QUESTION SECTION:
;2.10.168.192.in-addr.arpa. IN PTR
;; ANSWER
SECTION:
2.10.168.192.in-addr.arpa. 86400 IN PTR testserver.myspace.com.
;; AUTHORITY
SECTION:
10.168.192.in-addr.arpa. 86400 IN NS testserver.myspace.com.
;; ADDITIONAL
SECTION:
testserver.myspace.com. 86400 IN A 192.168.10.2
;; Query time: 1 msec
;; SERVER:
192.168.10.2#53(192.168.10.2)
;; WHEN: Tue Oct 16 10:13:08
2012
;; MSG SIZE rcvd: 106
@ Using nslookup command with also working in windows family
[root@server1 named]# nslookup
>
testserver.myspace.com
Server: 192.168.10.2
Address: 192.168.10.2#53
Name: testserver.myspace.com
Address: 192.168.10.2
> 192.168.10.2
Server: 192.168.10.2
Address: 192.168.10.2#53
2.10.168.192.in-addr.arpa name = testserver.myspace.com.
>
Change DNS settings on Linux
You
might need to change your server’s DNS settings, either because you find that
they are misconfigured or because you want to use your own. This article
describes how to change your server’s DNS settings.
Add name servers to the configuration
file
On
Linux, the DNS servers that the system uses for name resolution are defined in
the /etc/resolv.conf file.
That file should contain at least one nameserver line.
Each nameserver line
defines a DNS server. The name servers are prioritized in the order the system
finds them in the file. Use the IP addresses of the name servers when entering
them, because the system won’t know what to do with domain names until after it
knows how to get to the DNS servers.
1. Open
the resolv.conf file
with an editor, such as nano,
to make the necessary changes (if it doesn’t exist already, this command creates
the file):
sudo
nano /etc/resolv.conf
2. Add
lines for the name servers that you want to use. The following table displays
which name server IP addresses to use depending on which datacenter houses your
cloud servers. The “Name server IP address” column shows the lines to add to
the configuration file:
|
Data
center
|
Name
server IP address
|
|
Hong
Kong (HKG)
|
nameserver
120.136.32.62
nameserver 120.136.32.63 |
|
Northern
Virginia (IAD)
|
nameserver
69.20.0.164
nameserver 69.20.0.196 |
|
London
(LON)
|
nameserver
83.138.151.80
nameserver 83.138.151.81 |
|
Chicago
(ORD)
|
nameserver
173.203.4.8
nameserver 173.203.4.9 |
|
Dallas/Fort
Worth (DFW)
|
nameserver
72.3.128.240
nameserver 72.3.128.241. |
|
Sydney
(SYD)
|
nameserver
119.9.60.62
nameserver 119.9.60.63. |
3. Save
the file.
4. To
ensure that your new settings are working, ping the
domain name:
ping
-c 3 myspace.com
You
should see a result similar to the following one:
PING myspace.com (173.203.44.122) 56(84) bytes of
data.
64 bytes from 173.203.44.122: icmp_req=1 ttl=249
time=25.3 ms
64 bytes from 173.203.44.122: icmp_req=2 ttl=249
time=25.2 ms
64 bytes from 173.203.44.122: icmp_req=3 ttl=249
time=25.2 ms
--- myspace.com ping statistics
---
3 packets transmitted, 3 received, 0% packet loss, time
2002ms
rtt min/avg/max/mdev = 25.236/25.292/25.392/0.147
ms
If
you receive an unknown host message,
double-check the IP addresses that you set as your DNS
servers.
Add same servers with IPv6
addresses
If
you’re using IPv6 on your server, you might need to add the IPv6 addresses of
your name servers to the resolv.conf file.
You can see if a DNS server has an IPv6 address by performing the following
steps:
1. Use host to
get the name of the server:
2. $ host 72.3.128.240
3. 240.128.3.72.in-addr.arpa domain name pointer
cachens1.dfw1.myspace.com.
4. Use
the domain name you got back in another host lookup:
5. $ host
cachens1.dfw1.myspace.com
6. cachens1.dfw1.myspace.com has address
72.3.128.240
7. cachens1.dfw1.myspace.com has IPv6 address
2001:4800:d::1
If
an IPv6 address is returned, you can add that as another nameserver line
in the resolv.conf file,
as follows:
nameserver
2001:4800:d::1
Then
test as previously shown, by using the ping6 command
instead of the regular ping command
to force the system to use IPv6.
Aw, this was an exceptionally nice post. Finding the time and actual effort to produce a good article… but what can I say… I hesitate a lot and never manage to get anything done.
ReplyDelete