Setup BIND9 DNS server RHEL7/CENTOS 7
SERVER
IP ADDRESS: 10.68.33.61
1) Assign a hostname of your server
hostnamectl set-hostname dnsserver
2) Install bind and bind-utils
yum -y install bind bind-utils
3) Configure the DNS(BIND)
Disable IPv6 by commeting the line in name.conf. In this tutorial I will be using IPv4.
vi /etc/named.conf
// listen-on-v6 port 53 { ::1; };
4) Add ACL or this is optional.
vi /etc/named.conf
acl “trusted” {
10.68.33.61;
10.68.33.62;
10.68.33.63;
10.68.33.64;
10.68.33.65;
10.68.33.66;
172.19.19.88;
172.19.19.94;
172.19.19.95;
};
5) Add the IPs or subnet that you will allow to query to this DNS server
vi /etc/named.conf
allow-query { trusted; 10.68.33.61; 10.68.33.62; 10.68.33.63; 10.68.33.64; 10.68.33.65; 10.68.33.66; 172.19.19.88; 172.19.19.94; 172.19.19.95;};
6) Create forward zones. The following zone is the forward zone entry for the mydomain.com domain
vi /etc/named.conf
zone “mydomain.com” IN {
type master;
file “fwd.mydomain.com.db”;
allow-update { none; };
};
7) Create reverse zone. The following zones are the reverse zone entry.
I have created two zones as I have two subnet 10.68.33.x and 172.19.19.x
vi /etc/named.conf
zone “33.68.10.in-addr.arpa” IN {
type master;
file “33.68.10.db”;
allow-update { none; };
};zone “19.19.172.in-addr.arpa” IN {
type master;
file “19.19.172.db”;
allow-update { none; };
};
Below is the complete configuration of my named.conf
# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
acl “trusted” {
10.68.33.61;
10.68.33.62;
10.68.33.63;
10.68.33.64;
10.68.33.65;
10.68.33.66;
172.19.19.88;
172.19.19.94;
172.19.19.95;
};
options {
listen-on port 53 { 127.0.0.1; 10.68.33.61; };
// listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursing-file “/var/named/data/named.recursing”;
secroots-file “/var/named/data/named.secroots”;
allow-query { trusted; 10.68.33.61; 10.68.33.62; 10.68.33.63; 10.68.33.64; 10.68.33.65; 10.68.33.66; 172.19.19.88; 172.19.19.94; 172.19.19.95;};
recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “mydomain.com” IN {
type master;
file “fwd.mydomain.com.db”;
allow-update { none; };
};
zone “33.68.10.in-addr.arpa” IN {
type master;
file “33.68.10.db”;
allow-update { none; };
};
zone “19.19.172.in-addr.arpa” IN {
type master;
file “19.19.172.db”;
allow-update { none; };
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
8) Create zone files.
There are some special keywords for Zone Files
A – A record
NS – Name Server
MX – Mail for Exchange
CNAME – Canonical Name
touch /var/named/fwd.mydomain.com.db
vi /var/named/fwd.mydomain.com.db
#
$TTL 604800
@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121213 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)
;Name Server Information
@ IN NS dnsserver.mydomain.com.
;IP address of Name Server
dnsserver IN A 10.68.33.61
;A – Record HostName To IP Address
api.openshift4 IN A 10.68.33.62
api-int.openshift4 IN A 10.68.33.62
apps.openshift4 IN A 10.68.33.62
master1.openshift4 IN A 10.68.33.63
master2.openshift4 IN A 10.68.33.67
master3.openshift4 IN A 10.68.33.68
etcd-0.openshift4 IN A 10.68.33.63
etcd-1.openshift4 IN A 10.68.33.67
etcd-2.openshift4 IN A 10.68.33.68
worker1.openshift4 IN A 10.68.33.64
worker2.openshift4 IN A 10.68.33.65
bootstrap.openshift4 IN A 10.68.33.66
*.apps.openshift4 IN A 10.68.33.62
test.openshift4 IN A 172.19.19.88
;_service._proto.name. TTL class SRV priority weight port target.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-0.openshift4.mydomain.com.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-1.openshift4.mydomain.com.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-2.openshift4.mydomain.com.
#
9) Create a zone file called 33.68.10.db and 19.19.172.db for the reverse zone under /var/named directory.
I have two subnets so I have created two zone files.
PTR – Pointer
SOA – Start of Authority
vi /var/named/33.68.10.db
;######################################################################################
@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121213 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)
;Name Server Information
@ IN NS dnsserver.mydomain.com.
;Reverse lookup for Name Server
61 IN PTR dnsserver.mydomain.com.
;PTR Record IP address to HostName
62 IN PTR api.openshift4.mydomain.com.
62 IN PTR api-int.openshift4.mydomain.com.
62 IN PTR apps.openshift4.mydomain.com.
63 IN PTR master1.openshift4.mydomain.com.
67 IN PTR master2.openshift4.mydomain.com.
68 IN PTR master3.openshift4.mydomain.com.
63 IN PTR etcd-0.openshift4.mydomain.com.
67 IN PTR etcd-1.openshift4.mydomain.com.
68 IN PTR etcd-2.openshift4.mydomain.com.
64 IN PTR worker1.openshift4.mydomain.com.
65 IN PTR worker2.openshift4.mydomain.com.
66 IN PTR bootstrap.openshift4.mydomain.com.
;######################################################################################
vi /var/named/19.19.172.db
;######################################################################################
@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121204 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)
;Name Server Information
@ IN NS dnsserver.mydomain.com.
;Reverse lookup for Name Server
61 IN PTR dnsserver.mydomain.com.
;PTR Record IP address to HostName
88 IN PTR test.openshift4.mydomain.com.
;######################################################################################
10) Firewall
Add a allow rule in firewall to let clients can connect to DNS server for name resolution
firewall-cmd –permanent –add-port=53/udp
firewall-cmd –reload
11) Add the DNS server IP ADDRESS in DNS1 to the client machines and as well as this bind dns server.
/etc/sysconfig/network-scripts/ifcfg-eXX
DNS1=10.68.33.61
12)Restart network service.
systemctl restart NetworkManager
13)Use the following command to verify the forward lookup.
dig dnsserver.mydomain.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> dnsserver.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63873
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dnsserver.mydomain.com. IN A
;; ANSWER SECTION:
dnsserver.mydomain.com. 604800 IN A 10.68.33.61
;; AUTHORITY SECTION:
mydomain.com. 604800 IN NS dnsserver.mydomain.com.
;; Query time: 0 msec
;; SERVER: 10.68.33.61#53(10.68.33.61)
;; WHEN: Thu Dec 12 22:39:57 EST 2019
;; MSG SIZE rcvd: 79