Webserver Page

Setup BIND9 DNS server RHEL7/CENTOS 7

Setup BIND9 DNS server RHEL7/CENTOS 7

SERVER
IP ADDRESS: 10.68.33.61

1) Assign a hostname of your server

hostnamectl set-hostname dnsserver

2) Install bind and bind-utils

yum -y install bind bind-utils

3) Configure the DNS(BIND)
Disable IPv6 by commeting the line in name.conf. In this tutorial I will be using IPv4.

vi /etc/named.conf

// listen-on-v6 port 53 { ::1; };

4) Add ACL or this is optional.

vi /etc/named.conf

acl “trusted” {
10.68.33.61;
10.68.33.62;
10.68.33.63;
10.68.33.64;
10.68.33.65;
10.68.33.66;
172.19.19.88;
172.19.19.94;
172.19.19.95;
};

5) Add the IPs or subnet that you will allow to query to this DNS server

vi /etc/named.conf

allow-query { trusted; 10.68.33.61; 10.68.33.62; 10.68.33.63; 10.68.33.64; 10.68.33.65; 10.68.33.66; 172.19.19.88; 172.19.19.94; 172.19.19.95;};

6) Create forward zones. The following zone is the forward zone entry for the mydomain.com domain

vi /etc/named.conf

zone “mydomain.com” IN {
type master;
file “fwd.mydomain.com.db”;
allow-update { none; };
};

7) Create reverse zone. The following zones are the reverse zone entry.
I have created two zones as I have two subnet 10.68.33.x and 172.19.19.x

vi /etc/named.conf

zone “33.68.10.in-addr.arpa” IN {
type master;
file “33.68.10.db”;
allow-update { none; };
};

zone “19.19.172.in-addr.arpa” IN {
type master;
file “19.19.172.db”;
allow-update { none; };
};

Below is the complete configuration of my named.conf

# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

acl “trusted” {
10.68.33.61;
10.68.33.62;
10.68.33.63;
10.68.33.64;
10.68.33.65;
10.68.33.66;
172.19.19.88;
172.19.19.94;
172.19.19.95;
};

options {
listen-on port 53 { 127.0.0.1; 10.68.33.61; };
// listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursing-file “/var/named/data/named.recursing”;
secroots-file “/var/named/data/named.secroots”;
allow-query { trusted; 10.68.33.61; 10.68.33.62; 10.68.33.63; 10.68.33.64; 10.68.33.65; 10.68.33.66; 172.19.19.88; 172.19.19.94; 172.19.19.95;};

    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “mydomain.com” IN {
type master;
file “fwd.mydomain.com.db”;
allow-update { none; };
};

zone “33.68.10.in-addr.arpa” IN {
type master;
file “33.68.10.db”;
allow-update { none; };
};

zone “19.19.172.in-addr.arpa” IN {
type master;
file “19.19.172.db”;
allow-update { none; };
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

8) Create zone files.

There are some special keywords for Zone Files

A – A record
NS – Name Server
MX – Mail for Exchange
CNAME – Canonical Name

touch /var/named/fwd.mydomain.com.db

vi /var/named/fwd.mydomain.com.db

#

$TTL 604800
@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121213 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)

;Name Server Information
@ IN NS dnsserver.mydomain.com.

;IP address of Name Server
dnsserver IN A 10.68.33.61

;A – Record HostName To IP Address
api.openshift4 IN A 10.68.33.62
api-int.openshift4 IN A 10.68.33.62
apps.openshift4 IN A 10.68.33.62
master1.openshift4 IN A 10.68.33.63
master2.openshift4 IN A 10.68.33.67
master3.openshift4 IN A 10.68.33.68
etcd-0.openshift4 IN A 10.68.33.63
etcd-1.openshift4 IN A 10.68.33.67
etcd-2.openshift4 IN A 10.68.33.68
worker1.openshift4 IN A 10.68.33.64
worker2.openshift4 IN A 10.68.33.65
bootstrap.openshift4 IN A 10.68.33.66
*.apps.openshift4 IN A 10.68.33.62
test.openshift4 IN A 172.19.19.88

;_service._proto.name. TTL class SRV priority weight port target.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-0.openshift4.mydomain.com.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-1.openshift4.mydomain.com.
_etcd-server-ssl._tcp.openshift4 86400 IN SRV 0 10 2380 etcd-2.openshift4.mydomain.com.

#

9) Create a zone file called 33.68.10.db and 19.19.172.db for the reverse zone under /var/named directory.
I have two subnets so I have created two zone files.

PTR – Pointer
SOA – Start of Authority

vi /var/named/33.68.10.db
;######################################################################################

@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121213 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)

;Name Server Information
@ IN NS dnsserver.mydomain.com.
;Reverse lookup for Name Server
61 IN PTR dnsserver.mydomain.com.

;PTR Record IP address to HostName
62 IN PTR api.openshift4.mydomain.com.
62 IN PTR api-int.openshift4.mydomain.com.
62 IN PTR apps.openshift4.mydomain.com.
63 IN PTR master1.openshift4.mydomain.com.
67 IN PTR master2.openshift4.mydomain.com.
68 IN PTR master3.openshift4.mydomain.com.
63 IN PTR etcd-0.openshift4.mydomain.com.
67 IN PTR etcd-1.openshift4.mydomain.com.
68 IN PTR etcd-2.openshift4.mydomain.com.
64 IN PTR worker1.openshift4.mydomain.com.
65 IN PTR worker2.openshift4.mydomain.com.
66 IN PTR bootstrap.openshift4.mydomain.com.

;######################################################################################

vi /var/named/19.19.172.db
;######################################################################################

@ IN SOA dnsserver.mydomain.com. root.mydomain.com. (
2019121204 ;Serial Sample 2019 Nov 12 format
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)

;Name Server Information
@ IN NS dnsserver.mydomain.com.
;Reverse lookup for Name Server
61 IN PTR dnsserver.mydomain.com.

;PTR Record IP address to HostName
88 IN PTR test.openshift4.mydomain.com.

;######################################################################################

10) Firewall
Add a allow rule in firewall to let clients can connect to DNS server for name resolution

firewall-cmd –permanent –add-port=53/udp
firewall-cmd –reload

11) Add the DNS server IP ADDRESS in DNS1 to the client machines and as well as this bind dns server.

/etc/sysconfig/network-scripts/ifcfg-eXX

DNS1=10.68.33.61

12)Restart network service.

systemctl restart NetworkManager

13)Use the following command to verify the forward lookup.

dig dnsserver.mydomain.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> dnsserver.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63873
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dnsserver.mydomain.com. IN A

;; ANSWER SECTION:
dnsserver.mydomain.com. 604800 IN A 10.68.33.61

;; AUTHORITY SECTION:
mydomain.com. 604800 IN NS dnsserver.mydomain.com.

;; Query time: 0 msec
;; SERVER: 10.68.33.61#53(10.68.33.61)
;; WHEN: Thu Dec 12 22:39:57 EST 2019
;; MSG SIZE rcvd: 79

rpaco