Академический Документы
Профессиональный Документы
Культура Документы
on RHEL/CentOS 7
Step by Step Guide
This document provides quick configuration on the setup of BIND
(Berkeley Internet Name Domain) service named .
Yogesh Kumar
9/5/2016
Ver 1.0
Table of Contents
1
2.2
2.3
10
Page 2 of 9
Setup Details
In this lab setup we are going to install and configure the BIND DNS service named. DNS server listen the
DNS requests on port 53, which is default port for name resolution service.
Operating System
master.opensky.home / 90.10.10.20
DNS Client
centos-client / 90.10.10.50
DNS Port
53
Platform
VMware Workstation
RPM Sources
2
2.1
(Default)
This is must and recommended to have a static IP configured on the DNS NIC.
2.2
90.10.10.20
master.opensky.home
master
2.3
SELINUX STATUS
In my setup I have kept the selinux disabled, its upto you whether you want to keep it enabled or
disabled.
[root@master ~]# sestatus
SELinux status:
disabled
[root@master ~]#
Page 3 of 9
To install DNS packages we will use the yum command, as yum takes care to install the dependency
packages by itself, if any.
[root@master ~]# yum install bind bind-utils
[root@master ~]# rpm -q bind bind-utils
Once the DNS bind packages are installed, next step is to enable the DNS configuration to enable
named service to accept the request on DNS Server IP. In our lab setup it is 90.10.10.20. To perform
these changes manually edit the /etc/named.conf file.
Before
[root@master ~]# grep -w "listen-on port 53" /etc/named.conf
listen-on port 53 { 127.0.0.1; };
[root@master ~]# grep -w "allow-query" /etc/named.conf
allow-query
{ localhost; };
After Editing
[root@master ~]# grep -w "listen-on port 53" /etc/named.conf
listen-on port 53 { 127.0.0.1;90.10.10.20; };
[root@master ~]# grep -w "allow-query" /etc/named.conf
allow-query
{ any; };
[root@master ~]#
Once we have made the above changes, we can start the named service to ensure that changes
worked fine and service started without any problem.
[root@master ~]# systemctl enable named.service
[root@master ~]# systemctl start named.service
[root@master ~]# systemctl status named.service
named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2016-07-10 03:42:58 AEST; 6s ago
Process: 31177 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
......
[root@master ~]#
Once the named service is started, we can check if named services are listening on DNS server IP on
Page 4 of 9
0 90.10.10.20:53
0.0.0.0:*
LISTEN
tcp
0 127.0.0.1:53
0.0.0.0:*
LISTEN
tcp6
0 ::1:53
:::*
LISTEN
udp
0 90.10.10.20:53
0.0.0.0:*
udp
0 127.0.0.1:53
0.0.0.0:*
udp6
0 ::1:53
:::*
[root@master ~]#
Above outputs confirms that DNS server is listening on loopback , DNS IP on port 53 for TCP and
UDP protocols.
Firewall Settings
In enterprise setup generally operating system firewall is kept off as enterprise firewalls are there to
keep the network secure. In this lab setup I am not going to disable the local firewall as we dont
have enterprise firewalls here.
We will create firewall rules to accept the tcp/udp requests on port 53 reload the firewall rules.
[root@master ~]# firewall-cmd --zone=public --add-port=53/tcp --permanent
success
[root@master ~]# firewall-cmd --zone=public --add-port=53/udp --permanent
success
[root@master ~]# firewall-cmd --reload
success
[root@master ~]#
Once firewall rules configured and loaded , we can test it using nmap command. Beauty of nmap
utility is we can test both tcp and udp connectivity.
[root@master ~]# nmap -p 53 90.10.10.20
Host is up (-2100s latency).
PORT STATE SERVICE
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
[root@master ~]# nmap -sU -p 53 90.10.10.20
Host is up (0.00075s latency).
PORT STATE SERVICE
53/udp open domain
Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
[root@master ~]#
Page 5 of 9
So now we have infrastructure configuration setup completed to run the DNS services. Lets define
our zone file for our opensky.home domain.
6.1
First we will update the /etc/named.conf for the names of forward and reverse lookup files. To do
this vi the /etc/named.conf file and add the following entries before include statements.
zone "opensky.home" IN {
type master;
file "forward.opensky";
allow-update { none; };
};
zone "10.10.90.in-addr.arpa" IN {
type master;
file "reverse.opensky";
allow-update { none; };
};
Now create forward and reverse lookup files with the following contents
[root@master ~]# cat /var/named/forward.opensky
$TTL 86400
@ IN SOA master.opensky.home. root.opensky.home. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN
NS
master.opensky.home.
IN
90.10.10.20
IN
90.10.10.50
master
IN
centos-client
IN
90.10.10.20
A
90.10.10.50
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@
IN
NS
master.opensky.home.
IN
PTR
opensky.home.
master
IN
centos-client
IN
90.10.10.20
A
90.10.10.50
20
IN
PTR master.opensky.home.
50
IN
PTR centos-client.opensky.home.
[root@master ~]#
Page 7 of 9
Perform a clean start of the named service for these setting to take effect and ensure there are no
configuration issues
[root@master ~]# systemctl stop named.service
[root@master ~]# systemctl start named.service
[root@master ~]# systemctl status named.service
named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2016-07-10 07:57:53 AEST; 10s ago
Redirecting to /bin/systemctl restart named.service
[root@master ~]#
opensky.home
nameserver 90.10.10.20
[root@centos-client /]#
90.10.10.20
90.10.10.20#53
Name: centos-client.opensky.home
Address: 90.10.10.50
Page 8 of 9
90.10.10.20
Address:
90.10.10.20#53
50.10.10.90.in-addr.arpa
name = centos-client.opensky.home.
IN
;; AUTHORITY SECTION:
opensky.home.
1800 604800 86400
86400 IN
SOA
These steps confirm configuration is working. Steps will same for RHEL 7.
Page 9 of 9