×

Installing DNS server on CentOS 7

Installing DNS server on CentOS 7

DNS stands for “Domain Naming System” and translates host titles or URLs to IP addresses. For example, if you type the address www.ariaservice.net into your browser, the DNS server will translate the domain name to its corresponding IP address. Since IP addresses cannot always be committed to memory, DNS servers play a decisive role. Because it will be much easier to remember a domain name than an IP address.

In this tutorial, we will help you to install a local DNS server on CentOS 7 system. Of course, the same steps are also applicable for installing DNS server in RHEL and Scientific Linux 7.

DNS server installation

Work steps scenario

In order to achieve the educational goals that we follow in this article, we use three point systems. One will act as the Master DNS server, the other will be the Secondary DNS and the third system will be our DNS client. Here we review the details of the three systems.

Master DNS server details

  • Operating system: CentOS 7 minimal server
  • Host titles: ariaservice.local
  • IP address: 168.1.101/24

Secondary or Slave DNS server details

  • Operating system: CentOS 7 minimal server
  • Host titles: ariaservice.local
  • IP address: 168.1.102/24

Client details

  • OS: CentOS 6.5 Desktop
  • Host titles: ariaservice.local
  • IP address: 168.1.103/24

Install the main DNS server

For this purpose, you need to install bind9 packages on your server.

1
yum install bind bind-utils -y

Step 1) DNS server settings

For this purpose, edit the ‘/etc/named.conf’ file.

1
vi /etc/named.conf

Add the items written in bold below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
    listen-on port 53 { 127.0.0.1; <strong>192.168.1.101;</strong>}; <strong>### Master DNS IP ###</strong>
#    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; <strong>192.168.1.0/24;</strong>}; <strong>### IP Range ###</strong>
    allow-transfer{ localhost; <strong>192.168.1.102;</strong> };   <strong>### Slave DNS IP ###</strong>
    /*
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable
       recursion.
     - If your recursive DNS server has a public IP address, you MUST enable access
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface
    */
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
    type hint;
    file "named.ca";
};
<strong>zone "unixmen.local" IN {
type master;
file "forward.unixmen";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";
allow-update { none; };
};</strong>
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";</pre>
<pre>

Step 2) Creating Zone files

In this step, we want to create the forward and reverse zones that we mentioned in the ‘/etc/named.conf’ file.

Construction of Forward Zone

Create forward.ariaservice file in ‘/var/named’ directory.

1
vi /var/named/forward.ariaservice

Add the following lines.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
$TTL 86400
@   IN  SOA     masterdns.ariaservice.local. root.ariaservice.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.ariaservice.local.
@       IN  NS          secondarydns.ariaservice.local.
@       IN  A           192.168.1.101
@       IN  A           192.168.1.102
@       IN  A           192.168.1.103
masterdns       IN  A   192.168.1.101
secondarydns    IN  A   192.168.1.102
client          IN  A   192.168.1.103

Construction of Reverse Zone

Create reverse.ariaservice file in ‘/var/named’ directory.

1
vi /var/named/reverse.ariaservice

Now it’s time to add the following lines.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
</pre>
<pre>$TTL 86400
@   IN  SOA     masterdns.unixmen.local. root.unixmen.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.unixmen.local.
@       IN  NS          secondarydns.unixmen.local.
@       IN  A           192.168.1.101
@       IN  A           192.168.1.102
@       IN  A           192.168.1.103
masterdns       IN  A   192.168.1.101
secondarydns    IN  A   192.168.1.102
client          IN  A   192.168.1.103</pre>
<pre>

Step 3) Setting up the DNS service

Activate and start the DNS service as follows.

1
2
systemctl enable named
systemctl start named

Step 4) Firewall settings

The default port number 53 of the DNS service must have the necessary permissions in the firewall. For this purpose, the following commands will help you.

1
2
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp

Step 5) Restart the firewall

Type the following command.

1
firewall-cmd --reload

Step 6) Setting permissions, properties and SELinux

Run the following commands one by one.

1
2
3
4
chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

Step 7) Test DNS server settings and Zone files

Testing the default DNS server settings can be done as follows.

1
named-checkconf /etc/named.conf

If nothing is displayed, your configuration file is valid and available.

Forward zone review

1
named-checkzone ariaservice.local /var/named/forward.ariaservice

Sample output

1
2
zone ariaservice.local/IN: loaded serial 2011071001
OK

Check the reverse zone

1
named-checkzone ariaservice.local /var/named/reverse.ariaservice

Sample output

1
2
zone ariaservice.local/IN: loaded serial 2011071001
OK

Now enter the DNS server details in your network interface settings file.

1
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

As follows:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
TYPE=”Ethernet”
BOOTPROTO=”none”
DEFROUTE=”yes”
IPV4_FAILURE_FATAL=”no”
IPV6INIT=”yes”
IPV6_AUTOCONF=”yes”
IPV6_DEFROUTE=”yes”
IPV6_FAILURE_FATAL=”no”
NAME=”enp0s3”
UUID=”5d0428b3-6af2-4f6b-9fe3-4250cd839efa”
ONBOOT=”yes”
HWADDR=”08:00:27:19:68:73”
IPADDR0=”192.168.1.101”
PREFIX0=”24”
GATEWAY0=”192.168.1.1”
DNS=”192.168.1.101”
IPV6_PEERDNS=”yes”
IPV6_PEERROUTES=”yes”

Now it’s time to edit the /etc/resolv.conf file.

1
vi /etc/resolv.conf

Enter the IP address for the nameserver.

1
nameserver&amp;amp;nbsp;&amp;amp;nbsp;&amp;amp;nbsp;&amp;amp;nbsp;&amp;amp;nbsp; 192.168.1.101

Save and close the file.

Now restart the network service.

1
systemctl restart network

Step 8) DNS server test

1
dig masterdns.ariaservice.local

Sample output

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
</pre>
<pre>; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.unixmen.local.    IN    A
;; ANSWER SECTION:
masterdns.unixmen.local. 86400    IN    A    192.168.1.101
;; AUTHORITY SECTION:
unixmen.local.        86400    IN    NS    secondarydns.unixmen.local.
unixmen.local.        86400    IN    NS    masterdns.unixmen.local.
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 IN    A    192.168.1.102
;; Query time: 0 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Wed Aug 20 16:20:46 IST 2014
;; MSG SIZE  rcvd: 125

And with the following command:

1
nslookup ariaservice.local

Sample output

1
2
3
4
5
6
7
8
9
10
11
</pre>
<pre>Server:        192.168.1.101
Address:    192.168.1.101#53
Name:    unixmen.local
Address: 192.168.1.103
Name:    unixmen.local
Address: 192.168.1.101
Name:    unixmen.local
Address: 192.168.1.102</pre>
<pre>

Now the primary DNS server is ready to use and we need to configure ourselves for the secondary server installation.

Installing a secondary DNS server

Install the bind packages using the following command.

1
yum install bind bind-utils -y

Step 1) Secondary DNS server settings

For this purpose, you need to edit the ‘/etc/named.conf’ file.

1
vi /etc/named.conf

Make changes according to the lines marked in bold font below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query&amp;amp;nbsp;&amp;amp;nbsp;&amp;amp;nbsp;&amp;amp;nbsp; { localhost; 192.168.1.0/24; };
.
.
.
.
zone "." IN {
type hint;
file "named.ca";
};
zone "ariaservice.local" IN {
type slave;
file "slaves/ariaservice.fwd";
masters { 192.168.1.101; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/ariaservice.rev";
masters { 192.168.1.101; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Step 2) Setting up the DNS service

Setting up the DNS server is done with the help of the following commands.

1
2
systemctl enable named
systemctl start named

Now the forward and reverse zones are automatically copied from the primary DNS server to the address ‘/var/named/slaves/’ in the secondary DNS server.

1
ls /var/named/slaves/

Sample output

1
ariaservice.fwd&amp;amp;nbsp; ariaservice.rev

Step 3) Add DNS server details

In the network user interface settings file, enter the server details as below.

1
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.102"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS1="192.168.1.101"
DNS2="192.168.1.102"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"

Now it’s time to edit the /etc/resolv.conf file.

1
vi /etc/resolv.conf

Here you need to enter the IP address of the server.

1
2
nameserver 192.168.1.101
nameserver 192.168.1.102

Save and close the file.

Now you need to restart the network.

1
systemctl restart network

Step 4) Firewall settings

We must allow the default port number 53 of the DNS service to pass through the firewall.

1
firewall-cmd --permanent --add-port=53/tcp

Step 5) Restart the firewall

1
firewall-cmd –reload

Step 6) Permissions, ownership and SELinux settings

1
2
3
4
chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

Step 7) DNS server test

1
dig masterdns.ariaservice.local

Sample output

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
</pre>
<pre>; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18204
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.unixmen.local.    IN    A
;; ANSWER SECTION:
masterdns.unixmen.local. 86400    IN    A    192.168.1.101
;; AUTHORITY SECTION:
unixmen.local.        86400    IN    NS    masterdns.unixmen.local.
unixmen.local.        86400    IN    NS    secondarydns.unixmen.local.
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 IN    A    192.168.1.102
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Wed Aug 20 17:04:30 IST 2014
;; MSG SIZE  rcvd: 125</pre>
<pre>

and the following command:

1
dig secondarydns.ariaservice.local

Sample output

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
</pre>
<pre>; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> secondarydns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60819
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;secondarydns.unixmen.local.    IN    A
;; ANSWER SECTION:
secondarydns.unixmen.local. 86400 IN    A    192.168.1.102
;; AUTHORITY SECTION:
unixmen.local.        86400    IN    NS    masterdns.unixmen.local.
unixmen.local.        86400    IN    NS    secondarydns.unixmen.local.
;; ADDITIONAL SECTION:
masterdns.unixmen.local. 86400    IN    A    192.168.1.101
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Wed Aug 20 17:05:50 IST 2014
;; MSG SIZE  rcvd: 125</pre>
<pre>

Then the following command:

1
nslookup ariaservice.local

Sample output

1
2
3
4
5
6
7
8
9
10
11
</pre>
<pre>Server:        192.168.1.102
Address:    192.168.1.102#53
Name:    unixmen.local
Address: 192.168.1.101
Name:    unixmen.local
Address: 192.168.1.103
Name:    unixmen.local
Address: 192.168.1.102</pre>
<pre>

Client-side settings

Enter the DNS server details in the ‘/etc/resolv.conf’ file on all client systems.

1
vi /etc/resolv.conf

As follows:

1
2
3
4
# Generated by NetworkManager
search ariaservice.local
nameserver 192.168.1.101
nameserver 192.168.1.102

Now restart the network service or reboot the system.

DNS server test

Now you can test the DNS server with the help of one of the commands below.

1
2
3
4
dig masterdns.ariaservice.local
dig secondarydns.ariaservice.local
dig client.ariaservice.local
nslookup ariaservice.local

Our work ends here. Currently, primary and secondary DNS servers are ready to access and use.

Conclusion

In this tutorial, we looked at how to install a local DNS server on a CentOS 7 Linux distribution. We hope that this article has also been of interest to you.

Source: Unixmen.com

support hosting100