| description |
|---|
For Bangla tutorial visit: http://www.mahedi.me |
A Domain Name System (DNS) is a distributed hierarchical system. It maintains a directory of domain names and translates them to Internet Protocol (IP) addresses and Internet Protocol (IP) to domain names or hostname. Inform which are the official Name Servers for a particular Domain.
- DNS resolver — Resides on the client-side of the DNS. When a user sends a hostname request, the resolver sends a DNS query request to the name servers to request the hostname's IP address.
- Name servers — Processes the DNS query requests received from the DNS resolver and returns the IP address to the resolver.
- Resource records — Data elements that define the basic structure and content of the DNS.
- Root Server - It's contains information of all the TLDs and TLD's server information like
.com .org .net .bd .edu .govetc. There are 13 root server with multiple instances of each server all over the world you'll find details from http://root-servers.org - TLDs Server - Contains all the domain's information in particular TLDs like Name Server of .bd hold all the .bd domains Name Server and IP addresses.
- Name Server - Contains all the zones of domains and resource database for each domain.
- Recursion Server (Resolver) - It does not contain any information for any domain but initiates a DNS query request to complete DNS address resolution. It maintains a cache database for fast serving.
- Primary Name Server - It's an authoritative server of a domain and resource records update directly in the server.
- Secondary Name Server - It's also an authoritative server of a domain but resource records are not updated directly in the server. It gets the update from a Primary Name Server of a particular domain.
Primary Server: Hostname: ns1.group-XY.ac.bd (Replace XY with your group number) IP: IP address of your server [192.168.0.5]
Secondary Server: Hostname: ns2.group-XY.ac.bd (Replace XY with your group number) IP: IP address of your server [192.168.0.10]
Add EPEL Repository
# yum install epel-release
Update System:
# yum update -y
Host name Configuration:
# vim /etc/hostname
ns1.group-XY.ac.bd
# hostname ns1.group-XY.ac.bd
Note: Please replace XY with your group ID like: ns1.group-01.ac.bd
Update /etc/hosts file:
[root@ns1 ~]# vim /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.5 ns1.group-XY.ac.bd ns1
:x
Check Host name configuration:
# hostname
ns1.group-XY.ac.bd
# hostname -d
group-XY.ac.bd
Disable Selinux:
# vim /etc/selinux/config
SELINUX=disabled
Now Reboot your server
# reboot
Firewall Configuration:
firewall-cmd --zone=public --permanent --add-port=53/udp
firewall-cmd --zone=public --permanent --add-port=53/tcp
firewall-cmd --reload
firewall-cmd --zone=public --permanent --list-all
Install Bind At first, we check bind is already installed or not by the following command:
root@ns1 ~]# rpm -qa|grep bind
If it's installed you'll find the following output:
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64
And if it's not installed then install by the following command:
[root@ns1 ~]# yum install –y bind bind-utils
Configure Bind Name Server
At first create a backup before change any in main configuration file:
cd /etc/
cp named.conf named.conf.ori
And change the configuration like following:
[root@ns1 ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.5; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-recursion { 192.168.1.0/24; };
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
// Adding forward zone
zone "group-XY.ac.bd" IN {
type master;
file "db.group-XY.ac.bd";
};
// Adding Reverse zone
zone "1.168.192.in-addr.arpa" IN {
type master;
file "db.1.168.192.in-addr.arpa";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Zone files are contained in /var/named/ directory
[root@ns1 ~]# cd /var/named/
[root@ns1 named]# ls -la
drwxr-x---. 5 root named 4096 Jul 24 17:04 .
drwxr-xr-x. 23 root root 4096 Jul 24 17:04 ..
drwxrwx---. 2 named named 6 Jul 5 06:15 data
drwxrwx---. 2 named named 6 Jul 5 06:15 dynamic
-rw-r-----. 1 root named 2281 May 22 05:51 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jul 5 06:15 slaves
Copy existing zone file for sample configuration with your given name in named.conf file like the following:
cp named.localhost db.group-XY.ac.bd
cp named.loopback db.1.168.192.in-addr.arpa
Now open your forward zone file changed the options like following:
vim db.group-XY.ac.bd
$TTL 1D
@ IN SOA ns1.group-XY.ac.bd. root.group-XY.ac.bd. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.group-XY.ac.bd.
A 192.168.1.5
ns1 IN A 192.168.1.5
mail IN A 192.168.1.5
group-XY.ac.bd. IN MX 10 mail.group-XY.ac.bd.
www IN CNAME ns1.group-XY.ac.bd.
ftp IN A 192.168.1.50
Change in Reverse zone file changed the options like following:
vim db.1.168.192.in-addr.arpa
$TTL 1D
@ IN SOA ns1.group-XY.ac.bd. root.group-XY.ac.bd. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.group-XY.ac.bd.
A 192.168.1.5
5 IN PTR ns1.group-XY.ac.bd.
50 IN PTR ftp.group-XY.ac.bd.
check your configuration and zone file using the following command:
named-checkconf -z /etc/named.conf
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
named-checkzone zone db.group-XY.ac.bd
zone zone/IN: loaded serial 0
OK
[root@ns1 named]# named-checkzone zone db.110.168.192.in-addr.arpa
zone zone/IN: loaded serial 0
OK
If shown not OK then you need to check your zone file, it has something wrong in syntax, correct and checks again.
Changed group ownership:
[root@ns1 named]# chgrp named db.group-XY.ac.bd
[root@ns1 named]# chgrp named db.1.168.192.in-addr.arpa
To start service and ensure start this service at startup run following command:
[root@ns1 named]# systemctl restart named.service
[root@ns1 named]# systemctl enable named.service
ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service'
Test from Linux clients you need to add name server address in /etc/resolv.conf file:
[root@ns1 named]# vim /etc/resolv.conf
search group-XY.ac.bd
nameserver 192.168.1.5
:x
Now time to check your configuration:
[root@ns1 named]# nslookup
> group-XY.ac.bd
Server: 192.168.1.5
Address: 192.168.1.5#53
Name: group-XY.ac.bd
Address: 192.168.1.5
> www
Server: 192.168.1.5
Address: 192.168.1.5#53
www.group-XY.ac.bd canonical name = ns1.group-XY.ac.bd.
Name: ns1.group-XY.ac.bd
Address: 192.168.1.5
>
Yes! You have done it!!!
Change in Primary Server:
Add the following clause allow-transfer { 192.168.1.10; }; in the zone
// Adding forward zone
zone "mahedi.me" IN {
type master;
file "db.mahedi.me.for";
allow-transfer { 192.168.1.10; };
};
// Adding Reverse zone
zone "1.168.192.in-addr.arpa" IN {
type master;
file "db.110.168.192.in-addr.arpa";
allow-transfer { 192.168.1.10; };
};
And add the secondary server information in the db files
[root@ns1 named]# vim db.mahedi.me.for
$TTL 1D
@ IN SOA ns1.mahedi.me. root.mahedi.me. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.mahedi.me.
A 192.168.1.5
NS ns2.mahedi.me.
A 192.168.1.10
ns1 IN A 192.168.1.5
ns1 IN A 192.168.1.5
mail IN A 192.168.1.5
mahedi.me. IN MX 10 mail.mahedi.me.
www IN CNAME ns1.mahedi.me.
ftp IN A 192.168.1.50
:x
[root@ns1 named]# vim db.1.168.192.in-addr.arpa
$TTL 1D
@ IN SOA ns1.mahedi.me. root.mahedi.me. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.mahedi.me.
A 192.168.1.5
NS ns2.mahedi.me.
A 192.168.1.10
5 IN PTR ns1.mahedi.me.
10 IN PTR ns2.mahedi.me.
50 IN PTR ftp.mahedi.me.
:x
At first, you have to install software, configure firewall, hostname, and FQDN like the same as primary DNS server:
Changed /etc/named.conf in ns2 like following:
[root@ns2 ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.10; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-recursion { 192.168.1.0/24; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
// Adding forward zone
zone "group-XY.ac.bd" IN {
type slave;
masters { 192.168.1.5; };
file "slaves/db.group-XY.ac.bd";
};
// Adding Reverse zone
zone "1.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.1.5; };
file "slaves/db.1.168.192.in-addr.arpa";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
To start service and ensure start this service at startup run the following command:
[root@ns1 named]# systemctl restart named.service
[root@ns1 named]# systemctl enable named.service
ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service'
Let Check the resource records file are transferred or not
[root@ns2 ~]# cd /var/named/slaves/
[root@ns2 ~]# ls -la
-rw-r----- 1 named named 421 May 27 21:37 db.group-XY.ac.bd
-rw-r-----. 1 named named 292 May 13 13:58 db.110.168.192.in-addr.arpa
Yes it has transferred
Test from Linux clients you need to add name server address in /ete/reslov.conf file:
[root@ns2 named]# vim /ete/reslov.conf
nameserver 192.168.1.10
:x
[root@ns1 named]# nslookup
> group-XY.ac.bd
Server: 192.168.1.10
Address: 192.168.1.10#53
Name: group-XY.ac.bd
Address: 192.168.1.10
> www
Server: 192.168.1.10
Address: 192.168.1.10#53
www.group-XY.ac.bd canonical name = ns1.group-XY.ac.bd.
Name: ns1.group-XY.ac.bd
Address: 192.168.1.10
>
- In order to identify clients DNS queries, bind query log needs to enable. For BIND 9, turn on query logging with:
# rndc querylog
for BIND 8, use the below command to enable query logging:
# ndc querylog
Jan 30 18:57:18 localhost named[2316]: received control channel command 'querylog'
Jan 30 18:57:18 localhost named[2316]: query logging is now on
Create Log Directory:
# mkdir /var/log/named
# chown named:named /var/log/named
Edit /etc/named.conf file in loggong { } options like the following:
# vim /etc/named.conf
// named.conf fragment
logging {
channel normal_log {
file "/var/log/named/normal.log" versions 3 size 2m;
print-time yes;
print-severity yes;
print-category yes;
};
channel query_log {
file "/var/log/named/query.log" versions 3 size 128m;
severity debug 3;
};
channel security_log { // streamed security log
file "/var/log/named/security.log" versions 3 size 2m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default {
normal_log;
};
category queries {
query_log;
};
category security {
security_log;
};
};
And restart the service and check the log files:
[root@ns2 ~]# systemctl restart named.service
[root@ns2 ~]# dig group-XY.ac.bd @192.168.1.10