DNS Configuration

Domain Name Service Configuration

Install Bind and Caching package using yum

for yum configure follow yum configuration post

[root@localhost logs]# yum install bind* caching*

Loaded plugins: product-id, refresh-packagekit, subscription-manager

Updating Red Hat repositories.

sabitha                                                  | 4.0 kB     00:00     

Setting up Install Process

Package 32:bind-utils-9.7.3-2.el6.i686 already installed and latest version

Package 32:bind-libs-9.7.3-2.el6.i686 already installed and latest version

Resolving Dependencies

--> Running transaction check

---> Package bind.i686 32:9.7.3-2.el6 will be installed

---> Package bind-chroot.i686 32:9.7.3-2.el6 will be installed

---> Package bind-dyndb-ldap.i686 0:0.2.0-1.el6 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

================================================================================

 Package                Arch        Version                Repository      Size

================================================================================

Installing:

 bind                   i686        32:9.7.3-2.el6         sabitha        3.9 M

 bind-chroot            i686        32:9.7.3-2.el6         sabitha         67 k

 bind-dyndb-ldap        i686        0.2.0-1.el6            sabitha         48 k

Transaction Summary

================================================================================

Install       3 Package(s)

Total download size: 4.0 M

Installed size: 7.1 M

Is this ok [y/N]: y

Downloading Packages:

(1/3): bind-9.7.3-2.el6.i686.rpm                         | 3.9 MB     00:00     

(2/3): bind-chroot-9.7.3-2.el6.i686.rpm                  |  67 kB     00:00     

(3/3): bind-dyndb-ldap-0.2.0-1.el6.i686.rpm              |  48 kB     00:00     

--------------------------------------------------------------------------------

Total                                            21 MB/s | 4.0 MB     00:00     

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

  Installing : 32:bind-9.7.3-2.el6.i686                                     1/3 

  Installing : 32:bind-chroot-9.7.3-2.el6.i686                              2/3 

  Installing : bind-dyndb-ldap-0.2.0-1.el6.i686                             3/3 

duration: 783(ms)

Installed products updated.

Installed:

  bind.i686 32:9.7.3-2.el6                 bind-chroot.i686 32:9.7.3-2.el6      

  bind-dyndb-ldap.i686 0:0.2.0-1.el6      

Complete!

Following files will be created

[root@master named]# cd /var/named

chroot  dynamic   named.empty      named.loopback

data    named.ca  named.localhost  slaves

[root@master named]# cd /etc/named

named/               named.iscdlv.key     named.root.key

named.conf           named.rfc1912.zones  

[root@master named]# 

Modify main config file

[root@master named]# cat /etc/named.conf 

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

listen-on port 53 { 127.0.0.1; 192.168.0.7;};

# listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query     { localhost; 192.168.0.0/1;};

# match-clients     { localhost; 192.168.0.0/1;};

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

Copy default files from /var/named to /var/named/chroot/var/named

[root@localhost named]# cd /var/named/

[root@localhost named]# ls

chroot  dynamic   named.empty      named.loopback

data    named.ca  named.localhost  slaves

[root@localhost named]# cp named.* chroot/var/named/

Create forward and reverse files

[root@localhost named]# cp named.localhost ssgroup.rev

[root@localhost named]# cp named.localhost ssgroup.for

Modify ssgroup.for and ssgroup.rev as follow

[root@master named]# cat /var/named/chroot/var/named/ssgroup.for 

$TTL 86400

@ IN SOA master.ssgroup. root.ssgroup (

42 ; serial

3 ; refresh

15M ; retry

1W ; expire

1D ) ; minimum

@      IN NS master.ssgroup.

master IN A 192.168.0.7    

[root@master named]# cat /var/named/chroot/var/named/ssgroup.rev

$TTL 86400

@ IN SOA master.ssgroup. root.ssgroup.  (

1997022700 ; serial

28800 ; refresh

14400 ; retry

3600000 ; expire

86400 ) ; minimum

@      IN NS  master.

1      IN PTR master.ssgroup.

[root@master named]# 

SOA ---state of Authority

NS --- Name server

PTR-- pointer Record

Provide following permissions

chmod 640 /var/named/chroot/var/named/*

chown root:named /var/named/chroot/var/named/*

[root@master named]# ls -ltrh

total 24K

-rw-r----- 1 root named  168 Aug 27 04:39 named.loopback

-rw-r----- 1 root root   152 Aug 27 04:39 named.localhost

-rw-r----- 1 root named  152 Aug 27 04:39 named.empty

-rw-r----- 1 root named 1.9K Aug 27 04:39 named.ca

-rw-r----- 1 root named  196 Aug 27 05:02 ssgroup.for

-rw-r----- 1 root named  217 Aug 27 05:08 ssgroup.rev

[root@master named]# 

Verify config files 

[root@master named]#  named-checkconf /etc/named.conf 

[root@master named]# 

[root@localhost named]# named-checkzone ssgroup /var/named/chroot/var/named/ssgroup.for 

zone ssgroup/IN: loaded serial 42

OK

[root@localhost named]# 

[root@localhost named]# named-checkzone ssgroup /var/named/chroot/var/named/ssgroup.rev

zone ssgroup/IN: loaded serial 1997022700

OK

[root@localhost named]# 

Generate rndc key

rndc-confgen -r /dev/urandom >  /etc/rndc.conf

this step will create /etc/rndc.conf file

[root@master named]# cat /etc/rndc.conf 

# Start of rndc.conf

key "rndc-key" {

algorithm hmac-md5;

secret "NDzRAjNRzfSQKkrvnQTe4Q==";

};

options {

default-key "rndc-key";

default-server 127.0.0.1;

default-port 953;

};

# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:

# key "rndc-key" {

# algorithm hmac-md5;

# secret "NDzRAjNRzfSQKkrvnQTe4Q==";

# };

# 

# controls {

# inet 127.0.0.1 port 953

# allow { 127.0.0.1; } keys { "rndc-key"; };

# };

# End of named.conf

[root@master named]# 

following lines add at the end of named.conf file

# Use with the following in named.conf, adjusting the allow list as needed:

# key "rndc-key" {

#  algorithm hmac-md5;

#  secret "NDzRAjNRzfSQKkrvnQTe4Q==";

# };

# 

# controls {

#  inet 127.0.0.1 port 953

#  allow { 127.0.0.1; } keys { "rndc-key"; };

# };

# End of named.conf

[root@master named]# 

Modify following files

[root@master Desktop]# cat /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=master.ssgroup

[root@master Desktop]# 

[root@master Desktop]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.7 master.ssgroup

[root@master Desktop]# 

[root@master named]# cat /etc/resolv.conf 

# Generated by NetworkManager

search ssgroup

nameserver 192.168.0.7

Start service named

service named start

chkconfig named on