How To Configure DNS (BIND) Server on CentOS 7 / RHEL 7

Configure DNS (BIND) Server on CentOS 7
Configure DNS (BIND) Server on CentOS 7

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities.

Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

This guide will help you to set up DNS server on CentOS 7 / RHEL 7.

Environment

Server Name: ns1itzgeek.local

IP Address: 192.168.0.10

Install DNS (BIND)

BIND stands for Berkeley Internet Name Domain, a software that provides an ability to perform name to ip conversion.

yum -y install bind bind-utils

Configure DNS (BIND)

By default, BIND listens on the localhost. So, we will configure the DNS server to listen on the system IP address to let clients can reach to DNS server for resolving domain names.

vi /etc/named.conf

Listen on all IP address:

Configure BIND to listen on all IP addresses.

// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };

Listen on particular IP address:

Configure BIND to listen to a particular IP address.

listen-on port 53 { 127.0.0.1; 192.168.0.10; };

Add your network in the following line. This setting will allow clients from the mentioned network can query the DNS for the name to ip translation.

I’ve added 192.168.0.0/24 for this demo.

allow-query { localhost; 192.168.0.0/24; };

Create Zones

Edit /etc/named.conf.

vi /etc/named.conf

Forward Zone

The following zone is the forward zone entry for the itzgeek.local domain.

ADVERTISEMENT

zone "itzgeek.local" IN { type master; file "/var/named/itzgeek.local.db"; allow-update { none; };
};

itzgeek.local – Domain name
master – Primary DNS
fwd.itzgeek.local.db – Forward lookup file
allow-update – Since this is the primary DNS, it should be none

Reverse Zone

The following zone is the reverse zone entry.

zone "0.168.192.in-addr.arpa" IN { type master; file "/var/named/192.168.0.db"; allow-update { none; };
};

0.168.192.in-addr.arpa – Reverse lookup name
master – Primary DNS
192.168.0.db – Reverse lookup file
allow-update – Since this is the primary DNS, it should be none

Create Zone Files

By default, zone lookup files are placed under /var/named directory. Create a zone file called fwd.itzgeek.local.db for forward lookup under /var/named directory. All domain names should end with a dot (.).

vi /var/named/itzgeek.local.db

There are some special keywords for Zone Files

A – A record
NS – Name Server
MX – Mail for Exchange
CNAME – Canonical Name

@ IN SOA ns1.itzgeek.local. root.itzgeek.local. ( 1001 ;Serial 3H ;Refresh 15M ;Retry 1W ;Expire 1D ;Minimum TTL ) ;Name Server Information
@ IN NS ns1.itzgeek.local. ;IP address of Name Server
ns1 IN A 192.168.0.10 ;Mail exchanger
itzgeek.local. IN MX 10 mail.itzgeek.local. ;A - Record HostName To IP Address
www IN A 192.168.0.100
mail IN A 192.168.0.150 ;CNAME record
ftp IN CNAME www.itgeek.local.

Whenever you update the zone lookup file, you need to change/increment the serial like 1002 ;Serial.

Create a zone file called 192.168.0.db for the reverse zone under /var/named directory.

vi /var/named/192.168.0.db

Create a reverse pointer for the forward zone entries we created earlier.

PTR – Pointer
SOA – Start of Authority

@ IN SOA ns1.itzgeek.local. root.itzgeek.local. ( 1001 ;Serial 3H ;Refresh 15M ;Retry 1W ;Expire 1D ;Minimum TTL ) ;Name Server Information
@ IN NS ns1.itzgeek.local. ;Reverse lookup for Name Server
10 IN PTR ns1.itzgeek.local. ;PTR Record IP address to HostName
100 IN PTR www.itzgeek.local.
150 IN PTR mail.itzgeek.local.

Whenever you update the zone lookup file, you need to change/increment the serial like 1002 ;Serial.

Once zone files are created, restart bind service.

systemctl restart named

Enable it on system startup.

systemctl enable named

Firewall

Add a allow rule in the firewall to let clients can connect to the DNS server for name resolution.

firewall-cmd --permanent --add-port=53/udp firewall-cmd --reload

Verify Zones

Visit any client machine and add a DNS server ip address in /etc/resolv.conf.

nameserver 192.168.0.10

If Network Manager manages the networking then place the following entry in /etc/sysconfig/network-scripts/ifcfg-eXX file.

DNS1=192.168.0.10

Restart network service.

ADVERTISEMENT

systemctl restart NetworkManager

Use the following command to verify the forward lookup.

dig www.itzgeek.local

Output: The DNS server should give 192.168.0.100 as ip for www.itzgeek.local.

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> www.itzgeek.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35563
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.itzgeek.local. IN A ;; ANSWER SECTION:
www.itzgeek.local. 86400 IN A 192.168.0.100 ;; AUTHORITY SECTION:
itzgeek.local. 86400 IN NS primary.itzgeek.local. ;; ADDITIONAL SECTION:
ns1.itzgeek.local. 86400 IN A 192.168.0.10 ;; Query time: 0 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Wed Jul 03 02:00:40 EDT 2019
;; MSG SIZE rcvd: 100

Install BIND utilities yum install -y bind-utils package to get nslookup or dig command.

Confirm the reverse lookup.

dig -x 192.168.0.100

Output: The DNS server gives www.itzgeek.local as a name for 192.168.0.100.

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> -x 192.168.0.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4807
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;100.0.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION:
100.0.168.192.in-addr.arpa. 86400 IN PTR www.itzgeek.local. ;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400 IN NS ns1.itzgeek.local. ;; ADDITIONAL SECTION:
ns1.itzgeek.local. 86400 IN A 192.168.0.10 ;; Query time: 0 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Wed Jul 03 02:02:47 EDT 2019
;; MSG SIZE rcvd: 124

It is now confirmed that both forward and reverse lookups are working fine.

Conclusion

That’s All. You have successfully installed BIND on CentOS 7 / RHEL 7 as the master server. You can configure a slave DNS server for redundancy.

Posted by Linux Admin