DNS stands for Domain Name System, or Domain Name Server. DNS resolves an IP address to a hostname or vice versa. This tutorials walks through the installation and setup of a Bind9 DNS server for Centos 6/RHEL 6. This is just for a master DNS server and setup of a slave is not covered.
bind9package installation
We’ll start with the installation of the bind9 package.To install the bind service use yum:
yum install bind dnsutils
Note: dnsutils is not compulsory package to run bind webserver, but we will use a dig command which is part of this package as a testing tool of your bind configuration.
Creating a DNS zone file
At this stage we will need to create a new zone file for a domain. Navigate to /var/named/ directory and create the zone files. /var/named/ directory will contain zone files for our domains
cd /var/named
Now create the a zone file mydomain.com.zone that will hold a DNS records for mydomain.com.
$TTL 300
@ IN SOA ns1.mydomain.com. admin.mydomain.com. (
201503011 ; Serial (YYMMDDN)
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
;
@ IN NS ns1.mydomain.com.
@ IN NS ns2.mydomain.com.
mydomain.com. IN MX 10 mail.mydomain.com.
mydomain.com. IN A 192.168.0.10
ns1 IN A 192.168.0.10
ns2 IN A 192.168.0.11
www IN CNAME mydomain.com.
mail IN A 192.168.0.10
ftp IN CNAME mydomain.com.
Where:
- SOA Record: name server authoritative for a zone mydomain.com is ns1.mydomain.com and admin.mydomain.com is an email address of a person responsible for this DNS zone.
- NS Records: two name servers for a mydomain.com zone are ns[1,2].mydomain.com
- MX (Mail Exchange): mydomain.com mail exchange record. Number 10 means a preference for multiple MX records
- CNAME Record (Canonical Name record ): restart the query using the canonical name instead of the original name
Creating a Reverse DNS Zone file
At this stage the bind DNS server can resolve an IP address mapped to a mydomain.com host. What we should do now is to resolve a host from an IP address. For this we are going to need another file and that is 0.168.192.in-addr.arpa.zone filewith a following content:
$TTL 86400
0.168.192.in-addr.arpa. IN SOA ns1.mydomain.com. admin.mydomain.com. (
201503011 ; Serial (YYMMDDN)
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
;
0.168.192.in-addr.arpa. IN NS ns1.mydomain.com.
0.168.192.in-addr.arpa. IN NS ns2.mydomain.com.
10.0.168.192.in-addr.arpa. IN PTR mydomain.com.
Where:
- PTR Record: DNS record used for a mapping of an IP address to a host name.
Updating a BIND Configuration File
At this point we should have two files ready:
/var/named/mydomain.com.zone
/var/named/0.168.192.in-addr.arpa.zone
All we need to do now is to insert both zone file names into a bind’s configuration file /etc/named.conf. To do that add following lines into this file:
zone "mydomain.com" {
type master;
file "//var/named/mydomain.com.zone";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/var/named/0.168.192.in-addr.arpa.zone";
};
Comment/Edit also the following lines:
#listen-on port 53 { 127.0.0.1; };
allow-query { any; };
recursion no;
- Listen-on must be commented to listen on all available interfaces.
- Recursion should be turned off to prevent your server from being abused in “reflection” DDoS attacks.
- Change the allow-query directive to “any” in order to allow users proper access to hosted zones.
Last thing before we go ahead to check a configuration is to add and IP address of a stable DNS server to a named.conf file. This IP address is used in case that a local DNS server do not know the answer to a name resolution query. You can use 8.8.8.8 or 8.8.4.4 which are Google DNS IP for resolving other names.
Add the new stable DNS server IP address
forwarders {
8.8.4.4;
};
Checking bind’s zone files and configuration
Before we attempt to start a bind nameserver with a new zone and configuration here are some tools to check if we have not done some typo or misconfiguration.
To check a configuration files run a following command:
named-checkconf
If no output had been produced your config files looks OK.
To check a DNS zone files we can use named-checkzone command:
named-checkzone mydomain.com /etc/bind/zones/mydomain.com.zone
reverse zone file check:
named-checkzone 0.168.192.in-addr.arpa /etc/bind/zones/0.168.192.in-addr.arpa.zone
Start/restart bind nameserver service
At this point nothing can stop us to run bind9 dns server:
/etc/init.d/named start
Testing a bind server configuration
A dig command from dnsutils package will become handy to help us to test a new configuration of bind nameserver.
First we will test host-to-IP resolution:
dig @192.168.135.130 www.mydomain.com
Next we test IP-to-host resolution:
dig @192.168.135.130 -x 192.168.0.10
All dig output should have ANSWER sections correctly.
– masterkenneth