Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Fedora - How to setup a DNS server with bind

#1
How to setup a DNS server with bind

<div><p>The Domain Name System, or DNS, as it’s more commonly known, translates or converts domain names into the IP addresses associated with that domain. DNS is the reason you are able to find your favorite website by name instead of typing an IP address into your browser. This guide shows you how to configure a Master DNS system and one client.</p>
<p> <span id="more-29995"></span> </p>
<p>Here are system details for the example used in this article:</p>
<pre class="wp-block-preformatted">dns01.fedora.local (192.168.1.160 ) - Master DNS server
client.fedora.local (192.168.1.136 ) - Client </pre>
<h2>DNS server configuration</h2>
<p>Install the bind packages using sudo:</p>
<pre class="wp-block-preformatted">$ sudo dnf install bind bind-utils -y</pre>
<p>The <em>/etc/named.conf</em> configuration file is provided by the <em>bind</em> package to allow you to configure the DNS server.</p>
<p>Edit the <em>/etc/named.conf</em> file:</p>
<pre class="wp-block-preformatted">sudo vi /etc/named.conf</pre>
<p>Look for the following line:</p>
<pre class="wp-block-preformatted">listen-on port 53 { 127.0.0.1; };</pre>
<p>Add the IP address of your Master DNS server as follows:</p>
<pre class="wp-block-preformatted">listen-on port 53 { 127.0.0.1; 192.168.1.160; };</pre>
<p>Look for the next line:</p>
<pre class="wp-block-preformatted">allow-query&nbsp; { localhost; };</pre>
<p>Add your local network range. The example system uses IP addresses in the 192.168.1.X range. This is specified as follows:</p>
<pre class="wp-block-preformatted">allow-query&nbsp; { localhost; 192.168.1.0/24; };</pre>
<p>Specify a forward and reverse zone. Zone files are simply text files that have the DNS information, such as IP addresses and host-names, on your system. The forward zone file makes it possible for the translation of a host-name to its IP address. The reverse zone file does the opposite. It allows a remote system to translate an IP address to the host name.</p>
<p>Look for the following line at the bottom of the /etc/named.conf file:</p>
<pre class="wp-block-preformatted">include "/etc/named.rfc1912.zones";</pre>
<p>Here, you’ll specify the zone file information <strong><em>directly above that line</em></strong> as follows:</p>
<pre class="wp-block-preformatted">zone "dns01.fedora.local" IN {
type master;
file "forward.fedora.local";
allow-update { none; };
}; zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.fedora.local";
allow-update { none; };
};</pre>
<p>The <em>forward.fedora.local</em> and the file <em>reverse.fedora.local</em> are just the names of the zone files you will be creating. They can be called anything you like.</p>
<p>Save and exit.</p>
<h3>Create the zone files</h3>
<p>Create the forward and reverse zone files you specified in the /etc/named.conf file:</p>
<pre class="wp-block-preformatted">$ sudo vi /var/named/forward.fedora.local</pre>
<p>Add the following lines:</p>
<pre class="wp-block-preformatted">$TTL 86400
@ &nbsp; IN &nbsp;SOA &nbsp; &nbsp; <strong>dns01.fedora.local.</strong> root.<strong>fedora.local.</strong> (
&nbsp; &nbsp; &nbsp; &nbsp; 2011071001 &nbsp;;Serial
&nbsp; &nbsp; &nbsp; &nbsp; 3600 &nbsp; &nbsp; &nbsp; &nbsp;;Refresh
&nbsp; &nbsp; &nbsp; &nbsp; 1800 &nbsp; &nbsp; &nbsp; &nbsp;;Retry
&nbsp; &nbsp; &nbsp; &nbsp; 604800 &nbsp; &nbsp; &nbsp;;Expire
&nbsp; &nbsp; &nbsp; &nbsp; 86400 &nbsp; &nbsp; &nbsp; ;Minimum TTL
)
@ &nbsp; &nbsp; &nbsp; IN &nbsp;NS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<strong>dns01.fedora.local.</strong>
@ &nbsp; &nbsp; &nbsp; IN &nbsp;A &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <strong>192.168.1.160</strong>
<strong>dns01 </strong> &nbsp; &nbsp; &nbsp; IN &nbsp;A &nbsp; <strong>192.168.1.160</strong>
<strong>client</strong> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;IN &nbsp;A &nbsp; <strong>192.168.1.136</strong></pre>
<p>Everything in <strong><em>bold</em></strong> is specific to your environment. Save the file and exit. Next, edit the <em>reverse.fedora.local</em> file:</p>
<pre class="wp-block-preformatted">$ sudo vi /var/named/reverse.fedora.local</pre>
<p>Add the following lines:</p>
<pre class="wp-block-preformatted">$TTL 86400
@ &nbsp; IN &nbsp;SOA &nbsp; &nbsp;<strong> dns01.fedora.local.</strong> root.<strong>fedora.local.</strong> (
&nbsp; &nbsp; &nbsp; &nbsp; 2011071001 &nbsp;;Serial
&nbsp; &nbsp; &nbsp; &nbsp; 3600 &nbsp; &nbsp; &nbsp; &nbsp;;Refresh
&nbsp; &nbsp; &nbsp; &nbsp; 1800 &nbsp; &nbsp; &nbsp; &nbsp;;Retry
&nbsp; &nbsp; &nbsp; &nbsp; 604800 &nbsp; &nbsp; &nbsp;;Expire
&nbsp; &nbsp; &nbsp; &nbsp; 86400 &nbsp; &nbsp; &nbsp; ;Minimum TTL
)
@ &nbsp; &nbsp; &nbsp; IN &nbsp;NS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<strong>dns01.fedora.local.</strong>
@ &nbsp; &nbsp; &nbsp; IN &nbsp;PTR &nbsp; &nbsp; &nbsp; &nbsp; <strong>fedora.local.</strong>
<strong>dns01</strong> &nbsp; &nbsp; &nbsp; IN &nbsp;A &nbsp; <strong>192.168.1.160</strong>
<strong>client </strong>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;IN &nbsp;A &nbsp; <strong>192.168.1.136</strong>
<strong>160</strong> &nbsp; &nbsp; IN &nbsp;PTR &nbsp; &nbsp; &nbsp; &nbsp; <strong>dns01.fedora.local.</strong>
<strong>136</strong> &nbsp; &nbsp; IN &nbsp;PTR &nbsp; &nbsp; &nbsp; &nbsp; <strong>client.fedora.local.</strong></pre>
<p>Everything in <strong><em>bold</em></strong> is also specific to your environment. Save the file and exit.</p>
<p>You’ll also need to configure SELinux and add the correct ownership for the configuration files.</p>
<pre class="wp-block-preformatted">sudo chgrp named -R /var/named
sudo chown -v root:named /etc/named.conf
sudo restorecon -rv /var/named
sudo restorecon /etc/named.conf</pre>
<p>Configure the firewall:</p>
<pre class="wp-block-preformatted">sudo firewall-cmd --add-service=dns --perm
sudo firewall-cmd --reload</pre>
<h3>Check the configuration for any syntax errors</h3>
<pre class="wp-block-preformatted">sudo named-checkconf /etc/named.conf</pre>
<p>Your configuration is valid if no output or errors are returned.</p>
<p>Check the forward and reverse zone files.</p>
<pre class="wp-block-preformatted">$ sudo named-checkzone forward.fedora.local /var/named/forward.fedora.local $ sudo named-checkzone reverse.fedora.local /var/named/reverse.fedora.local</pre>
<p>You should see a response of OK:</p>
<pre class="wp-block-preformatted">zone forward.fedora.local/IN: loaded serial 2011071001
OK zone reverse.fedora.local/IN: loaded serial 2011071001
OK</pre>
<h3>Enable and start the DNS service</h3>
<pre class="wp-block-preformatted">$ sudo systemctl enable named
$ sudo systemctl start named</pre>
<h3>Configuring the resolv.conf file</h3>
<p>Edit the <em>/etc/resolv.conf</em> file:</p>
<pre class="wp-block-preformatted">$ sudo vi /etc/resolv.conf</pre>
<p>Look for your current name server line or lines. On the example system, a cable modem/router is serving as the name server and so it currently looks like this:</p>
<pre class="wp-block-preformatted">nameserver 192.168.1.1</pre>
<p>This needs to be changed to the IP address of the Master DNS server:</p>
<pre class="wp-block-preformatted">nameserver 192.168.1.160</pre>
<p>Save your changes and exit. </p>
<p>Unfortunately there is one caveat to be aware of. NetworkManager overwrites the <em>/etc/resolv.conf</em> file if the system is rebooted or networking gets restarted. This means you will lose all of the changes that you made.</p>
<p>To prevent this from happening, make <em>/etc/resolv.conf</em> immutable:</p>
<pre class="wp-block-preformatted">$ sudo chattr +i /etc/resolv.conf </pre>
<p>If you want to set it back and allow it to be overwritten again:</p>
<pre class="wp-block-preformatted">$ sudo chattr -i /etc/resolv.conf</pre>
<h3>Testing the DNS server</h3>
<pre class="wp-block-preformatted">$ dig fedoramagazine.org</pre>
<pre class="wp-block-preformatted">; &lt;&lt;&gt;&gt; DiG 9.11.13-RedHat-9.11.13-2.fc30 &lt;&lt;&gt;&gt; fedoramagazine.org
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 8391
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good) ;; QUESTION SECTION: ;fedoramagazine.org. IN A ;; ANSWER SECTION: fedoramagazine.org. 50 IN A 35.197.52.145 ;; AUTHORITY SECTION: fedoramagazine.org. 86150 IN NS ns05.fedoraproject.org. fedoramagazine.org. 86150 IN NS ns02.fedoraproject.org. fedoramagazine.org. 86150 IN NS ns04.fedoraproject.org. ;; ADDITIONAL SECTION: ns02.fedoraproject.org. 86150 IN A 152.19.134.139 ns04.fedoraproject.org. 86150 IN A 209.132.181.17 ns05.fedoraproject.org. 86150 IN A 85.236.55.10 ns02.fedoraproject.org. 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5 ns05.fedoraproject.org. 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5 ;; Query time: 830 msec ;; SERVER: 192.168.1.160#53(192.168.1.160) ;; WHEN: Mon Jan 06 08:46:05 CST 2020 ;; MSG SIZE rcvd: 266</pre>
<p>There are a few things to look at to verify that the DNS server is working correctly. Obviously getting the results back are important, but that by itself doesn’t mean the DNS server is actually doing the work. </p>
<p>The QUERY, ANSWER, and AUTHORITY fields at the top should show non-zero as it in does in our example:</p>
<pre class="wp-block-preformatted">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6</pre>
<p>And the SERVER field should have the IP address of your DNS server:</p>
<pre class="wp-block-preformatted">;; SERVER: 192.168.1.160#53(192.168.1.160)</pre>
<p>In case this is the first time you’ve run the <em>dig</em> command, notice how it took 830 milliseconds for the query to complete:</p>
<pre class="wp-block-preformatted">;; Query time: 830 msec</pre>
<p>If you run it again, the query will run much quicker:</p>
<pre class="wp-block-preformatted">$ dig fedoramagazine.org </pre>
<pre class="wp-block-preformatted">;; Query time: 0 msec
;; SERVER: 192.168.1.160#53(192.168.1.160)</pre>
<h2>Client configuration</h2>
<p>The client configuration will be a lot simpler. </p>
<p>Install the bind utilities:</p>
<pre class="wp-block-preformatted">$ sudo dnf install bind-utils -y</pre>
<p>Edit the /etc/resolv.conf file and configure the Master DNS as the only name server:</p>
<pre class="wp-block-preformatted">$ sudo vi /etc/resolv.conf</pre>
<p>This is how it should look:</p>
<pre class="wp-block-preformatted">nameserver 192.168.1.160</pre>
<p>Save your changes and exit. Then, make the <em>/etc/resolv.conf</em> file immutable to prevent it from be overwritten and going back to its default settings:</p>
<pre class="wp-block-preformatted">$ sudo chattr +i /etc/resolv.conf</pre>
<h3>Testing the client</h3>
<p>You should get the same results as you did from the DNS server:</p>
<pre class="wp-block-preformatted">$ dig fedoramagazine.org</pre>
<pre class="wp-block-preformatted">; &lt;&lt;&gt;&gt; DiG 9.11.13-RedHat-9.11.13-2.fc30 &lt;&lt;&gt;&gt; fedoramagazine.org
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 8391
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good) ;; QUESTION SECTION: ;fedoramagazine.org. IN A ;; ANSWER SECTION: fedoramagazine.org. 50 IN A 35.197.52.145 ;; AUTHORITY SECTION: fedoramagazine.org. 86150 IN NS ns05.fedoraproject.org. fedoramagazine.org. 86150 IN NS ns02.fedoraproject.org. fedoramagazine.org. 86150 IN NS ns04.fedoraproject.org. ;; ADDITIONAL SECTION: ns02.fedoraproject.org. 86150 IN A 152.19.134.139 ns04.fedoraproject.org. 86150 IN A 209.132.181.17 ns05.fedoraproject.org. 86150 IN A 85.236.55.10 ns02.fedoraproject.org. 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5 ns05.fedoraproject.org. 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5 ;; Query time: 1 msec ;; SERVER: 192.168.1.160#53(192.168.1.160) ;; WHEN: Mon Jan 06 08:46:05 CST 2020 ;; MSG SIZE rcvd: 266</pre>
<p>Make sure the SERVER output has the IP Address of your DNS server.</p>
<p>Your DNS server is now ready to use and all requests from the client should be going through your DNS server now!</p>
</div>


https://www.sickgaming.net/blog/2020/01/...with-bind/
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum software by © MyBB Theme © iAndrew 2016