Installation a Master DNS Server in CentOS 6

Installation a Master DNS Server in CentOS 6

Scenario
Here are my test setup scenario :
1) Primary(Master) DNS Server Details:

Hostname             : masterdns.testserver.com
IP Address           : 192.168.0.200/24

2) Secondary(Slave) DNS Server Details:

Hostname             : slavedns.testserver.com
IP Address           : 192.168.0.201/24

 
Setup Primary(Master) DNS Server

[root@masterdns ~]# yum install bind* -y

1. Configure DNS Server
The main configuration of the DNS will look like below. Edit and add the entries below which are marked as bold in this configuration files.

[root@masterdns ~]# vim /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { 127.0.0.1; 192.168.0.200;}; # Master DNS IP
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24; };  ## IP Range
        allow-transfer  { localhost;192.168.0.201; };    ## Slave DNS IP
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone    "testserver.com" IN {
        type master;
        file "fwd.testserver.com";
        allow-update { none; };
};
zone    "0.168.192.in-addr.arpa" IN {
        type master;
        file "rev.testserver.com";
        allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Create Zone files
Now we should create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.

2.1 Create Forward Zone
Create ‘fwd.testserver.com’ file in the‘/var/named’ directory and add the entries for forward zone as shown below.

[root@masterdns ~]# vim /var/named/fwd.testserver.com 
$TTL 86400
@   IN  SOA     masterdns.testserver.com. root.testserver.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@               IN  NS       masterdns.testserver.com.
@               IN  NS       slavedns.testserver.com.            
masterdns       IN  A        192.168.0.200
slavedns        IN  A        192.168.0.201

2.2 Create Reverse Zone
Create‘rev.testserver.com’file in the‘/var/named’directory and add the entries for reverse zone as shown below.

[root@masterdns ~]# vim /var/named/rev.testserver.com 
$TTL 86400
@   IN  SOA     masterdns.testserver.com. root.testserver.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@             IN  NS          masterdns.testserver.com.
@             IN  NS          slavedns.testserver.com.
masterdns     IN  A           192.168.0.200
slavedns      IN  A           192.168.0.201
200           IN  PTR         masterdns.testserver.com.
201           IN  PTR         slavedns.testserver.com.

3. Start the bind service

[root@masterdns ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@masterdns ~]# chkconfig named on

4. Allow DNS Server through iptables or stop the iptables
Add the lines shown in bold letters in‘/etc/sysconfig/iptables’file. This will allow all clients to access the DNS server.

[root@masterdns ~]# vim /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

5. Restart iptables to save the changes

[root@masterdns ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

6. Test syntax errors of DNS configuration and zone files
6.1 Check DNS Config file

[root@masterdns ~]# named-checkconf /etc/named.conf 
[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones

6.2 Check zone files

[root@masterdns ~]# named-checkzone testserver.com /var/named/fwd.testserver.com 
zone testserver.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone testserver.com /var/named/rev.testserver.com 
zone testserver.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]#

7. Test DNS Server
DIG full-form/abbreviation is Domain Information Groper(DIG).

#dig hostname 
Example :
[root@ts6741 ~]# dig www.google.com
; <> DiG 9.3.3rc2 <>www.google.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
http://www.google.com/. 43200 IN A 200.99.187.2
;; AUTHORITY SECTION:
http://www.google.com/. 43200 IN NS ns2.google.com.
http://www.google.com/. 43200 IN NS ns3.google.com.
http://www.google.com/. 43200 IN NS ns1.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 43200 IN A 222.54.11.86
ns2.google.com. 43200 IN A 220.225.37.222
ns3.google.com. 43200 IN A 203.199.147.233
;; Query time: 1 msec
;; SERVER: 222.54.11.86#53(222.54.11.86)
;; WHEN: Wed Nov 18 18:31:12 2009
;; MSG SIZE rcvd: 152
[root@ts6741 ~]#

The above out we given in color coding to explain one by one as shown below.
1.DIG version in Green (9.3).
2.Question section in blue (Here it will show what you asked DIG to show up?).
3.Answer secession in red (which will show you the answer for the query you asked) and query execute date and time in  red.
4.Authority section in brown (Which will show you who given the answer) and Server info in  brown (This will show what the port DNS serveris working).
5.Addition Section in light blue (It will show you if any additional info that DNS server provided).
6.Total Query time in green (Which will show how much time it takes to provide the answer).

Method A:

[root@masterdns ~]# dig masterdns.testserver.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.testserver.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.testserver.com.       IN      A
;; ANSWER SECTION:
masterdns.testserver.com. 86400  IN      A       192.168.0.200
;; AUTHORITY SECTION:
testserver.com.          86400   IN      NS      masterdns.testserver.com.
testserver.com.          86400   IN      NS      slavedns.testserver.com.
;; ADDITIONAL SECTION:
slavedns.testserver.com. 86400   IN      A       192.168.0.201
;; Query time: 5 msec
;; SERVER: 192.168.0.200#53(192.168.0.200)
;; WHEN: Sun Mar  3 12:48:35 2013
;; MSG SIZE  rcvd: 110

Method B:

[root@masterdns ~]# dig -x 192.168.0.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.0.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.0.168.192.in-addr.arpa.    IN      PTR
;; ANSWER SECTION:
200.0.168.192.in-addr.arpa. 86400 IN    PTR     masterdns.testserver.com.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400   IN      NS      masterdns.testserver.com.
0.168.192.in-addr.arpa. 86400   IN      NS      slavedns.testserver.com.
;; ADDITIONAL SECTION:
masterdns.testserver.com. 86400  IN      A       192.168.0.200
slavedns.testserver.com. 86400   IN      A       192.168.0.201
;; Query time: 6 msec
;; SERVER: 192.168.0.200#53(192.168.0.200)
;; WHEN: Sun Mar  3 12:49:53 2013
;; MSG SIZE  rcvd: 150

Method C:

[root@masterdns ~]# nslookup masterdns
Server:         192.168.0.200
Address:        192.168.0.200#53
Name:   masterdns.testserver.com
Address: 192.168.0.200