Difference between revisions of "Installing BIND DNS server"
From rdkwiki
m |
|||
| Line 3: | Line 3: | ||
== Install and configure bind (named) == | == Install and configure bind (named) == | ||
| − | * ''' | + | * '''yum install bind bind-utils''' --> install bind and utils |
| − | * ''' | + | * '''nano /etc/named.conf''' --> edit basic configuration |
add above block "options": | add above block "options": | ||
'''acl "dnsclients" {''' --> a logical name you will use later on | '''acl "dnsclients" {''' --> a logical name you will use later on | ||
| Line 18: | Line 18: | ||
add: '''include "/etc/named/named.conf.local";''' to end of the file | add: '''include "/etc/named/named.conf.local";''' to end of the file | ||
| − | * ''' | + | * '''nano /etc/named/named.conf.local''' --> create the file that defines the zones |
'''zone "testexample.com" {''' --> define the forward zone | '''zone "testexample.com" {''' --> define the forward zone | ||
''' type master;''' --> type of the zone | ''' type master;''' --> type of the zone | ||
| Line 30: | Line 30: | ||
== Creating the forward zone-file == | == Creating the forward zone-file == | ||
| − | * ''' | + | * '''nano /etc/named/zones/db.testexample.com''' --> create the forward zone |
'''$TTL 604800''' | '''$TTL 604800''' | ||
'''@ IN SOA ns1.testexample.com. admin.testexample.com. (''' | '''@ IN SOA ns1.testexample.com. admin.testexample.com. (''' | ||
| Line 48: | Line 48: | ||
== Creating the reverse zone-file == | == Creating the reverse zone-file == | ||
| − | * ''' | + | * '''nano /etc/named/zones/db.xx.xx''' --> create the reverse zone |
'''$TTL 604800''' | '''$TTL 604800''' | ||
'''@ IN SOA ns1.testexample.com admin.testexample.com. (''' | '''@ IN SOA ns1.testexample.com admin.testexample.com. (''' | ||
| Line 66: | Line 66: | ||
== Check the configuration for errors == | == Check the configuration for errors == | ||
| − | * ''' | + | * '''named-checkconf''' --> if there's no output then the configuration is ok! |
| − | * ''' | + | * '''named-checkzone testexample.com /etc/named/zones/db.testexample.com''' |
| − | * ''' | + | * '''named-checkzone xx.xx.in-addr.arpa /etc/named/zones/db.xx.xx''' --> replace first "xx.xx" with right part of IP (example: 0.10.in-addr.arpa or 168.192.in-addr.arpa) |
== Start the bind server == | == Start the bind server == | ||
| − | * ''' | + | * '''systemctl start named''' --> start the service |
| − | * ''' | + | * '''systemctl enable named''' --> start the service at boot |
== Configure the firewall == | == Configure the firewall == | ||
| − | * ''' | + | * '''firewall-cmd --permanent --add-service=dns''' -->allow dns through firewall |
| − | * ''' | + | * '''firewall-cmd --reload''' --> reload firewall with new configuration |
== Check if the DNS-server is functioning == | == Check if the DNS-server is functioning == | ||
* '''dig @x.x.x.x <host>.<domain>.<tld>''' --> replace x.x.x.x with the IP of your new bind DNS-server. It should respond. | * '''dig @x.x.x.x <host>.<domain>.<tld>''' --> replace x.x.x.x with the IP of your new bind DNS-server. It should respond. | ||
Latest revision as of 08:08, 31 October 2016
Contents
Info
The steps below will configure a working bind DNS-server. The steps assume that you have a (fresh) CentOS 7 server running.
Install and configure bind (named)
- yum install bind bind-utils --> install bind and utils
- nano /etc/named.conf --> edit basic configuration
add above block "options":
acl "dnsclients" { --> a logical name you will use later on
localhost; --> the server itself
x.x.x.x/x; --> your local subnet (example: 192.168.1.0/24 or 10.1.0.0/16)
};
change: listen-on port 53 { 127.0.0.1; x.x.x.x; }; --> add the IP (x.x.x.x) of your server here
change (optional): # listen-on-v6 port 53 { ::1; }; --> disable IPv6 with a #
change: allow-query { dnsclients; }; --> change to the acl you created earlier
add: include "/etc/named/named.conf.local"; to end of the file
- nano /etc/named/named.conf.local --> create the file that defines the zones
zone "testexample.com" { --> define the forward zone
type master; --> type of the zone
file "/etc/named/zones/db.testexample.com"; --> location of the forward zone file
};
zone "xx.xx.in-addr.arpa" { --> define the reverse zone (examples: 168.192.in-addr.arpa or 0.10.in-addr.arpa)
type master;
file "/etc/named/zones/db.xx.xx"; location of the reverse zone file (examples: db.192.168 or db.10.0)
};
Creating the forward zone-file
- nano /etc/named/zones/db.testexample.com --> create the forward zone
$TTL 604800
@ IN SOA ns1.testexample.com. admin.testexample.com. (
1000 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; NS-records
IN NS ns1.testexample.com.
; A-records
ns1.testexample.com. IN A x.x.x.x --> replace x.x.x.x with IP
<host1>.testexample.com. IN A x.x.x.x --> replace x.x.x.x with IP
<host2>.testexample.com. IN A x.x.x.x --> replace x.x.x.x with IP
Creating the reverse zone-file
- nano /etc/named/zones/db.xx.xx --> create the reverse zone
$TTL 604800
@ IN SOA ns1.testexample.com admin.testexample.com. (
20161012 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; NS-records
IN NS ns1.testexample.com.
; PTR Records
x.x IN PTR <host1>.testexample.com. --> replace x.x with correct part of IP
x.x IN PTR <host2>.testexample.com. --> replace x.x with correct part of IP
Check the configuration for errors
- named-checkconf --> if there's no output then the configuration is ok!
- named-checkzone testexample.com /etc/named/zones/db.testexample.com
- named-checkzone xx.xx.in-addr.arpa /etc/named/zones/db.xx.xx --> replace first "xx.xx" with right part of IP (example: 0.10.in-addr.arpa or 168.192.in-addr.arpa)
Start the bind server
- systemctl start named --> start the service
- systemctl enable named --> start the service at boot
Configure the firewall
- firewall-cmd --permanent --add-service=dns -->allow dns through firewall
- firewall-cmd --reload --> reload firewall with new configuration
Check if the DNS-server is functioning
- dig @x.x.x.x <host>.<domain>.<tld> --> replace x.x.x.x with the IP of your new bind DNS-server. It should respond.
