Latest

Wednesday, 6 July 2022

Setup BIND Private DNS Server on Rocky Linux

Setup BIND Private DNS Server on Rocky Linux

In this article, you will learn how to setup BIND Private DNS Server on Rocky Linux. Here, you will configure two DNS servers one is the MASTER and the other is SLAVE.

 

Table of Contents:

 

What is BIND? :

BIND is most widely used DNS (Domain Name Server) software. Its name originates as an acronym of Berkeley Internet Name Domain. BIND is also called by it service name i.e. named (or Name Daemon). BIND latest version 9 is available now and distributed under Mozilla Public License (MPL). BIND is developed and maintained by Internet Systems Consortium (ISC).

Almost every Internet connection starts with a DNS lookup. Hostname to IP resolution is necessary before sending an email or browsing a website and BIND is the preferred DNS server for Unix / Linux operating systems.

Recommended Online Training: Basics of BIND DNS Server
Recommended Book: DNS and BIND (5th Edition) by Cricket Liu & Paul Albitz

Setup BIND Private DNS Server on Rocky Linux

Also Read: 

Configure Authoritative DNS Server in CentOS 7
Configure Caching Only DNS Server in CentOS 7

 

Environment Specification:

We are using two minimal Rocky Linux 8 virtual machines with following specification.

  • CPU - 3.4 Ghz (2 cores)
  • Memory - 2 GB
  • Storage - 20 GB
  • Operating System - Rocky Linux 8.6 (Green Obsidian)
  • Hostname – nameserver-01.centlinux.com, nameserver-02.centlinux.com
  • IP Address - 192.168.116.128 /24, 192.168.116.129 /24

 

Preparing Linux Servers:

Connect with your Linux server as root user with the help of a SSH client.

Rebuild cache of installed yum repositories.

# dnf makecache
Rocky Linux 8 - AppStream                       1.5 kB/s | 4.8 kB     00:03
Rocky Linux 8 - AppStream                       670 kB/s | 8.8 MB     00:13
Rocky Linux 8 - BaseOS                          1.1 kB/s | 4.3 kB     00:04
Rocky Linux 8 - BaseOS                          486 kB/s | 3.6 MB     00:07
Rocky Linux 8 - Extras                          864  B/s | 3.5 kB     00:04
Rocky Linux 8 - Extras                          3.5 kB/s |  11 kB     00:03
Metadata cache created.

Execute following command to update your Linux server.

# dnf update -y

If the above command updates your Linux Kernel then, you should reboot your operating system with the new kernel.

# reboot

Verify the version of Linux operating system that is being used in this installation guide.

# cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8"

Install BIND software packages by executing following command at Linux bash prompt.

# dnf install -y bind bind-utils

Allow the DNS service in Linux Firewall.

# firewall-cmd --permanent --add-service=dns
success
# firewall-cmd --reload
success

Before moving forward, ensure that you have performed above steps on Both Master and Slave Private DNS servers.

 

Configure BIND Private DNS Server - Master:

By using a SSH client, connect with nameserver-01.centlinux.com as root user.

Open BIND configuration file in vim text editor.

# vi /etc/named.conf

Locate and set following directives in this file.

listen-on port 53 { 127.0.0.1; 192.168.116.128; };
allow-query     { localhost; 192.168.116.0/24; };

Add following directive at the end to this file, to include named.conf.local file in BIND configurations.

include "/etc/named.conf.local";

Create configuration file named.conf.local by using vi command.

# vi /etc/named.conf.local

Add following directives in this file.

zone "centlinux.com" {
   type master;
   allow-transfer {192.168.116.129; };
   also-notify {192.168.116.129; };
   file "/var/named/centlinux.com";
};

zone "116.168.192.in-addr.arpa" {
   type master;
   allow-transfer {192.168.116.129; };
   also-notify {192.168.116.129; };
   file "/var/named/116.168.192.in-addr.arpa";
};

Now create BIND zone configuration file /var/named/centlinux.com by using vi command.

# vi /var/named/centlinux.com

Add following directives in this file.

$TTL 1h
@       IN      SOA     centlinux.com.    root.centlinux.com. (
        2022070401      ; Serial YYYYMMDDnn
        24h             ; Refresh
        2h              ; Retry
        28d             ; Expire
        2d )            ; Minimum TTL

;Name Servers
@       IN      NS              nameserver-01
@       IN      NS              nameserver-02

;Mail Servers
@       IN      MX      0       mailserver-01

;Other Servers
nameserver-01  IN      A               192.168.116.128
nameserver-02  IN      A               192.168.116.129
mailserver-01  IN      A               192.168.116.5
webserver-01   IN      A               192.168.116.10

;Canonical Names
www     IN      CNAME           webserver-01
mail    IN      CNAME           mailserver-01

Check above zone configuration file by executing following command.

# named-checkzone example.com /var/named/centlinux.com
zone example.com/IN: loaded serial 2022070401
OK

Create the reverse lookup zone by using vi command.

# vi /var/named/116.168.192.in-addr.arpa

Add following directives therein.

$TTL 1h
@       IN      SOA     116.168.192.in-addr.arpa    root.centlinux.com. (
        2022070401      ; Serial YYYYMMDDnn
        24h             ; Refresh
        2h              ; Retry
        28d             ; Expire
        2d )            ; Minimum TTL

;Name Servers
@       IN      NS              nameserver-01
@       IN      NS              nameserver-02

;Other Servers
nameserver-01  IN      A       192.168.116.128
nameserver-02  IN      A       192.168.116.129

;PTR Records
128              IN      PTR             nameserver-01
129              IN      PTR             nameserver-02
5                IN      PTR             mailserver-01
10               IN      PTR             webserver-01

Check the zone configuration file by executing following command.

# named-checkzone example.com /var/named/116.168.192.in-addr.arpa
zone example.com/IN: loaded serial 2022070401
OK

Adjust the group ownership of DNS zone configuration file as follows.

# chgrp named /var/named/centlinux.com
# chgrp named /var/named/116.168.192.in-addr.arpa

 

Configure BIND Private DNS Server - Slave:

By using a SSH client, connect with nameserver-02.centlinux.com as root user.

Open BIND configuration file in vim text editor.

# vi /etc/named.conf

Locate and set following directives in this file.

listen-on port 53 { 127.0.0.1; 192.168.116.129; };
allow-query     { localhost; 192.168.116.0/24; };

Add following directive at the end to this file, to include named.conf.local file in BIND configurations.

include "/etc/named.conf.local";

Create configuration file named.conf.local by using vi command.

# vi /etc/named.conf.local

Add following directives therein.

zone "centlinux.com" {
   type slave;
   masters { 192.168.116.128; };
   file "/var/named/centlinux.com";
};

zone "116.168.192.in-addr.arpa" {
   type slave;
   masters { 192.168.116.128; };
   file "/var/named/116.168.192.in-addr.arpa";
};

There is no need to create BIND zone configuration files as you created in Master DNS server.

Because the Slave DNS server will automatically synchronize these files from Master DNS server.

For this purpose, you only have to set a SELinux boolean, so your Secondary (Slave) DNS server can accept zone transfers and update local zone files.

# setsebool -P named_write_master_zones on

 

Starting DNS Services:

Perform following steps on both DNS servers to configure and start your Private Naming services.

Enable and start BIND DNS service.

# systemctl enable --now named.service
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.

Execute nmcli command on your Linux servers to set Primary and Secondary DNS servers.

# nmcli c m ens160 ipv4.dns-search centlinux.com ipv4.dns 192.168.116.128,192.168.116.129

Restart network interface to apply changes.

# nmcli c down ens160 ; nmcli c up ens160
Connection 'ens160' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

Verify the DNS server settings by looking into /etc/resolv.conf file.

# cat /etc/resolv.conf
# Generated by NetworkManager
search centlinux.com
nameserver 192.168.116.128
nameserver 192.168.116.129
nameserver 192.168.116.2

Perform a NS lookup by using dig command to check your BIND Private DNS server.

# dig www.centlinux.com

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> www.centlinux.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38962
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2108cd2a025d0e7eed402aa062c5a337697d84f4ea85f1fa (good)
;; QUESTION SECTION:
;www.centlinux.com.             IN      A

;; ANSWER SECTION:
www.centlinux.com.      3600    IN      CNAME   webserver-01.centlinux.com.
webserver-01.centlinux.com. 3600 IN     A       192.168.116.10

;; AUTHORITY SECTION:
centlinux.com.          3600    IN      NS      nameserver-01.centlinux.com.
centlinux.com.          3600    IN      NS      nameserver-02.centlinux.com.

;; ADDITIONAL SECTION:
nameserver-01.centlinux.com. 3600 IN    A       192.168.116.128
nameserver-02.centlinux.com. 3600 IN    A       192.168.116.129

;; Query time: 0 msec
;; SERVER: 192.168.116.128#53(192.168.116.128)
;; WHEN: Wed Jul 06 19:59:03 PKT 2022
;; MSG SIZE  rcvd: 205

You can see that the NS lookup is successfully satisfied by your Naming servers.

 

Conclusion:

In this article, you have successfully setup BIND private DNS server on Rocky Linux or other RPM based Linux distros.

If you find this article useful? Consider supporting us by Buy Me A Coffee


No comments:

Post a Comment

© 2022 CentLinux. All Rights Reserved.