In this article, you will learn how to setup BIND Private DNS Server on Rocky Linux. Here, you will configure two DNS servers one is the MASTER and the other is SLAVE.
Table of Contents:
- What is BIND?
- Environment Specification
- Preparing Linux Servers
- Configure BIND Private DNS Server - Master
- Configure BIND Private DNS Server - Slave
- Starting DNS Services
- Conclusion
What is BIND? :
BIND is most widely used DNS (Domain Name Server) software. Its name originates as an acronym of Berkeley Internet Name Domain. BIND is also called by it service name i.e. named (or Name Daemon). BIND latest version 9 is available now and distributed under Mozilla Public License (MPL). BIND is developed and maintained by Internet Systems Consortium (ISC).
Almost every Internet connection starts with a DNS lookup. Hostname to IP resolution is necessary before sending an email or browsing a website and BIND is the preferred DNS server for Unix / Linux operating systems.
Recommended Online Training: Basics of BIND DNS Server
Recommended Book: DNS and BIND (5th Edition) by Cricket Liu & Paul Albitz
Also Read:
Configure Authoritative DNS Server in CentOS 7
Configure Caching Only DNS Server in CentOS 7
Environment Specification:
We are using two minimal Rocky Linux 8 virtual machines with following specification.
- CPU - 3.4 Ghz (2 cores)
- Memory - 2 GB
- Storage - 20 GB
- Operating System - Rocky Linux 8.6 (Green Obsidian)
- Hostname – nameserver-01.centlinux.com, nameserver-02.centlinux.com
- IP Address - 192.168.116.128 /24, 192.168.116.129 /24
Preparing Linux Servers:
Connect with your Linux server as root user with the help of a SSH client.
Rebuild cache of installed yum repositories.
# dnf makecache
Rocky Linux 8 - AppStream 1.5 kB/s | 4.8 kB 00:03
Rocky Linux 8 - AppStream 670 kB/s | 8.8 MB 00:13
Rocky Linux 8 - BaseOS 1.1 kB/s | 4.3 kB 00:04
Rocky Linux 8 - BaseOS 486 kB/s | 3.6 MB 00:07
Rocky Linux 8 - Extras 864 B/s | 3.5 kB 00:04
Rocky Linux 8 - Extras 3.5 kB/s | 11 kB 00:03
Metadata cache created.
Execute following command to update your Linux server.
# dnf update -y
If the above command updates your Linux Kernel then, you should reboot your operating system with the new kernel.
# reboot
Verify the version of Linux operating system that is being used in this installation guide.
# cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8"
Install BIND software packages by executing following command at Linux bash prompt.
# dnf install -y bind bind-utils
Allow the DNS service in Linux Firewall.
# firewall-cmd --permanent --add-service=dns success # firewall-cmd --reload success
Before moving forward, ensure that you have performed above steps on Both Master and Slave Private DNS servers.
Configure BIND Private DNS Server - Master:
By using a SSH client, connect with nameserver-01.centlinux.com as root user.
Open BIND configuration file in vim text editor.
# vi /etc/named.conf
Locate and set following directives in this file.
listen-on port 53 { 127.0.0.1; 192.168.116.128; };
allow-query { localhost; 192.168.116.0/24; };
Add following directive at the end to this file, to include named.conf.local file in BIND configurations.
include "/etc/named.conf.local";
Create configuration file named.conf.local by using vi command.
# vi /etc/named.conf.local
Add following directives in this file.
zone "centlinux.com" {
type master;
allow-transfer {192.168.116.129; };
also-notify {192.168.116.129; };
file "/var/named/centlinux.com";
};
zone "116.168.192.in-addr.arpa" {
type master;
allow-transfer {192.168.116.129; };
also-notify {192.168.116.129; };
file "/var/named/116.168.192.in-addr.arpa";
};
Now create BIND zone configuration file /var/named/centlinux.com by using vi command.
# vi /var/named/centlinux.com
Add following directives in this file.
$TTL 1h
@ IN SOA centlinux.com. root.centlinux.com. (
2022070401 ; Serial YYYYMMDDnn
24h ; Refresh
2h ; Retry
28d ; Expire
2d ) ; Minimum TTL
;Name Servers
@ IN NS nameserver-01
@ IN NS nameserver-02
;Mail Servers
@ IN MX 0 mailserver-01
;Other Servers
nameserver-01 IN A 192.168.116.128
nameserver-02 IN A 192.168.116.129
mailserver-01 IN A 192.168.116.5
webserver-01 IN A 192.168.116.10
;Canonical Names
www IN CNAME webserver-01
mail IN CNAME mailserver-01
Check above zone configuration file by executing following command.
# named-checkzone example.com /var/named/centlinux.com
zone example.com/IN: loaded serial 2022070401
OK
Create the reverse lookup zone by using vi command.
# vi /var/named/116.168.192.in-addr.arpa
Add following directives therein.
$TTL 1h
@ IN SOA 116.168.192.in-addr.arpa root.centlinux.com. (
2022070401 ; Serial YYYYMMDDnn
24h ; Refresh
2h ; Retry
28d ; Expire
2d ) ; Minimum TTL
;Name Servers
@ IN NS nameserver-01
@ IN NS nameserver-02
;Other Servers
nameserver-01 IN A 192.168.116.128
nameserver-02 IN A 192.168.116.129
;PTR Records
128 IN PTR nameserver-01
129 IN PTR nameserver-02
5 IN PTR mailserver-01
10 IN PTR webserver-01
Check the zone configuration file by executing following command.
# named-checkzone example.com /var/named/116.168.192.in-addr.arpa
zone example.com/IN: loaded serial 2022070401
OK
Adjust the group ownership of DNS zone configuration file as follows.
# chgrp named /var/named/centlinux.com # chgrp named /var/named/116.168.192.in-addr.arpa
Configure BIND Private DNS Server - Slave:
By using a SSH client, connect with nameserver-02.centlinux.com as root user.
Open BIND configuration file in vim text editor.
# vi /etc/named.conf
Locate and set following directives in this file.
listen-on port 53 { 127.0.0.1; 192.168.116.129; };
allow-query { localhost; 192.168.116.0/24; };
Add following directive at the end to this file, to include named.conf.local file in BIND configurations.
include "/etc/named.conf.local";
Create configuration file named.conf.local by using vi command.
# vi /etc/named.conf.local
Add following directives therein.
zone "centlinux.com" {
type slave;
masters { 192.168.116.128; };
file "/var/named/centlinux.com";
};
zone "116.168.192.in-addr.arpa" {
type slave;
masters { 192.168.116.128; };
file "/var/named/116.168.192.in-addr.arpa";
};
There is no need to create BIND zone configuration files as you created in Master DNS server.
Because the Slave DNS server will automatically synchronize these files from Master DNS server.
For this purpose, you only have to set a SELinux boolean, so your Secondary (Slave) DNS server can accept zone transfers and update local zone files.
# setsebool -P named_write_master_zones on
Starting DNS Services:
Perform following steps on both DNS servers to configure and start your Private Naming services.
Enable and start BIND DNS service.
# systemctl enable --now named.service
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
Execute nmcli command on your Linux servers to set Primary and Secondary DNS servers.
# nmcli c m ens160 ipv4.dns-search centlinux.com ipv4.dns 192.168.116.128,192.168.116.129
Restart network interface to apply changes.
# nmcli c down ens160 ; nmcli c up ens160
Connection 'ens160' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Verify the DNS server settings by looking into /etc/resolv.conf file.
# cat /etc/resolv.conf
# Generated by NetworkManager
search centlinux.com
nameserver 192.168.116.128
nameserver 192.168.116.129
nameserver 192.168.116.2
Perform a NS lookup by using dig command to check your BIND Private DNS server.
# dig www.centlinux.com
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> www.centlinux.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38962
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2108cd2a025d0e7eed402aa062c5a337697d84f4ea85f1fa (good)
;; QUESTION SECTION:
;www.centlinux.com. IN A
;; ANSWER SECTION:
www.centlinux.com. 3600 IN CNAME webserver-01.centlinux.com.
webserver-01.centlinux.com. 3600 IN A 192.168.116.10
;; AUTHORITY SECTION:
centlinux.com. 3600 IN NS nameserver-01.centlinux.com.
centlinux.com. 3600 IN NS nameserver-02.centlinux.com.
;; ADDITIONAL SECTION:
nameserver-01.centlinux.com. 3600 IN A 192.168.116.128
nameserver-02.centlinux.com. 3600 IN A 192.168.116.129
;; Query time: 0 msec
;; SERVER: 192.168.116.128#53(192.168.116.128)
;; WHEN: Wed Jul 06 19:59:03 PKT 2022
;; MSG SIZE rcvd: 205
You can see that the NS lookup is successfully satisfied by your Naming servers.
Conclusion:
In this article, you have successfully setup BIND private DNS server on Rocky Linux or other RPM based Linux distros.
No comments:
Post a Comment