Friday, June 27, 2014



DNS server installation and configuration on Redhat 6 64 bi
Example Configuration

DNS Server Details:
Operating System                            : Redhat 6.5 64 bit
Hostname                                        : tn.example.gov.in
IP Address                                      : 192.168.1.161/24
Client Details:
Operating System                            : Redhat 6.5 64 bit
Hostname                                        : tn2.example.gov.in
IP Address                                      : 192.168.1.221/24
DNS installation Steps:
1.       Install Bind Chroot DNS server :
# yum install bind-chroot bind -y

2.       Copy all bind related files to prepare bind chrooted environments :
# cp -R /usr/share/doc/bind-*/sample/var/named/* 
  /var/named/chroot/var/named/

3.       Create bind related files into chrooted directory :
# touch /var/named/chroot/var/named/data/cache_dump.db
# touch /var/named/chroot/var/named/data/named_stats.txt
# touch /var/named/chroot/var/named/data/named_mem_stats.txt
# touch /var/named/chroot/var/named/data/named.run
# mkdir /var/named/chroot/var/named/dynamic
# touch /var/named/chroot/var/named/dynamic/managed-keys.bind

4.       Bind lock file should be writeable, therefore set the permission to make it writable as below :
# chmod -R 777 /var/named/chroot/var/named/data
# chmod -R 777 /var/named/chroot/var/named/dynamic

5.       Set if you do not use IPv6 :
# echo 'OPTIONS="-4"' >> /etc/sysconfig/named

6.       Copy /etc/named.conf chrooted bind config folder :
# cp -p /etc/named.conf /var/named/chroot/etc/named.conf

7.       Configure main bind configuration in /etc/named.conf. Append the example.gov.in information to the file :
# vi /var/named/chroot/etc/named.conf

a.       Add bind DNS IP addresses :
..
listen-on port 53 { 127.0.0.1;192.168.1.161;192.168.1.0; };
..

b.      Create forward and reverse zone :
..
..
zone "example.gov.in" {
    type master;
    file "example.gov.in.zone";
};
 
zone "1.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.1.zone";
};
..
..
 
Full configuration for named.conf :
 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
 
options {
        listen-on port 53 { 127.0.0.1;192.168.1.161;192.168.1.0; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.1.0/24; };
        recursion yes;
 
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
 
        managed-keys-directory "/var/named/dynamic";
};
 
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
 
zone "." IN {
        type hint;
        file "named.ca";
};
zone "example.gov.in" {
    type master;
    file "example.gov.in.zone";
};
 
zone "1.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.1.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

8.       Create Forward and Reverse zone files for domain example.gov.in.
a.       Create Forward Zone :
# vi /var/named/chroot/var/named/example.gov.in.zone

;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     ns1.example.gov.in. root.example.gov.in. (
                               2013042201      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns1.example.gov.in.
               IN      A       192.168.1.161
               IN      MX      10 mail.example.gov.in.

tn           IN      A       192.168.1.161
mail            IN      A       192.168.1.161
ns1              IN      A       192.168.1.161
tn2             IN      A       192.168.1.221

b.      Create Reverse Zone :
# vi /var/named/chroot/var/named/192.168.1.zone
 
;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     ns1.example.gov.in. root.example.gov.in. (
                               2013042201      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum
 
@        IN      NS      ns1.example.gov.in.
@        IN      PTR     example.gov.in.
ns1     IN      A       192.168.1.161
161      IN     PTR     mail.example.gov.in.
161      IN     PTR     ns1.example.gov.in.
161     IN      PTR     tn.example.gov.in.
221     IN      PTR     tn2.example.gov.in.

9.       Start Bind service :
# /etc/init.d/named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

10.   Configure Bind auto start at boot :
# chkconfig --levels 235 named on

11.   Test and verify Bind DNS setup :
a.       Test and verify using host command :
# host -t ns example.gov.in
# host -t mx example.gov.in
b.      Test and verify using nslookup command :
# nslookup
Ø  Set  type=any
Ø  Example.gov.in

Ø  Exit

c.       Test and verify using dig command :
# dig example.gov.in
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)