Grid Guides

Explore How System On Grid Can Work For You

Grid Guide Topics

How to Install and Configure DNS Server in CentOS 7

Table Of Contents


    ## Table of Contents

    – [Introduction](#introduction
    – [Prerequisites](#prerequisites
    – [Assumptions](#assumptions
    – [Install Master (Primary DNS Server](#install-master-primary-dns-server
    – [Install Bind Packages on your Server](#install-bind-packages-on-your-server
    – [Configure Master (Primary DNS Server](#configure-master-primary-dns-server
    – [Check DNS Configuration and Zone File for Syntax Errors](#check-dns-configuration-and-zone-file-for-syntax-errors
    – [Start DNS Service](#start-dns-service
    – [Firewall Configuration](#firewall-configuration
    – [Restart Firewall](#restart-firewall
    – [Configure Ownership, Permissions, and SELinux ](#configure-ownership-permissions-and-selinux
    – [Test DNS Server ](#test-dns-server

    – [Install Slave (Secondary DNS Server](#install-slave-secondary-dns-server
    – [Install Bind Packages on your Server ](#install-bind-packages-on-your-server
    – [Configure Slave (Secondary DNS Server ](#configure-slave-secondary-dns-server
    – [Check DNS Configuration](#check-dns-configuration
    – [Start DNS Service](#start-dns-service
    – [Firewall Configuration](#firewall-configuration
    – [Restart Firewall](#restart-firewall
    – [Configure Ownership, Permissions, and SELinux ](#configure-ownership-permissions-and-selinux
    – [Test DNS Server](#test-dns-server
    – [Client Side Configuration](#client-side-configuration
    – [Add DNS Server Details](#add-dns-server-details
    – [Test DNS Server](#test-dns-server

    – [Conclusion](#conclusion

    ## Introduction

    In this guide, we are going to tell you the step-by-step process you should follow to install and configure DNS server in CentOS 7. And, I am using 3 nodes to explain you the process clearly. The first node acts as the Master DNS Server, the second node acts as the Slave DNS Server, and the third node acts as a DNS Client.

    ## Prerequisites

    Running Server

    ## Assumptions

    ## Master (Primary DNS Server Details

    Operating System: CentOS 7 Minimal Server
    Hostname: masterdns.systemongrid.local
    IP Address: 192.168.32.30/24

    ## Slave (Secondary DNS Server Details

    Operating System: CentOS 7 Minimal Server
    Hostname: secondarydns.systemongrid.local
    IP Address: 192.168.32.33/24

    ## Client DNS Details

    Operating System: CentOS 7 Desktop
    Hostname: client.systemongrid.local
    IP Address: 192.168.32.34/24

    ## Install Master (Primary DNS Server

    ## Install BIND Packages on your Server

    BIND is an acronym for Berkeley Internet Name Domain. It is a software which associates hostnames to IP addresses.

    Enter the following command to install BIND packages on your server.

    “`
    # yum update -y
    # yum -y install bind bind-utils -y

    “`
    ## Configure Master (Primary DNS Server

    Edit the file, ‘/etc/named.conf’

    “`
    # vi /etc/named.conf
    “`

    Add a few lines shown in bold.

    “`
    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8 DNS
    // server as a caching only nameserver (as a localhost DNS resolver only.
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //

    options {
    listen-on port 53 { 127.0.0.1; 192.168.32.30;}; ### Master DNS IP ###
    # listen-on-v6 port 53 { ::1; };
    directory “/var/named”;
    dump-file “/var/named/data/cache_dump.db”;
    statistics-file “/var/named/data/named_stats.txt”;
    memstatistics-file “/var/named/data/named_mem_stats.txt”;
    allow-query { localhost; 192.168.32.0/24;}; ### IP Range ###
    allow-transfer{ localhost; 192.168.32.33; }; ### Slave DNS IP ###

    /*
    – If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
    – If you are building a RECURSIVE (caching DNS server, you need to enable
    recursion.
    – If your recursive DNS server has a public IP address, you MUST enable access
    control to limit queries to your legitimate users. Failing to do so will
    cause your server to become part of large scale DNS amplification
    attacks. Implementing BCP38 within your network would greatly
    reduce such attack surface
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    /* Path to ISC DLV key */
    bindkeys-file “/etc/named.iscdlv.key”;

    managed-keys-directory “/var/named/dynamic”;

    pid-file “/run/named/named.pid”;
    session-keyfile “/run/named/session.key”;
    };

    logging {
    channel default_debug {
    file “data/named.run”;
    severity dynamic;
    };
    };

    zone “.” IN {
    type hint;
    file “named.ca”;
    };

    zone “systemongrid.local” IN {
    type master;
    file “forward.systemongrid”;
    allow-update { none; };
    };
    zone “32.168.192.in-addr.arpa” IN {
    type master;
    file “reverse.systemongrid”;
    allow-update { none; };
    };

    include “/etc/named.rfc1912.zones”;
    include “/etc/named.root.key”;
    “`

    ## Create Zone Files

    Now, you must create forward and reverse zone files that you have mentioned in the file, ‘/etc/named.conf’.

    ## Create Forward Zone File

    Then, you must create forward.systemongrid file in the /var/named directory.

    “`
    # vi /var/named/forward.systemongrid
    “`
    And, add the following lines to the file.

    “`
    $TTL 86400
    @ IN SOA masterdns.systemongrid.local. root.systemongrid.local. (
    2011071001 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL

    @ IN NS masterdns.systemongrid.local.
    @ IN NS secondarydns.systemongrid.local.
    @ IN A 192.168.32.30
    @ IN A 192.168.32.33
    @ IN A 192.168.32.34
    masterdns IN A 192.168.32.30
    secondarydns IN A 192.168.32.33
    client IN A 192.168.32.34
    “`

    ## Create Reverse Zone File

    Then, create reverse.systemongrid file in the /var/named directory.

    “`
    # vi /var/named/reverse.systemongrid
    “`

    And, add the following lines to the file.

    “`
    $TTL 86400
    @ IN SOA masterdns.systemongrid.local. root.systemongrid.local. (
    2011071001 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL

    @ IN NS masterdns.systemongrid.local.
    @ IN NS secondarydns.systemongrid.local.
    @ IN PTR systemongrid.local.
    masterdns IN A 192.168.32.30
    secondarydns IN A 192.168.32.33
    client IN A 192.168.32.34
    104 IN PTR masterdns.systemongrid.local.
    105 IN PTR secondarydns.systemongrid.local.
    106 IN PTR client.systemongrid.local.
    “`

    ## Check DNS Configuration and Zone File for Syntax Errors

    Now, test your default DNS configuration file using the command,

    “`
    # named-checkconf /etc/named.conf
    “`
    Your default DNS configuration file will be valid only if it returns nothing.

    Test the forward zone file using the command,

    “`
    # named-checkzone systemongrid.local /var/named/forward.systemongrid
    “`

    And, you will get an output something like the below
    ![reversezonefile](https://grid.media/assets/images/reverse-zone-file.png

    Test the reverse zone file using the command,

    “`
    # named-checkzone systemongrid.local /var/named/reverse.systemongrid
    “`
    And, you will get an output something like the following.
    ![reversezonefilee](https://grid.media/assets/images/reverse-zone-file.png

    ## Start DNS Service

    Now, enable and start DNS service using the following commands.
    “`
    # systemctl enable named
    # systemctl start named
    “`

    Now, edit the file, /etc/resolv.conf, using the command
    “`
    # vi /etc/resolv.conf
    “`
    Add the IP address of the name server
    “`
    nameserver 192.168.32.30
    “`

    Now, save and close the file.

    Then, restart the network services using the below command.
    “`
    # systemctl restart network
    “`

    ## Firewall Configuration

    Now, allow DNS service port 53, a default port, through the firewall using the following commands.
    “`
    # firewall-cmd –permanent –add-port=53/tcp
    # firewall-cmd –permanent –add-port=53/udp
    “`

    ## Restart Firewall

    Now, restart the firewall using the below command.
    “`
    # firewall-cmd –reload
    “`

    ## Configure Ownership, Permissions and SELinux

    Now, run the below commands one after the other.
    ““
    # chgrp named -R /var/named
    # chown -v root:named /etc/named.conf
    # setenforce 0
    “`
    ## Test DNS Server

    Test your DNS server using the below command.
    “`
    # dig masterdns.systemongrid.local
    “`
    You will get an output something like the following.

    ![testdnsserveroutput](https://grid.media/assets/images/test-dns-server-output.png

    Now, run the below command.

    “`
    # nslookup systemongrid.local
    “`
    You will get the following output.
    ![primarydnsserverisready](https://grid.media/assets/images/primary-dns-server-is-ready.png

    Now the primary DNS server is all set to use.

    ## Install Slave (Secondary DNS Server

    ## Install Bind Packages on your Server

    Enter the following command to install BIND packages on your server.

    “`
    # yum update -y
    # yum -y install bind bind-utils -y
    “`

    ## Configure Slave (Secondary DNS Server

    Edit the file, ‘/etc/named.conf’

    “`
    # vi /etc/named.conf
    “`

    Add a few lines shown in bold.
    “`
    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8 DNS
    // server as a caching only nameserver (as a localhost DNS resolver only.
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    options {
    listen-on port 53 { 127.0.0.1; 192.168.32.33; };
    listen-on-v6 port 53 { ::1; };
    directory “/var/named”;
    dump-file “/var/named/data/cache_dump.db”;
    statistics-file “/var/named/data/named_stats.txt”;
    memstatistics-file “/var/named/data/named_mem_stats.txt”;
    allow-query { localhost; 192.168.32.0/24; };
    .
    .
    zone “.” IN {
    type hint;
    file “named.ca”;
    };
    zone “systemongrid.local” IN {
    type slave;
    file “slaves/systemongrid.fwd”;
    masters { 192.168.32.30; };
    };
    zone “1.168.192.in-addr.arpa” IN {
    type slave;
    file “slaves/systemongrid.rev”;
    masters { 192.168.32.30; };
    };
    include “/etc/named.rfc1912.zones”;
    include “/etc/named.root.key”;
    “`

    ## Check DNS Configuration

    Now, test your default DNS configuration file using the command,
    “`
    # named-checkconf /etc/named.conf
    “`
    Your default DNS configuration file will be valid only if it returns nothing.

    ## Start DNS Service

    Now, enable and start DNS service using the following commands.
    “`
    # systemctl enable named
    “`

    Then, the forward and reverse zones will be replicated automatically from the master (primary DNS server to ‘/var/named/slaves/’ in slave (secondary DNS server.
    “`
    # ls /var/named/slaves/
    “`
    You will get an output like the following.

    ![replicationofforwardandreversezones](https://grid.media/assets/images/replication-of-forward-and-reverse-zones.png

    Now, edit the file, /etc/resolv.conf, using the command
    “`
    # vi /etc/resolv.conf
    “`

    Add the IP address of the name server
    “`
    nameserver 192.168.32.30
    nameserver 192.168.32.33
    “`

    Now, save and close the file.

    Then, restart the network services using the below command.
    “`
    # systemctl restart network
    “`
    ## Firewall Configuration

    Now, allow DNS service port 53, a default port, through the firewall using the following command.
    “`
    # firewall-cmd –permanent –add-port=53/tcp
    “`
    ## Restart Firewall

    Now, restart the firewall using the below command.
    “`
    # firewall-cmd –reload
    “`
    ## Configure Ownership, Permissions and SELinux

    Now, run the below commands one after the other.
    “`
    # chgrp named -R /var/named
    # chown -v root:named /etc/named.conf
    # setenforce 0
    “`
    ## Test DNS Server

    Now, test your default DNS configuration file using the commands,
    “`
    # dig masterdns.systemongrid.local
    “`
    You will get an output something like the following.

    ![slavetestdnsserveroutput](https://grid.media/assets/images/slave-test-dns-server-output.png

    Now run the other command,

    “`
    # dig secondarydns.systemongrid.local
    “`
    You will get an output like the following

    ![slavesecondarydnsserveroutput](https://grid.media/assets/images/slave-secondary-dns-server-output.png

    Now, run the below command.
    “`
    # nslookup systemongrid.local
    “`
    You will get an output like the following

    ![secondarydnsserverisready](https://grid.media/assets/images/secondary-dns-server-is-ready.png

    ## Client Side Configuration
    ## Add DNS Server Details

    Now, add DNS server details to the configuration file in all client systems using the following command.
    “`
    # vi /etc/resolv.conf
    “`
    “`
    # Generated by NetworkManager
    search systemongrid.local
    nameserver 192.168.32.30
    nameserver 192.168.32.33
    “`
    Now, reboot the system or restart network services.

    ## Test DNS Server

    Now, you need to test DNS server using the below commands.

    “`
    # dig masterdns.systemongrid.local
    # dig secondarydns.systemongrid.local
    # dig client.systemongrid.local
    # nslookup systemongrid.local
    “`

    ## Conclusion
    In this guide, we have explained to you how to install and configure DNS Server in CentOS 7.