## Table of Contents
– [Introduction](#introduction
– [Prerequisites](#prerequisites
– [Assumptions](#assumptions
– [Install Master (Primary DNS Server](#install-master-primary-dns-server
– [Install Bind Packages on your Server](#install-bind-packages-on-your-server
– [Configure Master (Primary DNS Server](#configure-master-primary-dns-server
– [Check DNS Configuration and Zone File for Syntax Errors](#check-dns-configuration-and-zone-file-for-syntax-errors
– [Start DNS Service](#start-dns-service
– [Firewall Configuration](#firewall-configuration
– [Restart Firewall](#restart-firewall
– [Configure Ownership, Permissions, and SELinux ](#configure-ownership-permissions-and-selinux
– [Test DNS Server ](#test-dns-server
– [Install Slave (Secondary DNS Server](#install-slave-secondary-dns-server
– [Install Bind Packages on your Server ](#install-bind-packages-on-your-server
– [Configure Slave (Secondary DNS Server ](#configure-slave-secondary-dns-server
– [Check DNS Configuration](#check-dns-configuration
– [Start DNS Service](#start-dns-service
– [Firewall Configuration](#firewall-configuration
– [Restart Firewall](#restart-firewall
– [Configure Ownership, Permissions, and SELinux ](#configure-ownership-permissions-and-selinux
– [Test DNS Server](#test-dns-server
– [Client Side Configuration](#client-side-configuration
– [Add DNS Server Details](#add-dns-server-details
– [Test DNS Server](#test-dns-server
– [Conclusion](#conclusion
## Introduction
In this guide, we are going to tell you the step-by-step process you should follow to install and configure DNS server in CentOS 7. And, I am using 3 nodes to explain you the process clearly. The first node acts as the Master DNS Server, the second node acts as the Slave DNS Server, and the third node acts as a DNS Client.
## Prerequisites
Running Server
## Assumptions
## Master (Primary DNS Server Details
Operating System: CentOS 7 Minimal Server
Hostname: masterdns.systemongrid.local
IP Address: 192.168.32.30/24
## Slave (Secondary DNS Server Details
Operating System: CentOS 7 Minimal Server
Hostname: secondarydns.systemongrid.local
IP Address: 192.168.32.33/24
## Client DNS Details
Operating System: CentOS 7 Desktop
Hostname: client.systemongrid.local
IP Address: 192.168.32.34/24
## Install Master (Primary DNS Server
## Install BIND Packages on your Server
BIND is an acronym for Berkeley Internet Name Domain. It is a software which associates hostnames to IP addresses.
Enter the following command to install BIND packages on your server.
“`
# yum update -y
# yum -y install bind bind-utils -y
“`
## Configure Master (Primary DNS Server
Edit the file, ‘/etc/named.conf’
“`
# vi /etc/named.conf
“`
Add a few lines shown in bold.
“`
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8 DNS
// server as a caching only nameserver (as a localhost DNS resolver only.
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.32.30;}; ### Master DNS IP ###
# listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; 192.168.32.0/24;}; ### IP Range ###
allow-transfer{ localhost; 192.168.32.33; }; ### Slave DNS IP ###
/*
– If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
– If you are building a RECURSIVE (caching DNS server, you need to enable
recursion.
– If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;
managed-keys-directory “/var/named/dynamic”;
pid-file “/run/named/named.pid”;
session-keyfile “/run/named/session.key”;
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “.” IN {
type hint;
file “named.ca”;
};
zone “systemongrid.local” IN {
type master;
file “forward.systemongrid”;
allow-update { none; };
};
zone “32.168.192.in-addr.arpa” IN {
type master;
file “reverse.systemongrid”;
allow-update { none; };
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
“`
## Create Zone Files
Now, you must create forward and reverse zone files that you have mentioned in the file, ‘/etc/named.conf’.
## Create Forward Zone File
Then, you must create forward.systemongrid file in the /var/named directory.
“`
# vi /var/named/forward.systemongrid
“`
And, add the following lines to the file.
“`
$TTL 86400
@ IN SOA masterdns.systemongrid.local. root.systemongrid.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
@ IN NS masterdns.systemongrid.local.
@ IN NS secondarydns.systemongrid.local.
@ IN A 192.168.32.30
@ IN A 192.168.32.33
@ IN A 192.168.32.34
masterdns IN A 192.168.32.30
secondarydns IN A 192.168.32.33
client IN A 192.168.32.34
“`
## Create Reverse Zone File
Then, create reverse.systemongrid file in the /var/named directory.
“`
# vi /var/named/reverse.systemongrid
“`
And, add the following lines to the file.
“`
$TTL 86400
@ IN SOA masterdns.systemongrid.local. root.systemongrid.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
@ IN NS masterdns.systemongrid.local.
@ IN NS secondarydns.systemongrid.local.
@ IN PTR systemongrid.local.
masterdns IN A 192.168.32.30
secondarydns IN A 192.168.32.33
client IN A 192.168.32.34
104 IN PTR masterdns.systemongrid.local.
105 IN PTR secondarydns.systemongrid.local.
106 IN PTR client.systemongrid.local.
“`
## Check DNS Configuration and Zone File for Syntax Errors
Now, test your default DNS configuration file using the command,
“`
# named-checkconf /etc/named.conf
“`
Your default DNS configuration file will be valid only if it returns nothing.
Test the forward zone file using the command,
“`
# named-checkzone systemongrid.local /var/named/forward.systemongrid
“`
And, you will get an output something like the below
![reversezonefile](https://grid.media/assets/images/reverse-zone-file.png
Test the reverse zone file using the command,
“`
# named-checkzone systemongrid.local /var/named/reverse.systemongrid
“`
And, you will get an output something like the following.
![reversezonefilee](https://grid.media/assets/images/reverse-zone-file.png
## Start DNS Service
Now, enable and start DNS service using the following commands.
“`
# systemctl enable named
# systemctl start named
“`
Now, edit the file, /etc/resolv.conf, using the command
“`
# vi /etc/resolv.conf
“`
Add the IP address of the name server
“`
nameserver 192.168.32.30
“`
Now, save and close the file.
Then, restart the network services using the below command.
“`
# systemctl restart network
“`
## Firewall Configuration
Now, allow DNS service port 53, a default port, through the firewall using the following commands.
“`
# firewall-cmd –permanent –add-port=53/tcp
# firewall-cmd –permanent –add-port=53/udp
“`
## Restart Firewall
Now, restart the firewall using the below command.
“`
# firewall-cmd –reload
“`
## Configure Ownership, Permissions and SELinux
Now, run the below commands one after the other.
““
# chgrp named -R /var/named
# chown -v root:named /etc/named.conf
# setenforce 0
“`
## Test DNS Server
Test your DNS server using the below command.
“`
# dig masterdns.systemongrid.local
“`
You will get an output something like the following.
![testdnsserveroutput](https://grid.media/assets/images/test-dns-server-output.png
Now, run the below command.
“`
# nslookup systemongrid.local
“`
You will get the following output.
![primarydnsserverisready](https://grid.media/assets/images/primary-dns-server-is-ready.png
Now the primary DNS server is all set to use.
## Install Slave (Secondary DNS Server
## Install Bind Packages on your Server
Enter the following command to install BIND packages on your server.
“`
# yum update -y
# yum -y install bind bind-utils -y
“`
## Configure Slave (Secondary DNS Server
Edit the file, ‘/etc/named.conf’
“`
# vi /etc/named.conf
“`
Add a few lines shown in bold.
“`
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8 DNS
// server as a caching only nameserver (as a localhost DNS resolver only.
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.32.33; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; 192.168.32.0/24; };
.
.
zone “.” IN {
type hint;
file “named.ca”;
};
zone “systemongrid.local” IN {
type slave;
file “slaves/systemongrid.fwd”;
masters { 192.168.32.30; };
};
zone “1.168.192.in-addr.arpa” IN {
type slave;
file “slaves/systemongrid.rev”;
masters { 192.168.32.30; };
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
“`
## Check DNS Configuration
Now, test your default DNS configuration file using the command,
“`
# named-checkconf /etc/named.conf
“`
Your default DNS configuration file will be valid only if it returns nothing.
## Start DNS Service
Now, enable and start DNS service using the following commands.
“`
# systemctl enable named
“`
Then, the forward and reverse zones will be replicated automatically from the master (primary DNS server to ‘/var/named/slaves/’ in slave (secondary DNS server.
“`
# ls /var/named/slaves/
“`
You will get an output like the following.
![replicationofforwardandreversezones](https://grid.media/assets/images/replication-of-forward-and-reverse-zones.png
Now, edit the file, /etc/resolv.conf, using the command
“`
# vi /etc/resolv.conf
“`
Add the IP address of the name server
“`
nameserver 192.168.32.30
nameserver 192.168.32.33
“`
Now, save and close the file.
Then, restart the network services using the below command.
“`
# systemctl restart network
“`
## Firewall Configuration
Now, allow DNS service port 53, a default port, through the firewall using the following command.
“`
# firewall-cmd –permanent –add-port=53/tcp
“`
## Restart Firewall
Now, restart the firewall using the below command.
“`
# firewall-cmd –reload
“`
## Configure Ownership, Permissions and SELinux
Now, run the below commands one after the other.
“`
# chgrp named -R /var/named
# chown -v root:named /etc/named.conf
# setenforce 0
“`
## Test DNS Server
Now, test your default DNS configuration file using the commands,
“`
# dig masterdns.systemongrid.local
“`
You will get an output something like the following.
![slavetestdnsserveroutput](https://grid.media/assets/images/slave-test-dns-server-output.png
Now run the other command,
“`
# dig secondarydns.systemongrid.local
“`
You will get an output like the following
![slavesecondarydnsserveroutput](https://grid.media/assets/images/slave-secondary-dns-server-output.png
Now, run the below command.
“`
# nslookup systemongrid.local
“`
You will get an output like the following
![secondarydnsserverisready](https://grid.media/assets/images/secondary-dns-server-is-ready.png
## Client Side Configuration
## Add DNS Server Details
Now, add DNS server details to the configuration file in all client systems using the following command.
“`
# vi /etc/resolv.conf
“`
“`
# Generated by NetworkManager
search systemongrid.local
nameserver 192.168.32.30
nameserver 192.168.32.33
“`
Now, reboot the system or restart network services.
## Test DNS Server
Now, you need to test DNS server using the below commands.
“`
# dig masterdns.systemongrid.local
# dig secondarydns.systemongrid.local
# dig client.systemongrid.local
# nslookup systemongrid.local
“`
## Conclusion
In this guide, we have explained to you how to install and configure DNS Server in CentOS 7.