Grid Guides

Explore How System On Grid Can Work For You

How to Install and Configure DNS Server in CentOS 7

Dns

Table of Contents

Introduction

In this guide, we are going to tell you the step-by-step process you should follow to install and configure DNS server in CentOS 7. And, I am using 3 nodes to explain you the process clearly. The first node acts as the Master DNS Server, the second node acts as the Slave DNS Server, and the third node acts as a DNS Client.

Prerequisites

Running Server

Assumptions

Master (Primary) DNS Server Details

Operating System: CentOS 7 Minimal Server Hostname: masterdns.systemongrid.local IP Address: 192.168.32.30/24

Slave (Secondary) DNS Server Details

Operating System: CentOS 7 Minimal Server Hostname: secondarydns.systemongrid.local IP Address: 192.168.32.33/24

Client DNS Details

Operating System: CentOS 7 Desktop Hostname: client.systemongrid.local IP Address: 192.168.32.34/24

Install Master (Primary) DNS Server

Install BIND Packages on your Server

BIND is an acronym for Berkeley Internet Name Domain. It is a software which associates     hostnames to IP addresses. 

Enter the following command to install BIND packages on your server.
# yum update -y
# yum -y install bind bind-utils -y

Configure Master (Primary) DNS Server

Edit the file, ‘/etc/named.conf’

# vi /etc/named.conf

Add a few lines shown in bold.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.32.30;}; ### Master DNS IP ###
#    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 192.168.32.0/24;}; ### IP Range ###
    allow-transfer{ localhost; 192.168.32.33; };   ### Slave DNS IP ###

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "systemongrid.local" IN {
type master;
file "forward.systemongrid";
allow-update { none; };
};
zone "32.168.192.in-addr.arpa" IN {
type master;
file "reverse.systemongrid";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Create Zone Files

Now, you must create forward and reverse zone files that you have mentioned in the file, ‘/etc/named.conf’.

Create Forward Zone File

Then, you must create forward.systemongrid file in the /var/named directory.

# vi /var/named/forward.systemongrid

And, add the following lines to the file.

$TTL 86400
@   IN  SOA     masterdns.systemongrid.local. root.systemongrid.local. (
        2011071001  ;Serial
        3600              ;Refresh
        1800              ;Retry
        604800          ;Expire
        86400            ;Minimum TTL
)
@       IN  NS          masterdns.systemongrid.local.
@       IN  NS          secondarydns.systemongrid.local.
@       IN  A           192.168.32.30
@       IN  A           192.168.32.33
@       IN  A           192.168.32.34
masterdns       IN  A   192.168.32.30
secondarydns    IN  A   192.168.32.33
client          IN  A   192.168.32.34

Create Reverse Zone File

Then, create reverse.systemongrid file in the /var/named directory.

# vi /var/named/reverse.systemongrid

And, add the following lines to the file.

$TTL 86400
@   IN  SOA     masterdns.systemongrid.local. root.systemongrid.local. (
        2011071001  ;Serial
        3600              ;Refresh
        1800              ;Retry
        604800          ;Expire
        86400            ;Minimum TTL
)
@       IN  NS          masterdns.systemongrid.local.
@       IN  NS          secondarydns.systemongrid.local.
@       IN  PTR        systemongrid.local.
masterdns        IN  A   192.168.32.30
secondarydns    IN  A   192.168.32.33
client                IN  A   192.168.32.34
104     IN  PTR         masterdns.systemongrid.local.
105     IN  PTR         secondarydns.systemongrid.local.
106     IN  PTR         client.systemongrid.local.

Check DNS Configuration and Zone File for Syntax Errors

Now, test your default DNS configuration file using the command,

# named-checkconf /etc/named.conf

Your default DNS configuration file will be valid only if it returns nothing.

Test the forward zone file using the command,

# named-checkzone systemongrid.local /var/named/forward.systemongrid

And, you will get an output something like the below reversezonefile

Test the reverse zone file using the command,

# named-checkzone systemongrid.local /var/named/reverse.systemongrid

And, you will get an output something like the following. reversezonefilee

Start DNS Service

Now, enable and start DNS service using the following commands.

# systemctl enable named
# systemctl start named

Now, edit the file, /etc/resolv.conf, using the command

# vi /etc/resolv.conf

Add the IP address of the name server

nameserver      192.168.32.30

Now, save and close the file.

Then, restart the network services using the below command.

# systemctl restart network

Firewall Configuration

Now, allow DNS service port 53, a default port, through the firewall using the following commands.

# firewall-cmd --permanent --add-port=53/tcp
# firewall-cmd --permanent --add-port=53/udp

Restart Firewall

Now, restart the firewall using the below command.

# firewall-cmd --reload

Configure Ownership, Permissions and SELinux

Now, run the below commands one after the other.

# chgrp named -R /var/named
# chown -v root:named /etc/named.conf
# setenforce 0

Test DNS Server

Test your DNS server using the below command.

# dig masterdns.systemongrid.local

You will get an output something like the following.

testdnsserveroutput

Now, run the below command.

# nslookup systemongrid.local

You will get the following output. primarydnsserverisready

Now the primary DNS server is all set to use.

Install Slave (Secondary) DNS Server

Install Bind Packages on your Server

Enter the following command to install BIND packages on your server.

# yum update -y 
# yum -y install bind bind-utils -y

Configure Slave (Secondary) DNS Server

Edit the file, ‘/etc/named.conf’

# vi /etc/named.conf

Add a few lines shown in bold.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.32.33; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.32.0/24; };
.
.
zone "." IN {
type hint;
file "named.ca";
};
zone "systemongrid.local" IN {
type slave;
file "slaves/systemongrid.fwd";
masters { 192.168.32.30; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/systemongrid.rev";
masters { 192.168.32.30; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Check DNS Configuration

Now, test your default DNS configuration file using the command,

# named-checkconf /etc/named.conf

Your default DNS configuration file will be valid only if it returns nothing.

Start DNS Service

Now, enable and start DNS service using the following commands.

# systemctl enable named

Then, the forward and reverse zones will be replicated automatically from the master (primary) DNS server to ‘/var/named/slaves/’ in slave (secondary) DNS server.

# ls /var/named/slaves/

You will get an output like the following.

replicationofforwardandreversezones

Now, edit the file, /etc/resolv.conf, using the command

# vi /etc/resolv.conf

Add the IP address of the name server

nameserver      192.168.32.30
nameserver      192.168.32.33

Now, save and close the file.

Then, restart the network services using the below command.

# systemctl restart network

Firewall Configuration

Now, allow DNS service port 53, a default port, through the firewall using the following command.

# firewall-cmd --permanent --add-port=53/tcp

Restart Firewall

Now, restart the firewall using the below command.

# firewall-cmd --reload

Configure Ownership, Permissions and SELinux

Now, run the below commands one after the other.

# chgrp named -R /var/named
# chown -v root:named /etc/named.conf
# setenforce 0

Test DNS Server

Now, test your default DNS configuration file using the commands,

# dig masterdns.systemongrid.local

You will get an output something like the following.

slavetestdnsserveroutput

Now run the other command,

# dig secondarydns.systemongrid.local

You will get an output like the following

slavesecondarydnsserveroutput

Now, run the below command.

# nslookup systemongrid.local

You will get an output like the following

secondarydnsserverisready

Client Side Configuration

Add DNS Server Details

Now, add DNS server details to the configuration file in all client systems using the following command.

# vi /etc/resolv.conf
# Generated by NetworkManager
search systemongrid.local
nameserver 192.168.32.30
nameserver 192.168.32.33

Now, reboot the system or restart network services.

Test DNS Server

Now, you need to test DNS server using the below commands.

# dig masterdns.systemongrid.local
# dig secondarydns.systemongrid.local
# dig client.systemongrid.local
# nslookup systemongrid.local

Conclusion

In this guide, we have explained to you how to install and configure DNS Server in CentOS 7.