Configure DNS (BIND) Server on CentOS 7 / RHEL 7

7

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities.

Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

This guide will help you to set up DNS server on CentOS 7 / RHEL 7.

Assumptions

Server Name: primary.itzgeek.local

IP Address: 192.168.12.8

Install BIND package

BIND stands for Berkeley Internet Name Domain, a software which provides an ability to perform name to ip conversion.

# yum -y install bind bind-utils

Configure BIND

Configuration file of bind is /etc/named.conf, open up /etc/named.conf file. Comment out the following line, and this will enable BIND to listen on all ip addresses.

#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };

Add your network in the following line. I’ve added 192.168.12.0/24, and this will allow clients from the mentioned network can query the DNS for the name to ip translation.

allow-query     { localhost;192.168.12.0/24; };

If you want to transfer all zones to slave server (192.168.12.6), add the following line (Optional)

allow-transfer { 192.168.12.6; };

Create Zones

The following is the forward zone entry in named.conf file, written for the itzgeek.local domain. Edit /etc/named.conf.

# vi /etc/named.conf

zone "itzgeek.local" IN {
type master;
file "fwd.itzgeek.local.db";
allow-update { none; };
};

itzgeek.local – Domain name
master – Primary DNS
fwd.itzgeek.local.db – Forward lookup file
allow-update – Since this is the primary DNS, it should be none

The following is the reverse zone entry in the named.conf file.

zone "12.168.192.in-addr.arpa" IN {
type master;
file "12.168.192.db";
allow-update { none; };
};

12.168.192.in-addr.arpa – Reverse lookup name
master – Primary DNS
12.168.192.db – reverse lookup file
allow-update – Since this is the primary DNS, it should be none

Create zone files

Now, it’s the time to create a lookup file for a created zone. By default, zone lookup files are placed under /var/named directory. Create a zone file called fwd.itzgeek.local.db for forward lookup under /var/named directory. All domain names should end with a dot (.).

There are some special keywords for Zone Files

A – A record
NS – Name Server
MX – Mail for Exchange
CNAME – Canonical Name

# vi /var/named/fwd.itzgeek.local.db

$TTL 86400
@   IN  SOA     primary.itzgeek.local. root.itzgeek.local. (
2014112511  ;Serial
3600        ;Refresh
1800        ;Retry
604800      ;Expire
86400       ;Minimum TTL
)
;Name Server Information
@      IN  NS      primary.itzgeek.local.
;IP address of Name Server
primary IN  A       192.168.12.8
;Mail exchanger
itzgeek.local. IN  MX 10   mail.itzgeek.local.
;A - Record HostName To Ip Address
www     IN  A       192.168.12.100
mail    IN  A       192.168.12.150
;CNAME record
ftp     IN CNAME        www.itgeek.local.

Create a zone file called 12.168.192.db for reverse zone under /var/named directory, create a reverse pointer to the above forward zone entries.

PTR – Pointer
SOA – Start of Authority

# vi /var/named/12.168.192.db

$TTL 86400
@   IN  SOA     primary.itzgeek.local. root.itzgeek.local. (
2014112511  ;Serial
3600        ;Refresh
1800        ;Retry
604800      ;Expire
86400       ;Minimum TTL
)
;Name Server Information
@ IN  NS      primary.itzgeek.local.
;Reverse lookup for Name Server
8        IN  PTR     primary.itzgeek.local.
;PTR Record IP address to HostName
100      IN  PTR     www.itzgeek.local.
150      IN  PTR     mail.itzgeek.local.

Once zone files are created, restart bind service.

# systemctl restart named.service

Enable it on system startup.

# systemctl enable named.service

Verify zones

Visit any client machine and add a DNS server ip address in /etc/resolv.conf if Network Manager does not manage the network.

# vi /etc/resolv.conf

nameserver 192.168.12.8

If Network Manager manages the networking then place the following entry in /etc/sysconfig/network-scripts/ifcfg-eXX file.

DNS1=192.168.12.8

Restart network service.

# systemctl restart NetworkManager.service

Use the following command to verify the forward lookup, where the DNS server gives 192.168.12.100 as an ip for www.itzgeek.local.

[root@client ~]# dig www.itzgeek.local

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.itzgeek.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35556
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.itzgeek.local.             IN      A

;; ANSWER SECTION:
www.itzgeek.local.      86400   IN      A       192.168.12.100

;; AUTHORITY SECTION:
itzgeek.local.          86400   IN      NS      primary.itzgeek.local.

;; ADDITIONAL SECTION:
primary.itzgeek.local.  86400   IN      A       192.168.12.8

;; Query time: 2 msec
;; SERVER: 192.168.12.8#53(192.168.12.8)
;; WHEN: Tue Nov 25 14:26:04 EST 2014
;; MSG SIZE  rcvd: 100

Install bind-utils package to get nslookup or dig command.

Confirm the reverse lookup, where DNS server gives www.itzgeek.local as a name for 192.168.12.100. It is now confirmed that both forward and reverse lookups are working fine.

[root@client ~]# dig -x 192.168.12.100

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 192.168.12.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28195
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;100.12.168.192.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
100.12.168.192.in-addr.arpa. 86400 IN   PTR     www.itzgeek.local.

;; AUTHORITY SECTION:
12.168.192.in-addr.arpa. 86400  IN      NS      primary.itzgeek.local.

;; ADDITIONAL SECTION:
primary.itzgeek.local.  86400   IN      A       192.168.12.8

;; Query time: 2 msec
;; SERVER: 192.168.12.8#53(192.168.12.8)
;; WHEN: Tue Nov 25 14:28:43 EST 2014
;; MSG SIZE  rcvd: 125

That’s All. You have successfully installed BIND on CentOS 7 / RHEL 7 as the master server.  You can find a tutorial on configuring slave server here.

Further Reading

You might also like

Configure DNS (BIND) Server on CentOS 7 / RHEL 7

7