The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities.
Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
This guide will help you to set up DNS server on CentOS 7 / RHEL 7.
Environment
Server Name: ns1itzgeek.local
IP Address: 192.168.0.10
Install DNS (BIND)
BIND stands for Berkeley Internet Name Domain, a software that provides an ability to perform name to ip conversion.
yum -y install bind bind-utils
Configure DNS (BIND)
By default, BIND listens on the localhost. So, we will configure the DNS server to listen on the system IP address to let clients can reach to DNS server for resolving domain names.
vi /etc/named.conf
Listen on all IP address:
Configure BIND to listen on all IP addresses.
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };Listen on particular IP address:
Configure BIND to listen to a particular IP address.
listen-on port 53 { 127.0.0.1; 192.168.0.10; };Add your network in the following line. This setting will allow clients from the mentioned network can query the DNS for the name to ip translation.
I’ve added 192.168.0.0/24 for this demo.
allow-query { localhost; 192.168.0.0/24; };Create Zones
Edit /etc/named.conf.
vi /etc/named.conf
Forward Zone
The following zone is the forward zone entry for the itzgeek.local domain.
zone "itzgeek.local" IN {
type master;
file "/var/named/itzgeek.local.db";
allow-update { none; };
};itzgeek.local – Domain name
master – Primary DNS
fwd.itzgeek.local.db – Forward lookup file
allow-update – Since this is the primary DNS, it should be none
Reverse Zone
The following zone is the reverse zone entry.
zone "0.168.192.in-addr.arpa" IN {
type master;
file "/var/named/192.168.0.db";
allow-update { none; };
};0.168.192.in-addr.arpa – Reverse lookup name
master – Primary DNS
192.168.0.db – Reverse lookup file
allow-update – Since this is the primary DNS, it should be none
Create Zone Files
By default, zone lookup files are placed under /var/named directory. Create a zone file called fwd.itzgeek.local.db for forward lookup under /var/named directory. All domain names should end with a dot (.).
vi /var/named/itzgeek.local.db
There are some special keywords for Zone Files
A – A record
NS – Name Server
MX – Mail for Exchange
CNAME – Canonical Name
@ IN SOA ns1.itzgeek.local. root.itzgeek.local. (
1001 ;Serial
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)
;Name Server Information
@ IN NS ns1.itzgeek.local.
;IP address of Name Server
ns1 IN A 192.168.0.10
;Mail exchanger
itzgeek.local. IN MX 10 mail.itzgeek.local.
;A - Record HostName To IP Address
www IN A 192.168.0.100
mail IN A 192.168.0.150
;CNAME record
ftp IN CNAME www.itgeek.local.
Create a zone file called 192.168.0.db for the reverse zone under /var/named directory.
vi /var/named/192.168.0.db
Create a reverse pointer for the forward zone entries we created earlier.
PTR – Pointer
SOA – Start of Authority
@ IN SOA ns1.itzgeek.local. root.itzgeek.local. (
1001 ;Serial
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)
;Name Server Information
@ IN NS ns1.itzgeek.local.
;Reverse lookup for Name Server
10 IN PTR ns1.itzgeek.local.
;PTR Record IP address to HostName
100 IN PTR www.itzgeek.local.
150 IN PTR mail.itzgeek.local.
Once zone files are created, restart bind service.
systemctl restart named
Enable it on system startup.
systemctl enable named
Firewall
Add a allow rule in the firewall to let clients can connect to the DNS server for name resolution.
firewall-cmd --permanent --add-port=53/udp firewall-cmd --reload
Verify Zones
Visit any client machine and add a DNS server ip address in /etc/resolv.conf.
nameserver 192.168.0.10
If Network Manager manages the networking then place the following entry in /etc/sysconfig/network-scripts/ifcfg-eXX file.
DNS1=192.168.0.10
Restart network service.
systemctl restart NetworkManager
Use the following command to verify the forward lookup.
dig www.itzgeek.local
Output: The DNS server should give 192.168.0.100 as ip for www.itzgeek.local.
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> www.itzgeek.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35563 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.itzgeek.local. IN A ;; ANSWER SECTION: www.itzgeek.local. 86400 IN A 192.168.0.100 ;; AUTHORITY SECTION: itzgeek.local. 86400 IN NS primary.itzgeek.local. ;; ADDITIONAL SECTION: ns1.itzgeek.local. 86400 IN A 192.168.0.10 ;; Query time: 0 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Wed Jul 03 02:00:40 EDT 2019 ;; MSG SIZE rcvd: 100
Confirm the reverse lookup.
dig -x 192.168.0.100
Output: The DNS server gives www.itzgeek.local as a name for 192.168.0.100.
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> -x 192.168.0.100 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4807 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;100.0.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 100.0.168.192.in-addr.arpa. 86400 IN PTR www.itzgeek.local. ;; AUTHORITY SECTION: 0.168.192.in-addr.arpa. 86400 IN NS ns1.itzgeek.local. ;; ADDITIONAL SECTION: ns1.itzgeek.local. 86400 IN A 192.168.0.10 ;; Query time: 0 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Wed Jul 03 02:02:47 EDT 2019 ;; MSG SIZE rcvd: 124
It is now confirmed that both forward and reverse lookups are working fine.
Conclusion
That’s All. You have successfully installed BIND on CentOS 7 / RHEL 7 as the master server. You can configure a slave DNS server for redundancy.