March 1, 2009
How to: Configure a master DNS name server on CentOS 5
If you didn't install BIND packages then install them with:
yum install bind yum install bind-chroot yum install bind-devel yum install bind-libbind-devel yum install bind-libs yum install bind-sdb yum install bind-utils yum install caching-nameserver yum install system-config-bind
chmod 755 /var/named/ chmod 775 /var/named/chroot/ chmod 775 /var/named/chroot/var/ chmod 775 /var/named/chroot/var/named/ chmod 775 /var/named/chroot/var/run/ chmod 777 /var/named/chroot/var/run/named/
# chkconfig named on
# service named start
To set SElinux
# setsebool -P named_write_master_zones 1
Assumptions
your network is 192.168.1.0/24
Your master DNS name server is server2.example.com with IP address 192.168.1.2
# cd /var/named/chroot/etc
# cp named.rfc1912.zones named.conf
# vi named.conf
After // See /usr/share/doc/bind*/sample/ for example named configuration files. //
- Insert the following lines:
options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { localhost; }; }; - Modify the listen-on port 53 directive to include your IP address
listen-on port 53 { 127.0.0.1;192.168.1.2; }; - Modify the allow-query to include your network IP address
allow-query { localhost; 192.168.1.0/24; }; - Add the zone and the reverse zone lines by
copying the following lines and paste them at the end of the file
zone "example.com" IN { type master; file "example.com.zone"; }; zone "1.168.192.in-addr.arpa" IN { type master; file "example.com.rr.zone"; }; include "/etc/rndc.key"; - Save and close the file
- Create a link
# ln -s /var/named/chroot/etc/named.conf /etc/named.conf
- Configure the RNDC key by using this command:
# rndc-confgen
- Configure the zone file(example.com.zone)
# cd /var/named/chroot/var/named
# vi example.com.zone
- Insert the following lines:
$TTL 86400 @ IN SOA server2.example.com. root.server2.example.com. ( 42 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS server2.example.com
- Save and close the file
- Create the symbolic link
ln -s /var/named/chroot/var/named/example.com.zone /var/named/example.com.zone
- Configure the reverse zone
# cd /var/named/chroot/var/named
# vi example.com.rr.zone
- Insert the following lines:
$TTL 86400 @ IN SOA server2.example.com. root.server2.example.com. ( 42 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS server2.example.com 2 IN PTR server2.example.com
- Save and close the file
-
ln -s /var/named/chroot/var/named/example.com.rr.zone /var/named/example.com.rr.zone
# chkconfig named on
- Allow access to TCP and UDP ports 53
# system-config-securitylevel
other port add 53 as tcp other port add 53 as udp
- Restart named
# chmod 777 /etc/named.conf
# service named restart
# host yahoo.com
# dig yahoo.com
$TTL 86400 means the default time to live for the data on this master DNS server is three days.
SOA means start of authority which it describes where the zone is coming from.The zone in this case is coming from the computer named server2.example.com and the email is root@server2.example.com.
Serial Numbers means the date and version number of this data.
NS means the name server record which it is the name of the master DNS server(server2.example.com)
The final named.conf
RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302) (Certification Press)// named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1;192.168.1.2; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { localhost; 192.168.1.0/24; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; zone "example.com" IN { type master; file "example.com.zone"; }; zone "1.168.192.in-addr.arpa" IN { type master; file "example.com.rr.zone"; allow-update { none; }; include "/etc/rndc.key";
