HOW TO SETUP MASTER/PRIMARY DNS SERVER WITH BIND IN REDHAT/CENTOS/FEDORA
Setup Master DNS Server/Primary DNS Server with BIND in Linux
What is Master/Primary DNS Server?
Master DNS Server is also Referred as Primary DNS Server. BIND Stands for ( Berkely Internet Name Domain ) and DNS Server Stands for ( Domain Name System/Server ) is a Service/Protocol used for Resolving the Name to IP Address and IP Address to Name. Master/Primary DNS Server is the main DNS Server where all Name Resolve Database’s and Users query are stored and Other DNS Servers ( Secondary DNS Server & Caching DNS Server ) take query from Master DNS Server.
Let’s take an Example : We have millions of websites in all over the world and all websites are associated with an IP Address and an Domain name. When we are trying to open an website eg: http://elinuxbook.com, At back end DNS finds the IP address associated with that Domain Name and resolve it and makes available the website in-front of us. We are able to simply remind so many websites just because of DNS, Without DNS we would have to remind all websites by IP Address instead of Name which is almost impossible for us.
Types of DNS Server’s are :
-
Caching Only Name Server
Caching Only Name Server is a name server which is stores the DNS Query Information in own cache for later use.
-
Master/Primary DNS Server
Master/Primary DNS Server is the main DNS server where all the database i.e. Zone Files stores and It’s transfers zone data to other DNS Servers i.e. Slave DNS Servers.
-
Secondary/Slave DNS Server
Slave DNS Server is like a Load Balancer of Master/Primary DNS Server which is receives zone data from Master DNS Server.
Prepare before Master/Primary DNS Server Configuration :
My Scenario :
- IP Address : 192.168.1.100
- Domain Name : elinuxbook.com
- Hostname : ns1
- FQDN ( Fully Qualified Domain Name ) : ns1.elinuxbook.com
Configure the Network Card:
First we need to configure the network card and assign IP Address, Subnet Mask to our System.
So edit the Network card ( In my case it’s eth0 ) , using nano editor as shown below
[root@localhost ~]# nano /etc/sysconfig/network-scripts/ifcfg-eth0
Now enter the below details as shown below ( Highlighted in Blue Color )
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] DEVICE=eth0 BOOTPROTO=NONE # Replace dhcp with NONE IPADDR=192.168.1.100 # IP Address of the BIND Server NETMASK=255.255.255.0 # Subnet Mask GATEWAY=192.168.1.1 # Gateway DOMAIN="elinuxbook.com" DNS1=127.0.0.1 # Preferred DNS IP Address ( We can Mention the IP Address of the BIND Server OR LOcalhost i.e. 127.0.0.1 ) HWADDR=00:0C:29:5B:83:74 ONBOOT=yes
Change the Computer Name
Follow the below step to Change the Computer Name. ( Make Changes as shown below Highlighted in Blue Color).
[root@localhost ~]# nano /etc/sysconfig/network
NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=ns1.elinuxbook.com # Hostname of the BIND Server
Configure the DNS Client (/etc/resolv.conf)
After update the /etc/sysconfig/network-scripts/ifcfg-eth0 file the /etc/resolv.conf file would look like this as shown below.
[root@localhost ~]# cat /etc/resolv.conf nameserver 127.0.0.1 search elinuxbook.com [root@localhost ~]#
Configure the hosts File ( /etc/hosts )
Update the host file as shown below (Highlighted in Blue Color)
[root@localhost ~]# nano /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.1.100 ns1 ns1.elinuxbook.com
Follow the below Steps to Configure Primary DNS Server:
Step: 1 Packages Required
We need to install Required Packages for Master/Primary DNS Server i.e. :
- bind
- bind-utils
- bind-libs
Follow the below command to install bind, bind-utils, and bind-libs Package.
[root@localhost ~]# yum -y install bind
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.8.2-0.47.rc1.el6_8.3 will be installed
--> Processing Dependency: bind-libs = 32:9.8.2-0.47.rc1.el6_8.3 for package: 32:bind-9.8.2-0.47.rc1.el6_8.3.x86_64
--> Running transaction check
---> Package bind-libs.x86_64 32:9.8.2-0.47.rc1.el6 will be updated
--> Processing Dependency: bind-libs = 32:9.8.2-0.47.rc1.el6 for package: 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64
---> Package bind-libs.x86_64 32:9.8.2-0.47.rc1.el6_8.3 will be an update
--> Running transaction check
---> Package bind-utils.x86_64 32:9.8.2-0.47.rc1.el6 will be updated
---> Package bind-utils.x86_64 32:9.8.2-0.47.rc1.el6_8.3 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================
Installing:
bind x86_64 32:9.8.2-0.47.rc1.el6_8.3 updates 4.0 M
Updating for dependencies:
bind-libs x86_64 32:9.8.2-0.47.rc1.el6_8.3 updates 890 k
bind-utils x86_64 32:9.8.2-0.47.rc1.el6_8.3 updates 187 k
Transaction Summary
======================================================================================================================================
Install 1 Package(s)
Upgrade 2 Package(s)
Total download size: 5.0 M
Downloading Packages:
(1/3): bind-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm | 4.0 MB 03:45
(2/3): bind-libs-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm | 890 kB 00:35
(3/3): bind-utils-9.8.2-0.47.rc1.el6_8.3.x86_64.rpm | 187 kB 00:08
--------------------------------------------------------------------------------------------------------------------------------------
Total 19 kB/s | 5.0 MB 04:32
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : 32:bind-libs-9.8.2-0.47.rc1.el6_8.3.x86_64 1/5
Updating : 32:bind-utils-9.8.2-0.47.rc1.el6_8.3.x86_64 2/5
Installing : 32:bind-9.8.2-0.47.rc1.el6_8.3.x86_64 3/5
Cleanup : 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64 4/5
Cleanup : 32:bind-libs-9.8.2-0.47.rc1.el6.x86_64 5/5
Verifying : 32:bind-utils-9.8.2-0.47.rc1.el6_8.3.x86_64 1/5
Verifying : 32:bind-libs-9.8.2-0.47.rc1.el6_8.3.x86_64 2/5
Verifying : 32:bind-9.8.2-0.47.rc1.el6_8.3.x86_64 3/5
Verifying : 32:bind-libs-9.8.2-0.47.rc1.el6.x86_64 4/5
Verifying : 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64 5/5
Installed:
bind.x86_64 32:9.8.2-0.47.rc1.el6_8.3
Dependency Updated:
bind-libs.x86_64 32:9.8.2-0.47.rc1.el6_8.3 bind-utils.x86_64 32:9.8.2-0.47.rc1.el6_8.3
Complete!
Step: 2 Create Zones in named.conf File
So we have installed all required Packages, Now we need to configure the main configuration file of DNS Server i.e. named.conf to create Forward and Reverse Zones, So follow the below steps to do the same.
Now we have to do required changes in named.conf as per our network and needs to create zones by using decided domain name.
Here below I have mentioned my named.conf file and Highlighted all required changes I did in Blue Color.
[root@localhost ~]# nano /etc/named.conf # Edit the configuration file
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.100; }; # IP Address of the Master DNS Server
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; # Allow query in mentioned Subnets
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
### ELinuxBook Internal Zones ###
### Forward Zone ###
zone "elinuxbook.com" IN { # Domain Name
type master;
file "elinuxbook.com.for"; # Name of the Forward Zone File
allow-update { none; };
};
### Reverse Zone ###
zone "1.168.192.in-addr.arpa" IN { # IP Address
type master;
file "elinuxbook.com.rev"; # Name of the Reverse Zone File
allow-update { none; };
};
After configure the named.conf file we can check if all the syntax are properly written or not by below command.
[root@localhost ~]# named-checkconf /etc/named.conf
Note: named-checkconf command will not give any output if all syntax are proper, otherwise it will give error message.
Step : 3 Configure the ZoneFiles
As shown above we have configured named.conf file and created our Forward & Reverse Zones, Now we have to create Zone files as mentioned in Zones i.e. for Forward Zone it’s “elinuxbook.com.for” and for Reverse Zone it’s “elinuxbook.com.rev“, So follow the below steps to do the same.
To Create Zone files we have to copy some sample files as per our zone name which is located at /var/named.
So copy the named.localhost file as elinuxbook.com.for for Forward Zone & named.loopback as elinuxbook.com.rev for Reverse Zone as shown below.
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls -l
total 28
drwxrwx---. 2 named named 4096 Nov 2 08:53 data
drwxrwx---. 2 named named 4096 Nov 2 08:53 dynamic
-rw-r-----. 1 root named 3171 Jan 11 2016 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Nov 2 08:53 slaves
[root@localhost named]# cp named.localhost elinuxbook.com.for [root@localhost named]# cp named.loopback elinuxbook.com.rev
As shown above we have created our zone files in /var/named, Now we have to Configure both zone file as per our requirement, So follow the below steps.
First we are going to Configure the Forward Zone.
Before Configuration the file would look like this as shown below.
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
After Configuration the file would look like as shown below :
$TTL 86400
@ IN SOA ns1.elinuxbook.com. root@ns1.elinuxbook.com. (
2010031403 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
; name servers
@ IN NS ns1.elinuxbook.com.
; name server A records
ns1 IN A 192.168.1.100
elinuxbook.com. IN A 192.168.1.100
; mail exchanger record (MX record)
IN MX 5 ns1.elinuxbook.com.
; host and canonical name records
mail IN CNAME ns1.elinuxbook.com.
www IN A 192.168.1.100
ftp IN A 192.168.1.100
After configure the elinuxbook.com.for file we can check if all the syntax are properly written or not by below command.
[root@localhost ~]# named-checkzone elinuxbook.com /var/named/elinuxbook.com.for zone elinuxbook.com/IN: loaded serial 2010031403 OK
Now let’s configure the Reverse Zone.
Before Configuration the file would look like this as shown below.
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.
After Configuration the file would look like as shown below :
$TTL 86400
@ IN SOA ns1.elinuxbook.com. root@ns1.elinuxbook.com (
2010031402 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ) ; minimum
; name servers
IN NS ns1.elinuxbook.com.
; name server A records
ns1 IN A 192.168.1.100
; PTR records
100 IN PTR ns1.elinuxbook.com.
After configure the elinuxbook.com.rev file we can check if all the syntax are properly written or not by below command.
[root@localhost ~]# named-checkzone elinuxbook.com /var/named/elinuxbook.com.rev zone elinuxbook.com/IN: loaded serial 2010031402 OK
Zonefile Records with Explanation :
- SOA – Start of uthority
- NS – name server
- A – host record (name to ip)
- IN – internet type of record
- CNAME – canonical name (alias)
- MX – mail exchange
root.ns1.elinuxbook.com. – Email address of responsible person to whom u can email about DNS query.
Serial – it is given for the slave dns server, when slave dns server contact master DNS server for updatation. it look for this Serial Number. If master DNS server is having greater serial number than slave, then only slave will download those changes on slave DNS server.
3H – Refresh Rate : After every 3 hours slave will contact master dns server for updations.
5M – Retry : if slave is not able to contact master dns then after 15 minutes it woll retry to contact master dns server for updations.
1W – Informations which is available with slave will expire after 1 week.
TTL 86400 – ( Time to live cache information ) – Cache Information with master DNS server will expire after 86400 seconds.
PTR – pointer records means ip to name resolutions.
Now change the Ownership of the file to root.named by using chown command as shown below.
[root@localhost ~]# chown root.named /etc/named.conf [root@localhost ~]# chown root.named /var/named/elinuxbook.com.for [root@localhost ~]# chown root.named /var/named/elinuxbook.com.rev
As shown below all files i.e. named.conf, elinuxbook.com.for, elinuxbook.com.rev are owned by root.named.
[root@localhost ~]# ls -l /etc/named.conf -rw-r-----. 1 root named 1484 Jan 1 07:03 /etc/named.conf [root@localhost ~]# ls -l /var/named/elinuxbook.com.for -rw-r-----. 1 root named 542 Jan 1 09:17 /var/named/elinuxbook.com.for [root@localhost ~]# ls -l /var/named/elinuxbook.com.rev -rw-r-----. 1 root named 347 Jan 1 09:25 /var/named/elinuxbook.com.rev
Now Start the DNS Service.
[root@localhost ~]# /etc/init.d/named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ]
We have to start the DNS service at at startup to start the service automatically when we restart the server, Follow the below step to do the same.
[root@localhost ~]# chkconfig --level 35 named on [root@localhost ~]# chkconfig --list named named 0:off 1:off 2:off 3:on 4:off 5:on 6:off
So we have successfully configured the BIND DNS Service, Now it’s time for testing., We have tools like dig, nslookup to check the DNS service working status. So the Command would look like as mentioned below.
dig <FQDN ( Fully Qualified Domain Name/IP Address )> i.e. dig ns1.elinuxbook.com
Testing Primary DNS Server using dig tool
Now let’s check for IP Resolution i.e. dig -x 192.168.1.100
Testing Primary DNS Server using dig tool
We can use nslookup command to check DNS Service is working properly or not as shown below.
[root@localhost ~]# nslookup elinuxbook.com Server: 127.0.0.1 Address: 127.0.0.1#53 Name: elinuxbook.com Address: 192.168.1.100 [root@localhost ~]# nslookup ns1.elinuxbook.com Server: 127.0.0.1 Address: 127.0.0.1#53 Name: ns1.elinuxbook.com Address: 192.168.1.100 [root@localhost ~]# nslookup 192.168.1.100 Server: 127.0.0.1 Address: 127.0.0.1#53 100.1.168.192.in-addr.ar pa name = ns1.elinuxbook.com.
So everything looks good and Master/Primary DNS Server is working fine as shown on the testing output’s above. on our next article I will explain How to Configure Slave DNS Server till then stay tuned to elinuxbook.com.
If you found this Article useful then Like it, Share it, Subscribe our Site for more Linux Tutorials OR If you have any thing to say then feel free to Comment on Comment Box below.
AWESOME, TY SR