DNS installation on RHEL 7 and CentOS 7

Dear friends in this tutorial I am going to show you, DNS installation on server and client. So lets start step by step DNS installation. Before DNS installation we should know what is DNS?

What is DNS

DNS, stands for Domain Name System. DNS translates hostnames or URLs into IP addresses. For example, if you type any url like this https://tzclouds.com in your browser, then DNS server will translates this domain name into its associated IP address. It’s very difficult to remember lot of IP address all time, DNS servers are makes its easy. We can use DNS server to translate the IP in to hostnames or url like this 192.xxx.xx.xxx to https://tzclouds.com. So it makes easy to remember the domain names instead of its IP address.

In this tutorial I am going to show you how we can install local DNS server in CentOS7. I will also show you how to configure DNS client in this tutorial. You can also use this steps in RHEL7 to configure local DNS server.

Prerequisite

In this tutorial I am going to use two host first is our DNS Server and second will be our DNS Client. On our both Host CentOS7 should be install. You can see below Host details:-

  1. DNS-Server (Hostname:- dns.tzclouds.local, IP :- 192.168.43.95)
  2. DNS-Client (Hostname:- client.tzclouds.local, IP :- 192.168.43.96)

DNS Server Installation Steps:-

First of all we need to install bind9 packages on our DNS server.

[root@dns ~]# yum install bind bind-utils –y

After package installation we need to configure DNS Server. Configuration should be like below:-

Edit /etc/named.conf file.  And add this line which is show in bold.

[root@dns ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; any; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "tzclouds.local" IN {
type master;
file "forward.tzclouds";
allow-update { none; };
};
zone "43.168.192.in-addr.arpa" IN {
type master;
file "reverse.tzclouds";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@dns ~]#

After file configuration you can verify you named.conf file with named-checkconf, if your file is ok, then there will be no any output like below:-

[root@dns ~]# named-checkconf
[root@dns ~]#

Make sure your named.conf file ownership should be root:named

[root@dns ~]# ls -l /etc/named.conf
-rw-r----- 1 root named 1910 May 26 17:00 /etc/named.conf
[root@dns ~]#

Now we need to create forward and reverse zone file which we have included in /etc/named.conf file. like this:-

forward.tzclouds and reverse.tzclouds

So first off all I am going to crate Forward Zone. We need create file forward.tzclouds in /var/named/ directory.

Add the following lines in forward.tzclouds file:-

[root@dns ~]# cat /var/named/forward.tzclouds
$TTL 1D
@ IN SOA @ rname.invalid. (
                            0 ; serial
                           1D ; refresh
                           1H ; retry
                           1W ; expire
                         3H ) ; minimum
           NS @
           A 192.168.43.95
dns        A 192.168.43.95
client     A 192.168.43.96
[root@dns ~]#

Now I am going to create Reverse Zone in /var/named/ directory.

Add the following lines in reverse.tzclouds file

[root@dns ~]# cat /var/named/reverse.tzclouds
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       192.168.43.95
95      PTR     dns
96      PTR     client
[root@dns ~]#

Zone file ownership should be root:named so now we need to change ownership of zone files with below commands.

[root@dns named]# chown root:named forward.tzclouds
[root@dns named]# chown root:named reverse.tzclouds

After zone file configuration now we need to enable and start our DNS service.

[root@dns ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@dns ~]# systemctl start named
[root@dns ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-05-26 16:38:30 CEST; 50min ago
Process: 1919 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 1933 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 1930 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 1936 (named)
CGroup: /system.slice/named.service
└─1936 /usr/sbin/named -u named -c /etc/named.conf

May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:2d::d#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:12::d0d#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:7fd::1#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:2f::f#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:7fe::53#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:2d::d#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:12::d0d#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:7fd::1#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:2f::f#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:7fe::53#53
[root@dns ~]#

Now we need to configure Firewall for our DNS service. We need to enable default port 53 for DNS service on from Linux firewall side.

[root@dns ~]# firewall-cmd --add-port=53/udp
success
[root@dns ~]# firewall-cmd --add-port=53/udp --permanent
success
[root@dns ~]#

After port enable we need to reload Firewall using this commands.

[root@dns ~]# firewall-cmd --reload
success
[root@dns ~]#

After all above configuration now we can check DNS configuration and zone files for any syntax errors with below commands:-

HostGator Web Hosting
Check DNS default configuration file:-

[root@dns ~]# named-checkconf /etc/named.conf
[root@dns ~]#

If it returns nothing,  then our configuration file is valid.

We can check forward zone also with below commands and output will be look like this:-

[root@dns named]# named-checkzone tzclouds.local /var/named/forward.tzclouds
zone tzclouds.local/IN: loaded serial 0
OK
[root@dns named]#

Now we can check reverse zone with below commands and output will be look like this:-

[root@dns ~]# named-checkzone tzclouds.local /var/named/reverse.tzclouds
zone tzclouds.local/IN: loaded serial 0
OK
[root@dns ~]#

Now our DNS server installation and configuration has been completed. Lets verify our DNS server is properly working or not. We can use nslookup command to verify our DNS server like this:-

[root@dns ~]# nslookup dns.tzclouds.local
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: dns.tzclouds.local
Address: 192.168.43.95

[root@dns ~]#
[root@dns ~]#
[root@dns ~]# nslookup client.tzclouds.local
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: client.tzclouds.local
Address: 192.168.43.96

[root@dns ~]#

You can see above our DNS server working properly. Now let’s configure our Client and check our Name resolution with Client.

DNS Client Configuration

On Client side we need to add DNS server IP in /etc/resolve.conf file like this:-

[root@client ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search tzclouds.local
nameserver 192.168.43.95
[root@client ~]#

After that we can check name resolution from client side with nslookup commands like this:-

[root@client ~]# nslookup dns
Server: 192.168.43.95
Address: 192.168.43.95#53

Name: dns.tzclouds.local
Address: 192.168.43.95

[root@client ~]# nslookup client
Server: 192.168.43.95
Address: 192.168.43.95#53

Name: client.tzclouds.local
Address: 192.168.43.96

[root@client ~]#

You can see our client server resolve name successfully with DNS server.

That’s all, Now we have completed installation and configuration DNS server and DNS Client. 


Leave a Reply

Your email address will not be published. Required fields are marked *