DNS installation on RHEL 7 and CentOS 7

Dear friends in this tutorial I am going to show you, DNS installation on server and client. So lets start step by step DNS installation. Before DNS installation we should know what is DNS?

What is DNS

DNS, stands for Domain Name System. DNS translates hostnames or URLs into IP addresses. For example, if you type any url like this https://tzclouds.com in your browser, then DNS server will translates this domain name into its associated IP address. It’s very difficult to remember lot of IP address all time, DNS servers are makes its easy. We can use DNS server to translate the IP in to hostnames or url like this 192.xxx.xx.xxx to https://tzclouds.com. So it makes easy to remember the domain names instead of its IP address.

In this tutorial I am going to show you how we can install local DNS server in CentOS7. I will also show you how to configure DNS client in this tutorial. You can also use this steps in RHEL7 to configure local DNS server.

Prerequisite

In this tutorial I am going to use two host first is our DNS Server and second will be our DNS Client. On our both Host CentOS7 should be install. You can see below Host details:-

  1. DNS-Server (Hostname:- dns.tzclouds.local, IP :- 192.168.43.95)
  2. DNS-Client (Hostname:- client.tzclouds.local, IP :- 192.168.43.96)

DNS Server Installation Steps:-

First of all we need to install bind9 packages on our DNS server.

[[email protected] ~]# yum install bind bind-utils –y

After package installation we need to configure DNS Server. Configuration should be like below:-

Edit /etc/named.conf file.  And add this line which is show in bold.

[[email protected] ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; any; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "tzclouds.local" IN {
type master;
file "forward.tzclouds";
allow-update { none; };
};
zone "43.168.192.in-addr.arpa" IN {
type master;
file "reverse.tzclouds";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[[email protected] ~]#

After file configuration you can verify you named.conf file with named-checkconf, if your file is ok, then there will be no any output like below:-

[[email protected] ~]# named-checkconf
[[email protected] ~]#

Make sure your named.conf file ownership should be root:named

[[email protected] ~]# ls -l /etc/named.conf
-rw-r----- 1 root named 1910 May 26 17:00 /etc/named.conf
[[email protected] ~]#

Now we need to create forward and reverse zone file which we have included in /etc/named.conf file. like this:-

forward.tzclouds and reverse.tzclouds

So first off all I am going to crate Forward Zone. We need create file forward.tzclouds in /var/named/ directory.

Add the following lines in forward.tzclouds file:-

[[email protected] ~]# cat /var/named/forward.tzclouds
$TTL 1D
@ IN SOA @ rname.invalid. (
                            0 ; serial
                           1D ; refresh
                           1H ; retry
                           1W ; expire
                         3H ) ; minimum
           NS @
           A 192.168.43.95
dns        A 192.168.43.95
client     A 192.168.43.96
[[email protected] ~]#

Now I am going to create Reverse Zone in /var/named/ directory.

Add the following lines in reverse.tzclouds file

[[email protected] ~]# cat /var/named/reverse.tzclouds
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       192.168.43.95
95      PTR     dns
96      PTR     client
[[email protected] ~]#

Zone file ownership should be root:named so now we need to change ownership of zone files with below commands.

[[email protected] named]# chown root:named forward.tzclouds
[[email protected] named]# chown root:named reverse.tzclouds

After zone file configuration now we need to enable and start our DNS service.

[[email protected] ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[[email protected] ~]# systemctl start named
[[email protected] ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-05-26 16:38:30 CEST; 50min ago
Process: 1919 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 1933 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 1930 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 1936 (named)
CGroup: /system.slice/named.service
└─1936 /usr/sbin/named -u named -c /etc/named.conf

May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:2d::d#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:12::d0d#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:7fd::1#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:2f::f#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:7fe::53#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:2d::d#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:12::d0d#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:7fd::1#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:2f::f#53
May 26 17:12:00 dns.tzclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:7fe::53#53
[[email protected] ~]#

Now we need to configure Firewall for our DNS service. We need to enable default port 53 for DNS service on from Linux firewall side.

[[email protected] ~]# firewall-cmd --add-port=53/udp
success
[[email protected] ~]# firewall-cmd --add-port=53/udp --permanent
success
[[email protected] ~]#

After port enable we need to reload Firewall using this commands.

[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]#

After all above configuration now we can check DNS configuration and zone files for any syntax errors with below commands:-

HostGator Web Hosting
Check DNS default configuration file:-

[[email protected] ~]# named-checkconf /etc/named.conf
[[email protected] ~]#

If it returns nothing,  then our configuration file is valid.

We can check forward zone also with below commands and output will be look like this:-

[[email protected] named]# named-checkzone tzclouds.local /var/named/forward.tzclouds
zone tzclouds.local/IN: loaded serial 0
OK
[[email protected] named]#

Now we can check reverse zone with below commands and output will be look like this:-

[[email protected] ~]# named-checkzone tzclouds.local /var/named/reverse.tzclouds
zone tzclouds.local/IN: loaded serial 0
OK
[[email protected] ~]#

Now our DNS server installation and configuration has been completed. Lets verify our DNS server is properly working or not. We can use nslookup command to verify our DNS server like this:-

[[email protected] ~]# nslookup dns.tzclouds.local
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: dns.tzclouds.local
Address: 192.168.43.95

[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]# nslookup client.tzclouds.local
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: client.tzclouds.local
Address: 192.168.43.96

[[email protected] ~]#

You can see above our DNS server working properly. Now let’s configure our Client and check our Name resolution with Client.

DNS Client Configuration

On Client side we need to add DNS server IP in /etc/resolve.conf file like this:-

[[email protected] ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search tzclouds.local
nameserver 192.168.43.95
[[email protected] ~]#

After that we can check name resolution from client side with nslookup commands like this:-

[[email protected] ~]# nslookup dns
Server: 192.168.43.95
Address: 192.168.43.95#53

Name: dns.tzclouds.local
Address: 192.168.43.95

[[email protected] ~]# nslookup client
Server: 192.168.43.95
Address: 192.168.43.95#53

Name: client.tzclouds.local
Address: 192.168.43.96

[[email protected] ~]#

You can see our client server resolve name successfully with DNS server.

That’s all, Now we have completed installation and configuration DNS server and DNS Client. 


4 thoughts on “DNS installation on RHEL 7 and CentOS 7

  1. Good – I should certainly pronounce, impressed with your web site. I had no trouble navigating through all the tabs as well as related information ended up being truly simple to do to access. I recently found what I hoped for before you know it in the least. Quite unusual. Is likely to appreciate it for those who add forums or something, website theme . a tones way for your client to communicate. Excellent task.

Leave a Reply

Your email address will not be published. Required fields are marked *