breaking news

How to install Primary and Secondary DNS in CentOS 6.5

April 5th, 2016 | by Shree H. Niraula
How to install Primary and Secondary DNS  in CentOS 6.5
Tech
0

Setup Master-Slave DNS Server Using “Bind” Tools in RHEL/CentOS 6.5
Domain Name Server (DNS) used for name resolving to any hosts. Master DNS servers (Primary Server) are the original zone data handlers and Slave DNS server (Secondary Server) are just a backup servers which is used to copy the same zone information’s from the master servers. Master Server will resolve the names for every hosts which we defined in the zone database and use UDP protocol, because UDP protocols never use the acknowledgement process while tcp uses acknowledgement. DNS servers also use UDP protocols to resolve the query request at the earliest.
My Testing Environment
For this article, I’m using 3 machines, 2 for server setup (master and slave) and 1 for client.
—————————————————
Master DNS Server
—————————————————

IP Address : 10.10.54.101
Host-name : ns1.itandsports.com
OS : Centos 6.5 Final
—————————————————
Slave DNS Server
—————————————————

IP Address : 10.10.54.102
Host-name : ns2.itandsports.com
OS : Centos 6.5 Final

————————————————–
Client Machine to use DNS
—————————————————

IP Address : 10.10.54.103
Host-name : manage.itandsports.com
OS : Centos 6.5 Final
Setup Master DNS Server (ns1.itandsports.com)
First, verify the IP address, Hostname and Distribution version of Master DNS Server, before moving forward for setup.
# sudo ifconfig | grep inet
# hostname
# cat /etc/redhat-release

Once, you confirm that the above settings are correct, it’s time to move forward to install required packages.

Installing and Configuring Bind
# yum install bind* -y

After installing required packages, now define zone files in master configuration ‘named.conf‘ file.
# vi /etc/named.conf

Given below is my named.conf file entry, change the configuration file as per your need.
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1; 10.10.54.101; }; # Here we need to add our Master DNS Server IP.
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; 10.10.54.0/24; }; # subnet range where my hosts are allowed to query our DNS.
allow-transfer { localhost; 10.10.54.102; }; # Here we need to our Slave DNS server IP.
recursion no;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;

managed-keys-directory “/var/named/dynamic”;
};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.ca”;
};

## Define our forward & reverse Zone file here for itandsports.com
zone”itandsports.com” IN {
type master;
file “itandsports.com.fwd.zone”;
allow-update { none; };
};
zone”54.10.10.in-addr.arpa” IN {
type master;
file “itandsports.com.rev.zone”;
allow-update { none; };
};

#####
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

Following are the explanation of each configuration we used in above file.
Listen-on port 53 – This is used for the DNS to listen in available interfaces.
Master DNS – Define, your Master DNS IP address to listen the query.
Slave DNS – Define your Slave DNS, which is used to sync our zone information to resolve the hosts from Master.
Recursion no – If it’s set to yes, recursive queries will make the server into DDOS attack.
Zone Name – Define your Zone name here defined as itandsports.com.
Type master – As this system was configured for a master server, for upcoming slave server this will be slave.
itandsports.com.fwd.zone – This file have the host information for this zone.
Allow-update none – If none will set. It won’t use Dynamic DNS (DDNS).

Creating Master Zone Files
At first let us define forward look-up zone entry. Here we need to create the zone files in the name of what we have define in the named.conf file as below.
We use sample configuration files for creating forward zone files, for this we’ve to copy the sample configuration files.
# cp /var/named/named.localhost /var/named/itandsports.com.fwd.zone
# cp /var/named/named.loopback /var/named/itandsports.com.rev.zone

Once, you’ve copied configuration files, now edit these zones files using vim editor.
# vi /var/named/itandsports.com.fwd.zone
Before defining our host information in forward zone file, first have a quick look at the sample zone file. This is my forward zone configuration, append the below entry and make changes as per your need.
$TTL 86400
@ IN SOA ns1.itandsports.com. root.itandsports.com. (
2014090401 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum

; Name server’s
@ IN NS ns1.itandsports.com
@ IN NS ns2.itandsports.com
; Name server hostname to IP resolve.
@ IN A 10.10.54.101
@ IN A 10.10.54.102
; Hosts in this Domain
@ IN A 10.10.54.103
ns1 IN A 10.10.54.101
ns2 IN A 10.10.54.102
manage IN A 10.10.54.103
Save and quit the file using wq!. After editing the forward look-up, it looks like below, Use TAB to get a decent format in zone file.

Now, create reverse lookup file, we have already made a copy of loop-back file in the name of itandsports.com.rev.zone. So, we use this file to configure our reverse look-up.
# vi /var/named/itandsports.com.rev.zone
Before defining our host information in reverse zone file, have a quick look of sample reverse lookup file as shown below
This is my reverse zone configuration, append the below entry and make changes as your need.
$TTL 86400
@ IN SOA ns1.itandsports.com. root.itandsports.com. (
2014090402 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum

; Name server’s

@ IN NS ns1.itandsports.com.
@ IN NS ns2.itandsports.com.
@ IN PTR itandsports.com.
; Name server hostname to IP resolve.

ns1 IN A 10.10.54.101
ns2 IN A 10.10.54.102
; Hosts in Domain.

manage IN A 10.10.54.103

101 IN PTR ns1.itandsports.com.
102 IN PTR ns2.itandsports.com.
103 IN PTR manage.itandsports.com.

Save and quit the file using wq!. After editing the reverse look-up, it looks like below, Use TAB to get a decent format in zone file.
Check the group ownership of forward look-up & reverse look-up files, before checking for any errors in configuration.
# ls -l /var/named/
Here we can see both the files are in root users ownership, because files which we makes a copy from sample files are available under /var/named/. Change the group to named on both files using following commands.
# chgrp named /var/named/itandsports.com.fwd.zone
# chgrp named /var/named/itandsports.com.rev.zone

After setting correct ownership on the files, verify them again.
# ls -l /var/named/

Now, check for the errors in zone files, before starting the DNS service. First check the named.conf file, then check other zone files.
# named-checkconf /etc/named.conf
# named-checkzone ns1.itandsports.com /var/named/itandsports.com.fwd.zone
# named-checkzone ns1.itandsports.com /var/named/itandsports.com.rev.zone

By default iptables was running and our DNS server is restricted to localhost, if client wants to resolve name from our DNS Server, then we have to allow the inbound request, for that we need to add iptables inbound rule for the port 53.
# iptables -I INPUT -p udp –dport 53 -m state –state NEW -j ACCEPT
Now, verify that the rules has been added correctly in INPUT chain.
# iptables -L INPUT
Next, save the rules and restart firewall.
# service iptables save
# service iptables restart

Start the named service and make it persistent.
# sudo service named start
# sudo chkconfig named on
# sudo chkconfig –list named

Finally, test the configured Master DNS zone files (forward and reverse), using dig & nslookup tools.
# dig ns1.itandsports.com [Forward Zone]
# dig -x 10.10.54.101
# nslookup itandsports.com
# nslookup ns1.itandsports.com
# nslookup ns1.itandsports.com
Cool! we have configured a Master DNS, now we need to setup a Slave DNS Server. Let’s move forward to setup a slave server, This won’t take much time as master setup.

Setup Slave DNS Server
In Slave machine, also we need to install same bind packages as shown in Master, so let’s install them using following command.
# yum install bind* -y
Open and edit ‘named.conf’ file for our zone database and port listen.
$ sudo vim /etc/named.conf
Make changes as shown, as per your requirements.
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1; 10.10.54.102}; # Our Slave DNS server IP
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; 10.0.0.0/24; };
recursion no;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;

managed-keys-directory “/var/named/dynamic”;
};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.ca”;
};

## Define our slave forward and reverse zone, Zone files are replicated from master.

zone”itandsports.com” IN {
type slave;
file “slaves/itandsports.com.fwd.zone”;
masters { 10.10.54.101; };
};

zone”54.10.10.in-addr.arpa” IN {
type slave;
file “slaves/itandsports.com.rev.zone”;
masters { 10.10.54.101; };
};

#####
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

Start the DNS service using.
# service named start

After restarting the bind service, we don’t have to define the zone information individually, as our allow-transferwill replicate the zone information from master server as shown in the image below.
# ls -l /var/named/slaves
Verify, the zone information using cat command.
# cat /var/named/slaves/itandsports.com.fwd.zone
# cat /var/named/slaves/itandsports.com.rev.zone

Next, open DNS port 53 on iptables to allow inbound connection.
# iptables -I INPUT -p udp –dport 53 -m state –state NEW -j ACCEPT

Save the iptables rules and restart the iptables service.
# service iptables save
# service iptables restart

Make the service persistent on system boot.
# chkconfig iptables on
Check whether persistent set for run-levels.

# chkconfig –list iptables
Client Side Verification:
Assign ip 10.10.54.103/24
Assign DNS ns1.itandsports.com and ns2.itandsports.com

Verify from client- “itandsports.com (10.10.54.103)” Now, check the forward & Reverse DNS look-up using.
# dig ns1.itandsports.com
# dig -x 10.10.54.101
Understating the dig Output:
Header – This says everything what we have asked and how the result was.
Status – Status was NO ERROR that means which query request sent by us was successful without any ERROR.
Question – The Query which was made by us, here my query was masterdns.tecmintlocal.com.
Answer – The Query request resolved if there is available information.
Authority – The name servers response for the domain and zone.
Additional – Additional info’s regarding name-servers such as host-name and IP address.
Query time – How long it took for resolving the names from the above servers.
Finally check for our node and make a ping.
# dig manage.itandsports.com
# ping ns1.itandsports.com -c 2
# ping ns2.itandsports.com -c 2
# ping 10.10.54.101 -c 2
# ping 10.10.54.102 -c 2

Finally, setup completed, here we have configured both Primary (Master) and Slave (Seconday) DNS server successfully, hope everyone have setup-ed without any issue, feel free to drop a comment if you face any issue while setup.

Share This