I just bought a new domain for me and I am going through the process of setting up my own DNS server. I want to share with you the experience and also the knowledge.
Package Requirements
bind
bind-libs
bind-utils
Install all packages
[root@centos63 named]yum install bind bind-libs bind-utils -y
Make sure Bind starts at boot time
[root@centos63 named]# chkconfig --level 2345 named on
Note: On Red Hat based systems Bind damon is called named.
Configuring Bind
My domain name is e-networks.co.uk and this is domain I will use as an example.
The Server IP address will be: 192.168.1.34
Configure /etc/named.cof
[root@centos63 named]# cd /etc
[root@centos63 named]# mv named.conf named.back
##################################################################################################
[root@centos63 named]# vi named.conf
Note: Add the lines below
# This file is the main config for e-networks.co.uk domain
options {
listen-on { 192.168.1.34; }; //Change it to your servers IP address
version "This is not a public Server";
directory "/var/named";
pid-file "/var/run/named/pid";
hostname "centos63.e-networks.co.uk"; //Change it to your Servers name and domain
notify yes;
forward first; // the default
fetch-glue no; // only fetches requested records, not everything
// DNS server for your ISP, its IP address should be set below,
// This will make you resolution faster by using its cache.
forwarders {
194.168.4.100; // this IP is for NTL resolver 1 (change it to your ISP Nameserver)
194.168.8.100; // This IP is for NTL resolver 2 (change it to your ISP Nameserver)
};
/*
* Uncomment the line below if you or the name servers are behind a firewall
*/
// query-source address * port 53;
/*
* If running in a chroot, you will need to specify a different
* folder to save the dump files.
*/
// dump-file "s/named_dump.db";
// SORT LIST
sortlist { { localhost; localnets; };
{ localnets; };
};
};
// SECONDARY ZONES
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
zone "." {
type hint;
file "named.root";
};
zone "e-networks.co.uk" { // change it to your domain name
type master;
allow-update { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow updates
allow-transfer { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow transfers
notify yes;
file "e-networks.co.uk"; // change it to you domain name
};
zone "localhost" {
type master;
file "named.localhost";
allow-transfer { localhost; };
notify no;
};
# reverse zones
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "1.168.192.in-addr.arpa" { // Change it to to match your network or range assigned to you
type master;
file "1.168.192.in-addr.arpa"; // Change it to to match your network or range assigned to you
allow-update { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow updates
allow-transfer { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow transfers
};
###################################################################################
[root@centos63 named]# cd /var/named
[root@centos63 named]# mv named.localhost named.localhost.bak
[root@centos63 named]# vi e-network.co.uk
Note: Add the lines below
$TTL 3600
e-networks.co.uk. IN SOA centos63.e-networks.co.uk. root.centos63.e-networks.co.uk. (
2013051801 ; Serial YYYYMMDDnn
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
; DNS Servers
@ IN NS centos63.e-networks.co.uk.
; Machine Names
localhost IN A 127.0.0.1
centos63 IN A 192.168.1.34
; mail server (use this if you have a mail server running)
mail IN A 192.168.1.34
@ IN A 192.168.1.34
; Aliases (use this if you have a web server here, www.e-networks.co.uk.)
www IN CNAME @
; MX Record (use this if you have a mail server running)
@ IN MX 10 mail.e-networks.co.uk.
#########################################################################################
[root@centos63 named]# vi named.localhost
Note: Add the lines below
$ORIGIN localhost.
$TTL 6h
@ IN SOA localhost. postmaster.localhost. (
1 ; serial
3600 ; refresh
1800 ; retry
604800 ; expiration
3600 ) ; minimum
IN NS localhost.
IN A 127.0.0.1
##########################################################################################
[root@centos63 named]# vi localhost.rev
Note: Add the lines below
$TTL 3600
@ IN SOA centos63.e-networks.co.uk. root.centos63.e-networks.co.uk. (
2013051801 ; Serial YYYYMMDDnn
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS centos63.e-networks.co.uk.
1 IN PTR localhost.e-networks.co.uk.
##########################################################################################
[root@centos63 named]# vi 1.168.192.in-addr.arpa
Note: Add the lines below
$TTL 3600
@ IN SOA centos63.e-networks.co.uk. root.centos63.e-networks.co.uk. (
2013051801 ; Serial YYYYMMDDnn
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS centos63.e-networks.co.uk.
1 IN PTR centos63.e-networks.co.uk.
##########################################################################################
[root@centos63 named]# vi named.root
Note: Add the lines below
# This is the named.root file for all Root Name Servers
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of File
##########################################################################################
Reminder:
1. Change the forwarders
2. Change the line: "listen on"
3. Change the line "hostname"
4. Change the zone "e-networks"
5. Change the line "Allow updates"
6. Change the line "Allow transfers"
7. Change the line "1.168.192.in-addr.arpa"
8. Change the line "Allow updates"
9. Change the line "Allow transfers"
Remember when Creating the files to represent the zones, make sure you also change the names
to suit your environment.
Review the whole configuration and double check for typos and names.
Starting DNS
[root@centos63 named]# service named start
Note: If the named service does not start check for errors on /var/log/messages
[root@centos63 named]# tail /var/log/messages
Check if the named service is running
[root@centos63 named]# ps -eaf | grep named
named 1061 1 0 07:49 ? 00:00:00 /usr/sbin/named -u named
root 1471 1415 0 08:23 pts/0 00:00:00 grep named
Last Note
When you start the named service for the first type the script will try and generate the rndc.key for your server. This will take some time.
I hope you enjoy folks
by Renato de Oliveira
Showing posts with label DNS. Show all posts
Showing posts with label DNS. Show all posts
Saturday, 18 May 2013
Tuesday, 16 April 2013
How DNS works on Linux
How DNS works on Linux
Whenever
we contact a server by its name whether by ping, browsing for example, this is
what happens.
Ping www.google.com
The
resolver’s libraries get invoked (Resolvers are just C libraries, which look up
IP addresses and map them to names). These libraries read the configuration
files /etc/hosts.conf (older Linux) or
/etc/nsswitch.conf (newer Linux) each
time they are called.
Depending
on how these libraries - /etc/hosts.conf and /etc/nsswitch.conf - are configured, the resolvers will choose to use /etc/hosts FILE, DNS or NIS for mapping IPs to names.
My
Linux servers use the new glibc, so the configuration file they will check is the /etc/nsswitch.confm see
a snippet of this file below:
# hosts: db files nisplus nis dns
hosts: files dns
This is telling us:
Check first /etc/hosts file. If the address is
not found on the /etc/hosts file, check DNS.
If DNS is requested, another
configuration file gets read: /etc/resolv.conf. The /etc/resolv.conf should be set with the nameservers for the
network. See an example below:
# cat /etc/resolv.conf
domain adlinux.int
search adlinux.int
nameserver 192.168.1.22
The resolver’s libraries will extract
the ‘nameserver’ from the resolv.conf file and query them, to map www.google.com to its IP address.
The nameserver
in turn, if authoritative for the DNS zone where www.google.com resides, will look the name up in
its own database and return Google’s IP. If the nameserver is
not authoritative for the zone, which is most
likely, then it will return another IP for another nameserver,
which can resolve .com.
Then the .com nameservers will be queried and they will look up in their own
databases, and return an IP address for the authoritative nameserver for google.com domain.
Another query will be initiated to the
google.com authoritative DNS server, and this time, it will look in its own
database and find an IP address which matches a host named www.
Guys, this is the first version of this post. I will try and correct the mistakes and improve it.
This should give you a good idea how names are resolved on Linux.
I hope it will be useful to you
by Renato de Oliveira
Monday, 25 March 2013
Netwok design, install and configuration
Netwok design, install and configuration
I have decided to share with you my experiences and I will show you most things about networks.
I am going to start from scratch and write posts on how to:
I am going to give you ideas on how to plan your AD, your DNS naming, your IP address scheme, how to position your clients on the network.
I will discuss DMZ, VLANs, Security, SSH, Locking down Linux.
I will have recommendations on security, patch management, for Windows. Design considerations for your network.
Resiliency and redundancy will be discussed also.
If you want to benefit from this blog, just keep visiting it, it will be your stop shop for most Network systems.
My plan is to every day write a new post about some topic.
I have already few posts and I will make the link between each post, so you can easily follow up.
If you have suggestions, please let me know I will try my best to accomodate your suggestions and also write about them.
I hope you will enjoy and learn all this exciting stuff related to IT.
Many thanks
Renato Oliveira
I have decided to share with you my experiences and I will show you most things about networks.
I am going to start from scratch and write posts on how to:
- How to Install Windows 2008
- Setup network
- Active Directory
- DNS
- DHCP
- etc
- How to Install Redhat 6
- Setup the Network
- Integrate Linux to Active directory
- Setup most config files under /etc
- NFS
- SAMBA
- How to Set up Citrix
- How to Setup Juniper SRX Security gateway
- How to Setup NetApp Ontap 8.1
I am going to give you ideas on how to plan your AD, your DNS naming, your IP address scheme, how to position your clients on the network.
I will discuss DMZ, VLANs, Security, SSH, Locking down Linux.
I will have recommendations on security, patch management, for Windows. Design considerations for your network.
Resiliency and redundancy will be discussed also.
If you want to benefit from this blog, just keep visiting it, it will be your stop shop for most Network systems.
My plan is to every day write a new post about some topic.
I have already few posts and I will make the link between each post, so you can easily follow up.
If you have suggestions, please let me know I will try my best to accomodate your suggestions and also write about them.
I hope you will enjoy and learn all this exciting stuff related to IT.
Many thanks
Renato Oliveira
Subscribe to:
Posts (Atom)