CentOS | Undan Blog

DNS service is used for translating hostnames to IP addresses and vice versa. When your computer needs to communicate with google.com , it asks the DNS server what IP is google.com. DNS server looks at it’s database or any parent DNS servers for that information and replies to your computer. CentOS uses ‘bind‘ package for running DNS server. For querying servers for DNS information, we use commands like host, nslookup or dig

In this article I would like you guide you on how to set up a basic DNS server for your own network using CentOS 7 and bind. A few things we need to keep in mind.

DNS server IP : 10.0.0.1
Domain : example.com
Network : 10.0.0.0/24
Hostname of the DNS server: core ( hence core.example.com )

Configure a static IP for the server, or make sure the DHCP will assign the same IP always for this server. We start by installing packages.

yum install bind bind-utils
firewall-cmd --permanent --add-port 53/udp
firewall-cmd --permanent --add-port 53/tcp
firewall-cmd reload
systemctl enable named.service
systemctl start named.service

Now, we need to configure bind service to start serving example.com domain and it’s DNS entries. First, we need to create a forward zone and a reverse zone for example.com domain. The simplest way to explain, Forward zone serves name to IP conversion, such as A , CNAME , MX records. Reverse zone serves IP to name lookups for PTR records. We need to add the following entries in /etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; 10.0.0.1;};
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 10.0.0.0/24;};
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Using Google DNS to query for DNS requests outside example.com */
        forwarders {
                8.8.8.8;
                8.8.4.4;
        };
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

/* Forward Zone */
zone "example.com" IN {
type master;
file "example.com.forward";
allow-update { none; };
};

/* Reverse Zone */
zone "0.0.10.in-addr.arpa" IN {
type master;
file "example.com.reverse";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

We have configured our DNS server to forward requests not in example.com towards external DNS servers ( 8.8.8.8 and 8.8.4.4 ) to serve the clients. This is called DNS forwarding. Our client nodes need to be configured with only our DNS server. This also improves the network performance because DNS server caches responses so clients will get faster replies.

As you can see in line number 39 and 45 , we have defined out forward and reverse zone to be served from files named example.com.forward and example.com.reverse. These need to be created inside /var/named/ folder.

$TTL 86400
$ORIGIN example.com.
@   IN  SOA     core.example.com. webmaster.example.com. (
        100 ; Serial
        3000        ; Refresh
        3600        ; Retry
        3W      ; Expire
        86400  )     ; Minimum TTL

@       IN  NS          core.example.com.
core       IN  A   10.0.0.1

$TTL 86400
$ORIGIN 0.0.10.in-addr.arpa.
@   IN  SOA     core.example.com. webmaster.example.com.  (
        2015061001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          core.example.com.
@       IN  PTR         example.com.
core       IN  A   10.0.0.1
1     IN  PTR         core.example.com.

Now we can restart the service and test to see if it is working fine.

[root@cos ~]# systemctl restart named.service
[root@cos ~]# host core.example.com 10.0.0.1
Using domain server:
Name: 10.0.0.1
Address: 10.0.0.1#53
Aliases: 

core.example.com has address 10.0.0.1
[root@cos ~]# host 10.0.0.1 10.0.0.1
Using domain server:
Name: 10.0.0.1
Address: 10.0.0.1#53
Aliases: 

1.0.0.10.in-addr.arpa domain name pointer core.example.com.
[root@cos ~]#

Let’s try adding a few more host entries, so you can add more servers to your network and have fully qualified domain names. I am also adding the host server.example.com responsible for handling mail for example.com ( MX record ). That same host will also server www.example.com web content for the domain. Append the following lines to /var/named/example.com.forward file.

           IN MX  10  mail.example.com.
server    IN  A   10.0.0.102
www     IN CNAME  server
mail    IN CNAME  server

client          IN  A   10.0.0.103

We should also add PTR records in the reverse zone file.

server    IN  A   10.0.0.102
client          IN  A   10.0.0.103
102     IN  PTR         server.example.com.
103     IN  PTR         client.example.com.

Now, restart the service and test to see if our new hosts are being served.

[root@cos ~]# systemctl restart named.service
[root@cos ~]# host www 10.0.0.1
Using domain server:
Name: 10.0.0.1
Address: 10.0.0.1#53
Aliases: 

www.example.com is an alias for server.example.com.
server.example.com has address 10.0.0.102
[root@cos ~]# host -t MX mail.example.com 10.0.0.1
Using domain server:
Name: 10.0.0.1
Address: 10.0.0.1#53
Aliases: 

mail.example.com is an alias for server.example.com.
[root@cos ~]# host here.com 10.0.0.1
Using domain server:
Name: 10.0.0.1
Address: 10.0.0.1#53
Aliases: 

here.com has address 131.228.152.4
here.com mail is handled by 10 here-com.mail.protection.outlook.com.
[root@cos ~]#

As you can see, you now have a fully functioning DNS server. All you need to do is to configure your machines in the 10.0.0.0/24 network to use 10.0.0.1 as their DNS server. 🙂

This is very nice thing to have , if you are learning things like mail servers or virtual hosting for web services etc. This would be perfectly fine to be used inside a LAB/Testing network, using this in production/live scenario is not recommended (it is too basic).

Note: This setting can be easily pushed to all nodes in the network via DHCP if they are all DHCP clients. I will explain configuring your own DHCP server in another article.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Undan Blog

Rajesh Sivaraman's Random Posts

Tag Archives: CentOS

Setting up DNS Server in CentOS 7