Search This Blog

2012-10-27

DNS (BIND) Configuration CentOS


Installing and Setting Up Environment
  1. Install DNS Software
    1. yum install bind bind-utils bind-libs
  2. Ensure BIND starts on system boot
    1. chkconfig --level 35 named on
  3. Start the service
    1. service named start
  4. It will prompt for a key which you can use for remote management of DNS
    1. This will be stored in /var/named/rndc.conf or /etc/named.root.key
Prerequisites
  1. Ensure you have a static IP configured for your DNS host
  2. Ensure your DNS host has a default gateway outside of your network so it can use the forwarders
  3. Create an opening in the firewall on your machine to allow queries to port 53 (the dns port) on both tcp and udp using Adding New iptables Rules 
  4. If you also need the DNS server to access local DNS you may want to configure /etc/resolv.conf and change the search to domain.local as well as change your nameserver to 127.0.0.1
Configuration
named.conf 
This file is used to give administrators control over dns permissions, forwarders, and to define resolution "zones". 
The main part of the config is the "zones" config as these define the resolution configuration for each domain. For example, you may configure a zone called "domain.local" and specify that it be stored in a file of "domain.local.zone"

The few things that I configured to get this working are:
acl's - I created an acl to only allow my local subnet to query my dns server by including the following lines
acl lan {
    192.168.0.0/24;
    127.0.0.1;
};

options - Changed the options to allow queries coming from lan, turned off dnssec, and added forwarders.
I have nothing against dnssec I just had problems getting it working right off the bat with some websites.
options {
    :
    :
    dnssec-enable no;
    dnssec-validation no;
    forwarders { (dns_server1; dns_server2; };
    forward only;
};

zones - configured a couple local zones.

One forward lookup zone.
zone "domain.local" IN {
    type master;
    file "domain.local.zone";
};

One reverse lookup zone.
zone "0.168.192.in-addr.arpa" {
    type master;
    file "domain.local.rr.zone"
};

Forward Lookup Zone Config Files
TTL Value - To specify how long dns records should be cached
$TTL 3d

An Origin - so that every domain name that is unqualified will have the domain name stored in origin added
$ORIGIN domain.local.

SOA - defines important authoritative information about a namespace to the nameserver

@            IN    SOA    dns-0.domain.local.    (email_address)    (
                              12   ; serial
                              4h   ; refresh after 4 hours
                              1h   ; retry after 1 hour
                              1w   ; expire after 1 week
                              1h ) ; minimum TTL of 1 day

NS - to announce authoritative name server to dns
IN    NS     (hostname).domain.local.

'A' Records - To map hostname to IPs
(hostname)        IN    A      (IP)

Reverse Lookup Zone Config Files
TTL Value - To specify how long dns records should be cached
$TTL 3d


An Origin - so that every domain name that is unqualified will have the domain name stored in origin added
$ORIGIN 0.168.192.in-addr.arpa.


SOA - defines important authoritative information about a namespace to the nameserver

@            IN    SOA    dns-0.domain.local.    (email_address)    (
                              12   ; serial
                              4h   ; refresh after 4 hours
                              1h   ; retry after 1 hour
                              1w   ; expire after 1 week
                              1h ) ; minimum TTL of 1 day





NS - to announce authoritative name server to dns
IN    NS     IN    NS     (hostname).domain.local.

PTR Records - To lookup hostname from known IPs
1                      IN    PTR    (hostname).(domain).local.

Testing Lookup
To test lookup functionality we can use nslookup in windows or linux to specify the server
  1. Flush your dns cache
    1. ipconfig /flushdns
  2. Run nslookup without any arguments
    1. nslookup
    2. > server (ip_address)
    3. > (hostname_to_lookup | ip_to_reverse)
The location for BIND logs are stated in /etc/named.conf and are generally defaulted to /var/named/data/named.run.
  1. View real-time logs for DNS
    1. tail -f /var/named/data/named.run
Resources
I mainly used the CentOS documentation for assistance in figuring out which options meant what:

I also had a couple helpful tutorials from the following locations:

No comments:

Post a Comment