See in this post we are going to see how to configure DNS
First we should know what is DNS ...??
DNS is also called as
Domain Name Service (DNS) , DNS is the Application layer protocol in internet
protocol suite.
DNS is used for naming
services also it resolves Forward and Reverse Lookup.
Forward Lookup = Domain
Name to find an IP Address
Reverse Lookup = IP
Address to find a Domain Name
An Internet facility
that lets you do either forward or reverse DNS lookup yourself is called nslookup.
DNS PORT NO = 53
Domain name= example.org
Server IP Address = 192.168.40.120/24
Server Hostname = server.tn.example.org
Client IP Address =
192.168.40.125/24
Client Hostname =
client.tn.example.org
Server Side Configuration:-
Install BIND Package
[root@server ~]# yum install bind
bind-utils –y
[root@server ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat
bind package to configure the ISC BIND named(8) DNS
// server as a caching
only nameserver (as a localhost DNS resolver only).
//
// See
/usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {
127.0.0.1; 192.168.40.120; };
listen-on-v6 port 53 {
::1; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file
"/var/named/data/named_stats.txt";
memstatistics-file
"/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.40.0/24; };
allow-transfer{ localhost;
192.168.40.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file
"/etc/named.iscdlv.key";
managed-keys-directory
"/var/named/dynamic";
};
logging {
channel default_debug {
file
"data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"example.org"
IN {
type master;
file
"forward.example";
allow-update { none; };
};
zone"40.168.192.in-addr.arpa"
IN {
type master;
file
"reverse.example";
allow-update { none; };
};
include
"/etc/named.rfc1912.zones";
include
"/etc/named.root.key";
Create forward.example & reverse.example
files under the directory /var/named
[root@server ~]# vim /var/named/forward.example
$TTL 86400
@ IN
SOA server.tn.example.org. root.example.org.
(
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN
NS server.tn.example.org.
@ IN
A 192.168.40.120
@ IN
A 192.168.40.125
server.tn IN
A 192.168.40.120
client.tn IN
A 192.168.40.125
[root@server ~]# vim
/var/named/reverse.example
$TTL 86400
@ IN
SOA server.tn.example.org.
root.example.org. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN
NS server.tn.example.org.
@ IN
PTR example.org.
server.tn IN
A 192.168.40.120
client.tn IN
A 192.168.40.125
120 IN
PTR server.tn.example.org.
125 IN
PTR client.tn.example.org.
[root@server ~]#
/etc/init.d/named start
Starting named:
[ OK ]
[root@server ~]#
/etc/init.d/named status
version:
9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 3834) is running...
[root@server ~]# chkconfig
named on
Add iptables rule for allowing dns port
[root@server ~]# iptables
-A INPUT -p tcp --dport 53 -s 0.0.0.0/0.0.0.0 -j ACCEPT
[root@server ~]# iptables
-A INPUT -p udp --dport 53 -s 0.0.0.0/0.0.0.0 -j ACCEPT
[root@server ~]# service
iptables save
iptables: Saving firewall
rules to /etc/sysconfig/iptables:[
OK ]
[root@server ~]# service
iptables restart
iptables: Setting chains
to policy ACCEPT: filter [ OK ]
iptables: Flushing
firewall rules:
[ OK ]
iptables: Unloading
modules:
[ OK ]
iptables: Applying
firewall rules:
[ OK ]
you can test DNS server using dig and nslookup commands
[root@server ~]# dig
server.tn.example.org
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> server.tn.example.org
;; global options: +cmd
;; Got answer:
;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7617
;; flags: qr aa rd ra;
QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;server.tn.example.org. IN
A
;; ANSWER SECTION:
server.tn.example.org. 86400
IN A 192.168.40.120
;; AUTHORITY SECTION:
example.org. 86400 IN
NS server.tn.example.org.
;; Query time: 0 msec
;; SERVER:
127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 29
16:07:55 2016
;; MSG SIZE rcvd: 69
nslookup is a command is used to query name
servers
[root@server ~]# nslookup
example.org
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: example.org
Address: 192.168.40.125
Name: example.org
Address: 192.168.40.120
Client Side Configuration:-
Add DNS server details in resolv.conf
in client machine.
[root@client ~]# vim
/etc/resolv.conf
; generated by
/sbin/dhclient-script
search example.org
nameserver 192.168.40.120
[root@client ~]# dig
server.tn.example.org
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> server.tn.example.org
;; global options: +cmd
;; Got answer:
;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27640
;; flags: qr aa rd ra;
QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;server.tn.example.org. IN
A
;; ANSWER SECTION:
server.tn.example.org. 86400
IN A 192.168.40.120
;; AUTHORITY SECTION:
example.org. 86400 IN
NS server.tn.example.org.
;; Query time: 2 msec
;; SERVER:
192.168.40.120#53(192.168.40.120)
;; WHEN: Wed Jun 29
22:23:52 2016
;; MSG SIZE rcvd: 69
[root@client ~]# dig
client.tn.example.org
; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> client.tn.example.org
;; global options: +cmd
;; Got answer:
;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2456
;; flags: qr aa rd ra;
QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;client.tn.example.org. IN
A
;; ANSWER SECTION:
client.tn.example.org. 86400
IN A 192.168.40.125
;; AUTHORITY SECTION:
example.org. 86400 IN
NS server.tn.example.org.
;; ADDITIONAL SECTION:
server.tn.example.org. 86400
IN A 192.168.40.120
;; Query time: 1 msec
;; SERVER:
192.168.40.120#53(192.168.40.120)
;; WHEN: Wed Jun 29
22:24:22 2016
;; MSG SIZE rcvd: 92