Linux4Dummies: Configuration of DNS (Bind) server in chroot environment.

Purpose: Configuration of DNS (Bind) server in chroot environment.

OS: CentOS 5.4 X86_64

-------------------------------------

Please Install the bind packages

-------------------------------------

[root@ns1 ~]# yum install bind bind-utils bind-*

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* addons: virror.hanoilug.org

* extras: ftp.hostrino.com

* updates: ftp.hostrino.com

addons | 951 B 00:00

extras | 1.1 kB 00:00

ftp | 2.1 kB 00:00

updates | 1.9 kB 00:00

updates/primary_db | 444 kB 00:00

Setting up Install Process

Package 30:bind-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version

Package 30:bind-utils-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version

Package 30:bind-sdb-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version

Package 30:bind-chroot-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version

Package 30:bind-devel-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version

Package 30:bind-devel-9.3.6-4.P1.el5_4.1.i386 already installed and latest version

Package 30:bind-libs-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version

Package 30:bind-libs-9.3.6-4.P1.el5_4.1.i386 already installed and latest version

Package 30:bind-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version

Package 30:bind-utils-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version

Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version

Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386 already installed and latest version

Nothing to do

----------------------------------------------

Please Configure Static IP and Default Gateway

----------------------------------------------

[root@ns1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static

IPADDR=192.168.150.100

NETMASK=255.255.255.0

ONBOOT=yes

HWADDR=00:16:36:73:7e:4f

wq!

[root@ns1 ~]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:16:36:73:7E:4F

inet addr:192.168.150.100 Bcast:192.168.150.255 Mask:255.255.255.0

inet6 addr: fe80::216:36ff:fe73:7e4f/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:1641 errors:0 dropped:0 overruns:0 frame:0

TX packets:950 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:192907 (188.3 KiB) TX bytes:117111 (114.3 KiB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:105 errors:0 dropped:0 overruns:0 frame:0

TX packets:105 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:10213 (9.9 KiB) TX bytes:10213 (9.9 KiB)

[root@ns1 ~]#

[root@ns1 ~]# vi /etc/sysconfig/network

NETWORKING=yes

NETWORKING_IPV6=no

HOSTNAME=dns.company.xy

GATEWAY=192.168.150.1

wq!

--------------------------------------------------------------------------------------------------------------------

Now we are going to configure the Bind service please copy the files content and modify with your network settings

--------------------------------------------------------------------------------------------------------------------

[root@ns1 ~]#

[root@ns1 ~]# cd /var/named/chroot/

[root@ns1 chroot]# ll

total 24

drwxr-x--- 2 root named 4096 Dec 1 00:00 dev

drwxr-x--- 2 root named 4096 Jan 4 04:42 etc

dr-xr-xr-x 85 root root 0 Jan 11 22:41 proc

drwxr-x--- 6 root named 4096 Dec 1 00:00 var

[root@ns1 chroot]#

-------------------------------

Now create zone file named.conf

-------------------------------

[root@ns1 chroot]# vi etc/named.conf

options

{

directory "/var/named"; // the default

dump-file "data/cache_dump.db";

statistics-file "data/named_stats.txt";

memstatistics-file "data/named_mem_stats.txt";

};

zone "." IN {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.fwd";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "localhost.rev";

allow-update { none; };

};

zone "company.xy" IN {

type master;

file "company.xy.fwd";

allow-update { none; };

};

zone "1.168.192.in-addr.arpa" IN {

type master;

file "company.xy.rev";

allow-update { none; };

};

wq!

[root@ns1 chroot]# cd var/named

[root@ns1 named]#

--------------------------

Now create named.root file

--------------------------

[root@ns1 named]#

First We confiure named.root file for root dns

[root@ns1 named]# vi named.root

. 6D IN NS A.ROOT-SERVERS.NET.

. 6D IN NS B.ROOT-SERVERS.NET.

. 6D IN NS C.ROOT-SERVERS.NET.

. 6D IN NS D.ROOT-SERVERS.NET.

. 6D IN NS E.ROOT-SERVERS.NET.

. 6D IN NS F.ROOT-SERVERS.NET.

. 6D IN NS G.ROOT-SERVERS.NET.

. 6D IN NS H.ROOT-SERVERS.NET.

. 6D IN NS I.ROOT-SERVERS.NET.

. 6D IN NS J.ROOT-SERVERS.NET.

. 6D IN NS K.ROOT-SERVERS.NET.

. 6D IN NS L.ROOT-SERVERS.NET.

. 6D IN NS M.ROOT-SERVERS.NET.

A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4

B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201

C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12

D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90

E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10

F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241

G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4

H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53

I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17

J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30

K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129

L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42

M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33

wq!

----------------------------------------------------------------------------------------------------------------------------------

Now create zone db files one by one localhost.fwd and the localhost.rev are must then your network zone files forward and reverse

----------------------------------------------------------------------------------------------------------------------------------

[root@ns1 named]# vi localhost.fwd

$ORIGIN localhost.

$TTL 86400

@ IN SOA ns1.company.xy. ns1.company.xy. (

20100104 ; Serial number

3H ; Refresh 1 day

15M ; Retry 2 hours

1W ; Expire 41.67 days

1D ) ; Minimum TTL 2 days

@ IN NS dns.company.xy.

localhost. IN A 127.0.0.1

wq! ##### Save the file after copying the content from here. #####

[root@ns1 named]# vi localhost.rev

$ORIGIN 0.0.127.in-addr.arpa.

$TTL 86400

@ IN SOA ns1.company.xy. ns1.company.xy. (

20100104 ; Serial number

3H ; Refresh 1 day

15M ; Retry 2 hours

1W ; Expire 41.67 days

1D ) ; Minimum TTL 2 days

@ IN NS ns1.company.xy.

1.0.0.127.in-addr.arpa. IN PTR localhost.

wq!

[root@ns1 named]# vi company.xy.fwd

$ORIGIN company.xy.

$TTL 86400

@ IN SOA ns1.company.xy. ns1.company.xy. (

20100104 ; Serial number

3H ; Refresh 1 day

15M ; Retry 2 hours

1W ; Expire 41.67 days

1D ) ; Minimum TTL 2 days

@ IN NS ns1.company.xy.

ns1.company.xy. IN A 192.168.150.254

ftp.company.xy. IN A 192.168.150.101

www.company.xy. IN A 192.168.150.102

client3.company.xy. IN A 192.168.150.103

client4.company.xy. IN A 192.168.150.104

wq!

[root@ns1 named]# vi company.xy.rev

$ORIGIN 1.168.192.in-addr.arpa.

$TTL 86400

@ IN SOA ns1.company.xy. root.company.xy. (

20100104 ; Serial number

3H ; Refresh 1 day

15M ; Retry 2 hours

1W ; Expire 41.67 days

1D ) ; Minimum TTL 2 days

@ IN NS ns1.company.xy.

254.150.168.192.in-addr.arpa. IN PTR ns1.company.xy.

101.150.168.192.in-addr.arpa. IN PTR ftp.company.xy.

102.150.168.192.in-addr.arpa. IN PTR www.company.xy.

103.150.168.192.in-addr.arpa. IN PTR client1.company.xy.

104.150.168.192.in-addr.arpa. IN PTR clinet2.company.xy.

wq!

[root@ns1 ~]# vi /etc/resolv.conf

search company.xy

nameserver 192.168.150.254

wq!

-----------------------------------------------------------------

Configuration has been done now start "/etc/init.d/named" service

-----------------------------------------------------------------

[root@ns1 ~]# /etc/init.d/named start

Starting named: [ OK ]

[root@ns1 ~]# dig yahoo.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 <<>> yahoo.com

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46559

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 2

;; QUESTION SECTION:

;yahoo.com. IN A

;; ANSWER SECTION:

yahoo.com. 21600 IN A 209.191.93.53

yahoo.com. 21600 IN A 69.147.114.224

yahoo.com. 21600 IN A 209.131.36.159

;; AUTHORITY SECTION:

yahoo.com. 172800 IN NS ns1.yahoo.com.

yahoo.com. 172800 IN NS ns2.yahoo.com.

yahoo.com. 172800 IN NS ns3.yahoo.com.

yahoo.com. 172800 IN NS ns4.yahoo.com.

yahoo.com. 172800 IN NS ns5.yahoo.com.

yahoo.com. 172800 IN NS ns6.yahoo.com.

yahoo.com. 172800 IN NS ns8.yahoo.com.

;; ADDITIONAL SECTION:

ns6.yahoo.com. 172800 IN A 202.43.223.170

ns8.yahoo.com. 172800 IN A 202.165.104.22

;; Query time: 643 msec

;; SERVER: 192.168.150.100#53(192.168.150.100)

;; WHEN: Tue Jan 12 03:01:01 2010

;; MSG SIZE rcvd: 233

[root@ns1 ~]#

--------------------------------------------------

Now please open ports for named server for network

--------------------------------------------------

[root@ns1 ~]# iptables -A INPUT -p tcp -m multiport --dport 53,953 -j ACCEPT

[root@ns1 ~]# iptables -A INPUT -p udp -m multiport --dport 53,953 -j ACCEPT

[root@ns1 ~]#

[root@ns1 ~]# /etc/init.d/iptables save

Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

[root@ns1 ~]#

[root@ns1 ~]# dig ns1.company.xy

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 <<>> ns1.company.xy

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29732

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;ns1.company.xy. IN A

;; ANSWER SECTION:

ns1.company.xy. 86400 IN A 192.168.150.100

;; AUTHORITY SECTION:

company.xy. 86400 IN NS ns1.company.xy.

;; Query time: 1 msec

;; SERVER: 192.168.150.100#53(192.168.150.100)

;; WHEN: Tue Jan 12 03:13:33 2010

;; MSG SIZE rcvd: 66

[root@ns1 ~]#

[root@ns1 ~]# dig www.company.xy

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 <<>> www.company.xy

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10800

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.company.xy. IN A

;; ANSWER SECTION:

www.company.xy. 86400 IN A 192.168.150.102

;; AUTHORITY SECTION:

company.xy. 86400 IN NS ns1.company.xy.

;; ADDITIONAL SECTION:

ns1.company.xy. 86400 IN A 192.168.150.100

;; Query time: 1 msec

;; SERVER: 192.168.150.100#53(192.168.150.100)

;; WHEN: Tue Jan 12 03:14:09 2010

;; MSG SIZE rcvd: 86

[root@ns1 ~]#

here We have configured proper bind server on CentOs 5.4

Note:Please install bind packages and then copy the files text from this configuration and paste to your server.

Also modify the settings as per your network machine names and their IP's.

Linux4Dummies

Pages

Thursday, April 12, 2012

Configuration of DNS (Bind) server in chroot environment.

No comments:

Post a Comment