How To Configure BIND as a DNS Server on RHEL7/CentOS7/Fedora26
The purpose of this guide is to explain how to Configure BIND as a DNS Server on RHEL7/CentOS7/Fedora26, in my previous guide I have explained different type of DNS Servers and role of the bind in Linux DNS. so if you are a beginner and would like to know what is master/primary, secondary and caching-only DNS server, please refer to this: Link
`
I assumed that you are aware of different types of dns server and its usage, so now lets jump directly to configuration of Master/Primary DNS server with bind
My Lab Server Details for Master/Primary DNS Server Configuration:
- Linux Server OS: CentOS 7.3 (Minimal Install)
- IP: 192.168.2.114
- Server FQDN: ns1.broexperts.local
- Domain: broexperts.local
- Client IP: 192.168.1.199
- Client’s FQDN: client.broexperts.local
- Client OS: CentOS 7.3
Network Host Details (For DNS Testing)
Our Goal
At the end of this tutorial you will be able to know How To Configure BIND as a DNS Server on RHEL7, and finally you will test DNS server functionality over the network.
Step-1: Install BIND Package
Installed required packages bind and bind-utils using following yum command:
yum install bind bind-utils -y
Step-2: Zone Entry in /etc/named.conf file.
After installing required bind packages, its time to edit main configuration file named.conf, which controls the behavior and functionality of BIND.
Below i have mentioned my modified /etc/named.conf file with changes as per my network and zone entry of domain “broexperts.local” as mentioned above in lab server details.
Open /etc/named.conf file
vi /etc/named.conf
you can edit your named.conf file as per your requirements by following all highlighted changes done by me as shown below
options { listen-on port 53 {192.168.1.114; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { 192.168.1.0/24;}; recursion no; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; ###Forward Zone Entry### zone "broexperts.local" IN {#Domain Name type master; file "db.broexperts.local.fwd"; #Forward Zone File Name allow-update { none; }; }; ###Reverse Zone Entry### zone "1.168.192.in-addr.arpa" IN {# IP Address type master; file "db.broexperts.local.rev";#Reverse Zone File Name allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
To verify configuration done in correct manners use the following command
named-checkconf
It will not throw any error if configurations are done correctly, otherwise it will show error message.
Step-2: Create Zone Files.
Now let’s create zone files for our domain “broexperts.local” as mentioned in “named.conf”. To create these files we have to use some sample files located under /var/named directory and name them as per our zone names, for forward zone we need “db.broexperts.local.fwd” and for reverse zone “db.broexperts.local.rev” file. Let’s copy sample file and create our required files.
cd /var/named cp /var/named/named.localhost db.broexperts.local.fwd cp /var/named/named.loopback db.broexperts.local.rev
We have just created our forward and reverse zone files under /var/named directory.
Step-3: Configure Zone Files.
a) Forward Zone File
The forward zone file will contain all DNS records for forward DNS lookups, it means DNS will look in the forward zone file whenever DNS will receive a DNS query e.g. to resolve client.broexperts.local. Let’s edit and configure forward zone file.
vi /var/named/db.broexperts.local.fwd
Simply delete all the sample contents in forward zone file and paste below showing contents. Then update all highlighted contents with your own.
Forward lookup Zone contains IP to hostname (FQDN) information
Before you edit zone file, its important to have understanding of different types of DNS Records.
- SOA: Stands for Start of authority. It identifies authority of zone and some parameters like serial number, refresh time, retry time, A expire time. Time To Live (TTL).
- NS: List a name server for the zone.
- A: Name-to-address mapping.
- CNAME: Canonical name (for aliases)
- PTR: Pointer records means, IP to name mapping.
- MX: Contains mail exchanger information for particular domain.
$TTL 604800 @ IN SOA ns1.broexperts.local. admin.broexperts.local. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ;Name Server @ IN NS ns1.broexperts.local. ;A Records ns1 IN A 192.168.1.114 client IN A 192.168.1.199
Final Version in Linux Terminal
Syntax check
named-checkzone broexperts.local db.broexperts.local.rev
Output:
zone broexperts.local/IN: loaded serial 3 OK
b) Reverse Zone File
The reverse zone file where we define all DNS PTR records for reverse lookup. Let’s say DNS receives a query to resolve an IP Address “192.168.1.199” into hostname, it will look into reverse lookup file and return FQDN which is client.broexperts.local in our case. Let’s configure db.broexperts.local.rev file.
vi /var/named/db.broexperts.local.rev
Copy and paste below contents into your reverse lookup file then replace all highlighted contents as per your requirements.
Reverse lookup Zone contains hostname (FQDN) to IP information.
$TTL 604800 @ IN SOA ns1.broexperts.local. admin.broexperts.local. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ;Name Server @ IN NS ns1.broexperts.local. ;A Record ns1 IN A 192.168.1.114 ;PTR Records 114 IN PTR ns1.broexperts.local. 199 IN PTR client.broexperts.local.
Final Version in Linux Terminal
Syntax check
named-checkzone broexperts.local db.broexperts.local.fwd
Output:
zone broexperts.local/IN: loaded serial 3 OK
Step-4: Configure permissions and ownerships on bind files
chgrp named db.broexperts.local.fwd chgrp named db.broexperts.local.rev restorecon -rv /var/named restorecon /etc/named.conf
Step-5: Allow DNS Port 53 in Linux Firewall
firewall-cmd --permanent --add-service=dns firewall-cmd --reload
Step-6: Start BIND and Enable the Service on Boot
systemctl start named systemctl enable named
Step-7: DNS Server Testing
I have a Linux client running on my network with hostname: client.broexperts.local and IP: 192.168.1.199. Before testing, we must configure our client to use ns1.broexperts.local as a dns server, to do that, update the dns resolver file on client.
vi /etc/resolv.conf
Update the contents as showing below
search broexperts.local nameserver 192.168.1.114
dig forward lookup command result
dig reverse lookup command result
Great.! We have successfully configured a fully functional Master/Primary DNS Server, if you face any difficulty while applying this tutorial tell us in comment section or feel free to send us email directly at admin@broexperts.com