Skip to main content
Terminal Wars
Terminal Wars
  1. Posts/

CentOS Building a DNS server, Installing BIND

·
Blog - Ender's Endeavors How To CentOS BIND DNS
Ender
Author
Ender
Cybersecurity pro by day, gamer and storyteller by night. I write about breaking systems, exploring worlds, and the tech that powers it all.
Table of Contents

````What to Expect
#

This guide will walk you through setting up a DNS server and BIND on a CentOS 6.5 server. In this guide you will learn:

Basic System Configuation
The basics of a DNS server running BIND
Adding Slave DNS servers for backup
Maintenance Operations
Setting up DNS forwarders
Securing a DNS server

Assumptions:

A fresh install of CentOS 6.5
Basic Linux knowledge, directory traversal, text editor, etc
# denotes a comment

PRIMARY server details:
#

Operating System: CentOS 6.5 FQDN: mercury.sol.local IP Address: 192.168.2.230 Network: 192.168.2.0/24

SECONDARY server details:
#

Operating System: CentOS 6.5 FQDN: venus.sol.local IP Address: 192.168.2.231 Network: 192.168.2.0/24

note CentOS uses vi instead of nano if you are unfamiliar with how to use vi here is a 5 min tutorial on vi. I prefer to use nano:

yum install nano -y

Basic System Configuration
#

Make sure your system is up to date:

yum update -y

Hostname
#

We start by changing the host name of the server, keep in mind that if you are trying to build a great home network lab all your hosts should follow a unified naming scheme keeping everything organized. In this example we will use celestial bodies. If you have trouble coming up with naming schemes of your own NamingSchemes is a great resource.

You do this by editing the file /etc/sysconfig/network and modify the HOSTNAME line. Enter the FQDN here; in my example, I will call the host “mercury” with parent domain “sol.local” as such my file looks like: NETWORKING=yes HOSTNAME=mercury.sol.local You also need to modify the entries in the file /etc/hosts; in particular you need to make sure that all of the aliases for 127.0.0.1 (your local loopback) are appropriate. As an example, we can set that file to look like 127.0.0.1 localhost localhost.localdomain mercury mercury.sol.local ::1 localhost localhost.localdomain mercury mercury.sol.local so that any of the four names “localhost”, “localhost.localdomain”, “mercury” and “mercury.sol.local” will resolve to 127.0.0.1

Now reboot your box* by typing: reboot

*The reason we did not use the hostname command is because changes made using it are NOT persistent. As soon as your reboot the configuration files are re-read. As such, reboot now and verify that your changes have been made correctly.

Static Networking
#

Since this will be our master DNS server it STRONGLY advised to use a static IP address.

Edit the file /etc/sysconfig/network-scripts/ifcfg-eth0 nano /etc/sysconfig/network-scripts/ifcfg-eth0

to look like: DEVICE=“eth0” HWADDR=A4:BA:DB:37:F1:04 TYPE=Ethernet UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ONBOOT=yes NM_CONTROLLED=“yes” BOOTPROTO=static IPADDR=192.168.2.230 NETMASK=255.255.255.0 IPV6INIT=no Notice we disabled IPv6 for this host, the UUID and HWADDR will be different on your machines that is fine leave them as is.

Now we configure the default gateway: nano /etc/sysconfig/network

to look like: NETWORKING=yes HOSTNAME=mercury.sol.local GATEWAY=192.168.2.1 Next restart  the network interface: /etc/init.d/network restart

now configure the parent DNS server for this machine: nano /etc/resolv.conf #we set 2 nameservers up here a primary and secondary in case of failure for redundancy nameserver 8.8.8.8        #8.8.8.8 is Google’s public DNS service nameserver 192.168.2.1 #Replace with your nameserver IP

Installing BIND:
#

Install Bind on PRIMARY and SECONDARY DNS server
#

yum install bind-* -y
#

yum install bind-* -y
#

Configure /etc/named.conf on PRIMARY DNS server
#

#nano /etc/named.conf options {      listen-on port 53 { 127.0.0.1; 192.168.2.230; }; # PRIMARY Bind DNS IP Address listen-on-v6 port 53 { ::1; };      directory     “/var/named”;      dump-file     “/var/named/data/cache_dump.db”; statistics-file “/var/named/data/named_stats.txt”; memstatistics-file “/var/named/data/named_mem_stats.txt”; allow-query     {localhost; 192.168.2.0/24; };# NETWORK the DNS server will serve  allow-transfer { localhost; 192.168.2.230; }; # SECONDARY Bind DNS IP Address allows transfer of records recursion no; # turning off prevents your server from # being abused in reflection DDoS attacks     dnssec-enable yes;     dnssec-validation yes;     dnssec-lookaside auto;

    /* Path to ISC DLV key /  bindkeys-file “/etc/named.iscdlv.key”;     managed-keys-directory “/var/named/dynamic”; }; zone “sol.local” IN { # FORWARD Zone file and configuration **        type master;* **        file “fwd.sol.local”;** **        allow-update { none; };** }; zone “2.168.192.in-addr.arpa” IN { # REVERSE Zone file and configuration **        type master;** **        file “rev.sol.local”;** **        allow-update { none; };** }; include “/etc/named.rfc1912.zones”; include “/etc/named.root.key”;

Create FORWARD Zone file (/var/named/fwd.sol.local) on PRIMARY DNS server
#

nano /var/named/fwd.geekpeek.net
#

$TTL 86400 @   IN  SOA     mercury.sol.local. root.sol.local. (         2014022501  ;Serial     3600        ;Refresh    1800        ;Retry    604800      ;Expire         86400       ;Minimum TTL ) @ IN NS mercury.sol.local. @ IN NS venus.sol.local. **mercury **IN A 192.168.2.230 venus IN A 192.168.2.231

Create REVERSE Zone file (/var/named/rev.sol.local) on PRIMARY DNS server
#

nano /var/named/rev.sol.local
#

$TTL 86400 @   IN  SOA mercury.sol.local. root.sol.local. (         2014022501  ;Serial         3600        ;Refresh         1800        ;Retry         604800      ;Expire         86400       ;Minimum TTL ) @ IN NS mercury.sol.local. @ IN NS venus.sol.local. mercury IN A 192.168.2.230 venus IN A 192.168.2.231 230     IN  PTR mercury.sol.local. 231     IN  PTR venus.sol.local.

Check Bind configuration and Zone files on PRIMARY DNS server
#

Resolve errors as needed

named-checkconf /etc/named.conf
#

named-checkzone sol.local /var/named/fwd.sol.local zone
#

sol.local/IN: loaded serial 2014022501 OK

named-checkzone sol.local /var/named/rev.sol.local zone
#

sol.local/IN: loaded serial 2014002501 OK

Start Bind on PRIMARY DNS server and make it start at boot
#

chkconfig named on
#

/etc/init.d/named start
#

Generating rndc.key
Starting named:                                         

Configure /etc/named.conf on SECONDARY DNS server
#

Repeat process as we did above with the PRIMARY server except with the secondary server information. In the name.conf file make sure to select type slave: # FORWARD Zone file and configuration zone “sol.local” IN { **** **        type slave;** **        file “slaves/sol.local**.fwd”; **        masters { 192.168.2.230; };** };

# REVERSE Zone file and configuration**** zone “2.168.192.in-addr.arpa” IN { ** **        type slave; **        file “slaves/sol.local**.rev”; **        masters { 192.168.2.230; };** };

Start Bind on SECONDARY DNS; make it start at boot and check that REVERSE and FORWARD Zone files were created on SECONDARY DNS server
#

chkconfig named
#

/etc/init.d/named start
#

Congratulations you are good to go!

Related

Automate My Life

Lifestyle Blog - Ender's Endeavors Automate Burned Out
I’m going to honest, I’m burned out. Dead as a door nail, stick a fork in me, I’m done. # I’m stressed out, but not from one particular task or subject. I come home mentally exhausted, and usually with a headache. This isn’t anything new, everyone gets burned out from time to time, but my usual management techniques just don’t work anymore. Don’t get me wrong, I put on a good face but I’m dead inside. I get accolades and awards for my work. I make time for my hobbies every other weekend yet I feel unfulfilled. This isn’t depression, depression is an old companion of mine. Depression I could handle, mange, and live with. I’ve always been a self-starter, but what I lack is a more important, a goal. I’m fighting complacency, I’m satisfied with what I have accomplished thus far and I struggle to want more.

Jetpack and the Admin Area

Blog - Ender's Endeavors MySQL Databases Wordpress Jetpack
So I wanted to install Jetpack but once I activated the plugin I was no longer able to reach the WordPress admin area. My obvious conclusion was that something about the plugin wasn’t agreeing with my server. After a quick once over the logs and finding nothing useful I needed to manually disable the plug-in. This can be done easily by deleting the value from ‘active_plugins’ row in the ‘wp_options’ table in your wordpress database. For most people with managed servers you can use phpMyAdmin to quickly navigate and edit to value. However seeing as I do not have it installed I needed to manually edit my database.

Hello world!

Blog - Ender's Endeavors Hello
Hello everyone, so this is my first post to what I guess will be my blog. I guess my current focus is mostly just getting this site up and running completely I’m still working out the page layouts and sections I want. This blog section will be my place to write down my thoughts and ramblings on various topics. These topics will probably be very broad in scope as I am interested in many things so I hope you check back often for new content. My interests include but are not limited to: Snowsports, Cyber Security, Sci-Fi and Fantasy novels, gadgets & gizmos, and much much more.

Pairs: A New Classic Pub Game from Cheapass Games

News Kickstarter Games Tabletop
Pairs is a fast and easy card game by James Ernest, with artwork based on The Name of the Wind by Patrick Rothfuss. From the makers of Deadwood and Unexploded Cows, Pairs is brought to you by Cheapass Games a Seattle-based game company established in 1996 by game designer James Ernest. They make many fun, off-beat games, many of which you can learn and start playing in 5 minutes.