LINUX RHEL 6 BIND DNS howto

Last Updated on :- Thu Mar 24 04:30:30 IST 2011 [root@desktop6 ~]# yum install bind* Loaded plugins: refresh-packagekit, rhnplugin This system is not registered with RHN. RHN support will be disabled. Setting up Install Process Package 32:bind-libs-9.7.0-5.P2.el6.x86_64 already installed and latest version Package 32:bind-utils-9.7.0-5.P2.el6.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package bind.x86_64 32:9.7.0-5.P2.el6 set to be updated ---> Package bind-chroot.x86_64 32:9.7.0-5.P2.el6 set to be updated ---> Package bind-devel.x86_64 32:9.7.0-5.P2.el6 set to be updated ---> Package bind-dyndb-ldap.x86_64 0:0.1.0-0.9.b.el6 set to be updated ---> Package bind-sdb.x86_64 32:9.7.0-5.P2.el6 set to be updated --> Processing Dependency: libpq.so.5()(64bit) for package: 32:bind-sdb-9.7.05.P2.el6.x86_64 --> Running transaction check ---> Package postgresql-libs.x86_64 0:8.4.4-2.el6 set to be updated --> Finished Dependency Resolution Dependencies Resolved ======================================================== ======================== Package Arch Version Repository Size ======================================================== ======================== Installing: bind x86_64 32:9.7.0-5.P2.el6 base 3.5 M bind-chroot x86_64 32:9.7.0-5.P2.el6 base 65 k bind-devel x86_64 32:9.7.0-5.P2.el6 optional 362 k bind-dyndb-ldap x86_64 0.1.0-0.9.b.el6 base 47 k bind-sdb x86_64 32:9.7.0-5.P2.el6 optional 276 k Installing for dependencies: postgresql-libs x86_64 8.4.4-2.el6 base 188 k Transaction Summary ======================================================== ======================== Install 6 Package(s) Upgrade 0 Package(s) Total download size: 4.4 M Installed size: 8.9 M Is this ok [y/N]: y Downloading Packages: (1/6): bind-9.7.0-5.P2.el6.x86_64.rpm (2/6): bind-chroot-9.7.0-5.P2.el6.x86_64.rpm

| 3.5 MB 00:00 | 65 kB 00:00

(3/6): bind-devel-9.7.0-5.P2.el6.x86_64.rpm | 362 kB 00:00 (4/6): bind-dyndb-ldap-0.1.0-0.9.b.el6.x86_64.rpm | 47 kB 00:00 (5/6): bind-sdb-9.7.0-5.P2.el6.x86_64.rpm | 276 kB 00:00 (6/6): postgresql-libs-8.4.4-2.el6.x86_64.rpm | 188 kB 00:00 -------------------------------------------------------------------------------Total 31 MB/s | 4.4 MB 00:00 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY base/gpgkey | 6.3 kB 00:00 ... Importing GPG key 0xFD431D51 "Red Hat, Inc. (release key 2) " from /etc/pki/rpm-gpg/RPMGPG-KEY-redhat-release Is this ok [y/N]: y Importing GPG key 0x2FA658E0 "Red Hat, Inc. (auxiliary key) " from /etc/pki/rpm-gpg/RPMGPG-KEY-redhat-release Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : 32:bind-9.7.0-5.P2.el6.x86_64 1/6 Installing : postgresql-libs-8.4.4-2.el6.x86_64 2/6 Installing : 32:bind-sdb-9.7.0-5.P2.el6.x86_64 3/6 Installing : bind-dyndb-ldap-0.1.0-0.9.b.el6.x86_64 4/6 Installing : 32:bind-chroot-9.7.0-5.P2.el6.x86_64 5/6 Installing : 32:bind-devel-9.7.0-5.P2.el6.x86_64 6/6 Installed: bind.x86_64 32:9.7.0-5.P2.el6 bind-chroot.x86_64 32:9.7.0-5.P2.el6 bind-devel.x86_64 32:9.7.0-5.P2.el6 bind-dyndb-ldap.x86_64 0:0.1.0-0.9.b.el6 bind-sdb.x86_64 32:9.7.0-5.P2.el6 Dependency Installed: postgresql-libs.x86_64 0:8.4.4-2.el6 Complete! [root@desktop6 [root@desktop6 localtime named [root@desktop6 [root@desktop6 [root@desktop6 [root@desktop6 localtime named [root@desktop6 ~]# cd /var/named/chroot/etc/ etc]# ls pki etc]# cd named/ named]# ls named]# cd .. etc]# ls pki etc]# updatedb

[root@desktop6 etc]# cd /usr/share/doc/ Display all 751 possibilities? (y or n) [root@desktop6 etc]# cd /usr/share/doc/bind-9.7.0/ arm/ Copyright draft/ named.conf.default rfc/ sample/ CHANGES COPYRIGHT misc/ README rfc1912.txt [root@desktop6 etc]# cd /usr/share/doc/bind-9.7.0/sample/ etc/ var/

[root@desktop6 etc]# ls /usr/share/doc/bind-9.7.0/sample/etc/named.conf localtime named/ pki/ [root@desktop6 etc]# ls localtime named pki [root@desktop6 etc]# cd named/ [root@desktop6 named]# ls [root@desktop6 named]# pwd /var/named/chroot/etc/named [root@desktop6 named]# [root@desktop6 named]# man named.conf [root@desktop6 named]# [root@desktop6 named]# man named [root@desktop6 named]# [root@desktop6 named]# pwd /var/named/chroot/etc/named [root@desktop6 named]# cd .. [root@desktop6 etc]# vim named.conf i[root@desktop6 etc]# cp /usr/share/doc/bind-9.7.0/named.conf.default named.conf cp: overwrite `named.conf'? y [root@desktop6 etc]# vim named.conf [root@desktop6 etc]# cat /usr/share/doc/bind-9.7.0/named.conf.default // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; }; #<============== you need to add your ip address listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; ###<============= add all the network which will be client to this dns recursion yes; dnssec-enable yes; config ###<============ remove this lines for basic

dnssec-validation yes; ###<============ remove this lines for basic config dnssec-lookaside auto; ###<============ remove this lines for basic config /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; ###<============ remove this lines for basic config }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; [root@desktop6 etc]# /etc/init.d/named restart Stopping named: [ OK ] Starting named: [ OK ]

NOW LET US MAKE SOME BASIC CHANGES FOR FORWARDER DNS.

[root@desktop6 etc]# vim named.conf

AFTER CHANGES THE named.conf look likes as below

[root@desktop6 etc]# cat named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. //

options { listen-on port 53 { 127.0.0.1; 192.168.0.6; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.0.0/24; }; recursion yes; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; [root@desktop6 etc]# NOTE : BEFORE TESTING YOUR DNS PLEASE CHECK TO PING ANY SITE ON INTERNET, CHECK YOUR GATEWAY PROPERLY. NOW GIVE FOLLOWING COMMAND FOR TESTING THE BASIC DNS [root@desktop6 etc]# dig @localhost www.google.com ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> @localhost www.google.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41729 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. ;; ANSWER SECTION: www.google.com. www.l.google.com. ;; AUTHORITY SECTION: google.com. google.com. google.com. google.com. ;; ;; ;; ;; 604800 IN 300 IN 172800 172800 172800 172800 IN IN IN IN IN A

CNAME www.l.google.com. A 209.85.231.104 NS NS NS NS ns2.google.com. ns4.google.com. ns3.google.com. ns1.google.com.

Query time: 116 msec SERVER: 127.0.0.1#53(127.0.0.1) WHEN: Thu Mar 24 03:46:47 2011 MSG SIZE rcvd: 140

[root@desktop6 etc]# route -n

Kernel IP routing table Destination Gateway 192.168.0.0 0.0.0.0 192.168.122.0 0.0.0.0 169.254.0.0 0.0.0.0 0.0.0.0 192.168.0.254

Genmask Flags Metric Ref Use Iface 255.255.255.0 U 0 0 0 br0 255.255.255.0 U 0 0 0 virbr0 255.255.0.0 U 1003 0 0 br0 0.0.0.0 UG 0 0 0 br0

LET US NOW ADD CONFIGURATION FOR FORWARDER

[root@desktop6 etc]# vim named.conf [root@desktop6 etc]# cat named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.0.6; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.0.0/24; }; recursion yes; forward only; forwarders { 192.168.0.254; }; }; ### ###zone "." IN { ### type hint; ### file "named.ca"; ###}; ### ###include "/etc/named.rfc1912.zones"; [root@desktop6 etc]# [root@desktop6 etc]# /etc/init.d/named restart Stopping named: [ OK ] Starting named: [ OK ]

NOW RECORDS ON MASTER DNS ON 192.168.0.254 CAN BE QUERY AND TEST

[root@desktop6 etc]# dig desktop9.example.com ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> desktop9.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16311 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;desktop9.example.com. ;; ANSWER SECTION: desktop9.example.com. ;; AUTHORITY SECTION: example.com. ;; ADDITIONAL SECTION: instructor.example.com. ;; ;; ;; ;; 86400 86400 86400 IN IN IN IN A A NS A 192.168.0.9 instructor.example.com. 192.168.0.254

Query time: 0 msec SERVER: 192.168.0.254#53(192.168.0.254) WHEN: Thu Mar 24 03:49:08 2011 MSG SIZE rcvd: 95

IF MASTER DNS 192.18.0.254 WILL NOT ALLOWED OUR FORWARDER DNS IT CAN NOT CHECK THE ADDRESSES ON INTERNET
[root@desktop6 etc]# dig www.google.com

WAITING ONLY ...

Thats it.

Imprtant reference 1. 2. 3. 4. 5. 6. 7. man named.conf man named directory /usr/share/doc/bind-******/ /usr/share/doc/bind-9.7.0/arm/Bv9ARM.pdf /usr/share/doc/bind-9.7.0/sample/ /usr/share/doc/bind-9.7.0/sample/etc/ /usr/share/doc/bind-9.7.0/sample/var/

Created by ElectroMech Corporation,Nilesh Vaghela