DNS Stands for domain name system, it translates website URL into IP addresses. You can say it is the phonebook of the internet as it is hard to remember IP addresses of each host so DNS makes it easy to remember URL instead of IP address.
In this tutorial you will learn that how to install and configure your own DNS server on the RHEL 8 and CentOS 8 server.
My Server Details:
Operating System: RedHat Enterprise Linux 8
Hostname: primary.osradar.localdomain
IP Address: 192.168.130.152
STEP 1:
Install bind (DNS) packages on your server.
yum install bind bind-utils -y
STEP 2:
Configure DNS Server
Edit /etc/named.conf file using below command and make below changes.
vi /etc/named.conf
i: Comment below lines so BIND DNS Server will listen to all IP addresses.
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };
ii: Add your network in below line, It will allow clients to query the DNS for the name (URL) to IP translation. My network is 192.168.130.0/24
allow-query { localhost; 192.168.130.0/24; };
iii: Create Forward and Reverse Zones
zone "osradar.localdomain" IN {
type master;
file "forward.osradar";
allow-update { none; };
};
zone "130.168.192.in-addr.arpa" IN {
type master;
file "reverse.osradar";
allow-update { none; };
};
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; 192.168.130.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "osradar.localdomain" IN {
type master;
file "forward.osradar";
allow-update { none; };
};
zone "130.168.192.in-addr.arpa" IN {
type master;
file "reverse.osradar";
allow-update { none; };
};
STEP 3:
Create DNS Zone files
Create forward and reverse zone files which was added in the /etc/named.conf file.
i: Create Forward Zone
Create forward.osradar file in the /var/named directory.
vi /var/named/forward.osradar
Add the following lines:
$TTL 86400 @ IN SOA primary.osradar.localdomain. root.osradar.localdomain. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS primary.osradar.localdomain. @ IN A 192.168.130.152 primary IN A 192.168.130.152
ii: Create Reverse Zone
Create reverse.osradar file in the /var/named directory.
vi /var/named/reverse.osradar
Add the following lines:
$TTL 86400 @ IN SOA primary.osradar.localdomain. root.osradar.localdomain. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS primary.osradar.localdomain. @ IN PTR osradar.localdomain. primary IN A 192.168.130.152 152 IN PTR primary.osradar.localdomain.
STEP 4:
Start the DNS service
systemctl start named systemctl enable named
STEP 5:
Configure Firewall
We must allow the DNS service or its port 53 in firewall.
firewall-cmd --permanent --add-port=53/tcp firewall-cmd --permanent --add-port=53/udp firewall-cmd --reload
STEP 6:
Adding DNS Server in Network
Add the DNS Server IP in network interface file.
vi /etc/sysconfig/network-scripts/ifcfg-ens32
Note: ifcfg-xxxx will be your network interface file
I will add below entry as it is my DNS server IP address
DNS=”192.168.130.152″
Add DNS server IP in /etc/resolv.conf
vi /etc/resolv.conf
nameserver 192.168.130.152
Now restart Network
systemctl restart NetworkManager.service
OR
systemctl restart network
STEP 7:
Test DNS Server
dig primary.osradar.localdomain
Output
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0 <<>> primary.osradar.localdomain ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13585 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: df1e10c2a695c022e38035245cdafa6916303f22e15d5315 (good) ;; QUESTION SECTION: ;primary.osradar.localdomain. IN A ;; ANSWER SECTION: primary.osradar.localdomain. 86400 IN A 192.168.130.152 ;; AUTHORITY SECTION: osradar.localdomain. 86400 IN NS primary.osradar.localdomain. ;; Query time: 2 msec ;; SERVER: 192.168.130.152#53(192.168.130.152) ;; WHEN: Tue May 14 22:27:05 PKT 2019 ;; MSG SIZE rcvd: 114
nslookup osradar.localdomain
Output
Server: 192.168.130.152 Address: 192.168.130.152#53 Name: osradar.localdomain Address: 192.168.130.152
Client Machine Configuration
Add the DNS server details in /etc/resolv.conf file of all desired client machines.
Run below command
vi /etc/resolv.conf
Then add below entry in that file where 192.168.130.152 will be replaced with your DNS server IP address.
nameserver 192.168.130.152
Now restart Your Network using one of following commands
systemctl restart NetworkManager.service
OR
systemctl restart network
Test DNS Server from Client machine
dig primary.osradar.localdomain
nslookup osradar.localdomain
That’s it. You have successfully installed BIND DNS on RHEL 8 / CENTOS 8 as master (Primary) server and now it is ready to use.
