Primary DNS configuration RHEL6
Assumptions :-
Internet address configured as below
eth0
IP address - 192.168.1.254
Subnet mask - 255.255.255.0
Gateway - 192.168.1.1
DNS server - 192.168.1.1
Intranet address configured as below
eth1
IP address – 16.10.1.21
Subnet mask - 255.255.255.0
DNS server – 16.10.1.21
DNS Server srvprd1
Configuration :-
Packages required -
bind-9.7.0-5.P2.el6.x86_64.rpm
bind-chroot-9.7.0-5.P2.el6.x86_64.rpm
# yum install bind*
Configuration files -
/var/named/chroot/etc/named.conf
Configuration Steps :-
# vim /var/named/chroot/etc/named.conf
===========================================================================
// Red Hat BIND Configuration Tool
// Default initial "Caching Only" name server configuration
acl "example" { 16.10.1.0/16; };
options {
listen-on port 53 { 16.10.1.21; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-recursion { example; };
allow-transfer { none; };
allow-query { any; };
notify no;
transfer-format many-answers;
interface-interval 0;
max-transfer-time-in 60;
version "Not Available";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv.isc.org.;
};
// a caching only nameserver config
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; rndc-key; };
};
server 16.10.1.21 {
keys { rndckey; };
};
zone "." IN {
type hint;
file "named.root";
};
// Now register your domain name and database/zone file
// record better before the line "include /etc/rndc.key"
// You can include separate zone entry
// file with "include /etc/myinternalzonefile.zones" within this named.conf file.
//Name Zone Registration
zone "example.com" IN {
type master;
file "example.for";
allow-transfer { none; };
};
// Reverse Zone Rsegistration
zone "1.10.16.in-addr.arpa" IN {
type master;
file "example.rev";
allow-transfer { none; };
};
//include the rndc key like below (copy-past from rndc.key created earlier)
key rndckey {
algorithm hmac-md5;
secret "Hi1V+y3WixmfEfGqrebKRA==";
};
key rndc-key {
algorithm hmac-md5;
secret "AoXEyjm6UUKu4cKqFoFMRg==";
};
trusted-keys {
dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh";
};
===========================================================================
# ln –s /var/named/chroot/etc/named.conf /etc/named.conf
# vim /var/named/chroot/var/named/example.for
===========================================================================
$TTL 86400
@ IN SOA srvprd1.example.com. root.example.com (
2010041106 ; Serial
1H ; Refresh
1M ; Retry
1W ; Expire
1D ; Minimum time to TTL
)
@ IN NS srvprd1.example.com.
mail IN A 16.10.1.21
srvprd1 IN A 16.10.1.21
lnxsrv1 IN A 16.10.1.10
storage1 IN A 16.10.1.15
==========================================================================
# ln –s /var/named/chroot/var/named/example.for /var/named/example.for
# vim /var/named/chroot/var/named/example.rev
=================================================================================
$TTL 86400
@ IN SOA srvprd1.example.com. root.example.com (
2010041102 ; Serial
1H ; Refresh
1M ; Retry
1W ; Expire
1D ; Minimum time to live
)
@ IN NS srvprd1.example.com.
srvprd1 IN A 16.10.1.21
21 IN PTR srvprd1.
10 IN PTR lnxsrv1.
15 IN PTR storage1.
==================================================================================
# ln –s /var/named/chroot/var/named/example.rev /var/named/example.rev
# mv /var/named/named.ca /var/named/chroot/var/named/named.root
# ln –s /var/named/chroot/var/named/named.root /var/named/named.root
# mv /var/named/named.ca /var/named/chroot/var/named/named.ca
# ln –s /var/named/chroot/var/named/named.ca /var/named/named.ca
# mv /var/named/named.empty /var/named/chroot/var/named/named.empty
# ln –s /var/named/chroot/var/named/named.empty /var/named/named.empty
# mv /var/named/named.localhost /var/named/chroot/var/named/named.localhost
# ln –s /var/named/chroot/var/named/named.localhost /var/named/named.localhost
# mv /var/named/named.loopback /var/named/chroot/var/named/named.loopback
# ln –s /var/named/chroot/var/named/named.loopback /var/named/named.loopback
check the syntax error of your current configuration
# named-checkzone example.com /var/named/chroot/var/named/example.for
# named-checkzone example.com /var/named/chroot/var/named/example.rev
Client side configuration
Check “/etc/resolv.conf” file
# vim /etc/resolv.conf
==========================================================================
# Generated by NetworkManager
search example.com
nameserver 172.16.0.1
nameserver 192.168.1.1
==========================================================================
check “/etc/hosts” file
# vim /etc/hosts
==========================================================================
192.168.1.254 server.example.com server # Added by NetworkManager
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
172.16.0.1 server.example.com server
==========================================================================
also check “/etc/sysconfig/network” file
# vim /etc/sysconfig/network
==========================================================================
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=server.example.com
==========================================================================
IP tables and Selinux configuration Either disable or configure accordingly for Iptables and Selinux. Here I disabled those.
# service iptables stop
# chkconfig iptables off
# setenforce 0 <To set Selinux Permissive temporarily.>
# vi /etc/sysconfig/selinux
SELINUX=permissive <save and quit for permanent change>
Now start the service bind.
# service named start
# chkconfig named on
Verify that dns server is answer queries using “nslookup” and “dig” tools.
[root@srvprd1 ~]# dig example.com NS
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> example.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62009
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 86400 IN NS srvprd1.example.com.
;; ADDITIONAL SECTION:
srvprd1.example.com. 86400 IN A 16.10.1.21
;; Query time: 6 msec
;; SERVER: 16.10.1.21#53(16.10.1.21)
;; WHEN: Mon Jun 11 20:35:21 2012
;; MSG SIZE rcvd: 67
[root@srvprd1 ~]# nslookup mail.example.com
Server: 16.10.1.21
Address: 16.10.1.21#53
Name: mail.example.com
Address: 16.10.1.21
[root@srvprd1 ~]# nslookup lnxsrv1.example.com
Server: 16.10.1.21
Address: 16.10.1.21#53
Name: lnxsrv1.example.com
Address: 16.10.1.10
Thus the DNS Primary server configured. Good Luck J .....
Comments
Post a Comment