Share, , Google Plus, Pinterest,

Print

Posted in:

How to install Bind on CentOS 6

11 Comments

What is Bind?

Bind is most widely used DNS software on Unix like operating systems including Linux. DNS stands for  Domain Name System and Bind enables Domain Name Resolution which means resolution from IP address to Hostname and vice versa. Without Domain Name Resolution your Web Browser would not resolve www.geekpeek.net to 91.185.211.101 and would not find GeekPeek.Net webpage on the internet. Every Domain needs somekind of DNS software to resolve Domain Names.

Usually Domain has at least two DNS servers – primary and secondary. This is in case of failure any one of them. Since the Domain Name Resolution is mission critical DNS servers must be at least two. In this post we will explain how to install Bind DNS software on CentOS 6. We will install Bind on primary and secondary server.

Install Bind
Install Bind

BEST PRACTICE:

  • Run =< 2 DNS servers (primary and secondary)
  • Assign static IP address to DNS server
  • Assign FQDN to DNS server
  • Add host entry in /etc/hosts file on DNS server

PRIMARY server details:

Operating System: CentOS 6.4 32bit minimal install
FQDN: foo1.geekpeek.net
IP Address: 192.168.1.100
Network: 192.168.1.0/24

SECONDARY server details:

Operating System: CentOS 6.4 32bit minimal install
FQDN: foo2.geekpeek.net
IP Address: 192.168.1.101
Network: 192.168.1.0/24

Let’s Install Bind on CentOS 6!

This How To was tested with SELINUX disabled and IPTABLES stopped! To install Bind and run it with these enabled please read SELINUX and IPTABLES configuration guide!

1. Install Bind on PRIMARY and SECONDARY DNS server

[root@foo1 ~]# yum install bind-* -y
[root@foo2 ~]# yum install bind-* -y

2. Configure /etc/named.conf on PRIMARY DNS server

[root@foo1 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.1.100; };                # PRIMARY Bind DNS IP Address
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 192.168.1.0/24; };                 # NETWORK to serve
    allow-transfer    { localhost; 192.168.1.101; };                # SECONDARY Bind DNS IP Address
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "geekpeek.net" IN {                # FORWARD Zone file and configuration - put in your DOMAINNAME
        type master;
        file "fwd.geekpeek.net";
        allow-update { none; };
};

zone "1.168.192.in-addr.arpa" IN {     # REVERSE Zone file and configuration
        type master;
        file "rev.geekpeek.net";
        allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

3. Create FORWARD Zone file (/var/named/fwd.geekpeek.net) on PRIMARY DNS server

[root@foo1 ~]# cat /var/named/fwd.geekpeek.net 
$TTL 86400
@   IN  SOA     foo1.geekpeek.net. root.geekpeek.net. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@    IN  NS       foo1.geekpeek.net.
@    IN  NS       foo2.geekpeek.net.
foo1     IN  A    192.168.1.100
foo2     IN  A    192.168.1.101

4. Create REVERSE Zone file (/var/named/rev.geekpeek.net) on PRIMARY DNS server

[root@foo1 ~]# cat /var/named/rev.geekpeek.net 
$TTL 86400
@   IN  SOA     foo1.geekpeek.net. root.geekpeek.net. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@        IN  NS     foo1.geekpeek.net.
@        IN  NS     foo2.geekpeek.net.
foo1     IN  A      192.168.1.100
foo2     IN  A      192.168.1.101
100      IN  PTR    foo1.geekpeek.net.
101      IN  PTR    foo2.geekpeek.net.

5. Check Bind configuration and Zone files on PRIMARY DNS server

[root@foo1 ~]# named-checkconf /etc/named.conf
[root@foo1 ~]# named-checkzone geekpeek.net /var/named/fwd.geekpeek.net 
zone geekpeek.net/IN: loaded serial 2011071001
OK
[root@foo1 ~]# named-checkzone geekpeek.net /var/named/rev.geekpeek.net 
zone geekpeek.net/IN: loaded serial 2011071001
OK

6. Start Bind on PRIMARY DNS server and make it start at boot

[root@foo1 ~]# chkconfig named on
[root@foo1 ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]

7. Configure /etc/named.conf on SECONDARY DNS server

[root@foo2 ~]# cat /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.1.101; };                # SECONDARY Bind DNS IP Address
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 192.168.1.0/24; };                 # NETWORK to serve
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "geekpeek.net" IN {                      # FORWARD Zone file and configuration - put in your DOMAINNAME
        type slave;
        file "slaves/geekpeek.net.fwd";
        masters { 192.168.1.100; };
};
 
zone "1.168.192.in-addr.arpa" IN {           # REVERSE Zone file and configuration
        type slave;
        file "slaves/geekpeek.net.rev";
        masters { 192.168.1.100; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

8. Start Bind on SECONDARY DNS server and make it start at boot

[root@foo2 ~]# chkconfig named on
[root@foo2 ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]

9. Check that REVERSE and FORWARD Zone files were created on SECONDARY DNS server

These files are automatically replicated from PRIMARY DNS server!

[root@foo2 ~]# ll /var/named/slaves/
total 8
-rw-r--r-- 1 named named 374 Dec 13 09:00 geekpeek.net.fwd
-rw-r--r-- 1 named named 453 Dec 13 09:00 geekpeek.net.rev

[root@foo2 ~]# cat /var/named/slaves/geekpeek.net.fwd 
$ORIGIN .
$TTL 86400    ; 1 day
geekpeek.net        IN SOA    foo1.geekpeek.net. root.geekpeek.net. (
                2011071001 ; serial
                3600       ; refresh (1 hour)
                1800       ; retry (30 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
            NS    foo1.geekpeek.net.
            NS    foo2.geekpeek.net.
$ORIGIN geekpeek.net.
foo1            A    192.168.1.100
foo2            A    192.168.1.101

[root@foo2 ~]# cat /var/named/slaves/geekpeek.net.rev
$ORIGIN .
$TTL 86400    ; 1 day
1.168.192.in-addr.arpa    IN SOA    foo1.geekpeek.net. root.geekpeek.net. (
                2011071001 ; serial
                3600       ; refresh (1 hour)
                1800       ; retry (30 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
            NS    foo1.geekpeek.net.
            NS    foo2.geekpeek.net.
$ORIGIN 1.168.192.in-addr.arpa.
101            PTR    foo2.geekpeek.net.
100            PTR    foo1.geekpeek.net.
foo1            A    192.168.1.100
foo2            A    192.168.1.101

10. Configure DNS servers on your CLIENT machine

[root@fooclient ~]# cat /etc/resolv.conf
 search geekpeek.net
 nameserver 192.168.1.100
 nameserver 192.168.1.101

11. And test Domain Name Resolution from CLIENT machine

[root@foo1 ~]# nslookup foo1.geekpeek.net
Server:        192.168.1.100
Address:    192.168.1.100#53

Name:    foo1.geekpeek.net
Address: 192.168.1.100

[root@foo1 ~]# nslookup foo2.geekpeek.net
Server:        192.168.1.100
Address:    192.168.1.100#53

Name:    foo2.geekpeek.net
Address: 192.168.1.101

[root@foo1 ~]# dig foo1.geekpeek.net

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> foo1.geekpeek.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1814
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;foo1.geekpeek.net.        IN    A

;; ANSWER SECTION:
foo1.geekpeek.net.    86400    IN    A    192.168.1.100

;; AUTHORITY SECTION:
geekpeek.net.        86400    IN    NS    foo2.geekpeek.net.
geekpeek.net.        86400    IN    NS    foo1.geekpeek.net.

;; ADDITIONAL SECTION:
foo2.geekpeek.net.    86400    IN    A    192.168.1.101

;; Query time: 2 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Dec 12 15:13:20 2013
;; MSG SIZE  rcvd: 100

[root@foo1 ~]# dig foo2.geekpeek.net

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> foo2.geekpeek.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6601
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;foo2.geekpeek.net.        IN    A

;; ANSWER SECTION:
foo2.geekpeek.net.    86400    IN    A    192.168.1.101

;; AUTHORITY SECTION:
geekpeek.net.        86400    IN    NS    foo2.geekpeek.net.
geekpeek.net.        86400    IN    NS    foo1.geekpeek.net.

;; ADDITIONAL SECTION:
foo1.geekpeek.net.    86400    IN    A    192.168.1.100

;; Query time: 2 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Dec 12 15:13:23 2013
;; MSG SIZE  rcvd: 100

 

This is the end of “How to install Bind on CentOS 6” post.

We can now add new A and PTR records to our Zone files! A new tutorial will cover Bind management, adding a new A record and PTR.

Stay tuned…

Tagged with: , , ,

Share, , Google Plus, Pinterest,

  • Pingback: How to Install DHCP Server on CentOS 6 | GeekPeek.Net()

  • Pingback: Configuring Bind DNS on Centos 6 | Ollie Young()

  • Pingback: CentOS系统搭建主从DNS服务 | 希尔的SE笔记()

  • Ravi

    Hi,

    It’s wonderful reference documents.

  • Malik

    Great tutorial and very easy to follow

  • Pingback: آموزش نصب و کانفیگ bind dns()

  • Kostyantyn

    Hi. I have done everything like in your article, and it worked fine till that moment when i changed foo1 on node1 (as i understand foo1 is a name of host, but i have real hostname node1) and after that had appeared some errors like these.
    root@node1 named]# named-checkconf /etc/named.conf
    [root@node1 named]# named-checkconf /var/named/rev.node1.node.com
    /var/named/rev.node1.node.com:1: unknown option ‘$TTL’
    /var/named/rev.node1.node.com:3: unknown option ‘Serial’
    /var/named/rev.node1.node.com:4: unknown option ‘Refresh’
    /var/named/rev.node1.node.com:5: unknown option ‘Retry’
    /var/named/rev.node1.node.com:6: unknown option ‘Expire’
    /var/named/rev.node1.node.com:7: unknown option ‘Minimum’
    /var/named/rev.node1.node.com:15: unexpected token near end of file
    [root@node1 named]# named-checkconf /var/named/fwd.node1.node.com
    /var/named/fwd.node1.node.com:1: unknown option ‘$TTL’
    /var/named/fwd.node1.node.com:3: unknown option ‘Serial’
    /var/named/fwd.node1.node.com:4: unknown option ‘Refresh’
    /var/named/fwd.node1.node.com:5: unknown option ‘Retry’
    /var/named/fwd.node1.node.com:6: unknown option ‘Expire’
    /var/named/fwd.node1.node.com:7: unknown option ‘Minimum’
    /var/named/fwd.node1.node.com:12: unexpected token near end of file

    How to solve this?

  • Kostyantyn

    not an issue anymore.

    Name: node1.node.com
    Address: 192.168.192.128

    [root@node1 ~]# nslookup node.com
    Server: 192.168.192.128
    Address: 192.168.192.128#53

    *** Can’t find node.com: No answer

    [root@node1 ~]# nslookup node1
    Server: 192.168.192.128
    Address: 192.168.192.128#53

    Name: node1.node.com
    Address: 192.168.192.128

    [root@node1 ~]# dig node1

    ; <> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <> node1
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6213
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;node1. IN A

    ;; AUTHORITY SECTION:
    . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014090201 1800 900 604800 86400

    ;; Query time: 23 msec
    ;; SERVER: 192.168.192.128#53(192.168.192.128)
    ;; WHEN: Tue Sep 2 23:31:45 2014
    ;; MSG SIZE rcvd: 98

    [root@node1 ~]# dig node.com

    ; <> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <> node.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57735
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;node.com. IN A

    ;; AUTHORITY SECTION:
    node.com. 86400 IN SOA node1.node.com. root.node.com. 2011071001 3600 1800 604800 86400

    ;; Query time: 4 msec
    ;; SERVER: 192.168.192.128#53(192.168.192.128)
    ;; WHEN: Tue Sep 2 23:31:58 2014
    ;; MSG SIZE rcvd: 73

    [root@node1 ~]# dig node1.node.com

    ; <> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <> node1.node.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58150
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;node1.node.com. IN A

    ;; ANSWER SECTION:
    node1.node.com. 86400 IN A 192.168.192.128

    ;; AUTHORITY SECTION:
    node.com. 86400 IN NS node1.node.com.

    ;; Query time: 1 msec
    ;; SERVER: 192.168.192.128#53(192.168.192.128)
    ;; WHEN: Tue Sep 2 23:32:14 2014
    ;; MSG SIZE rcvd: 62

  • Kostyantyn

    but i can understand two things
    1. why nslookup node.com does not working?
    2. why after reboot or shutdown resolv.conf parameters
    root@node1 ~]# cat /etc/resolv.conf
    ; generated by /sbin/dhclient-script
    search localdomain node.com
    nameserver 192.168.192.128
    [root@node1 ~]#
    returns to default [root@node1 ~]# cat /etc/resolv.conf
    ; generated by /sbin/dhclient-script
    search localdomain node.com
    nameserver 192.168.192.2
    [root@node1 ~]#

  • Kostyantyn

    sorry. i mean i cannot understand why point 1 and 2 take place

  • Pingback: Centos Web Install | Kuplux's()