What is Bind?
Bind is most widely used DNS software on Unix like operating systems including Linux. DNS stands for Domain Name System and Bind enables Domain Name Resolution which means resolution from IP address to Hostname and vice versa. Without Domain Name Resolution your Web Browser would not resolve www.geekpeek.net to 91.185.211.101 and would not find GeekPeek.Net webpage on the internet. Every Domain needs somekind of DNS software to resolve Domain Names.
Usually Domain has at least two DNS servers – primary and secondary. This is in case of failure any one of them. Since the Domain Name Resolution is mission critical DNS servers must be at least two. In this post we will explain how to install Bind DNS software on CentOS 6. We will install Bind on primary and secondary server.
BEST PRACTICE:
- Run =< 2 DNS servers (primary and secondary)
- Assign static IP address to DNS server
- Assign FQDN to DNS server
- Add host entry in /etc/hosts file on DNS server
PRIMARY server details:
Operating System: CentOS 6.4 32bit minimal install
FQDN: foo1.geekpeek.net
IP Address: 192.168.1.100
Network: 192.168.1.0/24
SECONDARY server details:
Operating System: CentOS 6.4 32bit minimal install
FQDN: foo2.geekpeek.net
IP Address: 192.168.1.101
Network: 192.168.1.0/24
Let’s Install Bind on CentOS 6!
This How To was tested with SELINUX disabled and IPTABLES stopped! To install Bind and run it with these enabled please read SELINUX and IPTABLES configuration guide!
1. Install Bind on PRIMARY and SECONDARY DNS server
[root@foo1 ~]# yum install bind-* -y [root@foo2 ~]# yum install bind-* -y
2. Configure /etc/named.conf on PRIMARY DNS server
[root@foo1 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.100; }; # PRIMARY Bind DNS IP Address
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; # NETWORK to serve
allow-transfer { localhost; 192.168.1.101; }; # SECONDARY Bind DNS IP Address
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "geekpeek.net" IN { # FORWARD Zone file and configuration - put in your DOMAINNAME
type master;
file "fwd.geekpeek.net";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN { # REVERSE Zone file and configuration
type master;
file "rev.geekpeek.net";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
3. Create FORWARD Zone file (/var/named/fwd.geekpeek.net) on PRIMARY DNS server
[root@foo1 ~]# cat /var/named/fwd.geekpeek.net $TTL 86400 @ IN SOA foo1.geekpeek.net. root.geekpeek.net. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS foo1.geekpeek.net. @ IN NS foo2.geekpeek.net. foo1 IN A 192.168.1.100 foo2 IN A 192.168.1.101
4. Create REVERSE Zone file (/var/named/rev.geekpeek.net) on PRIMARY DNS server
[root@foo1 ~]# cat /var/named/rev.geekpeek.net $TTL 86400 @ IN SOA foo1.geekpeek.net. root.geekpeek.net. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS foo1.geekpeek.net. @ IN NS foo2.geekpeek.net. foo1 IN A 192.168.1.100 foo2 IN A 192.168.1.101 100 IN PTR foo1.geekpeek.net. 101 IN PTR foo2.geekpeek.net.
5. Check Bind configuration and Zone files on PRIMARY DNS server
[root@foo1 ~]# named-checkconf /etc/named.conf [root@foo1 ~]# named-checkzone geekpeek.net /var/named/fwd.geekpeek.net zone geekpeek.net/IN: loaded serial 2011071001 OK [root@foo1 ~]# named-checkzone geekpeek.net /var/named/rev.geekpeek.net zone geekpeek.net/IN: loaded serial 2011071001 OK
6. Start Bind on PRIMARY DNS server and make it start at boot
[root@foo1 ~]# chkconfig named on [root@foo1 ~]# /etc/init.d/named start Starting named: [ OK ]
7. Configure /etc/named.conf on SECONDARY DNS server
[root@foo2 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.101; }; # SECONDARY Bind DNS IP Address
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; # NETWORK to serve
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "geekpeek.net" IN { # FORWARD Zone file and configuration - put in your DOMAINNAME
type slave;
file "slaves/geekpeek.net.fwd";
masters { 192.168.1.100; };
};
zone "1.168.192.in-addr.arpa" IN { # REVERSE Zone file and configuration
type slave;
file "slaves/geekpeek.net.rev";
masters { 192.168.1.100; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
8. Start Bind on SECONDARY DNS server and make it start at boot
[root@foo2 ~]# chkconfig named on [root@foo2 ~]# /etc/init.d/named start Starting named: [ OK ]
9. Check that REVERSE and FORWARD Zone files were created on SECONDARY DNS server
These files are automatically replicated from PRIMARY DNS server!
[root@foo2 ~]# ll /var/named/slaves/ total 8 -rw-r--r-- 1 named named 374 Dec 13 09:00 geekpeek.net.fwd -rw-r--r-- 1 named named 453 Dec 13 09:00 geekpeek.net.rev [root@foo2 ~]# cat /var/named/slaves/geekpeek.net.fwd $ORIGIN . $TTL 86400 ; 1 day geekpeek.net IN SOA foo1.geekpeek.net. root.geekpeek.net. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS foo1.geekpeek.net. NS foo2.geekpeek.net. $ORIGIN geekpeek.net. foo1 A 192.168.1.100 foo2 A 192.168.1.101 [root@foo2 ~]# cat /var/named/slaves/geekpeek.net.rev $ORIGIN . $TTL 86400 ; 1 day 1.168.192.in-addr.arpa IN SOA foo1.geekpeek.net. root.geekpeek.net. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS foo1.geekpeek.net. NS foo2.geekpeek.net. $ORIGIN 1.168.192.in-addr.arpa. 101 PTR foo2.geekpeek.net. 100 PTR foo1.geekpeek.net. foo1 A 192.168.1.100 foo2 A 192.168.1.101
10. Configure DNS servers on your CLIENT machine
[root@fooclient ~]# cat /etc/resolv.conf search geekpeek.net nameserver 192.168.1.100 nameserver 192.168.1.101
11. And test Domain Name Resolution from CLIENT machine
[root@foo1 ~]# nslookup foo1.geekpeek.net Server: 192.168.1.100 Address: 192.168.1.100#53 Name: foo1.geekpeek.net Address: 192.168.1.100 [root@foo1 ~]# nslookup foo2.geekpeek.net Server: 192.168.1.100 Address: 192.168.1.100#53 Name: foo2.geekpeek.net Address: 192.168.1.101 [root@foo1 ~]# dig foo1.geekpeek.net ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> foo1.geekpeek.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1814 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;foo1.geekpeek.net. IN A ;; ANSWER SECTION: foo1.geekpeek.net. 86400 IN A 192.168.1.100 ;; AUTHORITY SECTION: geekpeek.net. 86400 IN NS foo2.geekpeek.net. geekpeek.net. 86400 IN NS foo1.geekpeek.net. ;; ADDITIONAL SECTION: foo2.geekpeek.net. 86400 IN A 192.168.1.101 ;; Query time: 2 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Dec 12 15:13:20 2013 ;; MSG SIZE rcvd: 100 [root@foo1 ~]# dig foo2.geekpeek.net ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> foo2.geekpeek.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6601 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;foo2.geekpeek.net. IN A ;; ANSWER SECTION: foo2.geekpeek.net. 86400 IN A 192.168.1.101 ;; AUTHORITY SECTION: geekpeek.net. 86400 IN NS foo2.geekpeek.net. geekpeek.net. 86400 IN NS foo1.geekpeek.net. ;; ADDITIONAL SECTION: foo1.geekpeek.net. 86400 IN A 192.168.1.100 ;; Query time: 2 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Dec 12 15:13:23 2013 ;; MSG SIZE rcvd: 100
This is the end of “How to install Bind on CentOS 6” post.
We can now add new A and PTR records to our Zone files! A new tutorial will cover Bind management, adding a new A record and PTR.
Stay tuned…
6 Comments
Leave a Reply5 Pings & Trackbacks
Pingback: How to Install DHCP Server on CentOS 6 | GeekPeek.Net
Pingback: Configuring Bind DNS on Centos 6 | Ollie Young
Pingback: CentOS系统搭建主从DNS服务 | 希尔的SE笔记
Pingback: آموزش نصب و کانفیگ bind dns
Pingback: Centos Web Install | Kuplux's