In this quick config we will setup the Berkeley Internet Name Domain (DNS) service named. First, let’s briefly describe our environment and proposed scenario. We will be setting up a DNS server to host a single zone file for domain linuxconfig.org. Our DNS server will act as a master authority for this domain and will resolve fully qualified domain (FQDN) linuxconfig.org and www.linuxconfig.org to an IP address 1.1.1.1.
Furthermore, our named daemon will be listening on a two local IP addresses, the loopback IP address 127.0.0.1 and local network interface 10.1.1.100. Lastly, the DNS server will allow queries from any external IP address.
DNS server Installation
Now that we have described our basic scenario let’s begin with an DNS server installation. To install DNS server on RHEL7 use yum command below:
# yum install bind ... RHEL_7_Disc/productid | 1.6 kB 00:00 Verifying : 32:bind-9.9.4-14.el7.x86_64 1/2 Verifying : 32:bind-libs-9.9.4-14.el7.x86_64 2/2 Installed: bind.x86_64 32:9.9.4-14.el7 Dependency Installed: bind-libs.x86_64 32:9.9.4-14.el7 Complete!
Once the DNS installation is finished we will now make a quick configuration to make named daemon listen on our loopback and local network interface address:
[root@rhel7 ~] # ip addr show | grep inet
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 10.1.1.110/8 brd 10.255.255.255 scope global enp0s3
inet6 fe80::a00:27ff:fe15:38b7/64 scope link
From the above command output we can see our both IPv4 and IPv6 IP addresses. Let’s make our named daemon to listen on both. Open the main named configuration file /etc/named.conf and change line:
listen-on port 53 { 127.0.0.1; };
TO:
listen-on port 53 { 127.0.0.1; 10.1.1.110; };
At this point we can start named daemon:
[root@rhel7 ~]# service named start Redirecting to /bin/systemctl start named.service
If the above servicecommand hangs make sure that you have a correctly setup your hostname and that you can resolve it:
[root@rhel7 ~]# ping -c 1 `hostname` ping: unknown host rhel7
Quickest way to fix this is to edit your /etc/hosts file to something like:
[root@rhel7 ~]# vi /etc/hosts 127.0.0.1 rhel7 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.1.1.110 rhel7 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [root@rhel7 ~]# ping -c 1 `hostname` PING rhel7 (127.0.0.1) 56(84) bytes of data. 64 bytes from rhel7 (127.0.0.1): icmp_seq=1 ttl=64 time=0.080 ms --- rhel7 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.080/0.080/0.080/0.000 ms
At this point you should be able to start your DNS server without any problems. Once your named daemon started check port 53 by using a netstat command which is a part of net-tools package:
[root@rhel7 ~]# netstat -ant | grep -w 53
At this point we should have DNS server configured to be listening on at least two sockets:
10.1.1.110:53 127.0.0.1:53
Firewall Settings
Now is the time to open a firewall to allow DNS queries from external sources. Make sure you have both protocols TCP and UDP:
[root@rhel7 ~]# firewall-cmd --zone=public --add-port=53/tcp --permanent success [root@rhel7 ~]# firewall-cmd --zone=public --add-port=53/udp --permanent success [root@rhel7 ~]# firewall-cmd --reload success
Test that you can access port 53 from some other external host. The easiest way is to use nmap command:
[lrendek@localhost ~]$ nmap -p 53 10.1.1.110 Starting Nmap 6.45 ( http://nmap.org ) at 2014-11-08 16:40 AEDT Nmap scan report for rhel7.local (10.1.1.110) Host is up (0.00040s latency). PORT STATE SERVICE 53/tcp open domain Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
As well as check whether DNS port 53 is accessible using UDP protocol. You will need root privileges for this:
# nmap -sU -p 53 10.1.1.110 Starting Nmap 6.45 ( http://nmap.org ) at 2014-11-08 17:15 AEDT Nmap scan report for rhel7.local (10.1.1.110) Host is up (0.00044s latency). PORT STATE SERVICE 53/udp open domain MAC Address: 08:00:27:15:38:B7 (Cadmus Computer Systems) Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
Zone file configuration
All good. Now, it is time to define our zone file for linuxconfig.org domain. First we create a directory to host all our master zone files:
[root@rhel7 ~]# mkdir -p /etc/bind/zones/master/
Next, let’s create the actual zone file with a following content:
create a zone file:
[root@rhel7 ~]# vi /etc/bind/zones/master/db.linuxconfig.org
;
; BIND data file for linuxconfig.org
;
$TTL 3h
@ IN SOA linuxconfig.org admin.linuxconfig.org. (
1 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
;
@ IN NS ns1.rhel7.local.
@ IN NS ns2.rhel7.local.
linuxconfig.org. IN A 1.1.1.1
www IN A 1.1.1.1
Change the above zone file to suit your environment, add MX records as well as change Name Server records ns1.rhel7.local. and ns2.rhel7.local. to your FQDN that your new DNS server can be resolved with eg. ns1.mydomain.com. and ns2.mydomain.com.. Once ready include our new zone file to the named config file /etc/named.rfc1912.zones:
zone "linuxconfig.org" {
type master;
file "/etc/bind/zones/master/db.linuxconfig.org";
};
Restart your DNS server:
[root@rhel7 ~]# service named restart Redirecting to /bin/systemctl restart named.service
DNS server configuration
If there are no errors and the named daemon started correctly once again open the main named configuration file /etc/named.conf and change line:
FROM:
allow-query { localhost; };
TO:
allow-query { any; };
The above will allow query your DNS server from external sources. Restart your named daemon :
[root@rhel7 ~]# service named restart Redirecting to /bin/systemctl restart named.service
As a last configuration step remains is to make sure that our DNS server starts after we reboot our RHEL7 linux server:
[root@rhel7 ~]# systemctl enable named ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service'
RHEL 7 DNS Server Testing
At this stage you should be ready to ask your DNS server to resolve domain linuxconfig.org. From some external host now try to query your DNS server for a domain linuxconfig.org using dig command:
[lrendek@localhost ~]$ dig @10.1.1.110 www.linuxconfig.org
All working as expected.
The above config helped you to get started with some basic configuration of your DNS server on RHEL7 linux server.