Tuesday 9 October 2012

How To Install and Configure DNS (Bind) on CentOS 6.3

Synopsis:


A short tutorial on how to Install and Configure a DNS service on CentOS 6.3 x64 using Webmin.

Assumptions and Prerequisites:


  • OS: CentOS 6.3 x64.
  • Server Name: tyrion
  • The Server [tyrion] hosts all services on the same machine (e.g. DHCP, Postfix, HTTP, and FTP).
  • Webmin is already installed and the DNS configuration will be done via Webmin.
  • The DNS for both internal (LAN) and external (WAN) IPs will be hosted on the same Server Machine.
  • There are no DNS Slaves.
  • IPv6 is disabled.
  • Firewall (IPTables) is disabled.
  • SELinux is disabled.
  • Subnet: 192.168.1.0/24
  • Domain: kingslanding.com.au
  • WAN IP: 110.92.81.14
  • Gateway (Router IP Address): 192.168.1.1
  • Local ISP (TPG) DNS are used as forwarders. (203.12.160.35 and 203.12.160.36) 
  • DHCP is installed and a couple of IP addresses are reserved.
  • Dynamic DNS is not enabled for the DHCP Server.
  • Text Editor: Nano
  • Server Location: Melbourne, Australia.

Step-by-Step Instructions:


1. Install DNS packages. Run the following command in terminal.
# yum -y install bind bind-utils

2. Disable IPV6 for the named deamon
# echo 'OPTIONS="-4"' >>  /etc/sysconfig/named

3. Configure Bind (named) via Webmin

4. Create views "lan" and "wan". "lan" is for internal clients i.e. Private Machines. "wan" is for external clients that reside outside the router i.e. Internet.

5. Move all the zones to "lan" i.e. "Root Zone", "0", "127.0.0.1", "localhost", "localhost.localdomain". 
 a. Set "allow queries" to "localhost" and "192.168.1.0/24" under "Zone Defaults".
 b. Add 203.12.160.35 and 203.12.160.36 to "Forwarders and Transfers".
 c. Comment out "Listen on port 53 {127.0.0.1;}" because we want the 'named" service to listen on all interfaces.
 d. Set "listen-on-v6 port 53" to 'none' because we are not using IPv6.
 e. Set "recursion" to 'yes' because we want all devices on the LAN to be able to list all the devices listed on the DNS service.

 f. Set "recursion" to 'no' only for the "wan" view because we don't want users from the Internet to find out the IP addresses of our local machines on the LAN.   

6. Create Master Zone "kingslanding.com.au" of Forward type in the "lan" view with the following details:
 a. Domain = kingslanding.com.au
 b. Master server = tyrion.kingslanding.com.au
 c. Tick "Add NS record for Master Server".
 d. Enter Email address "root@kingslanding.com.au"
 e. Select "Use zone template".

7. Add "Address (A)" record "kingslanding.com.au." -> 192.168.1.11

8. Add "Mail (MX)" record "kingslanding.com.au." -> "tyrion.kingslanding.com.au." with 10 priority.

9. Add "Address (A)" record "tyrion" -> 192.168.1.11

10. Add "Alias (CNAME)" record "mail" -> "kingslanding.com.au."

11. Add "Alias (CNAME)" record "www" -> "kingslanding.com.au." 

12. Add "Alias (CNAME)" record "ftp" -> "kingslanding.com.au." 

13. Add "Address (A)" record "jamie" -> 192.168.1.12

14. Add "Address (A)" record "tywin" -> 192.168.1.10

15. Add "Address (A)" record "cersei" -> 192.168.1.13

16. Add "Address (A)" record "joffery" -> 192.168.1.14

17. Create Master Zone "192.168.1" of Reverse type in the "lan" view with the following details:
 a. Domain name / network = 192.168.1
 b. Master Server = tyrion.kingslanding.com.au
 c. Tick "Add NS record for Master Server".
 d. Enter Email address "root@kingslanding.com.au"
 e. Select "Use zone template".

18. Add "Reverse Address (PTR)" record "192.168.1.11" -> "tyrion.kingslanding.com.au."

19. Add "Reverse Address (PTR)" record "192.168.1.10" -> "tywin.kingslanding.com.au."

20. Add "Reverse Address (PTR)" record "192.168.1.12" -> "jamie.kingslanding.com.au."

21. Add "Reverse Address (PTR)" record "192.168.1.13" -> "cersei.kingslanding.com.au."

22. Add "Reverse Address (PTR)" record "192.168.1.14" -> "joffery.kingslanding.com.au."

23. Create Master Zone "kingslanding.com.au" of Forward type in the "wan" view with the following details:
 a. Domain = kingslanding.com.au
 b. Master server = tyrion.kingslanding.com.au
 c. Tick "Add NS record for Master Server".
 d. Enter Email address "root@kingslanding.com.au"
 e. Select "Use zone template".

24. Add "Address (A)" record "kingslanding.com.au." -> "110.92.81.14"

25. Add "Address (A)" record "tyrion.kingslanding.com.au." -> "110.92.81.14"

26. Add "Mail (MX)" record "kingslanding.com.au." -> "kingslanding.com.au." with 10 priority.

27. Add "Alias (CNAME)" record "www" -> "kingslanding.com.au."

28. Add "Alias (CNAME)" record "ftp" -> "kingslanding.com.au."

29. Add "Alias (CNAME)" record "mail" -> "kingslanding.com.au."

30. Add "Alias (CNAME)" record "ns1" -> "kingslanding.com.au."

31. Add "Alias (CNAME)" record "ns2" -> "kingslanding.com.au."

32. Add "Alias (CNAME)" record "vpn" -> "kingslanding.com.au."

33. Create Master Zone "110.92.81.14" of Reverse type in the "wan" view with the following details:
 a. Domain name / network = 110.92.81.14
 b. Master Server = tyrion.kingslanding.com.au
 c. Tick "Add NS record for Master Server".
 d. Enter Email address "root@kingslanding.com.au"
 e. Select "Use zone template".

34. Install DNS (Bind) as CHROOT
# yum -y install bind-chroot

 35. Enable named (DNS) service to start at boot.
# chkconfig named on

36. Start named service
# /etc/rc.d/init.d/named start

37. Edit /etc/resolv.conf file to have the local machine use the local DNS service to resolve host names.
eg:
search kingslanding.com.au
nameserver 127.0.0.1

38. Also edit your network startup scripts, usually that's where the network configuration is written to in /etc/resolv.conf
eg. File: /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
BOOTPROTO="none"
HWADDR="00:2B:34:01:FB:82"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
IPADDR="192.168.1.11"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
DOMAIN="kingslanding.com.au"
DNS1="127.0.0.1"
IPV6INIT="no"
USERCTL="no"


39. Switch off DNS and DHCP on your Router. On your router, forward port 53 to 192.168.1.11 so that your DNS host provider has access to your DNS server to update it's records.

40. Restart your Network service.
# /etc/rc.d/init.d/network restart


Conclusion:


Use the "dig" tool to test the DNS service on your server.

In order to have the users from the Internet to be able to access kingslanding.com.au, you will have to have your DNS server linked to a Web and DNS hosting service provider. Personally, I use Zone Edit as my DNS hosting provider and Digital Pacific as my Web Domain Service Provider.

It takes up to 2 - 24 hours for the DNS Root servers to update their records to sync your DNS server records. So, be patient.
Posted by at
Labels: , , , , , , , ,

1 comment:

Waqas said...

great information about DNS...

http://linux-hosting.com.au/

3:40 pm

Post a Comment

Subscribe to: Post Comments (Atom)