How To Install and Configure DNS (Bind) on CentOS 6.3

Synopsis:

A short tutorial on how to Install and Configure a DNS service on CentOS 6.3 x64 using Webmin.

Assumptions and Prerequisites:

• OS: CentOS 6.3 x64.
• Server Name: tyrion
• The Server [tyrion] hosts all services on the same machine (e.g. DHCP, Postfix, HTTP, and FTP).
• Webmin is already installed and the DNS configuration will be done via Webmin.
• The DNS for both internal (LAN) and external (WAN) IPs will be hosted on the same Server Machine.
• There are no DNS Slaves.
• IPv6 is disabled.
• Firewall (IPTables) is disabled.
• SELinux is disabled.
• Subnet: 192.168.1.0/24
• Domain: kingslanding.com.au
• WAN IP: 110.92.81.14
• Gateway (Router IP Address): 192.168.1.1
• Local ISP (TPG) DNS are used as forwarders. (203.12.160.35 and 203.12.160.36) 
• DHCP is installed and a couple of IP addresses are reserved.
• Dynamic DNS is not enabled for the DHCP Server.
• Text Editor: Nano
• Server Location: Melbourne, Australia.

Step-by-Step Instructions:

1. Install DNS packages. Run the following command in terminal.
# yum -y install bind bind-utils

2. Disable IPV6 for the named deamon

# echo 'OPTIONS="-4"' >>  /etc/sysconfig/named

3. Configure Bind (named) via Webmin

4. Create views "lan" and "wan". "lan" is for internal clients i.e. Private Machines. "wan" is for external clients that reside outside the router i.e. Internet.

5. Move all the zones to "lan" i.e. "Root Zone", "0", "127.0.0.1", "localhost", "localhost.localdomain". 

 a. Set "allow queries" to "localhost" and "192.168.1.0/24" under "Zone Defaults".

 b. Add 203.12.160.35 and 203.12.160.36 to "Forwarders and Transfers".

 c. Comment out "Listen on port 53 {127.0.0.1;}" because we want the 'named" service to listen on all interfaces.

 d. Set "listen-on-v6 port 53" to 'none' because we are not using IPv6.

 e. Set "recursion" to 'yes' because we want all devices on the LAN to be able to list all the devices listed on the DNS service.

 f. Set "recursion" to 'no' only for the "wan" view because we don't want users from the Internet to find out the IP addresses of our local machines on the LAN.   

6. Create Master Zone "kingslanding.com.au" of Forward type in the "lan" view with the following details:

 a. Domain = kingslanding.com.au

 b. Master server = tyrion.kingslanding.com.au

 c. Tick "Add NS record for Master Server".

 d. Enter Email address "root@kingslanding.com.au"

 e. Select "Use zone template".

7. Add "Address (A)" record "kingslanding.com.au." -> 192.168.1.11

8. Add "Mail (MX)" record "kingslanding.com.au." -> "tyrion.kingslanding.com.au." with 10 priority.

9. Add "Address (A)" record "tyrion" -> 192.168.1.11

10. Add "Alias (CNAME)" record "mail" -> "kingslanding.com.au."

11. Add "Alias (CNAME)" record "www" -> "kingslanding.com.au." 

12. Add "Alias (CNAME)" record "ftp" -> "kingslanding.com.au." 

13. Add "Address (A)" record "jamie" -> 192.168.1.12

14. Add "Address (A)" record "tywin" -> 192.168.1.10

15. Add "Address (A)" record "cersei" -> 192.168.1.13

16. Add "Address (A)" record "joffery" -> 192.168.1.14

17. Create Master Zone "192.168.1" of Reverse type in the "lan" view with the following details:

 a. Domain name / network = 192.168.1

 b. Master Server = tyrion.kingslanding.com.au

 c. Tick "Add NS record for Master Server".

 d. Enter Email address "root@kingslanding.com.au"

 e. Select "Use zone template".

18. Add "Reverse Address (PTR)" record "192.168.1.11" -> "tyrion.kingslanding.com.au."

19. Add "Reverse Address (PTR)" record "192.168.1.10" -> "tywin.kingslanding.com.au."

20. Add "Reverse Address (PTR)" record "192.168.1.12" -> "jamie.kingslanding.com.au."

21. Add "Reverse Address (PTR)" record "192.168.1.13" -> "cersei.kingslanding.com.au."

22. Add "Reverse Address (PTR)" record "192.168.1.14" -> "joffery.kingslanding.com.au."

23. Create Master Zone "kingslanding.com.au" of Forward type in the "wan" view with the following details:

 a. Domain = kingslanding.com.au

 b. Master server = tyrion.kingslanding.com.au

 c. Tick "Add NS record for Master Server".

 d. Enter Email address "root@kingslanding.com.au"

 e. Select "Use zone template".

24. Add "Address (A)" record "kingslanding.com.au." -> "110.92.81.14"

25. Add "Address (A)" record "tyrion.kingslanding.com.au." -> "110.92.81.14"

26. Add "Mail (MX)" record "kingslanding.com.au." -> "kingslanding.com.au." with 10 priority.

27. Add "Alias (CNAME)" record "www" -> "kingslanding.com.au."

28. Add "Alias (CNAME)" record "ftp" -> "kingslanding.com.au."

29. Add "Alias (CNAME)" record "mail" -> "kingslanding.com.au."

30. Add "Alias (CNAME)" record "ns1" -> "kingslanding.com.au."

31. Add "Alias (CNAME)" record "ns2" -> "kingslanding.com.au."

32. Add "Alias (CNAME)" record "vpn" -> "kingslanding.com.au."

33. Create Master Zone "110.92.81.14" of Reverse type in the "wan" view with the following details:

 a. Domain name / network = 110.92.81.14

 b. Master Server = tyrion.kingslanding.com.au

 c. Tick "Add NS record for Master Server".

 d. Enter Email address "root@kingslanding.com.au"

 e. Select "Use zone template".

34. Install DNS (Bind) as CHROOT
# yum -y install bind-chroot

35. Enable named (DNS) service to start at boot.
# chkconfig named on

36. Start named service
# /etc/rc.d/init.d/named start

37. Edit /etc/resolv.conf file to have the local machine use the local DNS service to resolve host names.
eg:
search kingslanding.com.au
nameserver 127.0.0.1

38. Also edit your network startup scripts, usually that's where the network configuration is written to in /etc/resolv.conf
eg. File: /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
BOOTPROTO="none"
HWADDR="00:2B:34:01:FB:82"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
IPADDR="192.168.1.11"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
DOMAIN="kingslanding.com.au"
DNS1="127.0.0.1"
IPV6INIT="no"
USERCTL="no"


39. Switch off DNS and DHCP on your Router. On your router, forward port 53 to 192.168.1.11 so that your DNS host provider has access to your DNS server to update it's records.

40. Restart your Network service.
# /etc/rc.d/init.d/network restart

Conclusion:

Use the "dig" tool to test the DNS service on your server.

In order to have the users from the Internet to be able to access kingslanding.com.au, you will have to have your DNS server linked to a Web and DNS hosting service provider. Personally, I use Zone Edit as my DNS hosting provider and Digital Pacific as my Web Domain Service Provider.

It takes up to 2 - 24 hours for the DNS Root servers to update their records to sync your DNS server records. So, be patient.

Successfully Configured a DNS Server On Linux (Fedora 12)

Recently, I successfully configured a DNS server on my Fedora 12 Linux box. It took me weeks of reading and watching DNS related materials and tutorials. I had to watch Webmin videos on youtube and read up on Bind-9 manuals. During the course of the task, at times it got pretty frustrating because to my surprise, there isn't a one-stop tutorial on the Internet on how to setup a DNS Server. I had to read several sources scattered around all over the Internet. Every tutorial that I read seemed to be either incomplete or had a very limited scope. Anyway, in the end I got it to work and it felt really good after all was done. Even though I got it to work, it still needs a bit of tweaks here and there. I'll finish with those tweaks by next week.

After setting up DNS, I managed to configure the DHCP server as well. Configuring a DHCP server is a cake walk compared to configuring a DNS server on Fedora Core 12.

All the effort and time that went into researching DNS servers gave me an idea. Since there isn't a good tutorial available on the Internet to setup a DNS server, I thought I might write one up and publish it on my blog for personal references. It might also help out others who want to setup a DNS server on their own personal network just as I have. Just thinking about the scope of this task I know will require quite a significant amount of time.