Today we will see, DNS Server and DNS Client configuration in CentOS 7. So lets start step by step DNS server and DNS Client installation and configuration. Before installation we should know what is DNS?
What is DNS
DNS, stands for Domain Name System. DNS translates hostnames or URLs into IP addresses. For example, if you type any url like this https://urclouds.com in your browser, then DNS server will translates this domain name into its associated IP address. It’s very difficult to remember lot of IP address all time, DNS servers are makes its easy. We can use DNS server to translate the IP in to hostnames or url like this 192.xxx.xx.xxx to https://urclouds.com. So it makes easy to remember the domain names instead of its IP address.
In this tutorial I am going to show you how we can install local DNS server in CentOS7. I will also show you how to configure DNS client. You can also use this steps in RHEL7 to configure local DNS server.
Prerequisite
In this tutorial I am going to use two host first is our DNS Server and second will be our DNS Client. On our both Host CentOS7 should be install. You can see below Host details:-
- DNS-Server (Hostname:- dns.urclouds.local, IP :- 192.168.43.95)
- DNS-Client (Hostname:- client.urclouds.local, IP :- 192.168.43.96)
DNS Server Installation Steps:-
First of all we need to install bind9 packages on our DNS server.
[root@dns ~]# yum install bind bind-utils –y
After package installation we need to configure DNS Server. Configuration should be like below:-
Edit /etc/named.conf file. And add this line which is show in bold.
[root@dns ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; any; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "urclouds.local" IN {
type master;
file "forward.urclouds";
allow-update { none; };
};
zone "43.168.192.in-addr.arpa" IN {
type master;
file "reverse.urclouds";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@dns ~]#
After file configuration you can verify you named.conf file with named-checkconf, if your file is ok, then there will be no any output like below:-
[root@dns ~]# named-checkconf [root@dns ~]#
Make sure your named.conf file ownership should be root:named
[root@dns ~]# ls -l /etc/named.conf -rw-r----- 1 root named 1910 May 26 17:00 /etc/named.conf [root@dns ~]#
Now we need to create forward and reverse zone file which we have included in /etc/named.conf file. like this:-
forward.urclouds and reverse.urclouds
So first off all I am going to crate Forward Zone. We need create file forward.urclouds in /var/named/ directory.
Add the following lines in forward.urclouds file:-
[root@dns ~]# cat /var/named/forward.urclouds
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.43.95
dns A 192.168.43.95
client A 192.168.43.96
[root@dns ~]#
Now I am going to create Reverse Zone in /var/named/ directory.
Add the following lines in reverse.urclouds file
[root@dns ~]# cat /var/named/reverse.urclouds $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 192.168.43.95 95 PTR dns 96 PTR client [root@dns ~]#
Zone file ownership should be root:named so now we need to change ownership of zone files with below commands.
[root@dns named]# chown root:named forward.urclouds [root@dns named]# chown root:named reverse.urclouds
After zone file configuration now we need to enable and start our DNS service.
[root@dns ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@dns ~]# systemctl start named
[root@dns ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-05-26 16:38:30 CEST; 50min ago
Process: 1919 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 1933 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 1930 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 1936 (named)
CGroup: /system.slice/named.service
└─1936 /usr/sbin/named -u named -c /etc/named.conf
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:2d::d#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:12::d0d#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:7fd::1#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:2f::f#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:7fe::53#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:2d::d#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:12::d0d#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:7fd::1#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:2f::f#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:7fe::53#53
[root@dns ~]#
Now we need to configure Firewall for our DNS service. We need to enable default port 53 for DNS service on from Linux firewall side.
[root@dns ~]# firewall-cmd --add-port=53/udp success [root@dns ~]# firewall-cmd --add-port=53/udp --permanent success [root@dns ~]#
After port enable we need to reload Firewall using this commands.
[root@dns ~]# firewall-cmd --reload success [root@dns ~]#
After all above configuration now we can check DNS configuration and zone files for any syntax errors with below commands:-
Check DNS default configuration file:-
[root@dns ~]# named-checkconf /etc/named.conf [root@dns ~]#
If it returns nothing, then our configuration file is valid.
We can check forward zone also with below commands and output will be look like this:-
[root@dns named]# named-checkzone urclouds.local /var/named/forward.urclouds zone urclouds.local/IN: loaded serial 0 OK [root@dns named]#
Now we can check reverse zone with below commands and output will be look like this:-
[root@dns ~]# named-checkzone urclouds.local /var/named/reverse.urclouds zone urclouds.local/IN: loaded serial 0 OK [root@dns ~]#
Now our DNS server installation and configuration has been completed. Lets verify our DNS server is properly working or not. We can use nslookup command to verify our DNS server like this:-
[root@dns ~]# nslookup dns.urclouds.local Server: 127.0.0.1 Address: 127.0.0.1#53 Name: dns.urclouds.local Address: 192.168.43.95 [root@dns ~]# [root@dns ~]# [root@dns ~]# nslookup client.urclouds.local Server: 127.0.0.1 Address: 127.0.0.1#53 Name: client.urclouds.local Address: 192.168.43.96 [root@dns ~]#
You can see above our DNS server working properly. Now let’s configure our Client and check our Name resolution with Client.
DNS Client Configuration
On Client side we need to add DNS server IP in /etc/resolve.conf file like this:-
[root@client ~]# cat /etc/resolv.conf # Generated by NetworkManager search urclouds.local nameserver 192.168.43.95 [root@client ~]#
After that we can check name resolution from client side with nslookup commands like this:-
[root@client ~]# nslookup dns Server: 192.168.43.95 Address: 192.168.43.95#53 Name: dns.urclouds.local Address: 192.168.43.95 [root@client ~]# nslookup client Server: 192.168.43.95 Address: 192.168.43.95#53 Name: client.urclouds.local Address: 192.168.43.96 [root@client ~]#
You can see our client server resolve name successfully with DNS server.
That’s all, Now we have completed installation and configuration DNS server and DNS Client.
You can also check with below link how to install NTP server and NTP client in CentOS 7 and RHEL 7
You overlooked something 🙁
I have visited your website repeatedly, and
found it to be very informative
You could breathe life into any topic! Good job!