DNS Server and Client Configuration in CentOS 7

Today we will see, DNS Server and DNS Client configuration in CentOS 7. So lets start step by step DNS server and DNS Client installation and configuration. Before installation we should know what is DNS?

What is DNS

DNS, stands for Domain Name System. DNS translates hostnames or URLs into IP addresses. For example, if you type any url like this https://urclouds.com in your browser, then DNS server will translates this domain name into its associated IP address. It’s very difficult to remember lot of IP address all time, DNS servers are makes its easy. We can use DNS server to translate the IP in to hostnames or url like this 192.xxx.xx.xxx to https://urclouds.com. So it makes easy to remember the domain names instead of its IP address.

In this tutorial I am going to show you how we can install local DNS server in CentOS7. I will also show you how to configure DNS client. You can also use this steps in RHEL7 to configure local DNS server.

Prerequisite

In this tutorial I am going to use two host first is our DNS Server and second will be our DNS Client. On our both Host CentOS7 should be install. You can see below Host details:-

  1. DNS-Server (Hostname:- dns.urclouds.local, IP :- 192.168.43.95)
  2. DNS-Client (Hostname:- client.urclouds.local, IP :- 192.168.43.96)

DNS Server Installation Steps:-

First of all we need to install bind9 packages on our DNS server.

[[email protected] ~]# yum install bind bind-utils –y

After package installation we need to configure DNS Server. Configuration should be like below:-

Edit /etc/named.conf file.  And add this line which is show in bold.

[[email protected] ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; any; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "urclouds.local" IN {
type master;
file "forward.urclouds";
allow-update { none; };
};
zone "43.168.192.in-addr.arpa" IN {
type master;
file "reverse.urclouds";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[[email protected] ~]#

After file configuration you can verify you named.conf file with named-checkconf, if your file is ok, then there will be no any output like below:-

[[email protected] ~]# named-checkconf
[[email protected] ~]#

Make sure your named.conf file ownership should be root:named

[[email protected] ~]# ls -l /etc/named.conf
-rw-r----- 1 root named 1910 May 26 17:00 /etc/named.conf
[[email protected] ~]#

Now we need to create forward and reverse zone file which we have included in /etc/named.conf file. like this:-

forward.urclouds and reverse.urclouds

So first off all I am going to crate Forward Zone. We need create file forward.urclouds in /var/named/ directory.

Add the following lines in forward.urclouds file:-

[[email protected] ~]# cat /var/named/forward.urclouds
$TTL 1D
@ IN SOA @ rname.invalid. (
                            0 ; serial
                           1D ; refresh
                           1H ; retry
                           1W ; expire
                         3H ) ; minimum
           NS @
           A 192.168.43.95
dns        A 192.168.43.95
client     A 192.168.43.96
[[email protected] ~]#

Now I am going to create Reverse Zone in /var/named/ directory.

Add the following lines in reverse.urclouds file

[[email protected] ~]# cat /var/named/reverse.urclouds
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       192.168.43.95
95      PTR     dns
96      PTR     client
[[email protected] ~]#

Zone file ownership should be root:named so now we need to change ownership of zone files with below commands.

[[email protected] named]# chown root:named forward.urclouds
[[email protected] named]# chown root:named reverse.urclouds

After zone file configuration now we need to enable and start our DNS service.

[[email protected] ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[[email protected] ~]# systemctl start named
[[email protected] ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-05-26 16:38:30 CEST; 50min ago
Process: 1919 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 1933 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 1930 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 1936 (named)
CGroup: /system.slice/named.service
└─1936 /usr/sbin/named -u named -c /etc/named.conf

May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:2d::d#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:12::d0d#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:7fd::1#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:500:2f::f#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/A/IN': 2001:7fe::53#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:2d::d#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:12::d0d#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:7fd::1#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:500:2f::f#53
May 26 17:12:00 dns.urclouds.local named[1936]: error (network unreachable) resolving '3.centos.pool.ntp.org/AAAA/IN': 2001:7fe::53#53
[[email protected] ~]#

Now we need to configure Firewall for our DNS service. We need to enable default port 53 for DNS service on from Linux firewall side.

[[email protected] ~]# firewall-cmd --add-port=53/udp
success
[[email protected] ~]# firewall-cmd --add-port=53/udp --permanent
success
[[email protected] ~]#

After port enable we need to reload Firewall using this commands.

[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]#

After all above configuration now we can check DNS configuration and zone files for any syntax errors with below commands:-

Check DNS default configuration file:-

[[email protected] ~]# named-checkconf /etc/named.conf
[[email protected] ~]#

If it returns nothing,  then our configuration file is valid.

We can check forward zone also with below commands and output will be look like this:-

[[email protected] named]# named-checkzone urclouds.local /var/named/forward.urclouds
zone urclouds.local/IN: loaded serial 0
OK
[[email protected] named]#

Now we can check reverse zone with below commands and output will be look like this:-

[[email protected] ~]# named-checkzone urclouds.local /var/named/reverse.urclouds
zone urclouds.local/IN: loaded serial 0
OK
[[email protected] ~]#

Now our DNS server installation and configuration has been completed. Lets verify our DNS server is properly working or not. We can use nslookup command to verify our DNS server like this:-

[[email protected] ~]# nslookup dns.urclouds.local
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: dns.urclouds.local
Address: 192.168.43.95

[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]# nslookup client.urclouds.local
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: client.urclouds.local
Address: 192.168.43.96

[[email protected] ~]#

You can see above our DNS server working properly. Now let’s configure our Client and check our Name resolution with Client.

DNS Client Configuration

On Client side we need to add DNS server IP in /etc/resolve.conf file like this:-

[[email protected] ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search urclouds.local
nameserver 192.168.43.95
[[email protected] ~]#

After that we can check name resolution from client side with nslookup commands like this:-

[[email protected] ~]# nslookup dns
Server: 192.168.43.95
Address: 192.168.43.95#53

Name: dns.urclouds.local
Address: 192.168.43.95

[[email protected] ~]# nslookup client
Server: 192.168.43.95
Address: 192.168.43.95#53

Name: client.urclouds.local
Address: 192.168.43.96

[[email protected] ~]#

You can see our client server resolve name successfully with DNS server.

That’s all, Now we have completed installation and configuration DNS server and DNS Client.

You can also check with below link how to install NTP server and NTP client in CentOS 7 and RHEL 7

NTP Installation and Configuration on CentOS 7 and RHEL 7

 

3 thoughts on “DNS Server and Client Configuration in CentOS 7

Leave a Reply

Your email address will not be published. Required fields are marked *