October 2010
« Sep   Nov »

How do I setup nameserver using Centos

Here are the stpes to configure local nameservers which would help you to resolve DNS for local resource installed on the LAN and Faster nslookup queery which will help to resolve the name very fast for intranet users.

1. Install packages :
#yum install bind bind-chroot bind-libs bind-utils caching-nameserver

2. Configure RNDC :

 #cd /var/named/chroot/etc
 #rndc-confgen > rndc.key
 # chown root:named rndc.key

3. Edit rndc.key so it looks like this, You may need to comment some lines on it.

[root@rc-025 ~]# cat  /var/named/chroot/etc/rndc.key | sed '/ *#/d; /^ *$/d'
key "rndckey" {
        algorithm hmac-md5;
        secret "f5wyuMBPnEZBbO/333L4ig==";

4. Configure /var/named/chroot/etc/named.conf

// we include the rndckey (copy-paste from rndc.key created earlier)
key "rndckey" {
      algorithm hmac-md5;
      secret "f5wyuMBPnEZBbO/333L4ig==";

// we assume our server has the IP serving the subnet
controls {
        inet allow {; } keys { "rndckey"; };
        inet allow {; } keys { "rndckey"; };

options {
        directory "/var/named";
        pid-file "/var/run/named/";

        recursion yes;

        allow-recursion {

        // these are the opendns servers (optional)
        forwarders {

        listen-on {

         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
        query-source address * port 53;

        // so people can't try to guess what version you're running
        version "REFUSED";

        allow-query {

server {
        keys { rndckey; };

zone "." IN {
        type hint;
        file "";

// forward zone
zone "rain-concert.intra" IN {
        type master;
        file "data/";
        allow-update { none; };
#        // we assume we have a slave dns server with the IP
#       allow-transfer {; };

#// reverse zone
zone "" IN {
        type master;
        file "data/";
        allow-update { none; };
  #   // we assume we have a slave dns server with the IP
  #allow-transfer {; };


1. I added rndckey which is created before in the config. file.
key “rndckey” {
algorithm hmac-md5;
secret “f5wyuMBPnEZBbO/333L4ig==”;
2. Dns server ip is and network is
3. DNS forwarder name servers ip address are, ( using diff. ISP’s)
4. listen-on : My name server is listing on 2 Nic cards ( failover) 192.168.01 and
5. forward zone : My forwarder zone name is “mydomain.local
6: reverse zone : My reverse zone name is ”

Now you need to create your first Forward DNS Zone,

#vi /var/named/chroot/var/named/data/

$ttl 38400
mydomain.local.       IN      SOA     ns.mydomain.local. admin.mydomain.local. (
                       2007020400   ; Serial
                       10800           ; Refresh after 3 hours
                       3600            ; Retry after 1 hour
                       604800          ; Expire after 1 week
                       86400 )         ; Minimum TTL of 1 day
mydomain.local.       IN      NS      ns.mydomain.local.
mydomain.local.               IN      MX      1       mx.mydomain.local.
mydomain.local.               IN      MX      5       mx2.mydomain.local.
www.mydomain.local.         IN      A
ns.mydomain.local.             IN      A
ns1.mydomain.local.            IN      A
ns2.mydomain.local.            IN      A
mx.mydomain.local.             IN      A
mx2.mydomain.local.            IN      A
mail.mydomain.local.          IN      CNAME     mx.mydomain.local.
intranet.mydomain.local.    IN         A
Admin-PC.mydomain.local.    IN       A
secured_share.mydomain.local.  IN  A
news.mydomain.local.    IN             A
dev_sites.mydomain.local.    IN       A

Now you need to create your first Reverse DNS Zone,

# vi /var/named/chroot/var/named/data/
$TTL    24h   IN  SOA   mydomain.local.   root.mydomain.local (
        2007062800 ; serial number
        3h         ; refresh time
        30m        ; retry time
        7d         ; expire time
        3h         ; negative caching ttl
; Nameservers  IN  NS  ns.mydomain.local.
; Hosts     IN PTR  rc-026.mydomain.local.     IN PTR  rc-025.mydomain.local.     IN PTR  rc-014.mydomain.local.      IN PTR  rc-001.mydomain.local.     IN PTR  mx.mydomain.local.     IN PTR  mx2.mydomain.local.

5. Start the service and make sure it’ll start at boot

#service named start
#chkconfig named on

6. Now you need to configure your resolv.conf file

[root@rc-025 ~]# cat /etc/resolv.conf
   search mydomain.local
   nameserver // using local DNS
   nameserver // ISP name server

7. Make sure it’s running,
[root@rc-025 ~]# rndc status
number of zones: 2
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

8. Verifying DNS is working and local names are resolved.
Execute the command after login theDNS server

[root@rc-025 ~]# <strong>nslookup rc-001</strong>
    Name:   rc-001.mydomain.local

9. Verifying the external domain nslookup query is resolved,

[root@rc-025 ~]# <strong>nslookup</strong>
    Server:         <strong></strong>
     Non-authoritative answer:

10. Verifying Reverse DNS working : we can test it by using this nameserver’s ip Eg. host < name server ip> Which should returns a valid message like this,

[root@rc-025 ~]#<code> host domain name pointer rc-001.mydomain.local
Verifying my mail server has RDNS set
[root@rc-025 ~]# host domain name pointer rc-026.mydomain.local.
[root@rc-025 ~]#

Now All are set and ready to go !!

Pls note that Window Desktops will not accept any name server ip which has not RDNS set. This will lead to slowness of internet access.


Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>