Activities

October 2010
M T W T F S S
« Sep   Nov »
 123
45678910
11121314151617
18192021222324
25262728293031

How do I setup nameserver using Centos

Here are the stpes to configure local nameservers which would help you to resolve DNS for local resource installed on the LAN and Faster nslookup queery which will help to resolve the name very fast for intranet users.

1. Install packages :
#yum install bind bind-chroot bind-libs bind-utils caching-nameserver

2. Configure RNDC :

 #cd /var/named/chroot/etc
 #rndc-confgen > rndc.key
 # chown root:named rndc.key

3. Edit rndc.key so it looks like this, You may need to comment some lines on it.

[root@rc-025 ~]# cat  /var/named/chroot/etc/rndc.key | sed '/ *#/d; /^ *$/d'
key "rndckey" {
        algorithm hmac-md5;
        secret "f5wyuMBPnEZBbO/333L4ig==";
};

4. Configure /var/named/chroot/etc/named.conf

// we include the rndckey (copy-paste from rndc.key created earlier)
key "rndckey" {
      algorithm hmac-md5;
      secret "f5wyuMBPnEZBbO/333L4ig==";
};

// we assume our server has the IP 192.168.254.207 serving the 192.168.254.0/24 subnet
controls {
        inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
        inet 192.168.0.1 allow { 192.168.0.0/24; } keys { "rndckey"; };
};

options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";

        recursion yes;

        allow-recursion {
                127.0.0.1;
                192.168.0.0/24;
                };

        // these are the opendns servers (optional)
        forwarders {
                125.2.4.12;
                 20.8.23.3;
        };

        listen-on {
                127.0.0.1;
                192.168.0.1;
                192.168.0.25;
                };

        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        query-source address * port 53;

        // so people can't try to guess what version you're running
        version "REFUSED";

        allow-query {
                127.0.0.1;
                192.168.0.0/24;
                };
        };

server 192.168.0.1 {
        keys { rndckey; };
        };

zone "." IN {
        type hint;
        file "named.ca";
        };

// forward zone
zone "rain-concert.intra" IN {
        type master;
        file "data/mydomain.local.zone";
        allow-update { none; };
#        // we assume we have a slave dns server with the IP 192.168.254.101
#       allow-transfer { 192.168.254.101; };
       };

#// reverse zone
zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "data/192.168.0.zone";
        allow-update { none; };
  #   // we assume we have a slave dns server with the IP 192.168.254.101
  #allow-transfer { 192.168.254.101; };
        };

Here,

1. I added rndckey which is created before in the config. file.
key “rndckey” {
algorithm hmac-md5;
secret “f5wyuMBPnEZBbO/333L4ig==”;
};
2. Dns server ip is 192.168.0.1 and network is 192.168.0.0/24
3. DNS forwarder name servers ip address are 125.2.4.12, 20.8.23.3 ( using diff. ISP’s)
4. listen-on : My name server is listing on 2 Nic cards ( failover) 192.168.01 and 192.168.0.25
5. forward zone : My forwarder zone name is “mydomain.local
6: reverse zone : My reverse zone name is ” 0.168.192.in-addr.arpa

Now you need to create your first Forward DNS Zone,

#vi /var/named/chroot/var/named/data/mydomain.local.zone

$ttl 38400
mydomain.local.       IN      SOA     ns.mydomain.local. admin.mydomain.local. (
                       2007020400   ; Serial
                       10800           ; Refresh after 3 hours
                       3600            ; Retry after 1 hour
                       604800          ; Expire after 1 week
                       86400 )         ; Minimum TTL of 1 day
mydomain.local.       IN      NS      ns.mydomain.local.
mydomain.local.               IN      MX      1       mx.mydomain.local.
mydomain.local.               IN      MX      5       mx2.mydomain.local.
www.mydomain.local.         IN      A       192.168.0.1
ns.mydomain.local.             IN      A       192.168.0.1
ns1.mydomain.local.            IN      A       192.168.0.1
ns2.mydomain.local.            IN      A       192.168.0.8
mx.mydomain.local.             IN      A       192.168.0.26
mx2.mydomain.local.            IN      A       192.168.0.26
mail.mydomain.local.          IN      CNAME     mx.mydomain.local.
intranet.mydomain.local.    IN         A        192.168.0.14
Admin-PC.mydomain.local.    IN       A        192.168.0.90
secured_share.mydomain.local.  IN  A       192.168.0.40
news.mydomain.local.    IN             A       192.168.0.14
dev_sites.mydomain.local.    IN       A  192.168.0.14

Now you need to create your first Reverse DNS Zone,

# vi /var/named/chroot/var/named/data/192.168.0.zone
$TTL    24h
0.168.192.in-addr.arpa.   IN  SOA   mydomain.local.   root.mydomain.local (
        2007062800 ; serial number
        3h         ; refresh time
        30m        ; retry time
        7d         ; expire time
        3h         ; negative caching ttl
)
; Nameservers
0.168.192.in-addr.arpa.  IN  NS  ns.mydomain.local.
; Hosts
26.0.168.192.in-addr.arpa.     IN PTR  rc-026.mydomain.local.
25.0.168.192.in-addr.arpa.     IN PTR  rc-025.mydomain.local.
14.0.168.192.in-addr.arpa.     IN PTR  rc-014.mydomain.local.
1.0.168.192.in-addr.arpa.      IN PTR  rc-001.mydomain.local.
26.0.168.192.in-addr.arpa.     IN PTR  mx.mydomain.local.
26.0.168.192.in-addr.arpa.     IN PTR  mx2.mydomain.local.

5. Start the service and make sure it’ll start at boot

#service named start
#chkconfig named on

6. Now you need to configure your resolv.conf file

[root@rc-025 ~]# cat /etc/resolv.conf
   search mydomain.local
   nameserver 127.0.0.1 // using local DNS
   nameserver 125.224.7.125 // ISP name server

7. Make sure it’s running,
[root@rc-025 ~]# rndc status
number of zones: 2
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

8. Verifying DNS is working and local names are resolved.
Execute the command after login theDNS server

[root@rc-025 ~]# <strong>nslookup rc-001</strong>
     Server:         127.0.0.1
    Address:        127.0.0.1#53
    Name:   rc-001.mydomain.local
    Address: 192.168.0.1

9. Verifying the external domain nslookup query is resolved,

[root@rc-025 ~]# <strong>nslookup google.com</strong>
    Server:         <strong>127.0.0.1</strong>
    Address:        127.0.0.1#53
     Non-authoritative answer:
    Name:   google.com
    Address: 209.85.231.104

10. Verifying Reverse DNS working : we can test it by using this nameserver’s ip Eg. host < name server ip> Which should returns a valid message like this,

[root@rc-025 ~]#<code> host 192.168.0.1

1.0.168.192.in-addr.arpa domain name pointer rc-001.mydomain.local
Verifying my mail server has RDNS set
[root@rc-025 ~]# host 192.168.0.26
26.0.168.192.in-addr.arpa domain name pointer rc-026.mydomain.local.
[root@rc-025 ~]#

Now All are set and ready to go !!

Pls note that Window Desktops will not accept any name server ip which has not RDNS set. This will lead to slowness of internet access.

-njoy

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>