24/09/2021

Setup DNS Server CentOS 8

Install DNS Server (Bind) on CentOS 8

Example Host

We have an existing VPS “host1”.

 
HostRoleIP
host1Generic Host 1172.30.43.14

We have a DNS server:

 
HostRoleIP
ns1DNS Server172.30.43.55

Installation

1. Install the package:

yum install bind bind-utils 

Configuration of DNS Server (ns1)

BIND’s configuration consists of multiple files which are included in the main file which is “named.conf”. The filenames begin with “named” because it is the process that bind runs.

2. Open the configuration file:

vim /etc/named.conf

3. Above the existing options block, create a new ACL block called “trusted”. This is where we will define the list of clients which recursive DNS queries will be allowed.

acl “trusted” {
172.30.43.55; #ns1
172.30.43.14; #host1
};


4. Now add the private address of ns1 to the listen-on port 53 directive in the option block and comment the listen-on-v6 line.

options {

listen-on port 53 {127.0.0.1; 172.30.43.55}


5. Change allow-query directive from localhost to trusted.


allow-query { trusted; };


Save and exit named.conf.
6. At the end of the file, add the following line:

include “/etc/named/named.conf.local”;

We will now proceed to configure the DNS zones.

A forward lookup DNS zone is one that stores the host name ip address relationship. When queried, it gives the IP address of the host system using the host name. In contrast, the reverse DNS zone returns the Fully Qualified Domain Name (FQDN) of the server in relation to it’s IP address.

7. Open named.conf.local :

vim /etc/named/named.conf.local

8. You can use the following as a template:

//forward zone
zone “mgo-lab-ns1.local” IN {
     type master;
     file “mgo-lab-ns1.local.db“;
     allow-update { none; };
     allow-query { any; };
};
//backward zone
zone “43.30.172.in-addr.arpa” IN {
     type master;
     file “mgo-lab-ns1.local.rev“;
     allow-update { none; };
    allow-query { any; };
};

  • type: Stipulates the role of the server for a particular zone. the attribute ‘master’ implies that this is an authoritative server.
  • file: Points to the forward / reverse zone file of the domain.
  • allow-update: This attribute defined the host systems which are permitted to forward Dynamic DNS updates. In this case, we don’t have any.

Now, we will create the corresponding forward and reverse zone files since our zones are specified in BIND.

9. Create the directory where the zone files will be created. As mentionned in the named.conf.local, it should be /etc/named/zones.

chmod 755 /etc/named
mkdir /etc/named/zones

10. Let’s edit our Forward Zone file:

vim /var/named/mgo-lab-ns1.local.db

Add the SOA record:
Replace highlighted text with your respective values.
Also, every time a zone file is edited, the serial value should be incremented.

$TTL 86400
@ IN SOA mgo-lab-ns1. admin.mgo-lab-ns1. (
                                                3 ;Serial
                                                3600 ;Refresh
                                                1800 ;Retry
                                                604800 ;Expire
                                                86400 ;Minimum TTL
)

Add records:

;Name Server Information
@ IN NS mgo-lab-ns1.
;IP Address for Name Server
dns-primary IN A 172.30.43.55
;A Record for the following Host name
www  IN   A   172.30.43.55
mail IN   A   172.30.43.55
;CNAME Record
ftp  IN   CNAME www.mgo-lab-ns1.local.

11. We will create the file for the reverse DNS lookup similarly:

vim /var/named/mgo-lab-ns1.local.rev

Paste the following:

$TTL 86400
@ IN SOA mgo-lab-ns1mgo-lab-ns1. (
                                            2020011800 ;Serial
                                            3600 ;Refresh
                                            1800 ;Retry
                                            604800 ;Expire
                                            86400 ;Minimum TTL
)
;Name Server Information
@ IN NS mgo-lab-ns1.
dns-primary     IN      A      172.30.43.55
;Reverse lookup for Name Server
55 IN PTR mgo-lab-ns1.
;PTR Record IP address to Hostname
55      IN      PTR     www.mgo-lab-ns1.local
55      IN      PTR     mail.mgo-lab-ns1.local

12. Assign the necessary permissions to both files:

chown named:named /var/named/mgo-lab-ns1.local.db
chown named:named /var/named/mgo-lab-ns1.local.rev

13. Check syntax errors:

named-checkconf
named-checkzone mgo-lab-ns1.local /var/named/mgo-lab-ns1.local.db
named-checkzone 172.30.43.55 /var/named/mgo-lab-ns1.local.rev

If no errors, you should obtain the output as below:

14. Restart bind server:

systemctl restart named

15. Now to access the system, we will need to add the DNS service on the firewall.

firewall-cmd  –add-service=dns –zone=public  –permanent
firewall-cmd –reload

Testing

We will now test the DNS server from a client (host1).

16. On client machine, open the /etc/resolv.conf and edit the following parameter:

nameserver 172.30.43.55

17. Lastly, append the bind DNS server’s IP to the network interface configuration file:

vim /etc/sysconfig/network-scripts/ifcfg-ens192

Add:

DNS = “172.30.43.55

18. Restart network manager service for changes to be effective:

systemctl restart NetworkManager

19. We can now use the nslookup command to test the DNS Server as shown below:

Leave a Reply

Your email address will not be published.