REDHAT 5 – DNS

Posted: September 7, 2010 in REDHAT 5 LinUX

DNS

Introduction

Domain Name System (DNS) converts the name of a Web site (www.linuxhomenetworking.com) to an IP address (65.115.71.34). This step is important, because the IP address of a Web site’s server, not the Web site’s name, is used in routing traffic over the Internet. This chapter will explain how to configure your own DNS server to help guide Web surfers to your site.

The first thing we will need to do is determine if BIND is already installed on your system. The method I use is to check through the RPM Package Manager. This will not work if you downloaded the BIND source code and compiled it.

Type the following at the command prompt:
rpm -qa | grep -i bind
rpm -qa | grep -i caching

If BIND is installed you should get something similar to this (ignore ypbind…it is unrelated to BIND) .

If BIND is not installed you will get something similar to the below image and you should keep reading.

We want to download the following files:
bind-9.2.1-16.i386.rpm
bind-devel-9.2.1-16.i386.rpm
bind-utils-9.2.1-16.i386.rpm
caching-nameserver-7.2-7.noarch.rpm

To verify the RPM’s installed successfully, issue the following commands.

rpm -qa | grep -i bind
rpm -qa | grep -i caching

BIND should now be installed and you should get a screen similar to the following.

Now we need to make sure the BIND service starts upon boot-up. To do this we will use chkconfig and tell the OS to start named (BIND) to start on runlevels 3 and 5. For more information about runlevels and the Linux boot process.

Issue the following commands to chkconfig to turn named (BIND) on for runlevels 3 and 5. Then we will verify they have been turned on.

chkconfig –levels 35 named on
chkconfig –list | grep -i named

I should also mention instead of using chkconfig you could have used the RedHat Text Mode Setup Utility. From the command line type setup and press enter. Scroll down to System Services and press enter. Scroll down to named and press the spacebar to put a check on it. Press tab, enter, tab, tab, enter. You should be back to the prompt. Verify that named will boot-up. Note: If you didn’t install X Windows, runlevel 5 may not be turned on. This is ok because runlevel 5 is Multi-User GUI mode.

Everything looks good. Now we will start BIND and verify it is running.

/etc/init.d/named start
ps aux | grep -i named

Now we will configure BIND to be a primary name server for a single zone. I will use the fictitous domain somefakedomain.com as an example. We will add the hostnames www, ftp, and mail. We will also have BIND respond if no hostname is specified in a query (i.e. somefakedomain.com).

BIND stores its configuration data in named.conf which is located in the /etc directory. This file contains the names of the zones and location of the zone data files that it is responsible for answering queries for. The zone data files are stored by default at /var/named (although you can change this path if you wish). Before you can make any changes I will assume you know which text editor you will be using. I prefer pico, but for this tutorial I will use vi since it has a better chance of being installed by default.

Switch over to the /etc directory and open the named.conf file.

cd /etc
vi named.conf

You should see something that looks like the following.

Scroll through the file and take a look at the contents. Locate the localhost zone.

zone “localhost” IN {

type master;

file “localhost.zone”;

allow-update { none; };

};

Move the cursor on the blank like below the }; and press the i key. The i key puts vi in insert mode (you should see — INSERT — at the botton of vi). Press the enter key once then type in the following. Note: the spacing in front of type, file, and allow-update are tabs, so press the tab key on each of those lines.

zone “somefakedomain.com” IN {

type master;

file “somefakedomain.com.zone”;

allow-update { none; };

};

Be sure to put a blank line underneath the }; when you are done. It always helps to keep your files neat and clean. Now we will save the file. Press ESC and vi should leave insert mode (– INSERT — at the bottom of vi should disappear). Now type :wq and enter. vi should write our changes and exit back to the prompt.

We have told BIND that we handle the somefakedomain.com domain and the zone data is in the somefakedomain.com.zone file located at /var/named. Now we have to create the somefakedomain.com.zone file.

Switch over to /var/named and make a copy of the localhost.zone file and save it as somefakedomain.com.zone. This will give us a template to work with so we don’t have to type as much. It also saves us from changing the file’s owner, group, and permissions.

cd /var/named
cp localhost.zone somefakedomain.com.zone
vi somefakedomain.com.zone

You should get something that looks like this.

Put vi in insert mode and alter the zone file so it looks like the data below. Use tabs between items. Where I use 192.168.1.200 you should replace with your public IP address (don’t use local LAN IP’s).

$TTL 86400

$ORIGIN somefakedomain.com.

@       IN      SOA     ns1.somefakedomain.com. admin.somefakedomain.com. (

2004042601     ; serial

21600          ; refresh

3600           ; retry

604800         ; expires

86400 )        ; minimum

IN      NS             ns1.somefakedomain.com.

IN      MX      10      mail.somefakedomain.com.

IN      A              192.168.1.200

ns1     IN      A              192.168.1.200

www     IN      A              192.168.1.200

ftp     IN      A              192.168.1.200

mail    IN      A              192.168.1.200

Let’s briefly go over the values (if you want more details on the contents of a zone file visit).

“ns1.somefakedomain.com.” is the name server responsible for somefakedomain.com. When you register a domain name the registrar asks you for the name servers names and IP’s. We have given our name server the name ns1 (i.e. name server 1). So if we were to register somefakedomain.com, we would use ns1.somefakedomain.com for the name and the IP address of the machine we have designated as our DNS server.

“admin.somefakedomain.com.” is the email address of the administrator in charge of the zone. You replace the @ symbol in the email address with a period. So admin@somefakedomain.com becomes admin.somefakedomain.com.

The “IN NS ns1.somefakedomain.com.” means we are declaring ns1.somefakedomain.com to be a name server.

With “IN MX 10 mail.somefakedomain.com.” we are declaring a mail exchange (or mail server) with a priority of 10. Since we only use one mail server the priority has no effect.

The “IN A 192.168.1.200” means we are declaring a host (with no hostname, so it means somefakedomain.com) and it’s IP is 192.168.1.200. Any queries on just somefakedomain.com will resolve to 192.168.1.200. This is is useful when you configure your web server to work on somefakedomain.com or http://www.somefakedomain.com. They both point to the same thing and will return the same web site.

The rest of the entries mean we are declaring hosts ns1, www, ftp, and mail (ns1.somefakedomain.com, http://www.somefakedomain.com, http://ftp.somefakedomain.com, and mail.somefakedomain.com). Since they all share the same IP, each of those services will run from the same machine. If you had the mail server running on a different machine then you would substitute that machines IP address in place of 192.168.1.200. The same goes for the rest of the hosts.

When you are done editing the zone file, it should look like this.

Save it and close out of vi. Press ESC to get out of insert mode, type :wq and press enter. You should be back to the command prompt.

Now we need to tell named (BIND) to load the zone and answer any queries that come in.

/etc/init.d/named reload

Now we can test our domain using nslookup.

nslookup
server 127.0.0.1
somefakedomain.com
http://www.somefakedomain.com
mail.somefakedomain.com

You should see something similar to the following screen.

Everything looks good. BIND is resolving our somefakedomain.com. When you are done, type exit and press enter.

If you purchased a real domain name then you shouldn’t have any trouble configuring BIND to respond to any queries for it. If you have a firewall running such as iptables, make sure you have port 53 open. If you use a hardware firewall or router, open port 53 and port forward any requests for port 53 to the correct machine on your LAN. Make sure all IP’s you use in your zone files are the public IP addresses accessible from the Internet. And you will need static IP addresses. Dynamic IP addresses from providers such as Charter or Adelphia won’t work. You may have the same IP for a long time but it eventually change. At that time you will have to contact your domain name registrar and have them change your DNS server IP address. You might want to contact your ISP and see if they offer static IP’s. If they do you might be paying more for your Internet service. It might be time to migrate your server to a co-location.

Now we will configure BIND to be a secondary name server for a single zone. We will use the same fictitous domain somefakedomain.com from before. Before we do anything for the secondary zone we should edit our primary zone file and add the secondary server. All name servers for our zone should have a NS entry and the hostname defined. Using the steps from before, open your zone file in vi and add the NS for your secondary name server below the primary. Also add the hostname under hosts and modify the serial to a new value. Be sure to use the public IP address of your second system in place of the 192.168.1.201 I use in the example. Save your changes. This is what your zone file should resemble on the primary name server.

Next we need to edit the /etc/named.conf to inform BIND to send a copy of our zone to the secondary name server. Open named.conf in vi and modify the zone entry. Include allow-transfer { 192.168.1.201; }; and save your changes. Your named.conf should look similar to this.

Now we will configure the secondary name server. Make sure BIND is installed and running. Refer to part 1 of this tutorial if you are in doubt or need a refresher.

Open /etc/named.conf and enter this below the localhost zone.

zone "somefakedomain.com" IN {
        type slave;
        file "somefakedomain.com.zone";
        masters { 192.168.1.200; };
};

Be sure to replace 192.168.1.200 with the public IP address of your primary server. Save named.conf and yours should look similar to this.

That’s it! Now all you have to do is reload the zone on the primary server. Issue this command..

rndc reload

Now if you check your system log you should see the zone being transferred to the secondary server.

cat /var/log/messages

Go into /var/named on the secondary server and list the directory. You should see a copy of the zone file somefakedomain.com.zone.

cd /var/named
ls

If you view the contents of the zone it should look similar to that of the master copy.

cat somefakedomain.com.zone

This concludes the Configuring BIND on RedHat

The /etc/resolv.conf File

DNS clients (servers not running BIND) use the /etc/resolv.conf file to determine both the location of their DNS server and the domains to which they belong. The file generally has two columns; the first contains a keyword, and the second contains the desired values separated by commas.

Table 18.1 Keywords In /etc/resolv.conf

Keyword Value
Nameserver IP address of your DNS nameserver. There should be only one entry per “nameserver” keyword. If there is more than one nameserver, you’ll need to have multiple “nameserver” lines.
Domain The local domain name to be used by default. If the server is bigboy.my-web-site.org, then the entry would just be my-web-site.org
Search If you refer to another server just by its name without the domain added on, DNS on your client will append the server name to each domain in this list and do an DNS lookup on each to get the remote servers’ IP address. This is a handy time saving feature to have so that you can refer to servers in the same domain by only their servername without having to specify the domain. The domains in this list must separated by spaces.

Take a look at a sample configuration in which the client server’s main domain is my-site.com, but it also is a member of domains my-site.net and my-site.org, which should be searched for shorthand references to other servers. Two name servers, 192.168.1.100 and 192.168.1.102, provide DNS name resolution:

search my-site.com my-site.net my-site.org
nameserver 192.168.1.100
nameserver 192.168.1.102

The first domain listed after the search directive must be the home domain of your network, in this case my-site.com. Placing a domain and search entry in the /etc/resolv.conf is redundant, therefore.

Conclusion

DNS management is a critical part of the maintenance of any Web site. Fortunately, although it can be a little complicated, DNS modifications are usually infrequent, because the IP address of a server is normally fixed or static. This is not always the case. There are situations in which a server’s IP address will change unpredictably and frequently, making DNS management extremely difficult.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s