The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the internet or a private network. It associates various information with domain names assigned to each of the participating entities.
It translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
This will help you to set up DNS server on CentOS 8 / RHEL 8.
Assumptions
Host Name: ns1.techlabzone.local
IP Address: 192.168.100.10
Install DNS Server
BIND stands for Berkeley Internet Name Domain, a software that provides an ability to perform name to ip conversion.
yum -y install bind bind-utils
Configure DNS Server
BIND’s main configuration file is /etc/named.conf. We will use this file to configure the DNS server and define the DNS zone.
By default, BIND listens on the localhost. So, we will configure DNS servers to listen on all network interfaces or a particular interface.
Edit the /etc/named.conf file.
vi /etc/named.conf
Comment out the following line. This will enable BIND to listen to system network interfaces other than the localhost.
Listen on all IP address:
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
Listen on particular IP address:
listen-on port 53 { 127.0.0.1; 192.168.100.10; };
Add your network in the following line. I’ve added 192.168.100.0/24 to allow clients from 192.168.100.0/24 network to query the DNS server for the name to ip translation.
allow-query { localhost;192.168.100.0/24; };
Create Zones
Edit /etc/named.conf file.
vi /etc/named.conf
Forward Zone
The following is the forward zone entry in named.conf file, written for the techlabzone.local domain.
zone "techlabzone.local" IN { // Domain Name
type master; // Master DNS Server
file "techlabzone.local.db"; // Zone File (/var/named/)
allow-update { none; }; // Since master DNS, it is none
};
techlabzone.local – Domain name
master – Primary DNS
techlabzone.local.db – Forward lookup file
allow-update – Since this is the master DNS, it should be none
Reverse Zone
The following is the reverse zone entry in the named.conf file.
zone "100.168.192.in-addr.arpa" IN { // Reverse Zone Name, should match with network in reverse order
type master; // Master DNS Server
file "192.168.100.db"; // Zone File (/var/named/)
allow-update { none; }; // Since master DNS, it is none
};
100.168.192.in-addr.arpa – Reverse lookup name
master – Primary DNS
192.168.100.db – Reverse lookup file
allow-update – Since this is the master DNS, it should be none
Create zone files
Now, it’s time to create a lookup file for a created zone. By default, zone lookup files are placed under /var/named directory. Create a zone file called techlabzone.local.db for the forward lookup under /var/named directory.
All domain names should end with a dot (.).
Forward Zone
There are some special keywords for Zone Files
Create a file.
vi /var/named/techlabzone.local.db
A – A record
NS – Name Server
MX – Mail for Exchange
CNAME – Canonical Name
$TTL 86400
@ IN SOA ns1.techlabzone.local. root.techlabzone.local. (
3 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS ns1.techlabzone.local.
;IP address of Name Server
ns1 IN A 192.168.100.10
;Mail exchanger
techlabzone.local. IN MX 10 mail.techlabzone.local.
;A - Record HostName To Ip Address
www IN A 192.168.100.100
mail IN A 192.168.100.150
;CNAME record
ftp IN CNAME www.techlabzone.local.
Whenever you update the zone files for the DNS record update, do not forget to increment the serial.
Reverse Zone
Create a zone file called 192.168.100.db for the reverse zone under /var/named directory, create a reverse pointer to the above forward zone entries.
vi /var/named/192.168.100.db
PTR – Pointer
SOA – Start of Authority
$TTL 86400
@ IN SOA ns1.techlabzone.local. root.techlabzone.local. (
3 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS ns1.techlabzone.local.
;Reverse lookup for Name Server
100 IN PTR ns1.techlabzone.local.
;PTR Record IP address to HostName
100 IN PTR www.techlabzone.local.
150 IN PTR mail.techlabzone.local.
Whenever you update the zone files for the DNS record update, do not forget to increment the serial.
Validate DNS Server Configuration
Use named-checkconf command to validate the configuration file.
named-checkconf /etc/named.conf
If you don’t see any error, then you are good to go.
Validate the forward zone file you have created with the below command.
named-checkzone techlabzone.local /var/named/techlabzone.local.db
techlabzone.local – Domain Name
/var/named/techlabzone.local.db – Path to a zone file
Output:
zone techlabzone.local/IN: loaded serial 3 OK
Perform the same for the reverse zone as well.
named-checkzone 100.168.192.in-addr.arpa /var/named/192.168.100.db
Output:
zone 100.168.192.in-addr.arpa/IN: loaded serial 3 OK
Start DNS Service
Once you validate DNS configurations, restart bind service.
systemctl restart named
Enable it on system startup.
systemctl enable named
DNS Record Update
Whenever you change a DNS record, do not forget to change the serial number in the zone file and reload the zone.
Change techlabzone.local & 100.168.192.in-addr.arpa with your zone names.
### Forward Zone ### rndc reload techlabzone.local ### Reverse Zone ### rndc reload 100.168.192.in-addr.arpa
Firewall
Add a firewall rule to allow DNS queries from client machines.
firewall-cmd --permanent --add-port=53/udp firewall-cmd --reload
Verify DNS Server
Visit any client machine and add a DNS server’s ip address in /etc/resolv.conf if Network Manager does not manage the network.
nameserver 192.168.100.10
If Network Manager manages the networking then place the following entry in /etc/sysconfig/network-scripts/ifcfg-eXX file.
DNS1=192.168.100.10
Restart network service.
service network restart OR systemctl restart NetworkManager
Use the following command to verify the forward lookup, where the DNS server gives 192.168.100.100 as ip for www.techlabzone.local.
dig www.techlabzone.local
Output:
; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> www.techlabzone.local ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42679 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 99d94df91828bc8e957709ec5e13f9cd0c242970a9488a91 (good) ;; QUESTION SECTION: ;www.techlabzone.local. IN A ;; ANSWER SECTION: www.techlabzone.local. 86400 IN A 192.168.100.100 ;; AUTHORITY SECTION: techlabzone.local. 86400 IN NS ns1.techlabzone.local. ;; ADDITIONAL SECTION: ns1.techlabzone.local. 86400 IN A 192.168.100.10 ;; Query time: 0 msec ;; SERVER: 192.168.100.10#53(192.168.100.10) ;; WHEN: Tue Sep 27 08:53:56 UTC 2020 ;; MSG SIZE rcvd: 124
Confirm the reverse lookup, where the DNS server gives www.techlabzone.local as a name for 192.168.100.100. It is now confirmed that both forward and reverse lookups are working fine.
dig -x 192.168.100.100
Output:
; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> -x 192.168.100.100 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43305 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: d36aa24edb88f8951b3fbf8c5e13fa2cbf0e3ed754a00eee (good) ;; QUESTION SECTION: ;100.100.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 100.100.168.192.in-addr.arpa. 86400 IN PTR www.techlabzone.local. ;; AUTHORITY SECTION: 100.168.192.in-addr.arpa. 86400 IN NS ns1.techlabzone.local. ;; ADDITIONAL SECTION: ns1.techlabzone.local. 86400 IN A 192.168.100.10 ;; Query time: 0 msec ;; SERVER: 192.168.100.10#53(192.168.100.10) ;; WHEN: Tue Sep 27 08:55:30 UTC 2020 ;; MSG SIZE rcvd: 148