How to Setup Master-Slave DNS Server using BIND on CentOS 7

0
3007

Welcome gurus to this very tutorial on how to install and configure BIND (Berkeley Internet Name Domain) utility as both Master and Slave DNS server on CentOS.

There are different open-source packages that can be used to configure DNS nameservers. Some of these packages include BIND, dnsmasq, and unbound. In this tutorial, we are going to use BIND package to configure our local DNS server. BIND is an open-source software that is used to implement DNS protocols that defines how networked devices can locate one another based on their hostnames.

In this tutorial, we will be using three CentOS 7 servers configured as follows:

  • Server1
    • Hostname: server1.example.com
    • Ip Address: 192.168.122.10
    • Role: Master DNS server
  • Server2
    • Hostname: server2.example.com
    • Ip Address: 192.168.122.11
    • Role: Slave DNS server
  • Server3
    • Hostname: server3.example.com
    • Ip Address: 192.168.122.20
    • Role: client server

In all the servers, we have to install BIND packages before we proceed with configurations;

# yum install -y bind bind-utils

Once the package is installed, let us get to work.

Configuring Master DNS Server

Let’s begin by editing BIND main configuration file /etc/named.conf and make the adjustments as shown below.

We would want to allow specific hosts to access the master DNS server. Therefore, we will create an Access Control List called allowed containing IP addresses of the hosts to be allowed before the options sections in the configuration file;

# vim /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

# Create an access control list called allowed 
acl "allowed" {
        192.168.122.10;
        192.168.122.11;
        192.168.122.20;
};
options {
        listen-on port 53 { 127.0.0.1; 192.168.122.10; }; # IP Address of the Master
        listen-on-v6 port 53 { ::1; };
        directory   "/var/named";
        dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; allowed; }; # Enable 'allowed' hosts to query Master DNS
        allow-transfer  { localhost; 192.168.122.11; }; #IP Address of secondary nameserver

Create zone statements for both forward and reverse DNS lookups.

# Zone statement for forward DNS lookup
zone "example.com" IN {
        type master;                           # type of zone
        file "/var/named/forward.example.com"; # location of forward zone file
        allow-update { none; };
};
# Zone statement for reverse DNS lookup
zone    "122.168.192.in-addr.arpa" IN {
        type master;                    
        file "/var/named/reverse.example.com"; # location of reverse zone file
        allow-update { none; };
};

After that, save the configuration file and exit.

Create Zone files for both the forward and reverse zone statements created in the /etc/named.conf

  • Creating a Forward zone file.As specified in the zone statement in the /etc/named.conf file, forward zone file is located /var/named/forward.example.com. Open the file and edit it as follows;# vim /var/named/forward.example.com
    $ORIGIN example.com.
    $TTL 86400
    @   IN  SOA server1.example.com. root.example.com. (
            2017020401   ; serial
            3600         ; refresh
            1800         ; retry
            604800       ; expire
            86400 )      ; minimum TTL
    ;
    ; define nameservers
        IN  NS  server1.example.com.
        IN  NS  server2.example.com.
    ;
    ; IP address and hostname
    server1 IN  A   192.168.122.10
    server2 IN  A   192.168.122.11
    ;
    ;client records
    server3 IN  A   192.168.122.20
    

    Save the file and exit the editor.

  • Creating a reverse zone file.# vim /var/named/reverse.example.com
    $ORIGIN 122.168.192.in-addr.arpa.
    $TTL    86400
    @   IN  SOA server1.example.com.    root.example.com. (
            2017020402  ; serial
            3600        ; refresh
            1800        ; retry
            604800      ; expire
            86400 )     ; minimum TTL
    ;
    ;nameservers
        IN  NS  server1.example.com.
        IN  NS  server2.example.com.
    ;
    ;nameserver IP addresses
        IN  A   192.168.122.10
        IN  A   192.168.122.11
    ;
    ; client IP Address
        IN  A   192.168.122.20
    ; nameserver PTR records
    10  IN  PTR server1.example.com.
    11  IN  PTR server2.example.com.
    ;
    ; client PTR records
    20  IN  PTR server3.example.com.
    

Save the file and exit the editor.

Before starting BIND i.e named service, check that there are no syntactic errors in your configuration files using the following command;

# named-checkconf

If the configuration file has no error, the command will return nothing.

  • To verify the syntax of the forward zone file run the following command;
    # named-checkzone example.com /var/named/forward.example.com 
    zone example.com/IN: loaded serial 2017020401
    OK
    
  • To verify the syntax of the reverse zone file, run the command.
    # named-checkzone 122.168.192.in-addr.arpa /var/named/reverse.example.com 
    zone 122.168.192.in-addr.arpa/IN: loaded serial 2017012001
    OK
    

Since there are no errors, we can start BIND and enable it to start on boot.

# systemctl start named
# systemctl enable named

If firewall is running, enable dns service through it and reload the firewall.

# firewall-cmd --add-service=dns --permanent;firewall-cmd --reload 

Change DNS server of the master to that of its own by editing the /etc/resolv.conf file and adding the nameserver IP address

# vim /etc/resolv.conf

Add the line: nameserver 192.168.122.10

Change the dns server details on the network interface. My network interface is eth0.

# nmcli con mod eth0 ipv4.dns 192.168.122.10
# nmcli con down eth0; nmcli con up eth0 

After that, test to check if the hostnames or addresses are being resolved.

To check name resolution:
# dig server1.example.com

To check hostname resolution;
# dig -x 192.168.122.10`

Configuring Slave DNS server.

Install BIND package.

# yum install bind bind-utils -y

Edit the /etc/named.conf file and make the adjustments as shown below.

# vim /etc/named.conf

## Create an ACL
acl "allowed" {
        192.168.122.10;
        192.168.122.11;
        192.168.122.20;
};
options {
        listen-on port 53 { 127.0.0.1; 192.168.122.11; }; ## Slave server IP address
        listen-on-v6 port 53 { ::1; };
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query { localhost; allowed; }; ## Allows 'allowed ' hosts to query Slave DNS
        allow-transfer { none; }; ## Disable zone transfer
  • Create zone statements for both forward and reverse dns lookups.
    # zone statement for forward dns lookup
    zone "example.com" IN {
            type slave;
            file "slaves/forward.example.com";
            masters { 192.168.122.10; };
    };
    # zone statement for reverse dns lookup
    zone  "122.168.192.in-addr.arpa" IN {
            type slave;
            file "slaves/reverse.example.com";
            masters { 192.168.122.10; };
    };      
    

Save the file and exit.

Change the DNS server details on your network interface. In this case, we will add both DNS servers and restart the interface.

# nmcli con mod eth0 +ipv4.dns "192.168.122.10 192.168.122.11"
# nmcli con down eth0;nmcli con up eth0

Edit the /etc/resolv.conf file by adding the following lines.

# nameserver 192.168.122.10
# nameserver 192.168.122.11

Allow DNS service through firewall and reload firewall.

# firewall-cmd --add-service=dns --permanent;firewall-cmd --reload 

Test the Server, if everything goes well, proceed to configure the client.

Configuring the client

Log into the client and edit the /etc/resolv.conf file. Add the IP addresses of both the primary and secondary nameserver.

# nameserver 192.168.122.10
# nameserver 192.168.122.11

Test for forward lookup;

# nslookup server3.example.com
Server:     192.168.122.10
Address:    192.168.122.10#53

Name:   server3.example.com
Address: 192.168.122.20

Test the reverse lookup;

# nslookup 192.168.122.20
Server:     192.168.122.10
Address:    192.168.122.10#53

20.122.168.192.in-addr.arpa name = server3.example.com.

Magnificent, your local DNS server is now set up and operational.

LEAVE A REPLY

Please enter your comment!
Please enter your name here