Configure Authoritative DNS Server on CentOS

As posted few days ago on my cheap VPS post, that I shall share some tips on how to configure authoritative DNS server on CentOS.

We start by getting the required package. I got CentOS 6.5 and CentOS 7 on my primary and secondary DNS VPS. First we need to install the bind package by issuing the following command

yum install bind bind-utils -y

With that, we can start configuring the our DNS server. We shall pretend that my IP is as follows on 2 different subnets:-

primary DNS IP is 192.1.1.1
Secondary DNS IP is 192.2.2.2
Domain: aditest.com
Hosting IP: 188.188.188.188

/etc/named.conf
listen-on port 53 { 192.1.1.1; };
allow-query { 192.1.1.1; 192.2.2.2; localhost; };
allow-transfer { 192.2.2.2; };
allow-recursion { 192.2.2.2; localhost; };

The listen port is to open up an IP on your server for DNS. There may be need to open up firewall/iptables if you have them blocking port 53 TCP and UDP.

Also allow-transfer is to allow the zone file to be transfered to our allowed secondary DNS server.

I did allow recursion on my dns server for both my primary and secondary. But since this is a authoritative dns server, you can actually not have the allow-recursion line and change so that your server is not used as public recursive DNS server

recursion yes;

to

recursion no;

I have added the following in /etc/named.conf for zones record.

zone "aditest.com" {
	type master;
	file "/var/named/aditest.com.db";
	notify yes;
	allow-update { none; };
	allow-query { any; };
	};

This type indicate master as primary DNS Server. File indicating the zone file location.

You will also need a reverse zone on your /etc/named.conf. Where you can see that the IP is actually in reverse

zone "1.1.192.in-addr.arpa" IN {
	type master;
	file "/var/named/aditest.com.rr.db";
	allow-update { none; };
	allow-query { any; };
	};

Then, then next step is to create the zone file

vi /var/named/aditest.com.db

On the file, you will include the following:-

$ORIGIN aditest.com
$TTL 86400
@	IN	SOA	ns87.aditest.com.	admin.aditest.com. ( 
		2016123001 ; serial number
		1800 ; refresh
		3600 ; retry
		604800 ; expire
		1800 ; minimum
		)
@	IN	NS	ns87.aditest.com.
@	IN	NS	ns88.aditest.com.
@	IN	A	188.188.188.188
ns87	IN 	A	192.1.1.1
ns88	IN 	A	192.2.2.2
web1	IN 	A	188.188.188.188
www 	IN 	CNAME 	188.188.188.188
www2 	IN 	CNAME 	www

The SOA line is the Start of Authority.

ns87.aditest.com – primary nameserver
admin.aditest.com – administrator email address translated as [email protected] (because @ is use for other purpose)

I then have two line of NS record indicating both my primary and secondary nameserver. The IP is then listed on the ns87 and ns88’s A record.

The first A record would be where my domain would be pointed towards.

web1 would be a subdomain whereby it is possible to forward to another host or directory when someone try to get http://web1.aditest.com.

www2 is a Canonical Name (CNAME) which will forward request to the http://www.aditest.com when user tries to access http://www2.aditest.com.

Once that is configured, you will need to restart your named service. On CentOS you will use

service named start

or CentOS 7

systemctl start named.service

From your PC or another host, you should be able to do a dig or nslookup towards your nameserver for the domain

$ dig aditest.com @192.1.1.1

; <<>> DiG 9.10.4-P4 <<>> aditest.com @192.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30856
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aditest.com. IN A

;; ANSWER SECTION:
aditest.com. 86400 IN A 188.188.188.188

;; AUTHORITY SECTION:
aditest.com. 86400 IN NS ns87.aditest.com.
aditest.com. 86400 IN NS ns88.aditest.com.

;; ADDITIONAL SECTION:
ns87.aditest.com. 86400 IN A 192.1.1.1

;; Query time: 53 msec
;; SERVER: 192.1.1.1#53(192.1.1.1)
;; WHEN: Fri Dec 30 11:54:02 EST 2016
;; MSG SIZE rcvd: 124

One thought on “Configure Authoritative DNS Server on CentOS

  1. Pingback:Configuring Secondary Authoritative DNS Server on CentOS – Adi Wong

Leave a Reply

Your email address will not be published. Required fields are marked *