As posted few days ago on my cheap VPS post, that I shall share some tips on how to configure authoritative DNS server on CentOS.
We start by getting the required package. I got CentOS 6.5 and CentOS 7 on my primary and secondary DNS VPS. First we need to install the bind package by issuing the following command
yum install bind bind-utils -y
With that, we can start configuring the our DNS server. We shall pretend that my IP is as follows on 2 different subnets:-
primary DNS IP is 192.1.1.1 Secondary DNS IP is 192.2.2.2 Domain: aditest.com Hosting IP: 188.188.188.188 /etc/named.conf listen-on port 53 { 192.1.1.1; }; allow-query { 192.1.1.1; 192.2.2.2; localhost; }; allow-transfer { 192.2.2.2; }; allow-recursion { 192.2.2.2; localhost; };
The listen port is to open up an IP on your server for DNS. There may be need to open up firewall/iptables if you have them blocking port 53 TCP and UDP.
Also allow-transfer is to allow the zone file to be transfered to our allowed secondary DNS server.
I did allow recursion on my dns server for both my primary and secondary. But since this is a authoritative dns server, you can actually not have the allow-recursion line and change so that your server is not used as public recursive DNS server
recursion yes;
to
recursion no;
I have added the following in /etc/named.conf for zones record.
zone "aditest.com" { type master; file "/var/named/aditest.com.db"; notify yes; allow-update { none; }; allow-query { any; }; };
This type indicate master as primary DNS Server. File indicating the zone file location.
You will also need a reverse zone on your /etc/named.conf. Where you can see that the IP is actually in reverse
zone "1.1.192.in-addr.arpa" IN { type master; file "/var/named/aditest.com.rr.db"; allow-update { none; }; allow-query { any; }; };
Then, then next step is to create the zone file
vi /var/named/aditest.com.db
On the file, you will include the following:-
$ORIGIN aditest.com $TTL 86400 @ IN SOA ns87.aditest.com. admin.aditest.com. ( 2016123001 ; serial number 1800 ; refresh 3600 ; retry 604800 ; expire 1800 ; minimum ) @ IN NS ns87.aditest.com. @ IN NS ns88.aditest.com. @ IN A 188.188.188.188 ns87 IN A 192.1.1.1 ns88 IN A 192.2.2.2 web1 IN A 188.188.188.188 www IN CNAME 188.188.188.188 www2 IN CNAME www
The SOA line is the Start of Authority.
ns87.aditest.com – primary nameserver
admin.aditest.com – administrator email address translated as admin@adi.test.com (because @ is use for other purpose)
I then have two line of NS record indicating both my primary and secondary nameserver. The IP is then listed on the ns87 and ns88’s A record.
The first A record would be where my domain would be pointed towards.
web1 would be a subdomain whereby it is possible to forward to another host or directory when someone try to get http://web1.aditest.com.
www2 is a Canonical Name (CNAME) which will forward request to the http://www.aditest.com when user tries to access http://www2.aditest.com.
Once that is configured, you will need to restart your named service. On CentOS you will use
service named start
or CentOS 7
systemctl start named.service
From your PC or another host, you should be able to do a dig or nslookup towards your nameserver for the domain
$ dig aditest.com @192.1.1.1 ; <<>> DiG 9.10.4-P4 <<>> aditest.com @192.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30856 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;aditest.com. IN A ;; ANSWER SECTION: aditest.com. 86400 IN A 188.188.188.188 ;; AUTHORITY SECTION: aditest.com. 86400 IN NS ns87.aditest.com. aditest.com. 86400 IN NS ns88.aditest.com. ;; ADDITIONAL SECTION: ns87.aditest.com. 86400 IN A 192.1.1.1 ;; Query time: 53 msec ;; SERVER: 192.1.1.1#53(192.1.1.1) ;; WHEN: Fri Dec 30 11:54:02 EST 2016 ;; MSG SIZE rcvd: 124