Setting up DNS server RHEL 5.0 5.1 5.2 / DNS howto RHEL5 :-- ElectroMech Nilesh Vaghela
DNS howto for RHEL5 with following assumption
By ElectroMech Nilesh Vaghela
Domain name : example.com
Network : 192.168.0.0/24
DNS working with chroot environment.
root@station37 ~# yum install bind* caching-nameserver
Loading "rhnplugin" plugin
Loading "installonlyn" plugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Setting up repositories
rhel-debuginfo 100% |=========================| 951 B 00:00
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for bind-chroot to pack into transaction set.
bind-chroot-9.3.3-7.el5.i 100% |=========================| 38 kB 00:00
---> Package bind-chroot.i386 30:9.3.3-7.el5 set to be updated
---> Downloading header for bind-sdb to pack into transaction set.
bind-sdb-9.3.3-7.el5.i386 100% |=========================| 40 kB 00:00
---> Package bind-sdb.i386 30:9.3.3-7.el5 set to be updated
---> Downloading header for bind-libbind-devel to pack into transaction set.
bind-libbind-devel-9.3.3- 100% |=========================| 41 kB 00:00
---> Package bind-libbind-devel.i386 30:9.3.3-7.el5 set to be updated
---> Downloading header for bind-devel to pack into transaction set.
bind-devel-9.3.3-7.el5.i3 100% |=========================| 82 kB 00:00
---> Package bind-devel.i386 30:9.3.3-7.el5 set to be updated
---> Downloading header for caching-nameserver to pack into transaction set.
caching-nameserver-9.3.3- 100% |=========================| 39 kB 00:00
---> Package caching-nameserver.i386 30:9.3.3-7.el5 set to be updated
---> Downloading header for bind to pack into transaction set.
bind-9.3.3-7.el5.i386.rpm 100% |=========================| 49 kB 00:00
---> Package bind.i386 30:9.3.3-7.el5 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
bind i386 30:9.3.3-7.el5 rhel-debuginfo 954 k
bind-chroot i386 30:9.3.3-7.el5 rhel-debuginfo 38 k
bind-devel i386 30:9.3.3-7.el5 rhel-debuginfo 2.6 M
bind-libbind-devel i386 30:9.3.3-7.el5 rhel-debuginfo 440 k
bind-sdb i386 30:9.3.3-7.el5 rhel-debuginfo 223 k
caching-nameserver i386 30:9.3.3-7.el5 rhel-debuginfo 55 k
Transaction Summary
=============================================================================
Install 6 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 4.2 M
Is this ok y/N: y
Downloading Packages:
(1/6): bind-chroot-9.3.3- 100% |=========================| 38 kB 00:00
(2/6): bind-sdb-9.3.3-7.e 100% |=========================| 223 kB 00:00
(3/6): bind-libbind-devel 100% |=========================| 440 kB 00:00
(4/6): bind-devel-9.3.3-7 100% |=========================| 2.6 MB 00:02
(5/6): caching-nameserver 100% |=========================| 55 kB 00:00
(6/6): bind-9.3.3-7.el5.i 100% |=========================| 954 kB 00:01
Running Transaction Test
warning: bind-chroot-9.3.3-7.el5: Header V3 DSA signature: NOKEY, key ID 37017186
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: bind ######################### 1/6
Installing: bind-chroot ######################### 2/6
Locating /var/named/chroot//etc/named.conf failed:
FAILED
Installing: bind-sdb ######################### 3/6
Installing: bind-libbind-devel ######################### 4/6
Installing: bind-devel ######################### 5/6
Installing: caching-nameserver ######################### 6/6
Installed: bind.i386 30:9.3.3-7.el5 bind-chroot.i386 30:9.3.3-7.el5
bind-devel.i386 30:9.3.3-7.el5 bind-libbind-devel.i386 30:9.3.3-7.el5
bind-sdb.i386 30:9.3.3-7.el5 caching-nameserver.i386 30:9.3.3-7.el5
Complete!
root@station37 ~#
root@station37 ~# grep -i rootdir /etc/sysconfig/named
# ROOTDIR="/some/where" -- will run named in a chroot environment.
# at startup. Don't add -t here, use ROOTDIR instead.
# its zone files and create files in its $ROOTDIR/var/named
# Slave zones should reside in the $ROOTDIR/var/named/slaves
ROOTDIR=/var/named/chroot
root@station37 ~#
root@server1 /var/named/chroot/etc<1002>#cp named.caching-nameserver.conf named.conf
root@server1 /var/named/chroot/etc<1004>#cat named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.254; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
root@server1 /var/named/chroot/etc<1005>#vim named.conf
acl "myaddress" { 127.0.0.1; 192.168.0.254; };
acl "mynetwork" { 192.168.0.0/24; };
options {
listen-on port 53 { 127.0.0.1; 192.168.0.254; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { mynetwork; };
allow-transfer { 192.168.0.12; };
forwarders { 192.168.0.254; };
forward only;
};
root@server1 /var/named/chroot/etc<1007>#ll named.conf
-rw-r----- 1 root root 1003 Apr 2 19:58 named.conf
root@server1 /var/named/chroot/etc<1008>#chgrp named named.conf
root@server1 /var/named/chroot/etc<1009>#ll named.conf
-rw-r----- 1 root named 1003 Apr 2 19:58 named.conf
root@server1 /var/named/chroot/etc<1010>#
root@server1 /var/named/chroot/etc<1010>#cat /etc/resolv.conf
search example.com
nameserver 127.0.0.1
or
nameserver 192.168.0.254
root@server1 /var/named/chroot/etc<1011>#service named restart
Stopping named: . OK
Starting named: OK
You have new mail in /var/spool/mail/root
root@server1 /var/named/chroot/etc<1012>#
root@server1 /var/named/chroot/etc<1012>#dig www.yahoo.com
; <<>> DiG 9.3.3rc2 <<>> www.yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59797
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 9, ADDITIONAL: 9
;; QUESTION SECTION:
;www.yahoo.com. IN A
;; ANSWER SECTION:
www.yahoo.com. 79 IN CNAME www.yahoo-ht3.akadns.net.
www.yahoo-ht3.akadns.net. 10 IN A 87.248.113.14
;; AUTHORITY SECTION:
akadns.net. 1255 IN NS za.akadns.org.
akadns.net. 1255 IN NS zb.akadns.org.
akadns.net. 1255 IN NS zc.akadns.org.
akadns.net. 1255 IN NS zd.akadns.org.
akadns.net. 1255 IN NS eur1.akadns.net.
akadns.net. 1255 IN NS use3.akadns.net.
akadns.net. 1255 IN NS use4.akadns.net.
akadns.net. 1255 IN NS usw2.akadns.net.
akadns.net. 1255 IN NS asia9.akadns.net.
;; ADDITIONAL SECTION:
za.akadns.org. 84058 IN A 195.219.3.169
zb.akadns.org. 84058 IN A 206.132.100.105
zc.akadns.org. 84058 IN A 124.211.40.4
zd.akadns.org. 84058 IN A 63.209.3.132
eur1.akadns.net. 7011 IN A 213.254.204.197
use3.akadns.net. 6953 IN A 204.2.178.133
use4.akadns.net. 1256 IN A 208.44.108.137
usw2.akadns.net. 1255 IN A 63.209.3.132
asia9.akadns.net. 1255 IN A 220.73.220.4
;; Query time: 106 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 2 20:03:32 2008
;; MSG SIZE rcvd: 403
root@server1 /var/named/chroot/etc<1013>#
root@server1 /var/named/chroot/etc<1013>#dig -x 203.88.142.210
; <<>> DiG 9.3.3rc2 <<>> -x 203.88.142.210
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2582
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;210.142.88.203.in-addr.arpa. IN PTR
;; ANSWER SECTION:
210.142.88.203.in-addr.arpa. 26001 IN PTR ice.142.client210.youtele.com.
;; AUTHORITY SECTION:
142.88.203.in-addr.arpa. 19187 IN NS ns1.youtele.com.
142.88.203.in-addr.arpa. 19187 IN NS ns2.youtele.com.
;; ADDITIONAL SECTION:
ns1.youtele.com. 84044 IN A 203.187.192.15
ns2.youtele.com. 84044 IN A 203.187.192.12
;; Query time: 42 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 2 20:04:02 2008
;; MSG SIZE rcvd: 156
root@server1 /var/named/chroot/etc<1014>#
root@server1 /var/named/chroot/etc<1014>#dig -t mx redhat.com
; <<>> DiG 9.3.3rc2 <<>> -t mx redhat.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18533
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 6
;; QUESTION SECTION:
;redhat.com. IN MX
;; ANSWER SECTION:
redhat.com. 600 IN MX 5 mx3.redhat.com.
redhat.com. 600 IN MX 10 mx1.redhat.com.
redhat.com. 600 IN MX 20 mx2.redhat.com.
;; AUTHORITY SECTION:
redhat.com. 110 IN NS ns1.redhat.com.
redhat.com. 110 IN NS ns2.redhat.com.
redhat.com. 110 IN NS ns3.redhat.com.
;; ADDITIONAL SECTION:
mx3.redhat.com. 600 IN A 66.187.233.32
mx1.redhat.com. 600 IN A 66.187.233.31
mx2.redhat.com. 600 IN A 66.187.237.31
ns1.redhat.com. 141132 IN A 66.187.233.210
ns2.redhat.com. 115746 IN A 66.187.224.210
ns3.redhat.com. 88512 IN A 66.187.229.10
;; Query time: 359 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 2 20:04:27 2008
;; MSG SIZE rcvd: 238
root@server1 /var/named/chroot/etc<1015>#
root@server1 /var/named/chroot/etc<1017>#cat named.rfc1912.zones >> named.conf
root@server1 /var/named/chroot/etc<1018>#cat named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
root@server1 /var/named/chroot/etc<1019>#
root@server1 /var/named/chroot/etc<1022>#vim named.conf
// decleration of the zone file for example.com domain
//forward zone
zone "example.com" IN {
type master;
file "example.com.zone";
};
//reverse zone
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
};
------------
Now let us add the data to zone files.
root@server1 /var/named/chroot/etc<1023>#cd ../var/named/
root@server1 /var/named/chroot/var/named<1026>#cp localhost.zone example.com.zone
root@server1 /var/named/chroot/var/named<1027>#hostname
server1.example.com
root@server1 /var/named/chroot/var/named<1029>#sed 's/@/server1.example.com./g' example.com.zone
$TTL 86400
server1.example.com. IN SOA server1.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS server1.example.com.
IN A 127.0.0.1
IN AAAA ::1
root@server1 /var/named/chroot/var/named<1030>#
root@server1 /var/named/chroot/var/named<1030>#sed -i 's/@/server1.example.com./g' example.com.zone
root@server1 /var/named/chroot/var/named<1031>#cat example.com.zone
$TTL 86400
server1.example.com. IN SOA server1.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS server1.example.com.
IN A 127.0.0.1
IN AAAA ::1
root@server1 /var/named/chroot/var/named<1032>#
root@server1 /var/named/chroot/var/named<1032>#sed 's/root/root.server1.example.com./g' example.com.zone
$TTL 86400
server1.example.com. IN SOA server1.example.com. root.server1.example.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS server1.example.com.
IN A 127.0.0.1
IN AAAA ::1
You have new mail in /var/spool/mail/root
root@server1 /var/named/chroot/var/named<1033>#sed -i 's/root/root.server1.example.com./g' example.com.zone
root@server1 /var/named/chroot/var/named<1033>#vim example.com.zone
$TTL 86400
example.com. IN SOA server1.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS server1.example.com.
;Let us record the data for forward lookup
;owner TTL Cl type RDATA
server1.example.com. IN A 192.168.0.254
root@server1 /var/named/chroot/var/named<1034>#for i in {1..254}
> do
> echo "station$i IN A 192.168.0.$i"
> done
station1 IN A 192.168.0.1
station2 IN A 192.168.0.2
station3 IN A 192.168.0.3
station4 IN A 192.168.0.4
station5 IN A 192.168.0.5
station6 IN A 192.168.0.6
root@server1 /var/named/chroot/var/named<1035>#for i in {1..254}; do echo "station$i IN A 192.168.0.$i"; done >> example.com.zone
root@server1 /var/named/chroot/var/named<1036>#
root@server1 /var/named/chroot/var/named<1036>#chgrp named example.com.zoneYou have new mail in /var/spool/mail/root
root@server1 /var/named/chroot/var/named<1037>#ll example.com.zone
-rw-r----- 1 root named 12303 Apr 2 20:39 example.com.zone
root@server1 /var/named/chroot/var/named<1038>#
root@server1 /var/named/chroot/var/named<1038>#ls
127.0.0.zone 192.168.1.zone example.com.zone named.broadcast sham@124.125.145.85
192.168.0.zone cracker.org.zone example.com.zone11 named.ca slaves
192.168.0.zone01 data example.com.zone20 named.ip6.local
192.168.0.zone20 elmex.net.zone example.com.zonebkp named.local
192.168.0.zonebkp example.com.zone localdomain.zone named.zero
192.168.0.zone.elmex example.com.zone01 localhost.zone rh320
root@server1 /var/named/chroot/var/named<1039>#cat named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
root@server1 /var/named/chroot/var/named<1040>#cp named.local 192.168.0.zone
root@server1 /var/named/chroot/var/named<1041>#
root@server1 /var/named/chroot/var/named<1041>#sed 's/localhost/server1.example.com/g' 192.168.0.zone
$TTL 86400
@ IN SOA server1.example.com. root.server1.example.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server1.example.com.
1 IN PTR server1.example.com.
root@server1 /var/named/chroot/var/named<1042>#
root@server1 /var/named/chroot/var/named<1042>#sed -i 's/localhost/server1.example.com/g' 192.168.0.zone
You have new mail in /var/spool/mail/root
root@server1 /var/named/chroot/var/named<1043>#
root@server1 /var/named/chroot/var/named<1043>#vim 192.168.0.zone
$TTL 86400
0.168.192.in-addr.arpa. IN SOA server1.example.com. root.server1.example.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS server1.example.com.
;data recording for reverse lookup
254 IN PTR server1.example.com.
root@server1 /var/named/chroot/var/named<1044>#for i in {1..254}
> do
> echo "$i IN PTR station$i.example.com."
> done
1 IN PTR station1.example.com.
2 IN PTR station2.example.com.
3 IN PTR station3.example.com.
4 IN PTR station4.example.com.
5 IN PTR station5.example.com.
6 IN PTR station6.example.com.
7 IN PTR station7.example.com.
8 IN PTR station8.example.com.
9 IN PTR station9.example.com.
10 IN PTR station10.example.com.
11 IN PTR station11.example.com.
12 IN PTR station12.example.com.
root@server1 /var/named/chroot/var/named<1045>#for i in {1..254}; do echo "$i IN PTR station$i.example.com."; done >> 192.168.0.zone
root@server1 /var/named/chroot/var/named<1046>#chgrp named 192.168.0.zone
root@server1 /var/named/chroot/var/named<1047>#ll 192.168.0.zone
-rw-r----- 1 root named 13265 Apr 2 20:51 192.168.0.zone
root@server1 /var/named/chroot/var/named<1048>#
root@server1 /var/named/chroot/var/named<1048>#service named restart
Stopping named: OK
Starting named: OK
root@server1 /var/named/chroot/var/named<1049>#