Reference URL: http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/
DNS (Domain name System) translates host names or URLs into IP addresses. For example, if "www.unixmen.com" is in the browser,
DNS server translates the domain name into an IP address associated with it, and DNS servers is used to resemble the hostname www.unixmen.com
Translated into 173.xxx.xxx.xxx this is to make it easier for people to remember domain names, not IP addresses.
Scheme
Primary (Primary/master) DNS Server
Environment configuration:
Operating system: CentOS 6.5 Server
Host Name: masterdns.unixmen.local
IP Address: 192.168.1.100/24
From the (secondary/slave) DNS Server
Environment configuration:
Operating system: CentOS 6.5 Server
Host Name: secondarydns.unixmen.local
IP Address: 192.168.1.101/24
Client environment:
Operating system: CentOS 6.5 Desktop
Host Name: Client.unixmen.local
IP Address: 192.168.1.102/24
Install Primary (primary/master) DNS Server
[email protected] ~]# yum install bind*-y
1. Configure DNS Server
add the lines shown below to the/etc/named.conf file
[Email protected] ~]# vi/etc/named.conf
//
named.conf
//
Provided by Red Hat bind package To configure the ISC bind named (8) DNS
Server as a caching only nameserver (as a localhost, DNS resolver only).
//
See/usr/share/doc/bind*/sample/for example named configuration files.
//
Options {
Listen-on Port 53 {127.0.0.1; 192.168.1.100;}; # # # Primary DNS IP address # # #
Listen-on-v6 Port 53 {:: 1;};
Directory "/var/named";
Dump-file "/var/named/data/cache_dump.db";
Statistics-file "/var/named/data/named_stats.txt";
Memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query {localhost; 192.168.1.0/24;} # # # Allow access to the IP range of the network, the end of the /24 is an abbreviated representation of the netmask (in this case, 255.255.255.0)# # #
allow-transfer{localhost; 192.168.1.101;} # # # from DNS IP # # #
recursion Yes;# # #是否允许递归, there are suggestions that should be set to No, in order to prevent DDoS attacks # # #
Dnssec-enable Yes;
Dnssec-validation Yes;
Dnssec-lookaside Auto;
/* Path to ISC DLV key */
Bindkeys-file "/etc/named.iscdlv.key";
Managed-keys-directory "/var/named/dynamic";
};
Logging {
Channel Default_debug {
File "Data/named.run";
Severity dynamic;
};
};
Zone "." in {
Type hint;
File "named.ca";
};
Custom forward and reverse parsing
Zone "Unixmen.local" in {
Type master;
File "Forward.unixmen"; Forward parsing file name
allow-update {none;};
};
Zone "1.168.192.in-addr.arpa" in {
Type master;
File "Reverse.unixmen";//Reverse Parse file name
allow-update {none;};
};
Include "/etc/named.rfc1912.zones";
Include "/etc/named.root.key";
2. Create a zone file
The following files have been defined in/etc/named.conf
2.1 Creating a forward zone
Create the Forward.unixmen file under the/var/named directory
[Email protected] ~]# Vi/var/named/forward.unixmen
$TTL 86400
@ in SOA masterdns.unixmen.local. Root.unixmen.local. (
2011071001; Serial
3600; Refresh
1800; Retry
604800; Expire
86400; Minimum TTL
)
@ in NS masterdns.unixmen.local.
@ in NS secondarydns.unixmen.local.
@ in A 192.168.1.100
@ in A 192.168.1.101
@ in A 192.168.1.102
Masterdns in A 192.168.1.100
Secondarydns in A 192.168.1.101
Client in A 192.168.1.102
2.2 Creating a reverse Zone
Create the Reverse.unixmen file under the/var/named directory
[Email protected] ~]# Vi/var/named/reverse.unixmen
$TTL 86400
@ in SOA masterdns.unixmen.local. Root.unixmen.local. (
2011071001; Serial
3600; Refresh
1800; Retry
604800; Expire
86400; Minimum TTL
)
@ in NS masterdns.unixmen.local.
@ in NS secondarydns.unixmen.local.
@ in PTR unixmen.local.
Masterdns in A 192.168.1.100
Secondarydns in A 192.168.1.101
Client in A 192.168.1.102
In PTR masterdns.unixmen.local.
101 in PTR secondarydns.unixmen.local.
102 in PTR client.unixmen.local.
3. Start the DNS service
[[Email protected] ~]# service named start
Starting named: [OK]
[Email protected] ~]# chkconfig named on
4. Adjust the firewall to allow DNS Server access to the external network
Add the following to the/etc/sysconfig/iptables file
[Email protected] ~]# Vi/etc/sysconfig/iptables
# Firewall configuration written by System-config-firewall
# Manual Customization of this file are not recommended.
*filter
: INPUT ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
#添加DNS Server
-A input-p udp-m state--state NEW--dport 53-j ACCEPT
-A input-p tcp-m state--state NEW--dport 53-j ACCEPT
-A input-m state--state established,related-j ACCEPT
-A input-p icmp-j ACCEPT
-A input-i lo-j ACCEPT
-A input-m state--state new-m tcp-p TCP--dport 22-j ACCEPT
-A input-j REJECT--reject-with icmp-host-prohibited
-A forward-j REJECT--reject-with icmp-host-prohibited
COMMIT
5. Restart the firewall
[Email protected] ~]# service iptables restart
iptables:flushing firewall rules: [OK]
Iptables:setting chains to Policy Accept:filter [OK]
iptables:unloading modules: [OK]
iptables:applying firewall rules: [OK]
6. Setting the current DNS server
Add the following to the/etc/resolv.conf file
[Email protected] ~]# vim/etc/resolv.conf
NameServer 192.168.1.131
7. Test DNS configuration and zone files for syntax errors
[Email protected] ~]# named-checkconf/etc/named.conf
[Email protected] ~]# Named-checkzone unixmen.local/var/named/forward.unixmen
Zone unixmen.local/in:loaded Serial 2011071001
Ok
[Email protected] ~]# Named-checkzone unixmen.local/var/named/reverse.unixmen
Zone unixmen.local/in:loaded Serial 2011071001
Ok
8. Test DNS Server
[[email protected] ~]# dig masterdns.unixmen.local
; <<>> DiG 9.8.2rc1-redhat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local
;; Global options: +cmd
;; Got answer:
;;->>header<<-opcode:query, Status:noerror, id:49834
;; flags:qr AA Rd RA; Query:1, Answer:1, Authority:2, additional:1
;; QUESTION section:
; Masterdns.unixmen.local.INA
;; ANSWER section:
masterdns.unixmen.local. 86400ina192.168.1.100
;; Authority section:
Unixmen.local.86400innssecondarydns.unixmen.local.
Unixmen.local.86400innsmasterdns.unixmen.local.
;; ADDITIONAL section:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time:6 msec
;; server:192.168.1.100#53 (192.168.1.100)
;; When:thu Mar 7 13:07:56
;; MSG SIZE rcvd:114
[email protected] ~]# nslookup unixmen.local
server:192.168.1.100
address:192.168.1.100#53
Name:unixmen.local
address:192.168.1.102
Name:unixmen.local
address:192.168.1.100
Name:unixmen.local
Address:192.168.1.101
The primary DNS Server is now ready to use the
Install from (secondary/slave) DNS Server
[email protected] ~]# yum install bind*-y
1. Configure the DNS Server from
add the lines shown below to the/etc/named.conf file
[Email protected] ~]# vi/etc/named.conf
//
named.conf
//
Provided by Red Hat bind package To configure the ISC bind named (8) DNS
Server as a caching only nameserver (as a localhost, DNS resolver only).
//
See/usr/share/doc/bind*/sample/for example named configuration files.
//
Options {
listen-on Port: 127.0.0.1; 192.168.1.101;};
Listen-on-v6 Port 53 {:: 1;};
Directory "/var/named";
Dump-file "/var/named/data/cache_dump.db";
Statistics-file "/var/named/data/named_stats.txt";
Memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query {localhost; 192.168.1.0/24;};
recursion Yes;
Dnssec-enable Yes;
Dnssec-validation Yes;
Dnssec-lookaside Auto;
/* Path to ISC DLV key */
Bindkeys-file "/etc/named.iscdlv.key";
Managed-keys-directory "/var/named/dynamic";
};
Logging {
Channel Default_debug {
File "Data/named.run";
Severity dynamic;
};
};
Zone "." in {
Type hint;
File "named.ca";
};
zone "Unixmen.local" in {
type slave;
file "SLAVES/UNIXMEN.FWD";
Masters {192.168.1.100;};
};
zone "1.168.192.in-addr.arpa" in {
type slave;
file "Slaves/unixmen.rev";
Masters {192.168.1.100;};
};
Include "/etc/named.rfc1912.zones";
Include "/etc/named.root.key";
2. Start the DNS service
[[Email protected] ~]# service named start
Generating/etc/rndc.key: [OK]
Starting named: [OK]
[Email protected] ~]# chkconfig named on
The forward and reverse zone files on the primary DNS server are now automatically copied to the/var/named/slaves/directory from the DNS server
[Email protected] ~]# ls/var/named/slaves/
UNIXMEN.FWD Unixmen.rev
[[email protected] ~]# cat/var/named/slaves/unixmen.fwd
$ORIGIN.
$TTL 86400; 1 day
Unixmen.localin SOAmasterdns.unixmen.local. root.unixmen.local. (
2011071001; serial
3600; refresh (1 hour)
1800; retry (minutes)
604800; expire (1 week)
86400; mi Nimum (1 day)
)
NS masterdns.unixmen.local.
NS secondarydns.unixmen.local.
A192.168.1.100
A192.168.1.101
A192.168.1.102
$ORIGIN unixmen.local.
clientA192.168.1.102
masterdnsA192.168.1.100
secondarydnsA192.168.1.101
[Email protected] ~]# Cat/var/named/slaves/unixmen.rev
$ORIGIN.
$TTL 86400; 1 day
1.168.192.in-addr.arpain SOAmasterdns.unixmen.local. Root.unixmen.local. (
2011071001; Serial
3600; Refresh (1 hour)
1800; Retry (minutes)
604800; Expire (1 week)
86400; Minimum (1 day)
)
NS masterdns.unixmen.local.
NS secondarydns.unixmen.local.
Ptrunixmen.local.
$ORIGIN 1.168.192.in-addr.arpa.
100ptrmasterdns.unixmen.local.
101ptrsecondarydns.unixmen.local.
102ptrclient.unixmen.local.
clientA192.168.1.102
masterdnsA192.168.1.100
SecondarydnsA192.168.1.101
3. Add DNS server to all systems
[Email protected] ~]# vi/etc/resolv.conf
# Generated by NetworkManager
Search ostechnix.com
NameServer 192.168.1.100
NameServer 192.168.1.101
NameServer 8.8.8.8
4. Test DNS Server
[[email protected] ~]# dig masterdns.unixmen.local
; <<>> DiG 9.8.2rc1-redhat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local
;; Global options: +cmd
;; Got answer:
;;->>header<<-opcode:query, Status:noerror, id:21487
;; flags:qr AA Rd RA; Query:1, Answer:1, Authority:2, additional:1
;; QUESTION section:
; Masterdns.unixmen.local.INA
;; ANSWER section:
masterdns.unixmen.local. 86400ina192.168.1.100
;; Authority section:
Unixmen.local.86400innsmasterdns.unixmen.local.
Unixmen.local.86400innssecondarydns.unixmen.local.
;; ADDITIONAL section:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time:15 msec
;; server:192.168.1.100#53 (192.168.1.100)
;; When:thu Mar 7 13:27:57
;; MSG SIZE rcvd:114
[[email protected] ~]# dig secondarydns.unixmen.local
; <<>> dig 9.8.2rc1-redhat-9.8.2-0.10.rc1.el6_3.6 <<>> secondarydns.unixmen.local
;; Global options: +cmd
;; Got answer:
;;->>header<<-opcode:query, Status:noerror, id:20958
;; flags:qr AA Rd RA; Query:1, Answer:1, Authority:2, additional:1
;; QUESTION section:
; Secondarydns.unixmen.local.INA
;; ANSWER section:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Authority section:
Unixmen.local.86400innsmasterdns.unixmen.local.
Unixmen.local.86400innssecondarydns.unixmen.local.
;; ADDITIONAL section:
masterdns.unixmen.local. 86400ina192.168.1.100
;; Query time:4 msec
;; server:192.168.1.100#53 (192.168.1.100)
;; When:thu Mar 7 13:31:53
;; MSG SIZE rcvd:114
[email protected] ~]# nslookup unixmen.local
server:192.168.1.100
address:192.168.1.100#53
Name:unixmen.local
Address:192.168.1.101
Name:unixmen.local
address:192.168.1.102
Name:unixmen.local
address:192.168.1.100
Client Configuration
Add DNS server to all clients in the/etc/resolv.conf file
[Email protected] unixmen]# vi/etc/resolv.conf
# Generated by NetworkManager
Search Unixmen.local
NameServer 192.168.1.100
NameServer 192.168.1.101
NameServer 8.8.8.8
Test DNS Server
[[email protected] unixmen]# dig masterdns.unixmen.local
; <<>> dig 9.8.2rc1-redhat-9.8.2-0.10.rc1.el6 <<>> masterdns.unixmen.local
;; Global options: +cmd
;; Got answer:
;;->>header<<-opcode:query, Status:noerror, id:19496
;; flags:qr AA Rd RA; Query:1, Answer:1, Authority:2, additional:1
;; QUESTION section:
; Masterdns.unixmen.local.INA
;; ANSWER section:
masterdns.unixmen.local. 86400ina192.168.1.100
;; Authority section:
Unixmen.local.86400innsmasterdns.unixmen.local.
Unixmen.local.86400innssecondarydns.unixmen.local.
;; ADDITIONAL section:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time:30 msec
;; server:192.168.1.100#53 (192.168.1.100)
;; When:thu Mar 7 13:47:55
;; MSG SIZE rcvd:114
[ro[email protected] unixmen]# dig secondarydns.unixmen.local
; <<>> dig 9.8.2rc1-redhat-9.8.2-0.10.rc1.el6 <<>> secondarydns.unixmen.local
;; Global options: +cmd
;; Got answer:
;;->>header<<-opcode:query, Status:noerror, id:14852
;; flags:qr AA Rd RA; Query:1, Answer:1, Authority:2, additional:1
;; QUESTION section:
; Secondarydns.unixmen.local.INA
;; ANSWER section:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Authority section:
Unixmen.local.86400innssecondarydns.unixmen.local.
Unixmen.local.86400innsmasterdns.unixmen.local.
;; ADDITIONAL section:
masterdns.unixmen.local. 86400ina192.168.1.100
;; Query Time:8 msec
;; server:192.168.1.100#53 (192.168.1.100)
;; When:thu Mar 7 13:48:38
;; MSG SIZE rcvd:114
[[email protected] unixmen]# dig client.unixmen.local
; <<>> dig 9.8.2rc1-redhat-9.8.2-0.10.rc1.el6 <<>> client.unixmen.local
;; Global options: +cmd
;; Got answer:
;;->>header<<-opcode:query, Status:noerror, id:14604
;; flags:qr AA Rd RA; Query:1, Answer:1, Authority:2, Additional:2
;; QUESTION section:
; Client.unixmen.local.INA
;; ANSWER section:
client.unixmen.local.86400ina192.168.1.102
;; Authority section:
Unixmen.local.86400innsmasterdns.unixmen.local.
Unixmen.local.86400innssecondarydns.unixmen.local.
;; ADDITIONAL section:
masterdns.unixmen.local. 86400ina192.168.1.100
Secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time:5 msec
;; server:192.168.1.100#53 (192.168.1.100)
;; When:thu Mar 7 13:49:11
;; MSG SIZE rcvd:137
[email protected] unixmen]# nslookup unixmen.local
server:192.168.1.100
address:192.168.1.100#53
Name:unixmen.local
address:192.168.1.102
Name:unixmen.local
address:192.168.1.100
Name:unixmen.local
Address:192.168.1.101
Now the master-slave DNS server is ready to use
Install DNS server in step-by-step using bind on CentOS 6.5/6.4/6.3
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
