Tuesday, 17 January 2017

Setting up a DNS server with bind on CentOS 7

For this tutorial we simply want to setup a simple zone with a few A and MX records for our local domain - yourdomain.com.

Let's firstly install the bind package - along with some helper tools:

sudo yum install bind bind-utils

Ensure it starts on boot:

systemctl enable named
systemctl start named

Since we do not wish to serve the general public - that is provide an open public DNS service - we will instead enforce recursive lookups and create an ACL to define exactly who (which nodes) will be able to perform DNS queries against the server.

The main configuration can be found in /etc/named.conf

vi /etc/named.conf

acl "trusted" {
        10.1.0.200;    # ns1.yourdomain.com (this host)
        10.2.0.200;    # ns2.yourdomain.com
};

In the 'options' section there are two directives we are interested in 'allow-transfer' which (as the name suggests) allows zone transfers to the secondary DNS server and 'allow-query' which defines what exactly can query the server (as defined in our 'trusted' acl block.):

 allow-transfer { 10.2.0.200; };      # allow zone transfer for secondary dns server
 allow-query { trusted; };  # allow queries from the members defined in our trusted acl

If we also wish to disable recursive queries (e.g. for zones not authoritative to our self) we can set the following under options:

recursion no;

We will create the named.conf.local file where we will define the zones we are hosting:

vi /etc/named/named.conf.local

and add the following:

zone "yourdomain.com" {
    type master;
    file "/etc/named/zones/yourdomain.com"; # zone file path
};

Make sure 'named.conf.local' is included in your main bind config:

echo 'include /etc/named/named.conf.local;' >> /etc/named.conf

And then create the zone file for 'yourdomain.com':

mkdir -p /etc/named/zones
vi /etc/named/zones/yourdomain.com

; BIND db file for yourdomain.com

$TTL 86400

@       IN      SOA     ns1.yourdomain.com.      you.yourdomain.com. (
                        2017011701 ; serial number YYMMDDNN
                        28800           ; Refresh
                        7200            ; Retry
                        864000          ; Expire
                        86400           ; Min TTL
)

                NS      ns1.yourdomain.com.
                NS      ns2.yourdomain.com.

ns1.yourdomain.com.           IN      A       10.1.0.200
ns2.yourdomain.com.           IN      A       10.2.0.200
yourdomain.com.      IN      A       8.8.1.1

$ORIGIN yourdomain.com.

We can check our configuration with the 'named-checkconf' command:

named-checkconf /etc/namedd.conf

Finally start bind (or reload it if already running) with:

sudo service named reload

and check syslog for any errors:

tail /var/log/messages | grep named

and then use nslookup or dig to verify the zone records:

dig yourdomain.com @10.1.0.200


0 comments:

Post a comment