For this tutorial we simply want to setup a simple zone with a few A and MX records for our local domain - yourdomain.com.
Let's firstly install the bind package - along with some helper tools:
sudo yum install bind bind-utils
Ensure it starts on boot:
systemctl enable named
systemctl start named
Since we do not wish to serve the general public - that is provide an open public DNS service - we will instead enforce recursive lookups and create an ACL to define exactly who (which nodes) will be able to perform DNS queries against the server.
The main configuration can be found in /etc/named.conf
vi /etc/named.conf
acl "trusted" {
10.1.0.200; # ns1.yourdomain.com (this host)
10.2.0.200; # ns2.yourdomain.com
};
In the 'options' section there are two directives we are interested in 'allow-transfer' which (as the name suggests) allows zone transfers to the secondary DNS server and 'allow-query' which defines what exactly can query the server (as defined in our 'trusted' acl block.):
allow-transfer { 10.2.0.200; }; # allow zone transfer for secondary dns server
allow-query { trusted; }; # allow queries from the members defined in our trusted acl
If we also wish to disable recursive queries (e.g. for zones not authoritative to our self) we can set the following under options:
recursion no;
We will create the named.conf.local file where we will define the zones we are hosting:
vi /etc/named/named.conf.local
and add the following:
zone "yourdomain.com" {
type master;
file "/etc/named/zones/yourdomain.com"; # zone file path
};
Make sure 'named.conf.local' is included in your main bind config:
echo 'include /etc/named/named.conf.local;' >> /etc/named.conf
And then create the zone file for 'yourdomain.com':
mkdir -p /etc/named/zones
vi /etc/named/zones/yourdomain.com
; BIND db file for yourdomain.com
$TTL 86400
@ IN SOA ns1.yourdomain.com. you.yourdomain.com. (
2017011701 ; serial number YYMMDDNN
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS ns1.yourdomain.com.
NS ns2.yourdomain.com.
ns1.yourdomain.com. IN A 10.1.0.200
ns2.yourdomain.com. IN A 10.2.0.200
yourdomain.com. IN A 8.8.1.1
$ORIGIN yourdomain.com.
We can check our configuration with the 'named-checkconf' command:
named-checkconf /etc/namedd.conf
Finally start bind (or reload it if already running) with:
sudo service named reload
and check syslog for any errors:
tail /var/log/messages | grep named
and then use nslookup or dig to verify the zone records:
dig yourdomain.com @10.1.0.200
0 comments:
Post a Comment