How to Setup BIND/DNS in Centos 5.2

Posted by raxso

Sep 28

This How-to is all about setting up a personal DNS server. This is also my documentation on how i install and configure DNS server on Centos 5.2, i hope it will help also other people specially those who are still studying Linux as their primary OS. I install bind in a chroot environment.

For this How to i use the following.
1. Domain: raxso.net
2. IP Address: 192.168.1.1
3. Forwarders: 208.67.222.222, 208.67.220.220 (Open DNS servers)

1. Install the following packages.

yum -y install bind bind-chroot bind-libs bind-utils caching-nameserver

2. Configure rndc:

BIND includes a utility called rndc that allows you to administer the named daemon, locally or remotely, with command line statements. The rndc program uses the /etc/rndc.conf file for its configuration options, which can be overridden with command line options.

In order to prevent unauthorized users on other systems from controlling BIND on your server, a shared secret key method is used to explicitly grant privileges to particular hosts. In order for rndc to issue commands to any named, even on a local machine, the keys used in /etc/named.conf and /etc/rndc.conf must match.

cd /var/named/chroot/etc rndc-confgen > rndc.key chown root:named rndc.key

Edit rndc.key so it looks like this :

key "rndckey" { algorithm hmac-md5; secret "L1NnF/pGne66OevgVrgzSA=="; };

You must remove some option lines. You DON’T NEED anything else in the file.

A symlink in /etc exists and points to the rndc.key file we’ve just created, named expects that file there in order to be able to authenticate against rndc.
3. Configure /var/named/chroot/etc/named.conf

// we include the rndckey (copy-paste from rndc.key created earlier) key "rndckey" { algorithm hmac-md5; secret "L1NnF/pGne66OevgVrgzSA=="; };
// we assume our server has the IP 192.168.1.1serving the 192.168.1.0/24 subnet controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; }; inet 192.168.1.1 allow { 192.168.1.0/24; } keys { "rndckey"; }; }; options { directory "/var/named"; pid-file "/var/run/named/named.pid"; recursion yes; allow-recursion { 127.0.0.1; 192.168.1.0/24; }; // these are the opendns servers (optional) forwarders { 208.67.222.222; 208.67.220.220; }; listen-on { 127.0.0.1; 192.168.1.1; }; /* * If your nameservers is behind firewall you might need to uncomment the query-source * directive below. */ query-source address * port 53; // for security people can't try to guess what version you're running version "REFUSED"; allow-query { 127.0.0.1; 192.168.1.0/24; }; }; server 192.168.1.1 { keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "raxso.net" IN { type master; file "data/raxso.net.zone"; allow-update { none; };
};

4. Lets create our first zone:

#vi /var/named/chroot/var/named/data/raxso.net.zone
$TTL 38400 raxso.net. IN SOA ns.raxso.net admin.raxso.net ( 2008090335 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400) ; Minimum TTL 1 day

raxso.net. IN NS ns.raxso.net.
raxso.net. IN MX 1 mx.raxso.net.
raxso.net. IN MX 5 mx2.raxso.net.
ns.raxso.net. IN A 192.168.1.1
cacti.raxso.net. IN A 192.168.1.1
desktop.raxso.net. IN A 192.168.1.10
mail.raxso.net. IN CNAME mx.raxso.net.
mx.raxso.net. IN A 192.168.1.2
mx2.raxso.net. IN A 192.168.1.1

Don’t forget the “.” it is very important.

5. Make sure that the service starts even if it is rebooted

chkconfig --levels 235 named on service named start

make sure the service is running
# rndc status number of zones: 1 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/1000 tcp clients: 0/100 server is up and running

6. Lets query:

# nslookup mx.raxso.net 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53
Name: mx.raxso.net Address: 192.168.1.1 # nslookup www.google.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53
Non-authoritative answer: www.google.com canonical name = google.navigation.opendns.com. Name: google.navigation.opendns.com Address: 208.67.219.230 Name: google.navigation.opendns.com Address: 208.67.219.231

7. If all went well and query is working fine you can now setup the /etc/resolv.conf on the server.
It should look like this.

# vi /etc/resolv.conf

search raxso.net
nameserver 127.0.0.1

Setup the clients and and point them to use the new DNS servers.

# vi /etc/resolv.conf

search raxso.net
nameserver 192.168.1.1

That’s all folks hope you learn something today……

Like this blog? Why not buy me a cup of coffee?

Filed under: How-To

2 Responses to “ How to Setup BIND/DNS in Centos 5.2 ”

linuxelu on October 29th, 2008 4:11 pm

Hi!

In this example you assumed that your server is 192.168.1.1 and internet is connected directly to server. I have a server who is behind a router (router have ip 192.168.1.1 and the server have 192.168.1.40). What can I do to make it work? Because I can’t see my site http://www.example.com from internet and even from my local network.

thank you in advance

[Reply]
raxso on November 15th, 2008 9:51 pm

Hi,

That’s correct the IP that I use is 192.168.1.1 you can change this to you own IP and see to it that you can ping the site properly.

[Reply]