Configuring and Deploying DNS servers (primary, secondary, root and cache on centos 6.5) - Part 3 - Root and Cache

Configuration on Root DNS Server:

The root zone maintains information regarding top-level domains. Root-zone servers for internet top-level domains are already deployed. With this you can create your own internet naming scheme, which is usually done in intranets who have their own top-level domains

• Install bind packages
• yum install bind bind-utils bind-chroot bind-libs

• Edit named.conf
• vi /etc/named.conf

listen-on port 53 { 192.168.12.4; }; //change this to your ip address
*remove the allow-query line
*optional remove recursion line

 zone "." IN {
        type master;
        file "root.net";
      };

• Create and edit root.net
• vi /var/named/root.net

 $TTL 86400
@    IN    SOA    root.msm.net.    admin.root.msm.net. (
            535 ; serial
            3H ; refresh
            15M ; retry
            1W ; expiry
            1D ) ; minimum
@                IN    NS    root.msm.net.
root.msm.net.    999999        IN    A    192.168.12.4 //root servers ip and fqdn
msm.net.            IN    NS    ns.msm.net. //primary server's fqdn and zone name
12.168.192.in-addr.arpa        IN    NS     ns.msm.net. // reverse zone named and fqdn of primary dns server
ns.msm.net.            IN    A    192.168.12.2 //fqdn and ip of primary dns server, you can also add similar entries for secondary dns below

• Open Firwalls
• iptables -I INPUT -p tcp --dport 53 -j ACCEPT
• iptables -I INPUT -p udp --dport 53 -j ACCEPT 

•  edit resolv.conf
• vi /etc/resolv.conf

search msm.net
nameserver 192.168.12.4 //resolve to its own ip address just to check if server is functioning

• Start named daemon
• service named start

• Query some records that are stored in primary server's database
• nslookup
• cache.msm.net 

 Configuration on Cache DNS server:

when DNS(bind named) is installed, by default it configures the machine as a caching server. All we have to do is change the file-name in named.conf and create a file accordingly to point towards our own root DNS server.

• Install bind packages
• yum install bind bind-utils bind-chroot bind-libs 

•  Edit named.conf
• vi /etc/named.conf

listen-on port 53 { 192.168.12.5; }; //change this to your ip address
*Remove the allow-query line
*Remove dnssec-lookaside auto;
*DON'T remove the recursion line. Of all the servers, this is the only one that must do recursion

 zone "." IN {
        type hint;
        file "file.ca";
      };

*Remove include "/etc/named.root.key";

• Create and edit file.ca
• vi /var/named/file.ca

  .        999999    IN    NS    root.msm.net. \\fqdn of root dns server
root.msm.net.    999999        A    192.168.12.4 \\fqdn and ip address of root dns server

• Open Firwalls
• iptables -I INPUT -p tcp --dport 53 -j ACCEPT
• iptables -I INPUT -p udp --dport 53 -j ACCEPT 

•  edit resolv.conf
• vi /etc/resolv.conf

search msm.net
nameserver 192.168.12.5 //resolve to its own ip address

• Start named daemon
• service named start

• Query some records that are stored in primary server's database
• nslookup
• cache.msm.net

 If this is successful then change the /etc/resolv.conf in all the DNS servers to point to caching server IP address to reduce the load on Primary/Secondary and distribute it towards cache.

Prefer a Video Walkthrough?

Check this wiki page for more information on what's being done
http://en.wikipedia.org/wiki/Alternative_DNS_root

 That's all folks.
 Enjoy.

How to install Avidemux on Centos6

• Create and edit /etc/yum.repos.d/naulinux-school.repo

add these lines

[naulinux-school]
name=NauLinux School
baseurl=http://downloads.naulinux.ru/pub/NauLinux/6.2/$basearch/sites/School/RPMS/
enabled=0
gpgcheck=1
gpgkey=http://downloads.naulinux.ru/pub/NauLinux/RPM-GPG-KEY-linux-ink

• Run this command and it will install it
• yum --enablerepo=naulinux-school install avidemux

ENJOY! 


SOURCE:
https://www.centos.org/forums/viewtopic.php?f=13&t=2491&sid=53e0d3877a6af3ea5f267d2754098cbf&start=10

Configuring and Deploying DNS servers (primary, secondary, root and cache on centos 6.5) - Part 2 - Secondary DNS

This walk-through assumes that you have initial deployment of Primary DNS server. Look at my previous post for that.

Configuration on Primary DNS server:

• edit /etc/named.conf

add the allow transfer statement in your zone declaration(both forward and reverse)

 zone "msm.net" {
        type master;
        file "msm.net.db";
        allow-transfer { 192.168.12.3; };
};

zone "12.168.192.in-addr.arpa" {
        type master;
        file "msm.net.rev.db";
        allow-transfer { 192.168.12.3; };
};

•  Allow firewall to communicate on tcp/udp port 53
• iptables -I INPUT -p tcp --dport 53 -j ACCEPT
• iptables -I INPUT -p udp --dport 53 -j ACCEPT

• Restart the named deamon
• service named restart

Configuration on Secondary DNS server:

Make sure you have internet access.

• Install Bind packages
• yum install bind bind-utils bind-chroot bind-libs

• edit /etc/named.conf

 listen-on port 53 { 192.168.12.3; }; //Ip address of the machine
*Remove the allow-query line
*Optional: remove recursion statement and the "." zone to disable recursion and caching.

 zone "msm.net" { //your forward zone statement, same as primary
        type slave; //slave sets this server as slave
        file "msm.net.db"; //the file name that you created in primary
        masters { 192.168.12.2; }; //this is telling the server that this ip is my primary dns's ip
        allow-transfer { none; };
};

zone "12.168.192.in-addr.arpa" { //reverse lookup zone statement, same as primary
        type slave; //this sets this server as a slave of this reverse zone
        file "msm.net.rev.db";  //the file name that you created in primary for reverse  zone
        masters { 192.168.12.2; }; //primary server's ip address
        allow-transfer { none; };
};

• Add exception in SELINUX
•  setsebool -P named_write_master_zones 1

• make name the owner of /var/named directory
• chown named:named /var/named

• Start the named daemon
• service named start

• Check logs if everything went well. It should say zone loaded and file transfered
• tail -30 /var/log/messages

 named[21296]: transfer of 'msm.net/IN' from 192.168.12.2#53: Transfer completed: 1 messages, 7 records, 206 bytes, 0.001 secs (206000 bytes/sec)


If everything went fine then you should see your zone files under /var/named automatically transferred by starting the named daemon, this transfer of file is called a zone transfer.

Prefer a video walk-through? have a look...

Configuring and Deploying DNS servers (primary, secondary, root and cache on centos 6.5) - Part 1 - Primary DNS

Make sure you have connection to the internet before you attempt this.

• Install BIND packages that provides DNS service
•  yum install bind bind-utils bind-chroot bind-libs
• Edit the main file /etc/named.conf

listen-on port 53 { 192.168.12.2; }; //change this to your ip address
*Remove the allow-query line
zone "msm.net" IN { //chnage msm.net to your zone
        type master;
        file "msm.net.db"; //you can name it anything
};

zone "12.168.192.in-addr.arpa" IN { //this is for reverse lookup the zone will be                                                       //different for different ip address
        type master;
        file "12.168.192.rev.zone.db";
};

*Optional: remove the "." zone to disable caching.

• Now create the "msm.net.db" file in /var/named and edit it (forward lookup)
• vi 'msm.net.db'

$TTL 86400
@       IN   SOA  ns.msm.net.   nameserver.ns.msm.net. (
                        535 ; serial
                        3H ; refresh
                        15M ; retry
                        1W ; expiry
                        1D ) ; minimum
@                       IN      NS    ns.msm.net. //change this to match your domain
ns                      IN      A       192.168.12.2 //these are the dns records
slave                   IN      A       192.168.12.3
root                    IN      A       192.168.12.4
cache                   IN      A       192.168.12.5

•  Now create "12.168.192.rev.zone.db" and edit it
• vi '12.168.192.rev.zone.db'

 $TTL 86400
@       IN   SOA  ns.msm.net.   nameserver.ns.msm.net. (
                        2009092300 ; serial
                        2880 ; refresh
                        14400 ; retry
                        3600000 ; expiry
                        86400  ; minimum

);
//change the values according to your records and domain name
@               IN      NS    ns.msm.net.
2               IN      PTR     ns.msm.net.
3               IN      PTR     slave.msm.net.
4               IN      PTR     root.msm.net.
5               IN      PTR     cache.msm.net.

• Open the firewall ports
• iptables -I INPUT -p tcp --dport 53 -j ACCEPT
• iptables -I INPUT -p udp --dport 53 -j ACCEPT

•  Start the named daemon
• service named start

 *NOTE: if you get this error "Generating /etc/rndc.key:" then try to open another ssh window and give some user input, try issuing some command while it is saying this error, or open the VM GUI and open the web browser. Comment if you could not resolve this error.

• check logs if your server started properly
• tail -30 /var/log/messages

• Edit /etc/resolve.conf to tell the system to resolve DNS queries locally through our newly created primary server
• vi /etc/resolve.conf

search msm.net
nameserver 192.168.12.2

• check your deployment using nslookup
• nslookup
• ns.msm.net
• 192.168.12.2

Let me know in the comments if there are any issues. 

Prefer a video walk-through?
Here is a video I made of my deployment.