LFCS – BIND DNS Management

Jarret B

Well-Known Member
Staff member
Joined
May 22, 2017
Messages
340
Reaction score
367
Credits
11,754
This LFCS article is starting a completely new section for managing services.

Because we are getting to a new area, you can scrap out your Virtual Machines or real systems that you are using to go over these articles. So, in this section, we will need three Virtual Machines. The first two systems are going to be identical to the Server1 and Server2 as before. Server3, on the other hand, will be empty and only have the Network Interface Card (NIC) set up for PXE booting.

Setting up the Systems

There are three articles you should look at:
  1. LFCS - Installing CentOS 7
  2. LFCS OS in VirtualBox
  3. LFCS – Install GUI (MATE)
Keep in mind, I have used Ubuntu 18.04 instead of 14.04 as it says in the articles.

Make sure you install the necessary 'Guest Additions' for all systems.

For the third system, under the System section, check the 'Network' option and move it to the top of the list. Once we have installed the OS from a network boot, we can move the 'Network' option back down so it does not boot from the network after we install the Operating System (OS).

Now that this should be done, let's get started.

Install BIND

BIND is the Berkeley Internet Name Domain (BIND). Basically, this is the Domain Name Server (DNS). DNS allows a system to convert a name, such as www.linux.org, to an IP Address, such as 172.67.148.63.

Let's set up a basic DNS server that will run as a caching-only server. This means that when it resolves a name to an IP Address, it stores the address and name in the service for faster resolutions. The resolution will occur locally and not over the Internet to a DNS Server.

NOTE: Perform the commands on Server1 only.

For CentOS 7 systems, use the commands to install and start the services:

sudo yum install bind bind-utils -y
sudo systemctl enable named
sudo systemctl start named



For Ubuntu 18.04, use:

sudo apt install bind9 bind9utils -y
sudo systemctl enable bind9
sudo systemctl start bind9


To check the system, you can run 'netstat -ltn' and see that there are ports listening now on Port 53 and 953. Port 53 is for listening for name resolution so they can be cached. Port 953 is for controlling the DNS Service.

With CentOS, the installation does not start the service automatically, but on Ubuntu it is automatic.

To start and enable the service on CentOS, you need to perform the commands:

sudo systemctl enable named
sudo systemctl start named


If you want to test the DNS caching, then you can perform a DNS Lookup. If you perform the lookup twice, the first time will be longer since the resolution is not in the cache. The second lookup will be a lot faster since it stores locally the resolution. Perform the command:

dig www.linux.org

On the fourth last line is the 'Query time:'. The value is the time to perform the name resolution. Remember the value and run the command a second time. The second time should have a reduced time from the first query.

DNS Forwarding

If a Domain Name needs to be resolved to an IP Address, then the system needs to send the name to a system to resolve it on the Internet.

We can edit the 'named' or 'bind9' service to allow the forwarding of name resolutions to a specific DNS Server. Set the DNS Servers to the DNS Servers set by your ISP so the servers are closer to your server rather than set a different one. In our example, we will set the default DNS Servers to the IP Addresses of 8.8.8.8 and 8.8.4.4.

If you are using VirtualBox, then the default DNS Server is the same as your HOST system. It can override these as we will perform.

The main configuration file for the BIND service is '/etc/named.conf' on CentOS. Ubuntu uses the files '/etc/bind/named.conf.options' and '/etc/bind/named.conf.local'. So, we need to edit the file and you should see the contents similar to the following for CentOS in Figure 1.

Figure 1.JPG

FIGURE 1

There are two include files at the end of the list, not shown in Figure 1. It list further the actual edited file below in the section 'Ubuntu BIND Configuration'.

For Ubuntu, the one file, '/etc/bind/named.conf.options', is shown in Figure 2.

Figure 2.JPG

FIGURE 2

CentOS BIND Configuation


Open the file '/etc/named.conf' for editing. There are a few lines we need to change and two lines to add to make this work.

If you ran 'netstat -ltn' you should have seen that ports 53 and 953 are open for Ipv4 and Ipv6. We can disable Ipv6 and set Ipv4 to work on all network interfaces. So, fin the following lines and change them as shown:

listen-on port 53 { 127.0.0.1; };
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
listen-on-v6 port 53 { none; };
allow-query { localhost; };
allow-query { localhost; localnets; <local IP Address>; };


At the end of the 'options {' section, still within the curly brackets, add the lines:

forwarders { 8.8.8.8; 8.8.4.4; };
forward only;


You can change the DNS Servers that the requests are being forwarded to on the first line.

Ubuntu BIND Configuration

For an Ubuntu system, you can easily type in the same lines in the file '/etc/bind/named.conf' as the lines are for the CentOS system.

If you look, there is a section of folder names for the location of various files. Set the file locations as you require, making sure the paths exist. The edited file is:

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; localnets; 192.168.199.0/24; };

recursion yes;

dnssec-enable yes;
dnssec-validation yes;

bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders { 8.8.8.8; 8.8.4.4; };
forward only;
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


For Ubuntu, the two 'include' lines at the end need to be commented out. You also need to run the command 'sudo mkdir /var/named' to prevent some errors.

Checking the 'named.conf' File

Anytime you change 'named.conf', you can verify that we entered properly the contents with no syntax errors.

To verify the file, run the command 'named-checkconf'. Any errors are noted in a line-by-line output. Any errors, you need to go in and fix, re-save the file and then check the file again. Once all the errors are gone, then you should be fine.

Restart the Service

After the errors are all corrected, you need the changes to take effect on the system.

To have the old changes dropped from the current service and the new changes take effect, you need to restart the service. Use the command:

sudo systemctl restart <service name>

Remember, the service name for CentOS is 'named' and the service for Ubuntu is 'bind9'.

Conclusion

This is a good start to setting up DNS Servers on your network.

Make sure you understand how this all works. Maybe try setting up a DNS Server a few times.
 


There will be more additions to the DNS when it is used more in the article "LFCS: Mail Server".

I will just write another article for installing DNS on Ubuntu. It's more involved than CentOS and the directions are not working as I thought. I also have to add more info on making a forward and reverse lookup zone.

I'll get on this to fix this.
 
Last edited:
Actually, just ignore all the instructions for Ubuntu. They are wrong. I'm not sure how I had it working with these instructions. At least working enough. I'll have better instructions coming in the article: 'LFCS – DNS and E-mail (Ubuntu and some CentOS)'.
 

Members online


Top