LFCS – DNS and E-mail (Ubuntu and some CentOS)

Jarret B

Well-Known Member
Staff member
Joined
May 22, 2017
Messages
348
Reaction score
387
Credits
12,246
Okay, I looked back over the LFCS – BIND DNS Management, and noticed that the instructions were not complete. I was missing the forward and reverse lookup zones. I will cover these for Ubuntu and CentOS, as well as going over in detail setting up DNS for Ubuntu.

This should help complete the DNS installation for CentOS and the complete installation for Ubuntu. I'll cover the DNS installation for Ubuntu completely, then the section on Forward and Reverse Zones will be the same for Ubuntu and CentOS. Then I'll cover the e-mail system for Ubuntu. At that point, it should catch us up for both Ubuntu and CentOS for the LFCS, so that we are more than halfway through.

Ubuntu DNS Server

The instructions for Ubuntu are completely wrong, sorry about that. We'll go over it all for Ubuntu.

You need to install the Bind9 Service and utilities. Use the following command:

sudo apt install -y bind9 bind9utilis

This will get the files you need for installing DNS.

You need to edit the file '/etc/bind/named.conf.options'. There is a line with '// forwarders'. You need to remove the slashes from it and the next 2 lines. On the second line is '0.0.0.0' which needs to be changed to '192.168.32.101', which is your local system (server1). Add a blank line after the line you edited and add the domain server '8.8.8.8' as a secondary server. This will allow you to resolve names for systems not on the local network. Go down to the line that is 'listen-on-v6' and change is to '// listen-on-v6' to comment it out. Save the changes and exit your editor.

We need to open Port 53 for DNS. You'll need to enable and start 'ufw' as well as open the port, use the commands:

sudo systemctl enable ufw
sudo systemctl start ufw
sudo ufw allow 53/tcp
sudo ufw -u


NOTE: For CentOS, 'ufw' needs to be installed but requires the 'epel-release' repository.

You now need to restart the service for the changes to take effect. You can do this with the command:

sudo systemctl restart bind9

We now need to specify the forward and reverse lookup files to use. We can do this on both Ubuntu and CentOS. The files will be the same, we just specify the file in a different place.

Forward and Reverse Zones

A Forward Zone allows a system to convert a Host Name to an IP Address. For example, on our network, we can convert the Host Name 'server1.example.com' to the IP Address of '192.168.32.101'.

A Reverse Zone will allow a system to convert an IP Address back to the Host Name. So, if we know the address '192.168.32.103', it would let us know that the system with the IP Address is 'server3.example.com'.

So, on Ubuntu, we edit the file '/etc/bind/named.conf.local' and add the following lines at the end of the file:

zone "example.com" {
type master;
file "/etc/bind/zones/forward.example.com";
};
zone "32.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/reverse.example.com";
};


We set the first zone as the Forward Zone. It shows the location and name of the zone. The second zone lists location and name of the Reverse Zone. The address of the network, in reverse, is '32.168.192'. Now, we only need to create the files. For Ubuntu, you need to create the folders with the command 'sudo mkdir -p /etc/bind/zones'.

Let's look at setting the location and filename in CentOS. The configuration file in CentOS is '/etc/named.conf'. There should be an existing Zone, so add the above two zones right after it. The only thing to change is to not specify a location of the two files, only a filename. The location will default to '/var/named/'.

The files we create will be identical, just in different locations. Make sure you get the locations correct.

The 'forward.example.com' file should contain the following information:

$TTL86400
@INSOAserver1.example.com. root.example.com. (
1001;serial
3600;refresh
1800;retry
6048000;expire
86400;minimum ttl
)

@INNSserver1.example.com.
@INA192.168.32.101
server1INA192.168.32.101
server2INA192.168.32.102
server3INA192.168.32.103


And the 'reverse.example.com' should have:

$TTL 86400
@ IN SOA server1.example.com. root.example.com. (
1001 ;serial
3600 ;refresh
1800 ;retry
604800 ;expire
86400 ;minimum ttl
)

@ IN NS server1.example.com.
@ IN PTR example.com.
server1 IN A 192.168.32.101
server2 IN A 192.168.32.102
server3 IN A 192.168.32.103
101 IN PTR server1.example.com.
102 IN PTR server2.example.com.
103 IN PTR server3.example.com.


With the two files filled in, you can restart the service. For Ubuntu, execute 'sudo systemctl restart bind9'. For CentOS, perform 'sudo systemctl restart named'.

On Ubuntu, if you list the contents of '/etc/resolv.conf', you will not see your DNS Server listed, or even the domain name. So, we need to install a package with the command 'sudo apt install -y resolvconf'. After the installation is complete, switch to '/etc/resolvconf/resolv.conf.d' and edit the 'head' file. Add in the following lines:

nameserver 192.168.32.101
nameserver 8.8.8.8
search example.com


You should see the items added to the beginning of the '/etc/rsolv.conf' file. If they do not appear, then run the command 'sudo resolvconf -u' to update the file.

The DNS Zones should work now. You can test the Reverse Zone with the command 'dig -x 192.168.32.102'. The 'Answer Section' should list 'server2.example.com'.

We can do a Forward Lookup by issuing the command 'nslookup server3.example.com'. The resulting IP Address is '192.168.32.103'.

The same commands should work on CentOS to verify DNS is working. At an extreme, reboot and check any errors in 'sudo systemctl status <service name>'. For CentOS it is 'named' and for Ubuntu it is 'bind9'. Once we fixed any errors, restart the service.

E-mail Server

I previously wrote an article on making a CentOS system an e-mail server, so now we can cover setting up an Ubuntu E-Mail Server.

NOTE: If you have not read the previous article on the E-mail server, please do so here.

The first step is to install Postfix. Use the command:

sudo apt install -y postfix

During the install, it will give you a message which you need to select 'OK'. If you are using the mail server for more than a test system, read the information to determine the type you need. The next screen will ask what type if installation, choose 'Local Only' for our test system. You may need to choose another type in a production environment, as noted above. For the System Mail Name, type in the Fully Qualified Domain Name (FQDN). In my case it is 'server1.example.com'. After entering the FQDN, the installation will continue.

Once done, you'll need to make some changes in the Postfix configuration file '/etc/postfix/main.cf'. The editing is not done directly into the file. There is a 'postconf' program to get the values of variables or to set the values. We need to set two values. Just make sure you have elevated privileges, with the commands:

postconf -e inet_interfaces=all
postconf -e inet_protocols=ipv4
postconf -e "mydestination=$myhostname, server1.example.com, localhost.example.com, localhost, $mydomain"


The parameter '-e' is used to edit the value of the variable. If you use either the command 'postconf inet_protocols' or 'postconf inet_interfaces', you'll see that it has changed the entry. It has not loaded the changes, so the Postfix service needs restarted:

sudo systemctl restart postfix

But, in our case, it has not started the service. You can use the two commands to set to auto-start when the system boots and to start it now:

sudo systemctl enable postfix
sudo systemctl start postfix


Use the command 'netstat -lnt' to see that it set Port 25 on the IP Address '0.0.0.0', which means all interfaces.

Next, we need a mail client, so install one with:

sudo apt install -y mailutils

Next, we need to set the permissions on the folder '/var/mail'. This is the location for mail when sent to a user. The folder needs to be owned by the 'postfix' user and group. We need to set specific permissions on the folder and included files. Use the commands to accomplish this:

sudo chown -R postfix:postfix /var/mail
sudo chmod -R 660 mail
chmod -R +x mail


If you check the mail with the app 'mail', you'll get an error. It does not create the mailbox until you email the specific user to create their mailbox.

mail <user>@server1.example.com

In my case, I'll email my user account at '[email protected]'. Enter a value for ‘Cc:’, or press enter if there should be no Carbon Copy (Cc). Enter a Subject. Then, after pressing enter, enter your body of the email. Press CTRL-D when you are done.

To check your mail, just enter the command 'mail'. The program will determine the user as the currently logged in user. You can specify a specific user with the command 'mail -u <user>'.

Mail DNS Entry

We need to add a Mail entry for the server in the forward lookup zone. The entry will be at the end:

example.com. MX 10 server1.example.com.

We place the entry into the file '/etc/bind/zones/forward.example.com'. It shows the domain name (example.com), that it is a Mail entry (MX), the mail server is 'server1.example.com'. The 10 is a preference level. The lower the preference, the more likely it is used. We only have one mail server, so we will use it all the time.

NOTE: We can send mail to '<user>@example.com' if we wanted instead of sending to a specific server.

Restart the DNS Service with the command 'sudo systemctl restart bind9'.

You can verify the MX record with the command 'dig -t mx example.com' The answer section should return the line in the 'forward.example.com' file.

IMAP and POP3 Service

We have mail working, so now we need to access the mail remotely.

We'll use 'dovecot' to manage the IMAP and POP3 services.

Let's get it installed and then configure it.

sudo apt install -y dovecot-imapd dovecot-pop3d

Edit the file '/etc/dovecot/dovecot.conf' and add the line 'protocols=imap pop3 lmtp'. There is a commented line '#listen = *, ::', change it to 'listen = *'.

In the file '/etc/dovecot/conf.d/10-ssl.conf', change the line 'ssl=yes' to 'ssl=no'. Save and exit your editor.

It does not enable dovecot to auto-start and currently not running, so use the next two commands to manage that:

sudo systemctl enable dovecot
sudo systemctl start dovecot


The Ports also need to be opened for IMAP (143) and POP3 (110) with the commands:

sudo ufw allow 143/tcp
sudo ufw allow 110/tcp


Dovecot should work, but to test it, we'll need to install an email client that uses IMAP/POP3.

MUTT

MUTT is an email client that we can use to test from remote systems. Install it with:

sudo apt install -y mutt

Everything should work, but if not and you have permission issues, run the command 'll' in the '/var/spool' folder. You should see that the 'mail' folder is linked to '../mail'. There should also be a 'lock' file which is used to lock the mail folder. Check that you performed all the commands above to change permissions to the files and folders.

Before running mutt, create a file in your home folder called '.muttrc'. Place the following line in it and change the username and server name accordingly:

set spoolfile = imap://[email protected]

Mutt uses the file to connect automatically to the specific server and mailbox.

Every time Mutt is run, it will ask you for your password. The first time, it will ask you to create a local mailbox.

If you use 'd' to delete a message, it will not remove it until you exit Mutt.

These are the basics of setting up an Email Server. Just know, the e-mail server will not work well without DNS running properly.

Conclusion

In a business environment, an Email Server may be mandatory if you plan on using internal mail with a registered domain name.

Be sure to have DNS set up as well, so everything works smoothly.

Definitely understand setting up the DNS Server backwards and forwards. The ability to do this is useful in real-life situations.
 

Members online

No members online now.

Top