Bind DNS Server Configuration in Chrooted Environment by Babar Zahoor
Updated :08-01-2011
Purpose: Configuration of DNS (Bind) server in chroot environment.
OS CentOS 5.4 X86_64
——————————————————-
Please Install the bind packages
——————————————————-
[[email protected] ~]# yum install bind bind-utils bind-* Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: virror.hanoilug.org * extras: ftp.hostrino.com * updates: ftp.hostrino.com addons | 951 B 00:00 extras | 1.1 kB 00:00 ftp | 2.1 kB 00:00 updates | 1.9 kB 00:00 updates/primary_db | 444 kB 00:00 Setting up Install Process Package 30:bind-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version Package 30:bind-utils-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version Package 30:bind-sdb-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version Package 30:bind-chroot-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version Package 30:bind-devel-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version Package 30:bind-devel-9.3.6-4.P1.el5_4.1.i386 already installed and latest version Package 30:bind-libs-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version Package 30:bind-libs-9.3.6-4.P1.el5_4.1.i386 already installed and latest version Package 30:bind-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version Package 30:bind-utils-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386 already installed and latest version Nothing to do
———————————————————————
Please Configure Static IP and Default Gateway
———————————————————————
[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static IPADDR=192.168.1.100 NETMASK=255.255.255.0 ONBOOT=yes HWADDR=00:16:36:73:7e:4f
wq!
[[email protected] ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:16:36:73:7E:4F inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::216:36ff:fe73:7e4f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1641 errors:0 dropped:0 overruns:0 frame:0 TX packets:950 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:192907 (188.3 KiB) TX bytes:117111 (114.3 KiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:105 errors:0 dropped:0 overruns:0 frame:0 TX packets:105 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:10213 (9.9 KiB) TX bytes:10213 (9.9 KiB)
[[email protected] ~]# [[email protected] ~]# vi /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=dns.compnay.com GATEWAY=192.168.1.1
wq!
——————————————————————————————————————————————————————————
Now we are going to configure the Bind service please copy the files content and modify with your network settings
——————————————————————————————————————————————————————————
[[email protected] ~]# [[email protected] ~]# cd /var/named/chroot/ [[email protected] chroot]# ll total 24 drwxr-x—- 2 root named 4096 Dec 1 00:00 dev drwxr-x—- 2 root named 4096 Jan 4 04:42 etc dr-xr-xr-x 85 root root 0 Jan 11 22:41 proc drwxr-x—- 6 root named 4096 Dec 1 00:00 var [[email protected] chroot]#
———————————————-
Now create zone file named.conf
———————————————-
[[email protected] chroot]# vi etc/named.conf
options { directory “/var/named”; // the default dump-file “data/cache_dump.db”; statistics-file “data/named_stats.txt”; memstatistics-file “data/named_mem_stats.txt”;
};
zone “.” IN { type hint; file “named.root”; };
zone “localhost” IN { type master; file “localhost.fwd”; allow-update { none; }; };
zone “0.0.127.in-addr.arpa” IN { type master; file “localhost.rev”; allow-update { none; }; };
zone “compnay.com” IN { type master; file “compnay.com.fwd”; allow-update { none; }; };
zone “1.168.192.in-addr.arpa” IN { type master; file “compnay.com.rev”; allow-update { none; }; };
wq!
[[email protected] chroot]# cd var/named
[[email protected] named]#
—————————————
Now create named.root file
—————————————
[[email protected] named]#
First We confiure named.root file for root dns
[[email protected] named]# vi named.root . 6D IN NS A.ROOT-SERVERS.NET. . 6D IN NS B.ROOT-SERVERS.NET. . 6D IN NS C.ROOT-SERVERS.NET. . 6D IN NS D.ROOT-SERVERS.NET. . 6D IN NS E.ROOT-SERVERS.NET. . 6D IN NS F.ROOT-SERVERS.NET. . 6D IN NS G.ROOT-SERVERS.NET. . 6D IN NS H.ROOT-SERVERS.NET. . 6D IN NS I.ROOT-SERVERS.NET. . 6D IN NS J.ROOT-SERVERS.NET. . 6D IN NS K.ROOT-SERVERS.NET. . 6D IN NS L.ROOT-SERVERS.NET. . 6D IN NS M.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4 B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201 C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12 D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90 E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10 F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241 G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4 H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53 I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17 J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30 K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129 L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
wq!
————————————————————————————————————————————————————————————————— Now create zone db files one by one localhost.fwd and the localhost.rev are must then your network zone files forward and reverse —————————————————————————————————————————————————————————————————
[[email protected] named]# vi localhost.fwd $ORIGIN localhost. $TTL 86400 @ IN SOA ns1.compnay.com. ns1.compnay.com. ( 20100104 ; Serial number 3H ; Refresh 1 day 15M ; Retry 2 hours 1W ; Expire 41.67 days 1D ) ; Minimum TTL 2 days
@ IN NS dns.compnay.com.
localhost. IN A 127.0.0.1
wq! ##### Save the file after copying the content from here. #####
[[email protected] named]# vi localhost.rev $ORIGIN 0.0.127.in-addr.arpa. $TTL 86400 @ IN SOA ns1.compnay.com. ns1.compnay.com. ( 20100104 ; Serial number 3H ; Refresh 1 day 15M ; Retry 2 hours 1W ; Expire 41.67 days 1D ) ; Minimum TTL 2 days
@ IN NS ns1.compnay.com.
1.0.0.127.in-addr.arpa. IN PTR localhost.
wq!
[[email protected] named]# vi compnay.com.fwd $ORIGIN compnay.com. $TTL 86400 @ IN SOA ns1.compnay.com. ns1.compnay.com. ( 20100104 ; Serial number 3H ; Refresh 1 day 15M ; Retry 2 hours 1W ; Expire 41.67 days 1D ) ; Minimum TTL 2 days
@ IN NS ns1.compnay.com.
proxy.compnay.com. IN A 192.168.1.253
wq!
[[email protected] named]# vi compnay.com.rev $ORIGIN 1.168.192.in-addr.arpa. $TTL 86400 @ IN SOA ns1.compnay.com. root.compnay.com. ( 20100104 ; Serial number 3H ; Refresh 1 day 15M ; Retry 2 hours 1W ; Expire 41.67 days 1D ) ; Minimum TTL 2 days
@ IN NS ns1.compnay.com. 253.1.168.192.in-addr.arpa. IN PTR proxy.compnay.com.
wq!
[[email protected] ~]# vi /etc/resolv.conf search compnay.com nameserver 192.168.1.254
wq!
————————————————————————————————-
Configuration has been done now start “/etc/init.d/named” service
————————————————————————————————-
[[email protected] ~]# /etc/init.d/named start Starting named: [ OK ] [[email protected] ~]# dig yahoo.com
; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» yahoo.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 46559
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 2;; QUESTION SECTION:
;yahoo.com. IN A;; ANSWER SECTION:
yahoo.com. 21600 IN A 209.191.93.53
yahoo.com. 21600 IN A 69.147.114.224
yahoo.com. 21600 IN A 209.131.36.159;; AUTHORITY SECTION:
yahoo.com. 172800 IN NS ns1.yahoo.com.
yahoo.com. 172800 IN NS ns2.yahoo.com.
yahoo.com. 172800 IN NS ns3.yahoo.com.
yahoo.com. 172800 IN NS ns4.yahoo.com.
yahoo.com. 172800 IN NS ns5.yahoo.com.
yahoo.com. 172800 IN NS ns6.yahoo.com.
yahoo.com. 172800 IN NS ns8.yahoo.com.;; ADDITIONAL SECTION:
ns6.yahoo.com. 172800 IN A 202.43.223.170
ns8.yahoo.com. 172800 IN A 202.165.104.22;; Query time: 643 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:01:01 2010
;; MSG SIZE rcvd: 233[[email protected] ~]#
—————————————————————————
Now please open ports for named server for network
—————————————————————————
[[email protected] ~]# iptables -A INPUT -p tcp -m multiport —dport 53,953 -j ACCEPT [[email protected] ~]# iptables -A INPUT -p udp -m multiport —dport 53,953 -j ACCEPT [[email protected] ~]# [[email protected] ~]# /etc/init.d/iptables save Saving firewall rules to /etc/sysconfig/iptables: [ OK ] [[email protected] ~]# [[email protected] ~]# dig ns1.compnay.com
; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» ns1.compnay.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 29732
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:
;ns1.compnay.com. IN A;; ANSWER SECTION:
ns1.compnay.com. 86400 IN A 192.168.1.100;; AUTHORITY SECTION:
compnay.com. 86400 IN NS ns1.compnay.com.;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:13:33 2010
;; MSG SIZE rcvd: 66
[[email protected] ~]# [[email protected] ~]# dig www.compnay.com
; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» www.compnay.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 10800
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:
;www.compnay.com. IN A;; ANSWER SECTION:
www.compnay.com. 86400 IN A 192.168.1.102;; AUTHORITY SECTION:
compnay.com. 86400 IN NS ns1.compnay.com.;; ADDITIONAL SECTION:
ns1.compnay.com. 86400 IN A 192.168.1.100;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:14:09 2010
;; MSG SIZE rcvd: 86
[[email protected] ~]#
ALLHAMDULILLAH We have configured proper bind server on CentOs 5.4
Note:Please install bind packages and then copy the files text from this configuration and paste to your server.
Also modify the settings as per your network machine names and their IP’s.