Bind DNS Server Configuration in Chrooted Environment by Babar Zahoor

Learn | Teach Open Source Technologies

Bind DNS Server Configuration in Chrooted Environment by Babar Zahoor

Updated :08-01-2011

Purpose: Configuration of DNS (Bind) server in chroot environment.

OS CentOS 5.4 X86_64

——————————————————-
Please Install the bind packages
——————————————————-

[[email protected] ~]# yum install bind bind-utils bind-*
 Loaded plugins: fastestmirror
 Loading mirror speeds from cached hostfile
 * addons: virror.hanoilug.org
 * extras: ftp.hostrino.com
 * updates: ftp.hostrino.com
 addons | 951 B 00:00
 extras | 1.1 kB 00:00
 ftp | 2.1 kB 00:00
 updates | 1.9 kB 00:00
 updates/primary_db | 444 kB 00:00
 Setting up Install Process
 Package 30:bind-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-utils-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-sdb-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-chroot-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-devel-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-devel-9.3.6-4.P1.el5_4.1.i386 already installed and latest version
 Package 30:bind-libs-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-libs-9.3.6-4.P1.el5_4.1.i386 already installed and latest version
 Package 30:bind-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-utils-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386 already installed and latest version
 Nothing to do

———————————————————————
Please Configure Static IP and Default Gateway
———————————————————————

[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
 DEVICE=eth0
 BOOTPROTO=static
 IPADDR=192.168.1.100
 NETMASK=255.255.255.0
 ONBOOT=yes
 HWADDR=00:16:36:73:7e:4f
wq!

[[email protected] ~]# ifconfig
 eth0 Link encap:Ethernet HWaddr 00:16:36:73:7E:4F
 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
 inet6 addr: fe80::216:36ff:fe73:7e4f/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:1641 errors:0 dropped:0 overruns:0 frame:0
 TX packets:950 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:192907 (188.3 KiB) TX bytes:117111 (114.3 KiB)
lo Link encap:Local Loopback
 inet addr:127.0.0.1 Mask:255.0.0.0
 inet6 addr: ::1/128 Scope:Host
 UP LOOPBACK RUNNING MTU:16436 Metric:1
 RX packets:105 errors:0 dropped:0 overruns:0 frame:0
 TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:10213 (9.9 KiB) TX bytes:10213 (9.9 KiB)
[[email protected] ~]#
 [[email protected] ~]# vi /etc/sysconfig/network
 NETWORKING=yes
 NETWORKING_IPV6=no
 HOSTNAME=dns.compnay.com
 GATEWAY=192.168.1.1

wq!

——————————————————————————————————————————————————————————
Now we are going to configure the Bind service please copy the files content and modify with your network settings
——————————————————————————————————————————————————————————

[[email protected] ~]#
 [[email protected] ~]# cd /var/named/chroot/
 [[email protected] chroot]# ll
 total 24
 drwxr-x—- 2 root named 4096 Dec 1 00:00 dev
 drwxr-x—- 2 root named 4096 Jan 4 04:42 etc
 dr-xr-xr-x 85 root root 0 Jan 11 22:41 proc
 drwxr-x—- 6 root named 4096 Dec 1 00:00 var
 [[email protected] chroot]#

———————————————-
Now create zone file named.conf
———————————————-

 

[[email protected] chroot]# vi etc/named.conf
options
 {
 directory “/var/named”; // the default
 dump-file “data/cache_dump.db”;
 statistics-file “data/named_stats.txt”;
 memstatistics-file “data/named_mem_stats.txt”;
};
zone “.” IN {
 type hint;
 file “named.root”;
 };
zone “localhost” IN {
 type master;
 file “localhost.fwd”;
 allow-update { none; };
 };
zone “0.0.127.in-addr.arpa” IN {
 type master;
 file “localhost.rev”;
 allow-update { none; };
 };
zone “compnay.com” IN {
 type master;
 file “compnay.com.fwd”;
 allow-update { none; };
 };
zone “1.168.192.in-addr.arpa” IN {
 type master;
 file “compnay.com.rev”;
 allow-update { none; };
 };
wq!
[[email protected] chroot]# cd var/named
[[email protected] named]#

—————————————
Now create named.root file
—————————————

[[email protected] named]#

First We confiure named.root file for root dns

 

[[email protected] named]# vi named.root
 . 6D IN NS A.ROOT-SERVERS.NET.
 . 6D IN NS B.ROOT-SERVERS.NET.
 . 6D IN NS C.ROOT-SERVERS.NET.
 . 6D IN NS D.ROOT-SERVERS.NET.
 . 6D IN NS E.ROOT-SERVERS.NET.
 . 6D IN NS F.ROOT-SERVERS.NET.
 . 6D IN NS G.ROOT-SERVERS.NET.
 . 6D IN NS H.ROOT-SERVERS.NET.
 . 6D IN NS I.ROOT-SERVERS.NET.
 . 6D IN NS J.ROOT-SERVERS.NET.
 . 6D IN NS K.ROOT-SERVERS.NET.
 . 6D IN NS L.ROOT-SERVERS.NET.
 . 6D IN NS M.ROOT-SERVERS.NET.
 A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
 B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
 C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
 D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
 E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
 F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
 G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
 H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
 I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
 J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
 K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
 L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
wq!
—————————————————————————————————————————————————————————————————
 Now create zone db files one by one localhost.fwd and the localhost.rev are must then your network zone files forward and reverse
 —————————————————————————————————————————————————————————————————

 

[[email protected] named]# vi localhost.fwd
 $ORIGIN localhost.
 $TTL 86400
 @ IN SOA ns1.compnay.com. ns1.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days
@ IN NS dns.compnay.com.
localhost. IN A 127.0.0.1
wq! ##### Save the file after copying the content from here. #####
[[email protected] named]# vi localhost.rev
 $ORIGIN 0.0.127.in-addr.arpa.
 $TTL 86400
 @ IN SOA ns1.compnay.com. ns1.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days
@ IN NS ns1.compnay.com.
1.0.0.127.in-addr.arpa. IN PTR localhost.
wq!
[[email protected] named]# vi compnay.com.fwd
 $ORIGIN compnay.com.
 $TTL 86400
 @ IN SOA ns1.compnay.com. ns1.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days
@ IN NS ns1.compnay.com.
proxy.compnay.com. IN A 192.168.1.253
wq!
[[email protected] named]# vi compnay.com.rev
 $ORIGIN 1.168.192.in-addr.arpa.
 $TTL 86400
 @ IN SOA ns1.compnay.com. root.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days
@ IN NS ns1.compnay.com.
 253.1.168.192.in-addr.arpa. IN PTR proxy.compnay.com.
wq!
[[email protected] ~]# vi /etc/resolv.conf
 search compnay.com
 nameserver 192.168.1.254
wq!

————————————————————————————————-
Configuration has been done now start “/etc/init.d/named” service
————————————————————————————————-

 

[[email protected] ~]# /etc/init.d/named start
 Starting named: [ OK ]
 [[email protected] ~]# dig yahoo.com

; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» yahoo.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 46559
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 2

;; QUESTION SECTION:
;yahoo.com. IN A

;; ANSWER SECTION:
yahoo.com. 21600 IN A 209.191.93.53
yahoo.com. 21600 IN A 69.147.114.224
yahoo.com. 21600 IN A 209.131.36.159

;; AUTHORITY SECTION:
yahoo.com. 172800 IN NS ns1.yahoo.com.
yahoo.com. 172800 IN NS ns2.yahoo.com.
yahoo.com. 172800 IN NS ns3.yahoo.com.
yahoo.com. 172800 IN NS ns4.yahoo.com.
yahoo.com. 172800 IN NS ns5.yahoo.com.
yahoo.com. 172800 IN NS ns6.yahoo.com.
yahoo.com. 172800 IN NS ns8.yahoo.com.

;; ADDITIONAL SECTION:
ns6.yahoo.com. 172800 IN A 202.43.223.170
ns8.yahoo.com. 172800 IN A 202.165.104.22

;; Query time: 643 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:01:01 2010
;; MSG SIZE rcvd: 233

[[email protected] ~]#

—————————————————————————
Now please open ports for named server for network
—————————————————————————

 

[[email protected] ~]# iptables -A INPUT -p tcp -m multiport —dport 53,953 -j ACCEPT
[[email protected] ~]# iptables -A INPUT -p udp -m multiport —dport 53,953 -j ACCEPT
[[email protected] ~]#
[[email protected] ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[[email protected] ~]#
[[email protected] ~]# dig ns1.compnay.com

; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» ns1.compnay.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 29732
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.compnay.com. IN A

;; ANSWER SECTION:
ns1.compnay.com. 86400 IN A 192.168.1.100

;; AUTHORITY SECTION:
compnay.com. 86400 IN NS ns1.compnay.com.

;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:13:33 2010
;; MSG SIZE rcvd: 66

[[email protected] ~]#
[[email protected] ~]# dig www.compnay.com

; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» www.compnay.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 10800
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.compnay.com. IN A

;; ANSWER SECTION:
www.compnay.com. 86400 IN A 192.168.1.102

;; AUTHORITY SECTION:
compnay.com. 86400 IN NS ns1.compnay.com.

;; ADDITIONAL SECTION:
ns1.compnay.com. 86400 IN A 192.168.1.100

;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:14:09 2010
;; MSG SIZE rcvd: 86

[[email protected] ~]#

ALLHAMDULILLAH We have configured proper bind server on CentOs 5.4

Note:Please install bind packages and then copy the files text from this configuration and paste to your server.
Also modify the settings as per your network machine names and their IP’s.