Bind DNS Server Configuration in Chrooted Environment by Babar Zahoor

Updated :08-01-2011

Purpose: Configuration of DNS (Bind) server in chroot environment.

OS CentOS 5.4 X86_64

——————————————————-
Please Install the bind packages
——————————————————-

[root@ns1 ~]# yum install bind bind-utils bind-*
 Loaded plugins: fastestmirror
 Loading mirror speeds from cached hostfile
 * addons: virror.hanoilug.org
 * extras: ftp.hostrino.com
 * updates: ftp.hostrino.com
 addons | 951 B 00:00
 extras | 1.1 kB 00:00
 ftp | 2.1 kB 00:00
 updates | 1.9 kB 00:00
 updates/primary_db | 444 kB 00:00
 Setting up Install Process
 Package 30:bind-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-utils-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-sdb-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-chroot-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-devel-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-devel-9.3.6-4.P1.el5_4.1.i386 already installed and latest version
 Package 30:bind-libs-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-libs-9.3.6-4.P1.el5_4.1.i386 already installed and latest version
 Package 30:bind-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-utils-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386 already installed and latest version
 Nothing to do

———————————————————————
Please Configure Static IP and Default Gateway
———————————————————————

[root@ns1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
 DEVICE=eth0
 BOOTPROTO=static
 IPADDR=192.168.1.100
 NETMASK=255.255.255.0
 ONBOOT=yes
 HWADDR=00:16:36:73:7e:4f

wq!

[root@ns1 ~]# ifconfig
 eth0 Link encap:Ethernet HWaddr 00:16:36:73:7E:4F
 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
 inet6 addr: fe80::216:36ff:fe73:7e4f/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:1641 errors:0 dropped:0 overruns:0 frame:0
 TX packets:950 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:192907 (188.3 KiB) TX bytes:117111 (114.3 KiB)

lo Link encap:Local Loopback
 inet addr:127.0.0.1 Mask:255.0.0.0
 inet6 addr: ::1/128 Scope:Host
 UP LOOPBACK RUNNING MTU:16436 Metric:1
 RX packets:105 errors:0 dropped:0 overruns:0 frame:0
 TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:10213 (9.9 KiB) TX bytes:10213 (9.9 KiB)

[root@ns1 ~]#
 [root@ns1 ~]# vi /etc/sysconfig/network
 NETWORKING=yes
 NETWORKING_IPV6=no
 HOSTNAME=dns.compnay.com
 GATEWAY=192.168.1.1

wq!

——————————————————————————————————————————————————————————
Now we are going to configure the Bind service please copy the files content and modify with your network settings
——————————————————————————————————————————————————————————

[root@ns1 ~]#
 [root@ns1 ~]# cd /var/named/chroot/
 [root@ns1 chroot]# ll
 total 24
 drwxr-x—- 2 root named 4096 Dec 1 00:00 dev
 drwxr-x—- 2 root named 4096 Jan 4 04:42 etc
 dr-xr-xr-x 85 root root 0 Jan 11 22:41 proc
 drwxr-x—- 6 root named 4096 Dec 1 00:00 var
 [root@ns1 chroot]#

———————————————-
Now create zone file named.conf
———————————————-

 

[root@ns1 chroot]# vi etc/named.conf

options
 {
 directory “/var/named”; // the default
 dump-file “data/cache_dump.db”;
 statistics-file “data/named_stats.txt”;
 memstatistics-file “data/named_mem_stats.txt”;

};

zone “.” IN {
 type hint;
 file “named.root”;
 };

zone “localhost” IN {
 type master;
 file “localhost.fwd”;
 allow-update { none; };
 };

zone “0.0.127.in-addr.arpa” IN {
 type master;
 file “localhost.rev”;
 allow-update { none; };
 };

zone “compnay.com” IN {
 type master;
 file “compnay.com.fwd”;
 allow-update { none; };
 };

zone “1.168.192.in-addr.arpa” IN {
 type master;
 file “compnay.com.rev”;
 allow-update { none; };
 };

wq!

[root@ns1 chroot]# cd var/named

[root@ns1 named]#

—————————————
Now create named.root file
—————————————

[root@ns1 named]#

First We confiure named.root file for root dns

 

[root@ns1 named]# vi named.root
 . 6D IN NS A.ROOT-SERVERS.NET.
 . 6D IN NS B.ROOT-SERVERS.NET.
 . 6D IN NS C.ROOT-SERVERS.NET.
 . 6D IN NS D.ROOT-SERVERS.NET.
 . 6D IN NS E.ROOT-SERVERS.NET.
 . 6D IN NS F.ROOT-SERVERS.NET.
 . 6D IN NS G.ROOT-SERVERS.NET.
 . 6D IN NS H.ROOT-SERVERS.NET.
 . 6D IN NS I.ROOT-SERVERS.NET.
 . 6D IN NS J.ROOT-SERVERS.NET.
 . 6D IN NS K.ROOT-SERVERS.NET.
 . 6D IN NS L.ROOT-SERVERS.NET.
 . 6D IN NS M.ROOT-SERVERS.NET.
 A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
 B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
 C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
 D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
 E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
 F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
 G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
 H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
 I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
 J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
 K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
 L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33

wq!

—————————————————————————————————————————————————————————————————
 Now create zone db files one by one localhost.fwd and the localhost.rev are must then your network zone files forward and reverse
 —————————————————————————————————————————————————————————————————

 

[root@ns1 named]# vi localhost.fwd
 $ORIGIN localhost.
 $TTL 86400
 @ IN SOA ns1.compnay.com. ns1.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days

@ IN NS dns.compnay.com.

localhost. IN A 127.0.0.1

wq! ##### Save the file after copying the content from here. #####

[root@ns1 named]# vi localhost.rev
 $ORIGIN 0.0.127.in-addr.arpa.
 $TTL 86400
 @ IN SOA ns1.compnay.com. ns1.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days

@ IN NS ns1.compnay.com.

1.0.0.127.in-addr.arpa. IN PTR localhost.

wq!

[root@ns1 named]# vi compnay.com.fwd
 $ORIGIN compnay.com.
 $TTL 86400
 @ IN SOA ns1.compnay.com. ns1.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days

@ IN NS ns1.compnay.com.

proxy.compnay.com. IN A 192.168.1.253

wq!

[root@ns1 named]# vi compnay.com.rev
 $ORIGIN 1.168.192.in-addr.arpa.
 $TTL 86400
 @ IN SOA ns1.compnay.com. root.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days

@ IN NS ns1.compnay.com.
 253.1.168.192.in-addr.arpa. IN PTR proxy.compnay.com.

wq!

[root@ns1 ~]# vi /etc/resolv.conf
 search compnay.com
 nameserver 192.168.1.254

wq!

————————————————————————————————-
Configuration has been done now start “/etc/init.d/named” service
————————————————————————————————-

 

[root@ns1 ~]# /etc/init.d/named start
 Starting named: [ OK ]
 [root@ns1 ~]# dig yahoo.com

; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» yahoo.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 46559
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 2

;; QUESTION SECTION:
;yahoo.com. IN A

;; ANSWER SECTION:
yahoo.com. 21600 IN A 209.191.93.53
yahoo.com. 21600 IN A 69.147.114.224
yahoo.com. 21600 IN A 209.131.36.159

;; AUTHORITY SECTION:
yahoo.com. 172800 IN NS ns1.yahoo.com.
yahoo.com. 172800 IN NS ns2.yahoo.com.
yahoo.com. 172800 IN NS ns3.yahoo.com.
yahoo.com. 172800 IN NS ns4.yahoo.com.
yahoo.com. 172800 IN NS ns5.yahoo.com.
yahoo.com. 172800 IN NS ns6.yahoo.com.
yahoo.com. 172800 IN NS ns8.yahoo.com.

;; ADDITIONAL SECTION:
ns6.yahoo.com. 172800 IN A 202.43.223.170
ns8.yahoo.com. 172800 IN A 202.165.104.22

;; Query time: 643 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:01:01 2010
;; MSG SIZE rcvd: 233

[root@ns1 ~]#

—————————————————————————
Now please open ports for named server for network
—————————————————————————

 

[root@ns1 ~]# iptables -A INPUT -p tcp -m multiport —dport 53,953 -j ACCEPT
[root@ns1 ~]# iptables -A INPUT -p udp -m multiport —dport 53,953 -j ACCEPT
[root@ns1 ~]#
[root@ns1 ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@ns1 ~]#
[root@ns1 ~]# dig ns1.compnay.com

; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» ns1.compnay.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 29732
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.compnay.com. IN A

;; ANSWER SECTION:
ns1.compnay.com. 86400 IN A 192.168.1.100

;; AUTHORITY SECTION:
compnay.com. 86400 IN NS ns1.compnay.com.

;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:13:33 2010
;; MSG SIZE rcvd: 66

[root@ns1 ~]#
[root@ns1 ~]# dig www.compnay.com

; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» www.compnay.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 10800
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.compnay.com. IN A

;; ANSWER SECTION:
www.compnay.com. 86400 IN A 192.168.1.102

;; AUTHORITY SECTION:
compnay.com. 86400 IN NS ns1.compnay.com.

;; ADDITIONAL SECTION:
ns1.compnay.com. 86400 IN A 192.168.1.100

;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:14:09 2010
;; MSG SIZE rcvd: 86

[root@ns1 ~]#

ALLHAMDULILLAH We have configured proper bind server on CentOs 5.4

Note:Please install bind packages and then copy the files text from this configuration and paste to your server.
Also modify the settings as per your network machine names and their IP’s.