Wednesday, July 28, 2010

DNS server Howto

root@station37 ~# yum install bind* caching-nameserver
Loading "rhnplugin" plugin
Loading "installonlyn" plugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Setting up repositories
rhel-debuginfo 100% |=========================| 951 B 00:00
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for bind-chroot to pack into transaction set.
bind-chroot-9.3.3-7.el5.i 100% |=========================| 38 kB 00:00
---> Package bind-chroot.i386 30:9.3.3-7.el5 set to be updated
---> Downloading header for bind-sdb to pack into transaction set.
bind-sdb-9.3.3-7.el5.i386 100% |=========================| 40 kB 00:00
---> Package bind-sdb.i386 30:9.3.3-7.el5 set to be updated
---> Downloading header for bind-libbind-devel to pack into transaction set.
bind-libbind-devel-9.3.3- 100% |=========================| 41 kB 00:00
---> Package bind-libbind-devel.i386 30:9.3.3-7.el5 set to be updated
---> Downloading header for bind-devel to pack into transaction set.
bind-devel-9.3.3-7.el5.i3 100% |=========================| 82 kB 00:00
---> Package bind-devel.i386 30:9.3.3-7.el5 set to be updated
---> Downloading header for caching-nameserver to pack into transaction set.
caching-nameserver-9.3.3- 100% |=========================| 39 kB 00:00
---> Package caching-nameserver.i386 30:9.3.3-7.el5 set to be updated
---> Downloading header for bind to pack into transaction set.
bind-9.3.3-7.el5.i386.rpm 100% |=========================| 49 kB 00:00
---> Package bind.i386 30:9.3.3-7.el5 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
bind i386 30:9.3.3-7.el5 rhel-debuginfo 954 k
bind-chroot i386 30:9.3.3-7.el5 rhel-debuginfo 38 k
bind-devel i386 30:9.3.3-7.el5 rhel-debuginfo 2.6 M
bind-libbind-devel i386 30:9.3.3-7.el5 rhel-debuginfo 440 k
bind-sdb i386 30:9.3.3-7.el5 rhel-debuginfo 223 k
caching-nameserver i386 30:9.3.3-7.el5 rhel-debuginfo 55 k

Transaction Summary
=============================================================================
Install 6 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

Total download size: 4.2 M
Is this ok y/N: y
Downloading Packages:
(1/6): bind-chroot-9.3.3- 100% |=========================| 38 kB 00:00
(2/6): bind-sdb-9.3.3-7.e 100% |=========================| 223 kB 00:00
(3/6): bind-libbind-devel 100% |=========================| 440 kB 00:00
(4/6): bind-devel-9.3.3-7 100% |=========================| 2.6 MB 00:02
(5/6): caching-nameserver 100% |=========================| 55 kB 00:00
(6/6): bind-9.3.3-7.el5.i 100% |=========================| 954 kB 00:01
Running Transaction Test
warning: bind-chroot-9.3.3-7.el5: Header V3 DSA signature: NOKEY, key ID 37017186
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: bind ######################### 1/6
Installing: bind-chroot ######################### 2/6
Locating /var/named/chroot//etc/named.conf failed:
FAILED
Installing: bind-sdb ######################### 3/6
Installing: bind-libbind-devel ######################### 4/6
Installing: bind-devel ######################### 5/6
Installing: caching-nameserver ######################### 6/6

Installed: bind.i386 30:9.3.3-7.el5 bind-chroot.i386 30:9.3.3-7.el5 bind-devel.i386 30:9.3.3-7.el5 bind-libbind-devel.i386 30:9.3.3-7.el5 bind-sdb.i386 30:9.3.3-7.el5 caching-nameserver.i386 30:9.3.3-7.el5
Complete!
root@station37 ~#

root@station37 ~# grep -i rootdir /etc/sysconfig/named
# ROOTDIR="/some/where" -- will run named in a chroot environment.
# at startup. Don't add -t here, use ROOTDIR instead.
# its zone files and create files in its $ROOTDIR/var/named
# Slave zones should reside in the $ROOTDIR/var/named/slaves
ROOTDIR=/var/named/chroot
root@station37 ~#

As default named.conf does not exist, we will use named.caching-nameserver.conf as template.

root@server1 /var/named/chroot/etc<1002>#cp named.caching-nameserver.conf named.conf

Change the text shown in bold in named.conf

root@server1 /var/named/chroot/etc<1004>#cat named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.254; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};

root@server1 /var/named/chroot/etc<1005>#vim named.conf 

acl "myaddress" { 127.0.0.1; 192.168.0.254; };
acl "mynetwork" { 192.168.0.0/24; };
options {
//here 192.168.0.254 is the computer ip itself, you need to add your ip with 127.0.0.1
listen-on port 53 { 127.0.0.1; 192.168.0.254; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
//add all ip or network in allow-query which you want to serve thedns service
allow-query { mynetwork; 192.168.0.0/24; };
//specify which ip can only transfer information mostly it slave
allow-transfer { 192.168.0.12; };
//This is your next dns server, our server will forward the query to this server
forwarders { 192.168.0.254; }; 
forward only; 
};

root@server1 /var/named/chroot/etc<1007>#ll named.conf
-rw-r----- 1 root root 1003 Apr 2 19:58 named.conf04
root@server1 /var/named/chroot/etc<1008>#chgrp named named.conf
root@server1 /var/named/chroot/etc<1009>#ll named.conf
-rw-r----- 1 root named 1003 Apr 2 19:58 named.conf
root@server1 /var/named/chroot/etc<1010>#

root@server1 /var/named/chroot/etc<1010>#cat /etc/resolv.conf

search example.com
nameserver 127.0.0.1
or
nameserver 192.168.0.254

root@server1 /var/named/chroot/etc<1011>#service named restart
Stopping named: . OK 
Starting named: OK 
You have new mail in /var/spool/mail/root
root@server1 /var/named/chroot/etc<1012>#

root@server1 /var/named/chroot/etc<1012>#digwww.yahoo.com

; <<>> DiG 9.3.3rc2 <<>> www.yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59797
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 9, ADDITIONAL: 9

;; QUESTION SECTION:
;www.yahoo.com. IN A

;; ANSWER SECTION:
www.yahoo.com. 79 IN CNAME www.yahoo-ht3.akadns.net.
www.yahoo-ht3.akadns.net. 10 IN A 87.248.113.14

;; AUTHORITY SECTION:
akadns.net. 1255 IN NS za.akadns.org.
akadns.net. 1255 IN NS zb.akadns.org.
akadns.net. 1255 IN NS zc.akadns.org.
akadns.net. 1255 IN NS zd.akadns.org.
akadns.net. 1255 IN NS eur1.akadns.net.
akadns.net. 1255 IN NS use3.akadns.net.
akadns.net. 1255 IN NS use4.akadns.net.
akadns.net. 1255 IN NS usw2.akadns.net.
akadns.net. 1255 IN NS asia9.akadns.net.

;; ADDITIONAL SECTION:
za.akadns.org. 84058 IN A 195.219.3.169
zb.akadns.org. 84058 IN A 206.132.100.105
zc.akadns.org. 84058 IN A 124.211.40.4
zd.akadns.org. 84058 IN A 63.209.3.132
eur1.akadns.net. 7011 IN A 213.254.204.197
use3.akadns.net. 6953 IN A 204.2.178.133
use4.akadns.net. 1256 IN A 208.44.108.137
usw2.akadns.net. 1255 IN A 63.209.3.132
asia9.akadns.net. 1255 IN A 220.73.220.4

;; Query time: 106 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 2 20:03:32 2008
;; MSG SIZE rcvd: 403

root@server1 /var/named/chroot/etc<1013>#

root@server1 /var/named/chroot/etc<1013>#dig -x 203.88.142.210

; <<>> DiG 9.3.3rc2 <<>> -x 203.88.142.210
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2582
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;210.142.88.203.in-addr.arpa. IN PTR

;; ANSWER SECTION:
210.142.88.203.in-addr.arpa. 26001 IN PTRice.142.client210.youtele.com.

;; AUTHORITY SECTION:
142.88.203.in-addr.arpa. 19187 IN NS ns1.youtele.com.
142.88.203.in-addr.arpa. 19187 IN NS ns2.youtele.com.

;; ADDITIONAL SECTION:
ns1.youtele.com. 84044 IN A 203.187.192.15
ns2.youtele.com. 84044 IN A 203.187.192.12

;; Query time: 42 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 2 20:04:02 2008
;; MSG SIZE rcvd: 156

root@server1 /var/named/chroot/etc<1014>#

root@server1 /var/named/chroot/etc<1014>#dig -t mxredhat.com

; <<>> DiG 9.3.3rc2 <<>> -t mx redhat.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18533
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 6

;; QUESTION SECTION:
;redhat.com. IN MX

;; ANSWER SECTION:
redhat.com. 600 IN MX 5 mx3.redhat.com.
redhat.com. 600 IN MX 10 mx1.redhat.com.
redhat.com. 600 IN MX 20 mx2.redhat.com.

;; AUTHORITY SECTION:
redhat.com. 110 IN NS ns1.redhat.com.
redhat.com. 110 IN NS ns2.redhat.com.
redhat.com. 110 IN NS ns3.redhat.com.

;; ADDITIONAL SECTION:
mx3.redhat.com. 600 IN A 66.187.233.32
mx1.redhat.com. 600 IN A 66.187.233.31
mx2.redhat.com. 600 IN A 66.187.237.31
ns1.redhat.com. 141132 IN A 66.187.233.210
ns2.redhat.com. 115746 IN A 66.187.224.210
ns3.redhat.com. 88512 IN A 66.187.229.10

;; Query time: 359 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 2 20:04:27 2008
;; MSG SIZE rcvd: 238

root@server1 /var/named/chroot/etc<1015>#

root@server1 /var/named/chroot/etc<1017>#cat named.rfc1912.zones >> named.conf

root@server1 /var/named/chroot/etc<1018>#cat named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
root@server1 /var/named/chroot/etc<1019>#

root@server1 /var/named/chroot/etc<1022>#vim named.conf04

// decleration of the zone file for example.com domain
//forward zone

zone "example.com" IN {
type master;
file "example.com.zone";
};
//reverse zone

zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
};

------------
Now let us add the data to zone files.


root@server1 /var/named/chroot/etc<1023>#cd ../var/named/


root@server1 /var/named/chroot/var/named<1026>#cp localhost.zone example.com.zone04
root@server1 /var/named/chroot/var/named<1027>#hostname
server1.example.com


root@server1 /var/named/chroot/var/named<1029>#sed 's/@/server1.example.com./g' example.com.zone04
$TTL 86400
server1.example.com. IN SOA server1.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

IN NS server1.example.com.
IN A 127.0.0.1
IN AAAA ::1

root@server1 /var/named/chroot/var/named<1030>#

root@server1 /var/named/chroot/var/named<1030>#sed -i 's/@/server1.example.com./g' example.com.zone04

root@server1 /var/named/chroot/var/named<1031>#cat example.com.zone04
$TTL 86400
server1.example.com. IN SOA server1.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

IN NS server1.example.com.
IN A 127.0.0.1
IN AAAA ::1

root@server1 /var/named/chroot/var/named<1032>#

root@server1 /var/named/chroot/var/named<1032>#sed 's/root/root.server1.example.com./g' example.com.zone04
$TTL 86400
server1.example.com. IN SOA server1.example.com.root.server1.example.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

IN NS server1.example.com.
IN A 127.0.0.1
IN AAAA ::1

You have new mail in /var/spool/mail/root
root@server1 /var/named/chroot/var/named<1033>#sed -i 's/root/root.server1.example.com./g' example.com.zone04

root@server1 /var/named/chroot/var/named<1033>#vim example.com.zone04



$TTL 86400
example.com. IN SOA server1.example.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

@ IN NS server1.example.com.

;Let us record the data for forward lookup
;owner TTL Cl type RDATA
server1.example.com. IN A 192.168.0.254



root@server1 /var/named/chroot/var/named<1034>#for i in {1..254}
> do
> echo "station$i IN A 192.168.0.$i"
> done
station1 IN A 192.168.0.1
station2 IN A 192.168.0.2
station3 IN A 192.168.0.3
station4 IN A 192.168.0.4
station5 IN A 192.168.0.5
station6 IN A 192.168.0.6


root@server1 /var/named/chroot/var/named<1035>#for i in {1..254}; do echo "station$i IN A 192.168.0.$i"; done >> example.com.zone04
root@server1 /var/named/chroot/var/named<1036>#

root@server1 /var/named/chroot/var/named<1036>#chgrp named example.com.zone04You have new mail in /var/spool/mail/root
root@server1 /var/named/chroot/var/named<1037>#ll example.com.zone04
-rw-r----- 1 root named 12303 Apr 2 20:39 example.com.zone04
root@server1 /var/named/chroot/var/named<1038>#


root@server1 /var/named/chroot/var/named<1038>#ls
127.0.0.zone 192.168.1.zone example.com.zone04 named.broadcast sham@124.125.145.85
192.168.0.zone cracker.org.zone example.com.zone11 named.caslaves
192.168.0.zone01 data example.com.zone20 named.ip6.local
192.168.0.zone20 elmex.net.zone example.com.zonebkp named.local
192.168.0.zonebkp example.com.zone localdomain.zone named.zero
192.168.0.zone.elmex example.com.zone01 localhost.zone rh320
root@server1 /var/named/chroot/var/named<1039>#cat named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
root@server1 /var/named/chroot/var/named<1040>#cp named.local 192.168.0.zone04
root@server1 /var/named/chroot/var/named<1041>#


root@server1 /var/named/chroot/var/named<1041>#sed 's/localhost/server1.example.com/g' 192.168.0.zone04
$TTL 86400
@ IN SOA server1.example.comroot.server1.example.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server1.example.com.
1 IN PTR server1.example.com.
root@server1 /var/named/chroot/var/named<1042>#

root@server1 /var/named/chroot/var/named<1042>#sed -i 's/localhost/server1.example.com/g' 192.168.0.zone04
You have new mail in /var/spool/mail/root
root@server1 /var/named/chroot/var/named<1043>#
root@server1 /var/named/chroot/var/named<1043>#vim 192.168.0.zone04

$TTL 86400
0.168.192.in-addr.arpa. IN SOA server1.example.com.root.server1.example.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS server1.example.com.

;data recording for reverse lookup
254 IN PTR server1.example.com.


root@server1 /var/named/chroot/var/named<1044>#for i in {1..254}
> do
> echo "$i IN PTR station$i.example.com."
> done
1 IN PTR station1.example.com.
2 IN PTR station2.example.com.
3 IN PTR station3.example.com.
4 IN PTR station4.example.com.
5 IN PTR station5.example.com.
6 IN PTR station6.example.com.
7 IN PTR station7.example.com.
8 IN PTR station8.example.com.
9 IN PTR station9.example.com.
10 IN PTR station10.example.com.
11 IN PTR station11.example.com.
12 IN PTR station12.example.com.

root@server1 /var/named/chroot/var/named<1045>#for i in {1..254}; do echo "$i IN PTR station$i.example.com."; done >> 192.168.0.zone04

root@server1 /var/named/chroot/var/named<1046>#chgrp named 192.168.0.zone04
root@server1 /var/named/chroot/var/named<1047>#ll 192.168.0.zone04
-rw-r----- 1 root named 13265 Apr 2 20:51 192.168.0.zone04
root@server1 /var/named/chroot/var/named<1048>#
root@server1 /var/named/chroot/var/named<1048>#service named restart
Stopping named: OK 
Starting named: OK 
root@server1 /var/named/chroot/var/named<1049>#