How to set up an DNS server using bind

  • 2021-07-26 09:16:11
  • OfStack

DNS (Domain Name Server, a domain name server) is a server for translating a domain name (domain name) and a corresponding IP address (IP address).

The Domain Name System Domain Name System, more commonly known as DNS, translates or translates a domain name into an IP address associated with the domain. DNS is the reason why you can find your favorite website by name instead of typing IP address in your browser. This guide will show you how to configure a main DNS system and client.

The following are the system details used in this article's examples:


dns01.fedora.local  ( 192.168.1.160 ) -  Lord  DNS  Server 
client.fedora.local  ( 192.168.1.136 ) -  Client 

DNS Server Configuration

Install the bind package using sudo:


$ sudo dnf install bind bind-utils -y

The bind package provides /etc/named.conf Configuration file for you to configure DNS server.

Edit/etc/named. conf file:


sudo vi /etc/named.conf

Find the following lines:


listen-on port 53 { 127.0.0.1; };

Add the IP address of the primary DNS server as follows:


listen-on port 53 { 127.0.0.1; 192.168.1.160; };

Find the following lines:


allow-query { localhost; };

Add local network scope. The sample system uses an IP address in the range of 192.168. 1. X. Specify as follows:


allow-query { localhost; 192.168.1.0/24; };

Specify forwarding and reverse zones. The zone file Zone file is a text file with DNS information on the system, such as IP address and host name. Forwarding the zone file forward zone file makes it possible to convert host names to IP addresses. The reverse zone file reverse zone file is the opposite. It allows remote systems to translate IP addresses to host names.

In /etc/named.conf Find the following lines at the bottom of the file:


include "/etc/named.rfc1912.zones";

Here, you will specify the area file information directly above the line, as follows:


zone "dns01.fedora.local" IN {
 type master;
 file "forward.fedora.local";
 allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
 type master;
 file "reverse.fedora.local";
 allow-update { none; };
};

forward.fedora.local 和 reverse.fedora.local File is the name of the zone file to be created. They can be any name.

Save and exit.

Create a zone file

Create you in /etc/named.conf Forward and reverse zone files specified in the file:


$ sudo vi /var/named/forward.fedora.local

Add the following line:


$ sudo dnf install bind bind-utils -y
0

All bold (LCTT) content is specific to your environment. Save the file and exit. Next, edit reverse.fedora.local Documents:


$ sudo vi /var/named/reverse.fedora.local

Add the following line:


$TTL 86400
@ IN SOA dns01.fedora.local. root.fedora.local. (
 2011071001 ;Serial
 3600 ;Refresh
 1800 ;Retry
 604800 ;Expire
 86400 ;Minimum TTL
)
@ IN NS dns01.fedora.local.
@ IN PTR fedora.local.
dns01 IN A 192.168.1.160
client IN A 192.168.1.136
160 IN PTR dns01.fedora.local.
136 IN PTR client.fedora.local.

All bold (LCTT) content is specific to your environment. Save the file and exit.

You also need to configure SELinux and add proper ownership to the configuration file.


$ sudo dnf install bind bind-utils -y
3

Configure the firewall:


$ sudo dnf install bind bind-utils -y
4

Check the configuration for syntax errors


$ sudo dnf install bind bind-utils -y
5

If there is no output or an error is returned, then your configuration is valid.

Check forward and reverse zone files.


$ sudo dnf install bind bind-utils -y
6

You should see the response of "OK":

zone forward.fedora.local/IN: loaded serial 2011071001 OK zone reverse.fedora.local/IN: loaded serial 2011071001 OK

Enable and start the DNS service


$ sudo systemctl enable named
$ sudo systemctl start named

Configure the resolv. conf file

Edit /etc/resolv.conf Documents:


$ sudo vi /etc/resolv.conf

Find your current nameserver line. On the sample system, the modem/router is used as the name server, so it currently looks like this:

nameserver 192.168.1.1

This requires changing the IP address of the primary DNS server:

nameserver 192.168.1.160

Save your changes and exit.

Unfortunately, one point needs to be paid attention to. If the system restarts or the network restarts, NetworkManager will overwrite /etc/resolv.conf Files. This means that you will lose all the changes you have made.

To prevent this from happening, set the /etc/resolv.conf Make immutable:


$ sudo dnf install bind bind-utils -y
9

If you want to reset it, you need to allow it to be overwritten again:


$ sudo chattr -i /etc/resolv.conf

Testing the DNS server


$ dig fedoramagazine.org
; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> fedoramagazine.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8391
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good)
 ;; QUESTION SECTION:
 ;fedoramagazine.org. IN A
;; ANSWER SECTION:
 fedoramagazine.org. 50 IN A 35.197.52.145
;; AUTHORITY SECTION:
 fedoramagazine.org. 86150 IN NS ns05.fedoraproject.org.
 fedoramagazine.org. 86150 IN NS ns02.fedoraproject.org.
 fedoramagazine.org. 86150 IN NS ns04.fedoraproject.org.
;; ADDITIONAL SECTION:
 ns02.fedoraproject.org. 86150 IN A 152.19.134.139
 ns04.fedoraproject.org. 86150 IN A 209.132.181.17
 ns05.fedoraproject.org. 86150 IN A 85.236.55.10
 ns02.fedoraproject.org. 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5
 ns05.fedoraproject.org. 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5
 ;; Query time: 830 msec
 ;; SERVER: 192.168.1.160#53(192.168.1.160)
 ;; WHEN: Mon Jan 06 08:46:05 CST 2020
 ;; MSG SIZE rcvd: 266

Several things need to be checked to verify that the DNS server is running properly. Obviously, it is important to get results, but this in itself does not mean that the DNS server is actually working properly.

The QUERY, ANSWER, and AUTHORITY fields at the top should appear as non-zero, as shown in our example:

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6

And the SERVER field should have the IP address of your DNS server:

;; SERVER: 192.168.1.160#53(192.168.1.160)

If this is the first time you have run the dig command, please note that it takes 830 milliseconds to complete the query:

;; Query time: 830 msec

If you run it again, the query will be faster:


$ dig fedoramagazine.org
;; Query time: 0 msec
;; SERVER: 192.168.1.160#53(192.168.1.160)

Client Configuration

Client configuration will be much simpler.

To install the bind program:

$ sudo dnf install bind-utils -y

Edit /etc/resolv.conf File and configure the main DNS as a 1-only name server:

$ sudo vi /etc/resolv.conf

It looks like this:

nameserver 192.168.1.160

Save your changes and exit. Then, make the/etc/resolv. conf file immutable, prevent it from being overwritten and go back to the default settings:


$ sudo chattr +i /etc/resolv.conf

Test client

You should get the same results as the DNS server:


$ dig fedoramagazine.org
; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> fedoramagazine.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8391
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good)
 ;; QUESTION SECTION:
 ;fedoramagazine.org. IN A
;; ANSWER SECTION:
 fedoramagazine.org. 50 IN A 35.197.52.145
;; AUTHORITY SECTION:
 fedoramagazine.org. 86150 IN NS ns05.fedoraproject.org.
 fedoramagazine.org. 86150 IN NS ns02.fedoraproject.org.
 fedoramagazine.org. 86150 IN NS ns04.fedoraproject.org.
;; ADDITIONAL SECTION:
 ns02.fedoraproject.org. 86150 IN A 152.19.134.139
 ns04.fedoraproject.org. 86150 IN A 209.132.181.17
 ns05.fedoraproject.org. 86150 IN A 85.236.55.10
 ns02.fedoraproject.org. 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5
 ns05.fedoraproject.org. 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5
 ;; Query time: 1 msec
 ;; SERVER: 192.168.1.160#53(192.168.1.160)
 ;; WHEN: Mon Jan 06 08:46:05 CST 2020
 ;; MSG SIZE rcvd: 266

Make sure that SERVER outputs the IP address of your DNS server.

Your DNS server setup is complete, and now all requests from clients will go through your DNS server!

Why build a simple DNS server?

(1) When the external network DNS crashes, such as the storm door, we can use our own DNS for emergency response

(2) Provide internal IP address resolution for intranet websites, or realize double-line resolution

(3) When your ISP limits level 2 domain names and advanced management features, you need to build your own DNS server to meet your own needs

(4) Avoid DNS hijacking

(5) Integration with other solutions

Summarize


Related articles: