How to set up an DNS server using bind
- 2021-07-26 09:16:11
- OfStack
DNS (Domain Name Server, a domain name server) is a server for translating a domain name (domain name) and a corresponding IP address (IP address).
The Domain Name System Domain Name System, more commonly known as DNS, translates or translates a domain name into an IP address associated with the domain. DNS is the reason why you can find your favorite website by name instead of typing IP address in your browser. This guide will show you how to configure a main DNS system and client.
The following are the system details used in this article's examples:
dns01.fedora.local ( 192.168.1.160 ) - Lord DNS Server
client.fedora.local ( 192.168.1.136 ) - Client
DNS Server Configuration
Install the bind package using sudo:
$ sudo dnf install bind bind-utils -y
The bind package provides
/etc/named.conf
Configuration file for you to configure DNS server.
Edit/etc/named. conf file:
sudo vi /etc/named.conf
Find the following lines:
listen-on port 53 { 127.0.0.1; };
Add the IP address of the primary DNS server as follows:
listen-on port 53 { 127.0.0.1; 192.168.1.160; };
Find the following lines:
allow-query { localhost; };
Add local network scope. The sample system uses an IP address in the range of 192.168. 1. X. Specify as follows:
allow-query { localhost; 192.168.1.0/24; };
Specify forwarding and reverse zones. The zone file Zone file is a text file with DNS information on the system, such as IP address and host name. Forwarding the zone file forward zone file makes it possible to convert host names to IP addresses. The reverse zone file reverse zone file is the opposite. It allows remote systems to translate IP addresses to host names.
In
/etc/named.conf
Find the following lines at the bottom of the file:
include "/etc/named.rfc1912.zones";
Here, you will specify the area file information directly above the line, as follows:
zone "dns01.fedora.local" IN {
type master;
file "forward.fedora.local";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.fedora.local";
allow-update { none; };
};
forward.fedora.local 和 reverse.fedora.local
File is the name of the zone file to be created. They can be any name.
Save and exit.
Create a zone file
Create you in
/etc/named.conf
Forward and reverse zone files specified in the file:
$ sudo vi /var/named/forward.fedora.local
Add the following line:
$ sudo dnf install bind bind-utils -y
0
All bold (LCTT) content is specific to your environment. Save the file and exit. Next, edit
reverse.fedora.local
Documents:
$ sudo vi /var/named/reverse.fedora.local
Add the following line:
$TTL 86400
@ IN SOA dns01.fedora.local. root.fedora.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS dns01.fedora.local.
@ IN PTR fedora.local.
dns01 IN A 192.168.1.160
client IN A 192.168.1.136
160 IN PTR dns01.fedora.local.
136 IN PTR client.fedora.local.
All bold (LCTT) content is specific to your environment. Save the file and exit.
You also need to configure SELinux and add proper ownership to the configuration file.
$ sudo dnf install bind bind-utils -y
3
Configure the firewall:
$ sudo dnf install bind bind-utils -y
4
Check the configuration for syntax errors
$ sudo dnf install bind bind-utils -y
5
If there is no output or an error is returned, then your configuration is valid.
Check forward and reverse zone files.
$ sudo dnf install bind bind-utils -y
6
You should see the response of "OK":
zone forward.fedora.local/IN: loaded serial 2011071001 OK zone reverse.fedora.local/IN: loaded serial 2011071001 OK
Enable and start the DNS service
$ sudo systemctl enable named
$ sudo systemctl start named
Configure the resolv. conf file
Edit
/etc/resolv.conf
Documents:
$ sudo vi /etc/resolv.conf
Find your current nameserver line. On the sample system, the modem/router is used as the name server, so it currently looks like this:
nameserver 192.168.1.1
This requires changing the IP address of the primary DNS server:
nameserver 192.168.1.160
Save your changes and exit.
Unfortunately, one point needs to be paid attention to. If the system restarts or the network restarts, NetworkManager will overwrite
/etc/resolv.conf
Files. This means that you will lose all the changes you have made.
To prevent this from happening, set the
/etc/resolv.conf
Make immutable:
$ sudo dnf install bind bind-utils -y
9
If you want to reset it, you need to allow it to be overwritten again:
$ sudo chattr -i /etc/resolv.conf
Testing the DNS server
$ dig fedoramagazine.org
; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> fedoramagazine.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8391
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good)
;; QUESTION SECTION:
;fedoramagazine.org. IN A
;; ANSWER SECTION:
fedoramagazine.org. 50 IN A 35.197.52.145
;; AUTHORITY SECTION:
fedoramagazine.org. 86150 IN NS ns05.fedoraproject.org.
fedoramagazine.org. 86150 IN NS ns02.fedoraproject.org.
fedoramagazine.org. 86150 IN NS ns04.fedoraproject.org.
;; ADDITIONAL SECTION:
ns02.fedoraproject.org. 86150 IN A 152.19.134.139
ns04.fedoraproject.org. 86150 IN A 209.132.181.17
ns05.fedoraproject.org. 86150 IN A 85.236.55.10
ns02.fedoraproject.org. 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5
ns05.fedoraproject.org. 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5
;; Query time: 830 msec
;; SERVER: 192.168.1.160#53(192.168.1.160)
;; WHEN: Mon Jan 06 08:46:05 CST 2020
;; MSG SIZE rcvd: 266
Several things need to be checked to verify that the DNS server is running properly. Obviously, it is important to get results, but this in itself does not mean that the DNS server is actually working properly.
The QUERY, ANSWER, and AUTHORITY fields at the top should appear as non-zero, as shown in our example:
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6
And the SERVER field should have the IP address of your DNS server:
;; SERVER: 192.168.1.160#53(192.168.1.160)
If this is the first time you have run the dig command, please note that it takes 830 milliseconds to complete the query:
;; Query time: 830 msec
If you run it again, the query will be faster:
$ dig fedoramagazine.org
;; Query time: 0 msec
;; SERVER: 192.168.1.160#53(192.168.1.160)
Client Configuration
Client configuration will be much simpler.
To install the bind program:
$ sudo dnf install bind-utils -y
Edit
/etc/resolv.conf
File and configure the main DNS as a 1-only name server:
$ sudo vi /etc/resolv.conf
It looks like this:
nameserver 192.168.1.160
Save your changes and exit. Then, make the/etc/resolv. conf file immutable, prevent it from being overwritten and go back to the default settings:
$ sudo chattr +i /etc/resolv.conf
Test client
You should get the same results as the DNS server:
$ dig fedoramagazine.org
; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> fedoramagazine.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8391
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good)
;; QUESTION SECTION:
;fedoramagazine.org. IN A
;; ANSWER SECTION:
fedoramagazine.org. 50 IN A 35.197.52.145
;; AUTHORITY SECTION:
fedoramagazine.org. 86150 IN NS ns05.fedoraproject.org.
fedoramagazine.org. 86150 IN NS ns02.fedoraproject.org.
fedoramagazine.org. 86150 IN NS ns04.fedoraproject.org.
;; ADDITIONAL SECTION:
ns02.fedoraproject.org. 86150 IN A 152.19.134.139
ns04.fedoraproject.org. 86150 IN A 209.132.181.17
ns05.fedoraproject.org. 86150 IN A 85.236.55.10
ns02.fedoraproject.org. 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5
ns05.fedoraproject.org. 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5
;; Query time: 1 msec
;; SERVER: 192.168.1.160#53(192.168.1.160)
;; WHEN: Mon Jan 06 08:46:05 CST 2020
;; MSG SIZE rcvd: 266
Make sure that SERVER outputs the IP address of your DNS server.
Your DNS server setup is complete, and now all requests from clients will go through your DNS server!
Why build a simple DNS server?
(1) When the external network DNS crashes, such as the storm door, we can use our own DNS for emergency response
(2) Provide internal IP address resolution for intranet websites, or realize double-line resolution
(3) When your ISP limits level 2 domain names and advanced management features, you need to build your own DNS server to meet your own needs
(4) Avoid DNS hijacking
(5) Integration with other solutions
Summarize