Introduction to building a DNS server under centos7

1. Project environment:

2: DNS server configuration

i: Configure forward parsing:

Basic environment configuration

[root@kevin ~]# hostname
kevin
[root@kevin ~]# getenforce
Disabled
[root@kevin ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)
[root@kevin ~]#

2. Install the DNS server software and start it

[root@kevin ~]# yum install -y bind
 
[root@kevin ~]# systemctl start named

3. The main configuration file /etc/named.conf, the global configuration file for the DNS service.

For safety, back up the file before modifying it. The group of this file is special, belonging to the named group

[root@kevin ~]# cp -p /etc/named.conf /etc/named.conf.bak

4. Modify the main configuration file named.conf: Line 13: Listening address Line 21: Client addresses allowed to query using this server

All are changed to any

[root@kevin ~]# vi /etc/named.conf
 
 
listen-on port 53 { any; };
allow-query { any; };

5. Modify the zone configuration file /etc/named.rfc1912.zones, which is used to indicate which zone’s data is stored in which file. Following the format of the existing content in the file, add a forward lookup zone kevin.com at the end of the file, the type is primary zone, and the data is kevin.com.zone;

[root@kevin ~]# vi /etc/named.rfc1912.zones
 
zone "kevin.com" IN {
        type master;
        file "kevin.com.zone";
        allow-update { none; };
};

6. According to step 5, add the forward zone data file. There is no need to create a new data file. You can copy the file named.localhost provided in the /var/named directory and name it kevin.com.zone and modify it. Modify the content of kevin.com.zone to:

[root@kevin ~]# cp -p /var/named/named.localhost /var/named/kevin.com.zone

[root@kevin ~]# vi /var/named/kevin.com.zone
 
$TTL 1D
@ IN SOA @ rname.invalid. (
                                        0 ; serial
                                        1D ; refresh
                                        1H ; retry
                                        1W ; expire
                                        3H ) ; minimum
        NS@
        A 192.168.100.10
dns IN A 192.168.100.10
win IN A 192.168.100.20
www IN A 192.168.100.30
blog IN A 192.168.100.40
        AAAA::1

7. Reload the configuration file of the DNS service

[root@kevin ~]# rndc reload
server reload successful
[root@kevin ~]#

If the load fails, you can use named-checkconf /etc/named.conf and named-checkzone kevin.com /var/named/kevin.com.zone to check where the error occurred.

[root@kevin ~]# named-checkconf /etc/named.conf
[root@kevin ~]# named-checkzone kevin.com /var/named/kevin.com.zone
zone kevin.com/IN: loaded serial 0
OK

8. After completion, you can first test it locally on the DNS server, modify /etc/resolv.conf, and write the address of the DNS server (that is, the local address of the server):

(bind-utils) is an auxiliary toolkit for the DNS server. For example, dig is mainly used to query host address information from the DNS domain name server and can be used to test whether the domain name system is working properly.

Or tools such as nslookup

[root@kevin ~]# vi /etc/resolv.conf
 
# Generated by NetworkManager
nameserver 8.8.8.8

[root@kevin ~]# yum install bind-utils
[root@kevin ~]# dig www.kevin.com @192.168.100.10
 
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> www.kevin.com @192.168.100.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62498
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.kevin.com. IN A
 
;; ANSWER SECTION:
www.kevin.com. 86400 IN A 192.168.100.30
 
;; AUTHORITY SECTION:
kevin.com. 86400 IN NS kevin.com.
 
;; ADDITIONAL SECTION:
kevin.com. 86400 IN A 192.168.100.10
 
;; Query time: 0 msec
;; SERVER: 192.168.100.10#53(192.168.100.10)
;; WHEN: Sat Dec 18 14:48:23 CST 2021
;; MSG SIZE rcvd: 88
 

9: Local test access is normal. On other clients, adjust the preferred DNS server address of the network card to the DNS server address set in the above table, and then query the relevant records:

C:\Users\Kevin>nslookup
Default Server: UnKnown
Address: 192.168.100.10
 
> www.kevin.com
Server: UnKnown
Address: 192.168.100.10
 
Name: www.kevin.com
Address: 192.168.100.30
 
> blog.kevin.com
Server: UnKnown
Address: 192.168.100.10
 
Name: blog.kevin.com
Address: 192.168.100.40
 
>

Currently, it is possible to query the IP address corresponding to a host by the host name, but it is not possible to query the corresponding host name by the IP address because there is no reverse lookup zone configured.

ii: Configure reverse resolution

1. The main idea is the same as forward search area configuration. The main configuration file does not need to be modified. Modify the auxiliary configuration file and add a reverse lookup zone at the end of the document. Pay attention to the naming format of the reverse lookup zone name:

[root@kevin ~]# vi /etc/named.rfc1912.zones
 
zone "100.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.100.arpa";
        allow-update { none; };
};

2. Copy the reverse parsing file template and modify it:

[root@kevin ~]# cp -p /var/named/named.loopback /var/named/192.168.100.arpa
[root@kevin ~]# vi /var/named/192.168.100.arpa
 
$TTL 1D
@ IN SOA @ rname.invalid. (
                                        0 ; serial
                                        1D ; refresh
                                        1H ; retry
                                        1W ; expire
                                        3H ) ; minimum
        NS dns.kevin.com.
dns IN A 192.168.100.10
10 IN PTR dns.kevin.com.
20 IN PTR win.kevin.com.
30 IN PTR www.kevin.com.
40 IN PTR blog.kevin.com.

Reload the configuration file:

[root@kevin ~]# systemctl restart named
[root@kevin ~]# rndc reload
server reload successful

3: Test whether the reverse resolution is correct on the client:

C:\Users\Kevin>nslookup
Default server: dns.kevin.com
Address: 192.168.100.10
 
> 192.168.100.30
Server: dns.kevin.com
Address: 192.168.100.10
 
Name: www.kevin.com
Address: 192.168.100.30
 
> 192.168.100.40
Server: dns.kevin.com
Address: 192.168.100.10
 
Name: blog.kevin.com
Address: 192.168.100.40
 
>

Three: Configure the master-slave server:

Through the previous operations, the DNS primary server has been configured and can work normally. Start the second CentOS host and configure it as a slave server of the first DNS server so that the DNS data on the first host can be transmitted to the second host through the network.

1: Edit the /etc/named.conf file and change the listening IP address to any

vi /etc/named.conf
 
listen-on port 53 { any; };
allow-query { any; };

2: Edit /etc/named.rfc1912.zones, create or copy the required forward/reverse lookup zone files from the first host (the zone resolution library files of the slave server should be loaded from the master server, so there is no need to create zone resolution library files.), and modify the content, changing the type to slave

[root@likevin ~]# vi /etc/named.rfc1912.zones
 
zone "kevin.com" IN {
        type slave; //Type masters {192.168.100.10;}; //Host file "slaves/kevin.com.zone"; //Configuration file storage location and name masterfile-format text; //Document type};
 
zone "100.168.192.in-addr.arpa" IN {
        type slave;
        masters {192.168.100.10;};
        file "slaves/192.168.100.arpa";
        masterfile-format text;
};

3: Restart the named service and check whether there are any files transferred from the host in the slaves folder

[root@likevin ~]# systemctl restart named
[root@likevin ~]# rndc reload
server reload successful
[root@likevin ~]# ll /var/named/slaves/
Total dosage 8
-rw-r--r-- 1 named named 517 December 18 16:14 192.168.100.arpa
-rw-r--r-- 1 named named 349 December 18 16:14 kevin.com.zone

[root@likevin ~]# vi /var/named/slaves/192.168.100.arpa
 
$ORIGIN .
$TTL 86400 ; 1 day
100.168.192.in-addr.arpa IN SOA 100.168.192.in-addr.arpa. rname.invalid. (
                                0 ; serial
                                86400 ; refresh (1 day)
                                3600 ; retry (1 hour)
                                604800 ; expire (1 week)
                                10800; minimum (3 hours)
                                )
                        NS dns.kevin.com.
$ORIGIN 100.168.192.in-addr.arpa.
10 PTR dns.kevin.com.
20 PTR win.kevin.com.
30 PTR www.kevin.com.
40 PTR blog.kevin.com.
dns A 192.168.100.10

[root@likevin ~]# vi /var/named/slaves/kevin.com.zone
 
$ORIGIN .
$TTL 86400 ; 1 day
kevin.com IN SOA kevin.com. rname.invalid. (
                                0 ; serial
                                86400 ; refresh (1 day)
                                3600 ; retry (1 hour)
                                604800 ; expire (1 week)
                                10800; minimum (3 hours)
                                )
                        NS kevin.com.
                        A 192.168.100.10
$ORIGIN kevin.com.
blog A 192.168.100.40
dns A 192.168.100.10
win A 192.168.100.20
www A 192.168.100.30

This is the end of this article about setting up a DNS server under centos7. For more information about setting up a DNS server under centos7, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!