I heard about CentOS long before as it gives all the enterprise level softwares for free those one have to buy when using Red Hat Enterprise Linux. So why not use CentOS and get Red Hat Enterprise like experience for free. Just as I planned, installed CentOS 5.5 on VMWare platform (my ultimate testing platform, kudos to virtualization) to carry out the DNS mission. Now the question is what DNS related configuration someone can make in a Linux box? A few minute of googeling revealed all the mystery. So here’s the thing:
-
When one need to browse the internet, s/he need to tell his machine the address of DNS server. Which can be configured in “/etc/resolv.conf” file by simply adding the line “nameserver IP address of the DNS server”. e.g “nameserver 192.168.1.1”. or if i put any IPv6 address then it’ll look like this “nameserver fe80::918b:9348:c07:5afe”
-
Making the linux box to work as caching nameserver. What’ll happen here is all other machines in the vicinity (mostly within the LAN) can use this machine as their nameserver to browse the internet.
-
Finally, a nameserver can forward my “zone files” if I’m hosting any website of my own so that someone on the Internet can find the location (which is eventually the IP address) of my website. Zone files basically contains records of my domain / sub-domain names and their corresponding IP addresses.
Installing Chroot-BIND with caching-nameserver:
yum install bind bind-chroot bind-libs bind-utils caching-nameserver
By default caching-nameserver is not installed on the system but other packages are supposed to be there. Still we can use yum to check whether they are updated or not.
BIND read configuration files from .conf files and then processes it accordingly. These .conf files are nothing but simple text files and can be copied from anywhere. Then all I did was modified it according to my need.
Initially I couldn’t find ‘named.conf’ in either “/etc/named.conf” or in “/var/named/chroot/etc/named.conf ” as those two locations are mentioned in most of the online articles. So this is how I located the “named.conf” file.
Commands used to locate “named.conf”:
# updatedb
# locate named.conf
Output:
/usr/share/doc/bind-9.3.6/sample/etc/named.conf
/usr/share/logwatch/default.conf/services/named.conf
/usr/share/man/man5/named.conf.5.gz
So I copied “/usr/share/doc/bind-9.3.6/sample/etc/named.conf” to “/var/named/chroot/etc/named.conf”:
# cp /usr/share/doc/bind-9.3.6/sample/etc/named.conf /var/named/chroot/etc/
The named.conf file who talks with bind after my modification( /var/named/chroot/etc/named.conf )
//
// Sample named.conf BIND DNS server ‘named’ configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator’s Reference Manual (ARM) for details, in:
// file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
// Those options should be used carefully because they disable port
// randomization
query-source port 53;
query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
allow-query { any; };
allow-query-cache { any; };
forwarders {
8.8.8.8; //ip of dns server to forward requests to
};
};
logging
{
/* If you want to enable debugging, eg. using the ‘rndc trace’ command,
* named will try to write the ‘named.run’ file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view “external” { // What the Internet will see
/* This view will contain zones you want to serve only to "external"
* clients that have addresses that are not on your directly attached
* LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };
// you’d probably want to deny recursion to external clients, so you don’t
// end up providing free DNS service to all takers
recursion no;
// These are your "authoritative" external zones. This part provides the
// reverse lookup meaning, to find your domain name from your IP address.
// I didn’t configure my dns for reverse lookup as I didn’t need it. So they are
//commented.
//zone "xxx.xxx.xxx.in-addr.arpa" IN {
//type master;
//file "/var/named/zones/external/xxx.xxx.xxx.zone";
//allow-update { none; };
//};
// This is the forward zone section
zone "lemonnetworks.net" IN {
type master;
file "/var/named/zones/external/lemonnetworks.net.zone";
allow-update { none; };
};
//Root server hints
zone "." {
type hint;
file "/var/named/root.hint";
};
};
// This part responds to the local machines’ dns queries
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
Forward zone file for “lemonnetworks.net” (/var/named/chroot/var/named/zones/external/lemonnetworks.net.zone)
$TTL 86400
@ IN SOA ns1.lemonnetworks.net. lemon.lemonnetworks.net. (
2010081804 ; serial #
4H ; refresh
1H ; retry
1W ; expiry
1D ) ; minimum
NS www
NS ns1
NS ns2
lemonnetworks.net. MX 10 mail ; Primary Mail Exchanger
localhost A 127.0.0.1
cdn A xxx.xxx.xxx.xxx
cdn AAAA xxxx:xxxx:xxxx:xxxx::xxxx mail AAAA xxxx:xxxx:xxxx:xxxx::xxxx
mail A xxx.xxx.xxx.xxx
ns1 CNAME cdn
ns2 CNAME cdn
www CNAME cdn
Every time I made any changes in either “named.conf” or in “lemonnetworks.net.zone” I had to restart my name server as BIND put everything on RAM. So the new configurations has to be reloaded onto RAM after any changes. Commands I used:
/etc/rc.d/init.d/named stop
/etc/rc.d/init.d/named start
/etc/rc.d/init.d/named restart
or
service named stop
service named start
service named restart
and
And finally make bind to start on system boot:
chkconfig –level 345 named on
References:
Filed under: CentOS, DNS, Hurricane electric, IPv6 | Leave a comment »