Setting Up Multiple-Domain Network In CentOS 6 – Part I: DNS

Over the past 2 weeks I was able to successfully setup a multi-domain network with a couple classmates and wanted to document our process here in hopes that someone will find this useful.

To start off, I have 3 machines on the same network. In my case these were virtual machines but this will work the same with physical machines. Each of them has a unique static IP, and they are all able to ping each other. They are also configured to allow traffic on the required ports for each service (DNS, NIS and NFS).

To start off, we need to create a primary DNS server for our domain. This server will answer all queries for our domain and will have a delegation within the root DNS server so that our caching servers will be able to query the domain. One important thing to note is that no device will ever directly use this server, instead they will be configured to use the caching DNS server which will then do a recursive query and eventually query the primary server on our behalf.

The first thing you must do is install the bind package using the package manager and then backup the default config file. The following commands will accomplish this:

yum install bind
cp /etc/named.conf /etc/named.conf.BAK

Then you must edit the /etc/named.conf file using your favorite text editor and make its configuration similar to this (replace IPs and domain names as needed):

options {
	listen-on port 53 { 192.168.19.53; 127.0.0.1; };
	listen-on-v6 port 53 { any; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { any; };
	recursion no;
};

zone "ushamim.com" IN {
	type master;
	file "my-hosts.db";
	allow-update { none; };
};

zone "19.168.192.in-addr.arpa" IN {
	type master;
	file "my-rev.db";
	allow-update { none; };
};

Some things of note:

  1. DNS sec is not enabled in this configuration, normally you would want this on but I have disabled it just to make this task easier
  2. Note that recursion is disabled, we do not want to allow recursive queries from this server as it will make us vulnerable to a DoS attack as well as add extra work load for this server

Now that we have told the server where to look for its zone files, we must create them and fill their contents with the SOA, NS, A and PTR records. Lets start by creating /var/named/my-hosts.db:

$TTL 86400
@    IN   SOA  dns.ushamim.com.   root.host.ushamim.com. (
				42	; serial
				3H	; refresh
				15M	; retry
				1W	; expiry
				1D )	; minimum
@    IN   NS    dns.ushamim.com.
host.ushamim.com.   IN   A  192.168.19.1
dns.ushamim.com.   IN   A  192.168.19.53
nfs.ushamim.com.   IN   A  192.168.19.2
nis.ushamim.com.   IN   A  192.168.19.3

Then we can create the /var/named/my-rev.db file:

$TTL 86400
@    IN   SOA  host.ushamim.com.   root.host.ushamim.com. (
                             42         ; serial
                             3H         ; refresh
                             15M        ; retry
                             1W         ; expiry
                             1D )       ; minimum
@    IN   NS    host.ushamim.com.
1   IN   PTR  host.ushamim.com.
53   IN   PTR  dns.ushamim.com.
2   IN   PTR  nfs.ushamim.com.
3   IN   PTR  nis.ushamim.com.

These two files will be used by our DNS server to resolve any forward or reverse queries it receives. Its important to remember that if there is no A or PTR record for a host, the DNS server will NOT be able to resolve the query. If you want an IP/hostname to be resolvable you MUST have a the respective record in the respective file.

At this point we are done with our primary DNS server, we should now be able to start the named service with the following command:

service named start

If you get any errors, use /usr/sbin/named-checkconf and /usr/sbin/named-checkzone to check the DNS configuration files for syntax errors. It may also be helpful to check in /var/log/messages for any useful information.

Make sure you edit /etc/resolv.conf and tell the server to only ever query itself:

nameserver 127.0.0.1
search ushamim.com

Once we have resolved any issues with named we can move on to the caching DNS server. This server is the one any clients within our domain will be set to use. It will have recursion on so that it can query other servers on the clients behalf. The configuration is pretty simple, first of all we must install bind and backup our config file:

yum install bind
cp /etc/named.conf /etc/named.conf.BAK

Now we can use our text editor to edit this file and make the contents similar to this:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
	listen-on port 53 { 127.0.0.1; 192.168.19.2; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { 127.0.0.1; 192.168.19.0/24; };
	recursion yes;
};

zone "." IN {
	type hint;
	file "named.ca";
};

Once again, replace the IPs as required and note that we only have a root hint file for this server. This file will tell the caching server if it does not find anything within its cache, we must ask a root name server about the query and hope it knows where we can query for the target domain.

We must now edit /var/named/named.ca so backup the file:

cp /var/named/named.ca /var/named/named.ca.BAK

And change its contents to look like this:

.			518400	IN	NS	root.ushamim.com.
root.ushamim.com.	518400	IN	A	192.168.19.3

This will allow the server to locate one root DNS server (the one in our domain) and query it for information. If you want to be able to use additional root servers, add them to this file but make sure you include both an NS and A record.

At this point the caching server is configured as required so we can start named:

service named start 

If you have any issues refer to the troubleshooting steps from the primary server.

Make sure to edit /etc/resolv.conf to tell the server to only query itself:

nameserver 127.0.0.1
search ushamim.com

Finally we just have to configure our root DNS server to delegate our domain to our primary DNS server (and likewise delegate other domains to their respective server).

As usual we must install bind on the server and backup the config file:

yum install bind
cp /etc/named.conf /etc/named.conf.BAK

Then edit the /etc/named.conf file and make its contents similar to this:

//
// named.conf
//
//

options {
	listen-on port 53 { any; };
	listen-on-v6 port 53 { any; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { any; };
	recursion no;
};

zone "." IN {
	type master;
	file "named.ca";
};

Make sure you allow-query and listen-on from “any” or manually list all the networks you wish to allow traffic from. Also notice that once again we have set recursion to no as we do not want the root name server to ever do a query for someone, its only job is to tell the client where to ask about a particular domain. We should also make note of the fact that unlike the caching server, the root server is set as “master” instead of “hint” for the root zone.

Now just backup /var/named/named.ca and edit it so the contents are similar to the following:

@                       86400   IN      SOA     root.ushamim.com. root.ushamim.com. 0 1800 900 604800 86400

.                       518400  IN      NS      root.ushamim.com.
root.ushamim.com.		IN	A	192.168.19.3

ushamim.com.      86400   IN      NS       dns.ushamim.com.
dns.ushamim.com. 518400  IN      A      192.168.19.53

In this file we give the server authority over the root zone and then tell it if there is any query for ushamim.com, we want to send it to the primary DNS server, whose IP is 192.168.19.53.

Now just start named:

service named start

If you have any issues refer to the troubleshooting steps from the primary server.
Once again make sure to edit /etc/resolv.conf to tell the server to only point at itself:

nameserver 127.0.0.1

At this point you should be able to query anything in the primary servers zone files on the caching name server. This means that the server can successfully query the root name server for a hint on where the ushamim.com DNS server is, the root name server is successfully delegating the domain to the primary DNS server and that the primary DNS server is able to resolve queries for any record in its zone files.

I hope that was helpful and in the next part I will go over how to setup NFS for our network so that users have a way to login to any machine and still have access to their files.

Advertisements
This entry was posted in Linux and tagged , , , , , , , . Bookmark the permalink.

3 Responses to Setting Up Multiple-Domain Network In CentOS 6 – Part I: DNS

  1. Pingback: Configuring A DNS Server On CentOS 6.6 | Information & Technology

  2. arief says:

    Hi ushamim,

    How can i setup multiple domain name in one dns using bind? I followed your tutorial it did’nt work

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s