Scenario:
Local domain: example.com
Local DNS server: 192.168.1.10
(server.example.com)
External domain: company.com
External DNS server:
192.168.1.111 (server.company.com)
Let’s say the internal domain is
“example.com” and the other domain is “company.com”. We need to configure DNS
at both servers.
To create a DNS server, follow
these steps:
1. Install required packages:
# yum install bind bind-utils
2. Changes in the named.conf
file:
# vim /etc/named.conf (this is
the file content after changes)
Note: you need to edit a few
lines in it.
options {
listen-on
port 53 { 192.168.1.10; };
# listen-on-v6
port 53 { ::1; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file
"/var/named/data/named_stats.txt";
memstatistics-file
"/var/named/data/named_mem_stats.txt";
# allow-query { any; };
recursion
yes;
dnssec-enable
yes;
dnssec-validation
yes;
dnssec-lookaside
auto;
/*
Path to ISC DLV key */
bindkeys-file
"/etc/named.iscdlv.key";
managed-keys-directory
"/var/named/dynamic";
};
logging {
channel default_debug {
file
"data/named.run";
severity dynamic;
};
};
zone "." IN {
type
hint;
file
"named.ca";
};
include
"/etc/named.rfc1912.zones";
include
"/etc/named.root.key";
3.
Edit the “named.rfc1912.zones” file:
# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat
caching-nameserver package
//
// ISC BIND named zone
configuration for zones recommended by
// RFC 1912 section 4.1 :
localhost TLDs and address zones
// and
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See
/usr/share/doc/bind*/sample/ for example named configuration files.
//
zone
"example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "localhost" IN {
type
master;
file
"named.localhost";
allow-update
{ none; };
};
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
type
master;
file
"named.loopback";
allow-update
{ none; };
};
zone
"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
zone "0.in-addr.arpa"
IN {
type
master;
file
"named.empty";
allow-update
{ none; };
};
Note: In order to
“lookup” the other domain you have to create the transfer zone in the
“named.rfc1912.zones” file as shown earlier.
And create two files
"forward.zone" and "reverse.zone" for configuration as
given below:
4.
Edit the “/var/named/forward.zone” file:
$TTL 1D
@ IN
SOA server.example.com.
root.server.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H
) ; minimum
IN NS server.example.com.
server IN A 192.168.1.10
IN MX
2 example.com.
IN MX
3 mail.example.com.
IN MX
4 examplemail.com.
Note: You can also use “CNAME”
records in this file as below:
$TTL 1D
@ IN
SOA server.example.com.
root.server.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H
) ; minimum
IN NS server.example.com.
www IN CNAME server
ftp IN CNAME server
server IN A 192.168.1.10
IN MX
2 example.com.
IN MX
3 mail.example.com.
IN MX
4 examplemail.com.
Note: You have to
change the ownership and group of both zone files.
Run the command:
#
chown named:named forward.zone
#
chown named:named reverse.zone
You can give permission as 640
too.
Description: CNAME stands for
canonical name (duplicate name). Means you can also reach to the system
“server.example.com” by its other names also i.e.
"http://www.example.com" or "ftp://ftp.example.com".
Now, if you run the nslookup
command:
[root@rc mail]# nslookup
www.example.com
Server: 192.168.1.10
Address: 192.168.1.10#53
www.example.com canonical name =
server.example.com.
Name: server.example.com
Address: 192.168.1.10
[root@rc mail]# nslookup
ftp.example.com
Server: 192.168.1.10
Address: 192.168.1.10#53
ftp.example.com canonical name =
server.example.com.
Name: server.example.com
Address: 192.168.1.10
5.
Edit the “/var/named/reverse.zone” file:
$TTL 1D
@ IN
SOA server.example.com. root.server.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H
) ; minimum
IN
NS server.example.com.
10 IN PTR server.example.com.
6. Edit the “/etc/resolve.conf”
file:
# Generated by NetworkManager
search example.com
nameserver 192.168.1.10
nameserver 192.168.1.111
7. Entry in “/etc/hosts” file
Optional.
8. Entry in
“/etc/sysconfig/network” file
9. Edit the ifcfg-eth0 file:
# vim
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=52:54:00:27:ea:89
ONBOOT=yes
IPADDR=192.168.1.10
BOOTPROTO=none
NETMASK=255.255.255.0
TYPE=Ethernet
GATEWAY=192.168.1.1
DNS1=192.168.1.10
DNS2=192.168.1.111
10. Start the services:
# service network restart
# service named restart
No comments:
Post a Comment