Hello Friends,
Let us discuss the DNS this week. I was working on BIND (Berkeley Internet Name Domain) whole week. Let me give some gyan on the DNS first, I know you guys are aware of what is DNS, how does it work and what all the configuration files and usages. However it would be good to go back to the basics again and refresh it. Right! J
The DNS (Domain Name System) translates host names and internet domains to IP addresses and vice versa. It is a standard technology to manage website names and internet domains. A DNS server is a computer which is registered to join DNS. DNS servers interact with each other using Private Network Protocol. There are two basic kinds of DNS: Primary and Secondary DNS (we have more, like Caching only DNS, IPv6 DNS and reverse DNS here we are discussing the Primary and Secondary). They are DNS server computers where the domain name are saved. The information is identical on both DNS servers.The secondary DNS server acts as a backup for the Primary DNS server in case the Primary DNS does not work.
Now let us talk about the configuration files and their use:
We need to install bind and bind-utils packages for configuring the DNS in RHEL.
Let us check out what all utilities are in Bind-utils package. These are the tools which help us in checking the DNS functionality like nslookup, dig, nsupdateetc and their manpage.
The bind package contains all the configuration files and zone definition files.
You could see the /etc/named, /etc/named.conf & /var/named directoties etc.
Run #rpm –ql bind to check the files in the bind package
Another one is the log rotate entry /etc/logrotate.d/named. This conf file is used to manage the log files for Bind.
Next one the important configuration file /etc/named.conf, where we define the zone definition. Have a look
Now we have /etc/named.rfc1912.zones this file contains the loopback reverse and forward zones.
/etc/sysconfig/named this file is used to give additional options during the bind startup.
/etc/rc.d/init.d/named this one is the init script. We use this file with chkconfig and service commands.
Next one the important directory where we can find the IPv4 and IPv6zones.
/var/namedis the container of all zone files.
In this directory the folder data contains the log file for bind service.
Folder dynamic will be having the DDNS (dynamic updates) update details and directory slave contains the DNS slave (secondary) information /zone record files.
Files named.ca has all the root servers' details in internet. named.localhost, named.empty and named.loopback have the loopback pointer records. These files are used as a reference file when we configure the DNS server zone configurations. We will discuss about it later.
All the above mentioned files have the same content. Here is the content of named.localhost.
Hope you are clear about the important locations and files used in DNS configuration.
Let’s talk about the actual DNS configuration now!
Here we discuss about the primary DNS server configuration. Primary DNS is Authoritative Server for a zone. And it has Writable copies of zones.
Let us start configuring a Primary DNS server. Here is my hostname of the server.
I decided to use “ vinzlinux.com” as my domain name. so at first we need to define primary zones for “vinzlinux.com” in /etc/named.conf configuration file.
For creating a zone definition you need to get a template. For defining a zone I have taken the following entry from /etc/named.rfc1912.zones
zone "1.0.0.127.in-addr.arpa" IN {
type master; --> Indicates Master (Primary DNS server )
file "named.loopback"; --> zone records defined file name.
allow-update { none; }; --> DDNS update will be disabled.
Here is the screen capture and location where I copied the above entry.
Now you need to change this file and define as per the domain/zone details. You can define multiple zones in a single server.
Update the DNS server IP address in the /etc/named.conf
options {
listen-on port 53 { 192.168.1.1; };
Edit the /etc/named.conf file and append the following entries at the bottom of the file.
zone "vinzlinux.com" IN {
type master;
file "vinzlinux.fz";
allow-update { none; };
};
Next you need to create zone records under the /var/named directory. Instead of creating from the scratch we can create it using named.localhost file as a reference.
Copy the named.localhost file to the name of the zone records file mentioned in the /etc/named.conf.
[root@ns1 ~]# cd /var/named
[root@ns1 named]# cp named.localhost vinzlinux.fz
Open the zone records file that you have created. You can see the following details:
[root@ns1 named]# cat /var/named/vinzlinux.fz
$TTL 1D
@ IN SOA vinzlinux.com. root.vinzlinux.com. ( èdomain / administrator email address
2014041201 ; serial èunique serial no. important for zone replication
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1.vinzlinux.com. èDNS server
ns1.vinzlinux.com IN A 192.168.1.1 èDNS server records
[root@ns1 named]#
Here is the screen shot of my zone records file:
NOTE: every record is ended with a dot (.). this is must.
Once you have added the record you need to reload the BIND service using the following command.
Now you need to verify the logs whether the named started successfully or not. The log file will be /var/named/data/named.run. I have explained this in the important files section.
You can find something similar to the below. Our new zone vinzlinux.fz is not loaded due to permission issue.
received control channel command 'reload'
loading configuration from '/etc/named.conf'
reading built-in trusted keys from file '/etc/named.iscdlv.key'
using default UDP/IPv4 port range: [1024, 65535]
using default UDP/IPv6 port range: [1024, 65535]
sizing zone task pool based on 7 zones
zone 'vinzlinux.com' allows updates by IP address, which is insecure
using built-in DLV key for view _default
Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
reloading configuration succeeded
zone vinzlinux.com/IN: loading from master file vinzlinux.fz failed: permission denied
zone vinzlinux.com/IN: not loaded due to errors.
reloading zones succeeded
[root@ns1 named]#
What next, you need to check out the permission and ownership of the newly created zone record file.
Permission seems to be fine however vinzlinux.fz has root root as the ownership and rest of the zone files have root and named. So change the file ownership to fix this error.
After fixing the ownership reload the named service again and check the logs.
You can see this time vinzlinux.fz records loaded successful!!.
This is a good sign and now we need to test the DNS functionality.
Do a Query test using dig command and check out the result. We need to check the Question and Answer sections.
It looks great!! DNS is functioning perfectly. Now let us add some new records.
Added a www record as CNAME (Canonical Name record). Let us see how it works
Reload the named daemon.
Now check the named log files and check whether it was successful or not.
You can see the following messages.
[root@ns1 named]# tail /var/named/data/named.run
using default UDP/IPv4 port range: [1024, 65535]
using default UDP/IPv6 port range: [1024, 65535]
sizing zone task pool based on 7 zones
using built-in DLV key for view _default
Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
reloading configuration succeeded
reloading zones succeeded
zone vinzlinux.com/IN: zone serial (2014041201) unchanged. zone may fail to transfer to slaves.
zone vinzlinux.com/IN: loaded serial 2014041201
zone vinzlinux.com/IN: sending notifies (serial 2014041201)
[root@ns1 named]#
What does the above entry shows? Whenever you add a record you need to change the serialthen only the zone transfer will be successful or bind will understand there is change in zone record.
Now You understood the importance of serial no. whenever you add/update an entry you need to update the serial no. Don’t confuse on serial no. you can use any number, here I used date. For any addition/updation in record you need to increment the value by 1.
Reload the named service again.
Check the log file. Now you can see there are no errors or warning after we updated the serial no.
All good and it works perfectly!!!. That’s all about the Primary DNS server configuration. You can add records in zone record file and check out. And now it’s time to discuss about the secondary DNS server. I am explaining the Secondary DNS configuration in the same post so we will get continuity.
Secondary DNS server:
Secondary DNS server is used as a backup of the primary DNS server for redundancy. Secondary server has read-only copies of zones due to replication.
Let us start the configuration straight away! You guys already bored with all the explanations given earlier J !
My secondary DNS server hostname is ns2.
For configuring the secondary DNS server we need to make some changes in the primary DNS server. We need to add the Secondary DNS entry in zone records file in the primary DNS server.
That’s all!!. In secondary DNS server edit the /etc/named.conf file and update the secondary DNS server IP address. Append the below zone definition entry at the bottom of the file.
##vinzlinux secondary dns conf##
zone "vinzlinux.com" IN {
type slave; èindicates this is a slave zone or secondary zone
masters { 192.168.1.1; }; èmaster server details
allow-update { none; };
Now restart the named daemon.
Now check the logs for any errors or warnings.
You can see the zone transfer is initiated and its successful. So now the secondary server is able to sync the zone data from the primary DNS server.
So configuration is done. We need to test the secondary DNS whether it is functioning properly or not.Run the dig command to check the DNS functionality.
You can see the highlighted section, we are using secondary DNS ip to resolve. And yes it is resolving the names successfully.
Let us test one more zone record. Here I am using the MX record for checking the resolution.
(MX record is available in the zone record file shown above)
(MX record is available in the zone record file shown above)
That’s all about configuration and testing!!.
Now try adding records in primary server and test the zone transfer from primary to secondary.
Here I updated an ftp record (CNAME) and incremented the serial no.
NOTE: serial no updation is must for zone transfer (explained earlier in the primary DNS section).
Reloaded the Named daemon to re-read the zone records file.
Now check the logs whether the zone transfer was successful or not.
And yes we can see that zone transfer was successful and you can see AXFR and IXFR entries in the logs.
Okay now the zone transfer is successful. Let us check whether the new record (FTP) is available in Secondary server.
Run query using dig command to check whether the new record is available in secondary server.
Yes yes!! The new record is synced to secondary server and it is working perfectly.
You might have a question in mind. As there is no zone record file configured/created in secondary DNS server when the primary server is not available how would I get the zone record information?. Yes does it come to your mind ?
We have an option to take backup of primary DNS server’s zone information/records into secondary DNS server.
Add the file "slaves/vinzlinux.fz"; into zone definition section in /etc/named.conf
Sample output is given below:
As I mentioned earlier in the important files and directory section the slave zone records will be under /var/named/slaves directory. Checkout the directory and see any files under it.
Currently there are no files under the directory.
Now restart the named daemon.
After successful restart check again under /var/named/slaves. You can see a file named vinzlinux.fz. this is the zone record file.
You can verify it using using cat,vi or any other editor. Now you could see the same zone record information in the Primary server is replicated here as well.
That’s all about BIND/DNS server configuration!. Hope you like it.
I would love to hear the feedback on this topic. Any queries /questions please do post below!
No comments:
Post a Comment