Latest Entries »

How to Install and Configure DNS


My sincere gratitude goes to Mr. Anuradha Jayakody and Mr. Rajitha Tennekoon of Sri Lanka Institute of Information Technology for teaching me these valuable concepts. Most of the below configurations are taken from the lab sheets written by them.

Prerequisites

Centos 5.5 installed in VMWare.
Stop the LDAP service. Stop DHCP service.
Set VMware network settings to NAT and set your server IP settings to obtain IP address automatically.
Restart the network service on CentOS.

Installation and configuration steps

Installing the Pre-Requirements

Install VM-Ware tools Go-to Applications -> Add/Remove Software
Under "Servers" Check (Tick) DNS Name Server
Then Select "Network Servers" -> click "Optional packages" -> make sure to select 12:dhcp-3.05.....el5.x86_64
Close it and select "Server Configuration Tools" click on "Optional packages" and make sure to check the following
system-config-bind-4.0 ..... el5.centos.noarch -> Nice GUI interface to manage your DNS server and records
Then install the selected packages

Installing the Dependencies 

Open a new terminal and install DNS & following dependencies
yum install -y bind-libs bind bind-utils bind-chroot 

Downloading the necessary packages 

Download the Webmin.rpm package from the following URL.
http://sourceforge.net/projects/webadmin/files/webmin/1.560/webmin-1.560-1.noarch.rpm/download 
Install Webmin via Webmin.rpm package. Webmin is a Free magnificent web based administrative tool for Linux environment.

Restoring the Network 

Set VMware network settings to VMNET2 and set your server IP address statically.
Start the LDAP service.
Start DHCP service.
Restart the network service

Configuring & Setting up the DNS 

Setting up the Environment 

Go to "System" -> "Server Settings" -> "Domain Name System"
Click ok for the Warning Massage (No Bind configuration was found)
Delete the existing components without the DNS Security Key [rndc key] and DNS server entry
You will be not able to delete the "Internet forward zone [.]" due to administrative restrictions. So you can delete it via the WebMin tool.
File -> Save Click Yes
If it does not load...........
open your web browser
go to "https://localhost:10000/"
Add an exception for the certificate issue and proceed
login using your root credentials
Go to "Servers" -> "BIND DNS Server"
Delete all the existing DNS Zones there
Now try to open your "BIND configuration GUI" via "System" -> "Server Settings" -> "Domain Name System"
Now you should be able to load the GUI
You should only see the rndc key and the DNS Server entry now.
Verify that all the entries are gone.

Adding “IPV4 Reverse” Zone 

Right click on "DNS Server" -> "Add" -> "Zone"
Now we are going to add our first zone.
We are going to add "IN Internet" Zone. So click the "OK" Button under the "IN Internet" drop-down menu.
Change the Origin Type to "IPV4 Reverse" -> click "OK"
Click on the "+ Add" Button twice.
Then Fill in your IP Address scheme in there. 10.0.1
Keep it as "Master" and click on "OK"
All the details in the next screen will depend on your network configuration and requirements. Ex. What is the refresh levels and the Expiration times.
We will keep the default settings and only we are considering is the "Zone File Path".
Change the "Zone File Path" into; 1.0.10.in-addr.arpa.zone -> Reverse of your IP Schema . Dirrection- Addr.arpa.zone
".zone" is a must and it is really important.
Then click "OK" and it will refresh the "BIND configuration GUI" and will not update anything.
After clicking "OK" then click "Cancel".
In "BIND configuration GUI" Goto File -> click "Save" -> Select "Yes"
Close it and Open it again so it will refresh and you will be able to see the zone that you added previously.
Now configure your Forward zone.
Right click on "DNS Server" -> "Add" -> "Zone"
We are going to add "IN Internet Forward" Zone. So click the "OK" Button under the "IN Internet" dropdown menu.
Change the Origin Type to "Forward" -> click "OK"
Give a name to the Forward zone "matara.sliit.lk."
Make sure to put a "." at the end of the name.
Here also change only the name of the "Zone File Path" as "matara.sliit.lk.zone"
Click "OK" and the Save the config as previously.

RNDC Entry

A Security key that uses to pass information securely between the DNS and DHCP server. Whenever you feel that the key is been compromised, Double click on the rndckey entry and click on the new button to generate a new key. 

Editing the configuration file 

Go to webmin and verify whether the created two entries(zones) are mapped or not.
Now it is the time to configure the configuration file on DNS server and make the DNS service run.
Click on the "Edit config File" in the webmin GUI.
Paste the following function after the first four comment lines
controls{
         inet 10.0.1.2 allow { localhost; } keys { rndckey; };
}; 
Find the following function on the configuration file.
zone "matara.sliit.lk." IN {
      type master;
      file "matara.sliit.lk.zone";
}; 
Edit it as follow.
zone "matara.sliit.lk." IN {
      type master;
      file "slaves/matara.sliit.lk.zone";
      allow-update {
            key rndckey;
      };
}; 
Then find the following function
zone "1.0.10.in-addr.arpa." IN {
      type master;
      file "1.0.10.in-addr.arpa.zone";
}; 
Edit it as follow.
zone "1.0.10.in-addr.arpa." IN {
      type master;
      file "slaves/1.0.10.in-addr.arpa.zone";
      allow-update {
             key rndckey;
      };
}; 
Observe the changes in the above functions that you have made and search and understand why you need to do such changes.
Click on the "SAVE" button to save the changes to the config file.

Editing the “resolv.conf” file 

In a terminal edit the resolv.conf file which resides on the etc folder.
gedit /etc/resolv.conf 
Give your search domain and your nameserver IP in the config file.
search matara.sliit.lk
nameserver 10.0.1.2 //your server ip
Save the file.
Find out the usage of “resolv.conf” file and about why we have insert the above two entries.

Making the Slave Zone copies 

Browse the folder "/var/named/chroot/var/named" and then delete all the unnecessary zones there if they exist.

DO NOT DELETE THE TWO ZONES THAT YOU HAVE CREATED BEFORE. 

Copy the two zone files that you have created inside this folder to the "slaves" folder which resides at the same directory.
So you will be having working copies at "/var/named/chroot/var/named" and the slave copies at "/var/named/chroot/var/named/slaves"
If something goes wrong, you will be able to back-up the zones using the original zones.

Setting permissions to those files 

Open up a terminal and move in to the slaves directory
cd /var/named/chroot/var/named/slaves 
Check the permissions of the files and folders on that directory.
Now give the write permissions to the group for the files inside the directory.
chgrp named *
chmod g+w * 
Addressing Forward and Transfer zones 

Go back to webmin.
Go to Servers -> BIND DNS Server -> click on "Forwarding and Transfers"
What is a Forward zone?
It will get you out through the Internet
If you don't have an IP Address of a valid Name Server (Provided by ISP) to route through the internet, give your router interface IP.
Type it under the IP address of "Servers to forward queries to"
Then Click on "Save" button.
Why are you giving your router interface address if you haven’t got a valid Name server?

Starting the DNS server 

Before starting the BIND server, make sure to check the “BIND.conf” file.
You can do this via the "Check BIND Config" Item in the webmin GUI under Servers -> BIND DNS Server.
Or else you can use the terminal to check the config file.
named-checkconf 
If you come across any errors, it is the time to correct the syntaxes in BIND.conf file. Do the corrections until you succeed.
Before proceed let’s check what happen if we have any errors.
Insert any letter in a blank space in your configuration file using webmin.
Save the file and check the config file via the “Check BIND Config” option in webmin.
Then correct the error.
Click on the link "Start BIND" in the Upper right corner of the Webmin Interface to start the BIND service.
Or start the service via the terminal.
service named start

Checking and Verifying whether the DNS server is working

You can use the “nslookup” tool to check the DNS service.
Open a terminal type nslookup.
Then type the name you need to resolve.
Hint : type “matara.sliit.lk” and observe the output.
Then check the both name-to-IP and IP-to-name conversions are working properly or not.
Also use the “dig” and “host -l” tools to check whether the DNS is working properly.
dig matara.sliit.lk
dig 1.0.10.in-addr.arpa
host -l matara.sliit.lk
Observe the out puts from the tools and search about the usage of the tools.

2 comments:

මෙම ලිපිය පිළිබද ඔබේ අදහසත් ලියලම යන්න