My sincere gratitude goes to Mr. Anuradha Jayakody and Mr. Rajitha Tennekoon of Sri Lanka Institute of Information Technology for teaching me these valuable concepts. Most of the below configurations are taken from the lab sheets written by them.
Prerequisites
Centos 5.5 installed in VMWare.
Stop the LDAP service.
Stop DHCP service.
Set VMware network settings to NAT and set your server IP settings to obtain IP address automatically.
Restart the network service on CentOS.
Installation and configuration steps
Installing the Pre-Requirements
Install VM-Ware tools
Go-to Applications -> Add/Remove Software
Under "Servers" Check (Tick) DNS Name Server
Then Select "Network Servers" -> click "Optional packages" ->
make sure to select 12:dhcp-3.05.....el5.x86_64
Close it and select "Server Configuration Tools" click on "Optional packages" and
make sure to check the following
system-config-bind-4.0 ..... el5.centos.noarch -> Nice GUI interface to manage
your DNS server and records
Then install the selected packages
Installing the Dependencies
Open a new terminal and install DNS & following dependencies
yum install -y bind-libs bind bind-utils bind-chroot
Downloading the necessary packages
Download the Webmin.rpm package from the following URL.
http://sourceforge.net/projects/webadmin/files/webmin/1.560/webmin-1.560-1.noarch.rpm/download
Install Webmin via Webmin.rpm package.
Webmin is a Free magnificent web based administrative tool for Linux
environment.
Restoring the Network
Set VMware network settings to VMNET2 and set your server IP address statically.
Start the LDAP service.
Start DHCP service.
Restart the network service
Configuring & Setting up the DNS
Setting up the Environment
Go to "System" -> "Server Settings" -> "Domain Name System"
Click ok for the Warning Massage (No Bind configuration was found)
Delete the existing components without the DNS Security Key [rndc key] and
DNS server entry
You will be not able to delete the "Internet forward zone [.]" due to administrative
restrictions. So you can delete it via the WebMin tool.
File -> Save Click Yes
If it does not load...........
open your web browser
go to "https://localhost:10000/"
Add an exception for the certificate issue and proceed
login using your root credentials
Go to "Servers" -> "BIND DNS Server"
Delete all the existing DNS Zones there
Now try to open your "BIND configuration GUI" via "System" -> "Server
Settings" -> "Domain Name System"
Now you should be able to load the GUI
You should only see the rndc key and the DNS Server entry now.
Verify that all the entries are gone.
Adding “IPV4 Reverse” Zone
Right click on "DNS Server" -> "Add" -> "Zone"
Now we are going to add our first zone.
We are going to add "IN Internet" Zone. So click the "OK" Button under the "IN
Internet" drop-down menu.
Change the Origin Type to "IPV4 Reverse" -> click "OK"
Click on the "+ Add" Button twice.
Then Fill in your IP Address scheme in there. 10.0.1
Keep it as "Master" and click on "OK"
All the details in the next screen will depend on your network configuration and
requirements. Ex. What is the refresh levels and the Expiration times.
We will keep the default settings and only we are considering is the "Zone File
Path".
Change the "Zone File Path" into;
1.0.10.in-addr.arpa.zone -> Reverse of your IP Schema . Dirrection-
Addr.arpa.zone
".zone" is a must and it is really important.
Then click "OK" and it will refresh the "BIND configuration GUI" and will not
update anything.
After clicking "OK" then click "Cancel".
In "BIND configuration GUI" Goto File -> click "Save" -> Select "Yes"
Close it and Open it again so it will refresh and you will be able to see the zone
that you added previously.
Now configure your Forward zone.
Right click on "DNS Server" -> "Add" -> "Zone"
We are going to add "IN Internet Forward" Zone. So click the "OK" Button under
the "IN Internet" dropdown menu.
Change the Origin Type to "Forward" -> click "OK"
Give a name to the Forward zone "matara.sliit.lk."
Make sure to put a "." at the end of the name.
Here also change only the name of the "Zone File Path" as "matara.sliit.lk.zone"
Click "OK" and the Save the config as previously.
RNDC Entry
A Security key that uses to pass information securely between the DNS and DHCP server.
Whenever you feel that the key is been compromised, Double click on the rndckey entry and
click on the new button to generate a new key.
Editing the configuration file
Go to webmin and verify whether the created two entries(zones) are mapped
or not.
Now it is the time to configure the configuration file on DNS server and make
the DNS service run.
Click on the "Edit config File" in the webmin GUI.
Paste the following function after the first four comment lines
controls{
inet 10.0.1.2 allow { localhost; } keys { rndckey; };
};
Find the following function on the configuration file.
zone "matara.sliit.lk." IN {
type master;
file "matara.sliit.lk.zone";
};
Edit it as follow.
zone "matara.sliit.lk." IN {
type master;
file "slaves/matara.sliit.lk.zone";
allow-update {
key rndckey;
};
};
Then find the following function
zone "1.0.10.in-addr.arpa." IN {
type master;
file "1.0.10.in-addr.arpa.zone";
};
Edit it as follow.
zone "1.0.10.in-addr.arpa." IN {
type master;
file "slaves/1.0.10.in-addr.arpa.zone";
allow-update {
key rndckey;
};
};
Observe the changes in the above functions that you have made and search
and understand why you need to do such changes.
Click on the "
SAVE" button to save the changes to the config file.
Editing the “resolv.conf” file
In a terminal edit the resolv.conf file which resides on the etc folder.
gedit /etc/resolv.conf
Give your search domain and your nameserver IP in the config file.
search matara.sliit.lk
nameserver 10.0.1.2 //your server ip
Save the file.
Find out the usage of “
resolv.conf” file and about why we have insert the
above two entries.
Making the Slave Zone copies
Browse the folder "
/var/named/chroot/var/named" and then delete all the
unnecessary zones there if they exist.
DO NOT DELETE THE TWO ZONES THAT YOU HAVE CREATED BEFORE.
Copy the two zone files that you have created inside this folder to the
"
slaves" folder which resides at the same directory.
So you will be having working copies at "
/var/named/chroot/var/named"
and the slave copies at "
/var/named/chroot/var/named/slaves"
If something goes wrong, you will be able to back-up the zones using the
original zones.
Setting permissions to those files
Open up a terminal and move in to the slaves directory
cd /var/named/chroot/var/named/slaves
Check the permissions of the files and folders on that directory.
Now give the write permissions to the group for the files inside the directory.
chgrp named *
chmod g+w *
Addressing Forward and Transfer zones
Go back to webmin.
Go to Servers -> BIND DNS Server -> click on "Forwarding and
Transfers"
What is a Forward zone?
It will get you out through the Internet
If you don't have an IP Address of a valid Name Server (Provided by ISP) to
route through the internet, give your router interface IP.
Type it under the IP address of "Servers to forward queries to"
Then Click on "Save" button.
Why are you giving your router interface address if you haven’t got a valid
Name server?
Starting the DNS server
Before starting the BIND server, make sure to check the “
BIND.conf” file.
You can do this via the "
Check BIND Config" Item in the webmin GUI under
Servers -> BIND DNS Server.
Or else you can use the terminal to check the config file.
named-checkconf
If you come across any errors, it is the time to correct the syntaxes in
BIND.conf file. Do the corrections until you succeed.
Before proceed let’s check what happen if we have any errors.
Insert any letter in a blank space in your configuration file using webmin.
Save the file and check the config file via the “
Check BIND Config” option
in webmin.
Then correct the error.
Click on the link "
Start BIND" in the Upper right corner of the Webmin
Interface to start the BIND service.
Or start the service via the terminal.
service named start
Checking and Verifying whether the DNS server is working
You can use the “
nslookup” tool to check the DNS service.
Open a terminal type nslookup.
Then type the name you need to resolve.
Hint : type “matara.sliit.lk” and observe the output.
Then check the both name-to-IP and IP-to-name conversions are working
properly or not.
Also use the “
dig” and “
host -l” tools to check whether the DNS is working
properly.
dig matara.sliit.lk
dig 1.0.10.in-addr.arpa
host -l matara.sliit.lk
Observe the out puts from the tools and search about the usage of the tools.
