Linux: DNS Server Setup

Introduction to DNS

DNS (Domain Name System) Domain Name System:
It is a system that uses client/server mechanism to translate computer name to IP address.As an important network service, DNS is not only the basis of the work of the international Internet, but also widely used in the internal network of enterprises.

Role of DNS Server

Forward Resolution: Find the corresponding IP address based on the host name (domain name)
Reverse Resolution: Find the corresponding host domain name based on the IP address

Distributed Data Structure for DNS System

DNS Query Mode

Recursive Query: How most clients resolve domain names to DNS servers
 Iterative Query: How most DNS servers resolve domain names to other DNS servers

Type of DNS Server

Cache Domain Name Server
Cached Domain Name Server: Also known as Cache-only server, caches domain name query results locally by querying other domain name servers for domain name->IP address records, which improves the speed of repeated queries.
Primary Domain Name Server
Primary Domain Name Server: The official server for a specific DNS zone that is unique and responsible for maintaining mapped records of all domain names - > IP addresses in that zone.
From Domain Name Server
From a Domain Name Server: Also known as a secondary domain name server, it maintains domain name - >IP address records from the primary domain name server.

BIND Domain Name Service Base

 BIND (Berkeley Internet Name Daemon) Berkeley Internet Domain Name Service.
Official site:
BIND Server-side Program
 Main Executor: /usr/sbin/named
 Service script: /etc/init.d/named
 Default listening port: 53
 Main profile: /etc/named.conf
 The data file where the DNS parsing record is saved is located: /var/named/chroot/var/named/

Profile Analysis

options { #option
        listen-on port 53 {; }; #Service listening port 53
        listen-on-v6 port 53 { ::1; }; #Service listening port 53 (ipv6)
        directory       "/var/named"; #Directory where profile is stored
        dump-file       "/var/named/data/cache_dump.db"; #Cache of parsed content
        statistics-file "/var/named/data/named_stats.txt"; #Static caching (not commonly used)
        memstatistics-file "/var/named/data/named_mem_stats.txt"; #Static caching (in-memory, not commonly used)
        allow-query     { localhost; }; #Clients Allowed to Connect
        recursion yes; #recursive lookup
        dnssec-enable yes; #DNS Encryption
        dnssec-validation yes; #Advanced algorithm for DNS encryption
        dnssec-lookaside auto; #What about DNS encryption
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key"; #Key for encryption (private key public key encryption, very strong)

logging { #Journal
        channel default_debug {
                file "data/"; #Run State File
                severity dynamic; #Static server address (root domain)
zone "." IN { #Root Domain Resolution
        type hint;  master slave
        file ""; #Root Domain Profile
include "/etc/named.rfc1912.zones"; #Extended Profile (New Domain Name)
zone "localhost.localdomain" IN { #Local Host Full Name Resolution
        type master; #Type as Domain
        file "named.localhost"; #Domain Profiles (files stored in the / var / name directory)
        allow-update { none; }; #Client updates are not allowed
zone "localhost" IN { #Local Host Name Resolution
        type master;
        file "named.localhost";
        allow-update { none; };
zone "" IN { #ipv6 local address reverse resolution
        type master;
        file "named.loopback";
        allow-update { none; };
zone "" IN { #Local Address Reverse Resolution
        type master;
        file "named.loopback";
        allow-update { none; };
zone "" IN { #Local Full Network Address Reverse Resolution (and/or Domain Update)
        type master;
        file "named.empty";
        allow-update { none; };
$TTL 1D #Update to a maximum of 1 day
@(Use domain name of domain)       IN SOA(authority DNS Server)  @(authority DNS Name of the server) rname.invalid.(rname@invalid Mail of) (
                                        0       ; serial #(Change Number) Ten-digit serial number
                                        1D      ; update frequency
                                        1H      ; Failed Retry Time
                                        1W      ; Failure Time
                                        3H )    ; Cache time
        NS(Domain Name Server)      @(Domain Name Server Name)
        A(Forward Parsing Record) Resolving ip)
        AAAA(ipv6 Forward Resolution)    ::1(ipv6 Forward Resolving ip)

Set up DNS server

Install DNS Server

Install the bind package

yum install bind

Start Services

systemctl  start  named.service

Set self-start state

systemctl  enable  named.service
configuration file
Configure Main Profile
vim /etc/named.conf

//Change to
listen-on-v6 port 53 { any; };

allow-query { any; };
Configure zones file

Forward Resolution Configuration

Add Forward Resolution
zone "" IN {
        type master;
        file "";
        allow-update { none; };

Reverse Resolution Configuration

Add Reverse Resolution
zone "" IN {
        tpye master;
        file "";
        allow-update { none; };
Configuration Zone Profile

Copy Files

cp /var/named/named.empty /var/named/
cp /var/named/named.empty /var/named/

Modify permissions

chown :named

Forward Resolution Configuration

Designing forward resolution for the domain name, rename the/var/named/named.empty copy to,
Modify the file group named and modify its contents

@       IN SOA (
        0       ;   serial
        1D  ;   refresh
        1H  ;   retry
        1W  ;   expire
        3H) ;   minimum
dns     A
www A

Reverse Resolution Configuration

Designing reverse resolution for domain name, rename/var/named/named.empty copy to, repair
 Change the file group to named and modify its contents.

Configure Network Card

vim /etc/sysconfig/network-scripts/ifcfg-ens33


Start DNS Server

systemctl  start  named.service

Check Profile

Configure Client

Modify Profile

Modify the configuration file: #vim/etc/resolv.conf.
Write the following:

Test DNS Server

Test DNS Server
 Test on the client computer using the command nslookup.

Keywords: Linux DNS network vim yum

Added by techcone on Sat, 23 Nov 2019 09:40:22 +0200