How to install and configure DNS on Centos?
## edit configuration file
## Check the Service Status
TROUBLESHOOTING BIND ISSUES
##Resolve rndc issue
rndc-confgen -a -c /etc/rndc.key
or
rndc-confgen >> /etc/rndc.conf
cat /etc/rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "J8Y41D8CHJlEvmQwRSU1Dg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "J8Y41D8CHJlEvmQwRSU1Dg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
put above key section in named.conf file at the end and restart it will resolve the rndc.conf and rndc.key issue.
service named restart
service named status
version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 (not currently available)
CPUs found: 2
worker threads: 2
number of zones: 18
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named-sdb (pid 18103) is running...
To enable and disable query logging run below command
rndc querylog
DNS log issue
Jun 30 11:54:25 localhost named-sdb[1689]: logging channel 'named_log' file '/var/named/chroot/var/log/named.log': permission denied
Jun 30 11:54:25 localhost named-sdb[1689]: isc_log_open '/var/named/chroot/var/log/named.log' failed: permission denied
touch /var/named/chroot/var/log/named.log
chown named:named /var/named/chroot/var/log/named.log
Managed Keys Issue
30-Jun-2012 16:08:28.773 general: error: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: file not found
touch /var/named/dynamic/managed-keys.bind
chown named:named managed-keys.bind
Forward or Reverse Map Issue:
Jul 2 11:21:29 localhost dhcpd: Unable to add forward map from my-pc.warproxy.com. to 192.168.5.22: timed out
// required local host domain
zone "warproxy.com" in{
type master;
file "master.localhost";
notify yes;
allow-update { key rndc-key; };
};
// localhost reverse map
zone "5.168.192.in-addr.arpa" in{
type master;
file "localhost.rev";
notify yes;
allow-update { key rndc-key; };
};
add two bold lines in named.conf
add below in dhcpd.conf at top
ddns-updates on;
ddns-domainname "warproxy.com.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
allow client-updates;
key "rndc-key" {
algorithm hmac-md5;
secret "J8Y41D8CHJlEvmQwRSU1Dg==";
}
add below two in subnet { } in dhcpd.conf file
zone warproxy.com. {
primary 192.168.5.5;
key "rndc-key";
}
zone 5.168.192.in-addr.arpa. {
primary 192.168.5.5;
key "rndc-key";
}
restart dhcpd and named and check logs
forward and reverse file .jnl files created and maps adding in those files
My DNS configuration fully working.
++++++++++++++++++++++++++++++++++++++++++++++++
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
include "/etc/named.rfc1912.zones";
################################################
// CACHING NAME SERVER for EXAMPLE.
//
//
options {
directory "/var/named";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "not currently available";
// disables all zone transfer requests
allow-transfer{"none";};
// Closed DNS - permits only local IPs to issue queries
// remove if an Open DNS required to support all users
// or add additional IP ranges
// in this case either allow-query or allow-recursion can be used
allow-query {192.168.5.0/24;};
allow-recursion {192.168.5.0/24;};
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
bindkeys-file "/etc/named.iscdlv.key";
};
//
// log to /var/log/example.log all events
// from info UP in severity (no debug)
// defaults to use 3 files in rotation
// BIND 8.x logging MUST COME FIRST in this file
// BIND 9.x parses the whole file before using the log
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
logging{
channel named_log{
file "/var/named/chroot/var/log/named.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
# logging {
# channel null { null; };
# category lame-servers { null; };
# };
category default{
named_log;
};
};
// required zone for recursive queries
zone "." {
type hint;
file "root.servers";
};
// required local host domain
zone "warproxy.com" in{
type master;
file "master.localhost";
notify yes;
allow-update { key rndc-key; };
};
// localhost reverse map
zone "5.168.192.in-addr.arpa" in{
type master;
file "localhost.rev";
notify yes;
allow-update { key rndc-key; };
};
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "J8Y41D8CHJlEvmQwRSU1Dg==";
};
controls {
inet 192.168.5.5 port 953
allow { 192.168.5.5; } keys { "rndc-key"; };
};
# End of named.conf
++++++++++++++++++++++++++++++++++++++++++++++++
How to install and configure Bind on Centos?
How to install and configure Caching only DNS Server?
## Install bind on centos using 'yum'
yum install bind*
vi /etc/named.conf
##Caching Only DNS Server
/etc/named.conf
// CACHING NAME SERVER for EXAMPLE.
//
//
options {
directory "/var/named";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "BIND 9";
// disables all zone transfer requests
allow-transfer{"none";};
// Closed DNS - permits only local IPs to issue queries
// remove if an Open DNS required to support all users
// or add additional IP ranges
// in this case either allow-query or allow-recursion can be used
allow-query {192.168.3.0/24;};
};
//
// log to /var/log/example.log all events
// from info UP in severity (no debug)
// defaults to use 3 files in rotation
// BIND 8.x logging MUST COME FIRST in this file
// BIND 9.x parses the whole file before using the log
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
logging{
channel example_log{
file "/var/log/named/example.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default{
example_log;
};
};
// required zone for recursive queries
zone "." {
type hint;
file "root.servers";
};
// required local host domain
zone "localhost" in{
type master;
file "master.localhost";
allow-update{none;};
};
// localhost reverse map
zone "0.0.127.in-addr.arpa" in{
type master;
file "localhost.rev";
allow-update{none;};
};
//
//
options {
directory "/var/named";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "BIND 9";
// disables all zone transfer requests
allow-transfer{"none";};
// Closed DNS - permits only local IPs to issue queries
// remove if an Open DNS required to support all users
// or add additional IP ranges
// in this case either allow-query or allow-recursion can be used
allow-query {192.168.3.0/24;};
};
//
// log to /var/log/example.log all events
// from info UP in severity (no debug)
// defaults to use 3 files in rotation
// BIND 8.x logging MUST COME FIRST in this file
// BIND 9.x parses the whole file before using the log
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
logging{
channel example_log{
file "/var/log/named/example.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default{
example_log;
};
};
// required zone for recursive queries
zone "." {
type hint;
file "root.servers";
};
// required local host domain
zone "localhost" in{
type master;
file "master.localhost";
allow-update{none;};
};
// localhost reverse map
zone "0.0.127.in-addr.arpa" in{
type master;
file "localhost.rev";
allow-update{none;};
};
root.servers in /var/named/
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . "
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . "
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
master.localhost in /var/named
$TTL 86400 ; 24 hours could have been written as 24h
$ORIGIN localhost.
; line below = localhost 1D IN SOA localhost root.localhost
@ 1D IN SOA @ root (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
@ 1D IN NS @
1D IN A 127.0.0.1
$ORIGIN localhost.
; line below = localhost 1D IN SOA localhost root.localhost
@ 1D IN SOA @ root (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
@ 1D IN NS @
1D IN A 127.0.0.1
localhost.rev in /var/named/
$TTL 86400 ;
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
3h ; Refresh
15 ; Retry
1w ; Expire
3h ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
3h ; Refresh
15 ; Retry
1w ; Expire
3h ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
service named status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
named-sdb (pid 17961) is running...
##Resolve rndc issue
rndc-confgen -a -c /etc/rndc.key
or
rndc-confgen >> /etc/rndc.conf
cat /etc/rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "J8Y41D8CHJlEvmQwRSU1Dg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "J8Y41D8CHJlEvmQwRSU1Dg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
put above key section in named.conf file at the end and restart it will resolve the rndc.conf and rndc.key issue.
service named restart
service named status
version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 (not currently available)
CPUs found: 2
worker threads: 2
number of zones: 18
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named-sdb (pid 18103) is running...
To enable and disable query logging run below command
rndc querylog
DNS log issue
Jun 30 11:54:25 localhost named-sdb[1689]: logging channel 'named_log' file '/var/named/chroot/var/log/named.log': permission denied
Jun 30 11:54:25 localhost named-sdb[1689]: isc_log_open '/var/named/chroot/var/log/named.log' failed: permission denied
touch /var/named/chroot/var/log/named.log
chown named:named /var/named/chroot/var/log/named.log
Managed Keys Issue
30-Jun-2012 16:08:28.773 general: error: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: file not found
touch /var/named/dynamic/managed-keys.bind
chown named:named managed-keys.bind
Forward or Reverse Map Issue:
Jul 2 11:21:29 localhost dhcpd: Unable to add forward map from my-pc.warproxy.com. to 192.168.5.22: timed out
// required local host domain
zone "warproxy.com" in{
type master;
file "master.localhost";
notify yes;
allow-update { key rndc-key; };
};
// localhost reverse map
zone "5.168.192.in-addr.arpa" in{
type master;
file "localhost.rev";
notify yes;
allow-update { key rndc-key; };
};
add two bold lines in named.conf
add below in dhcpd.conf at top
ddns-updates on;
ddns-domainname "warproxy.com.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
allow client-updates;
key "rndc-key" {
algorithm hmac-md5;
secret "J8Y41D8CHJlEvmQwRSU1Dg==";
}
add below two in subnet { } in dhcpd.conf file
zone warproxy.com. {
primary 192.168.5.5;
key "rndc-key";
}
zone 5.168.192.in-addr.arpa. {
primary 192.168.5.5;
key "rndc-key";
}
restart dhcpd and named and check logs
forward and reverse file .jnl files created and maps adding in those files
My DNS configuration fully working.
++++++++++++++++++++++++++++++++++++++++++++++++
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
include "/etc/named.rfc1912.zones";
################################################
// CACHING NAME SERVER for EXAMPLE.
//
//
options {
directory "/var/named";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "not currently available";
// disables all zone transfer requests
allow-transfer{"none";};
// Closed DNS - permits only local IPs to issue queries
// remove if an Open DNS required to support all users
// or add additional IP ranges
// in this case either allow-query or allow-recursion can be used
allow-query {192.168.5.0/24;};
allow-recursion {192.168.5.0/24;};
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
bindkeys-file "/etc/named.iscdlv.key";
};
//
// log to /var/log/example.log all events
// from info UP in severity (no debug)
// defaults to use 3 files in rotation
// BIND 8.x logging MUST COME FIRST in this file
// BIND 9.x parses the whole file before using the log
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
logging{
channel named_log{
file "/var/named/chroot/var/log/named.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
# logging {
# channel null { null; };
# category lame-servers { null; };
# };
category default{
named_log;
};
};
// required zone for recursive queries
zone "." {
type hint;
file "root.servers";
};
// required local host domain
zone "warproxy.com" in{
type master;
file "master.localhost";
notify yes;
allow-update { key rndc-key; };
};
// localhost reverse map
zone "5.168.192.in-addr.arpa" in{
type master;
file "localhost.rev";
notify yes;
allow-update { key rndc-key; };
};
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "J8Y41D8CHJlEvmQwRSU1Dg==";
};
controls {
inet 192.168.5.5 port 953
allow { 192.168.5.5; } keys { "rndc-key"; };
};
# End of named.conf
++++++++++++++++++++++++++++++++++++++++++++++++
No comments:
Post a Comment