Monday, March 11, 2019

.::: Install & Configure BIND 9(DNS, zone ) on Centos7/Rhel7 :::.

BIND or named is the most widely used Domain Name System (DNS) software on the Internet.On Unix-like operating systems it is the de facto standard.[7][8] It performs both of the main DNS server roles - acting as an authoritative name server for one or more specific domains, and acting as a recursive resolver for the DNS system generally.

1. Install bind
[root@server data]# yum -y install bind bind-utils

2. enable and start named service
#
[root@bind-server-teguhtriharto data]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@bind-server-teguhtriharto data]# systemctl start  named
[root@bind-server-teguhtriharto data]# systemctl status  named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-03-06 13:50:24 WIB; 35min ago
 Main PID: 41985 (named)
   CGroup: /system.slice/named.service
           └─41985 /usr/sbin/named -u named -c /etc/named.conf

Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: managed-keys-zone: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: zone 0.in-addr.arpa/IN: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: zone localhost.localdomain/IN: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: zone localhost/IN: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: all zones loaded
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: running
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
[root@bind-server-teguhtriharto data]#

3. IPconfig
[root@server teguht]# cd /etc/sysconfig/network-scripts/
[root@server network-scripts]# cat ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens160
UUID=3405d451-483b-4ebe-a46b-cbb8979b57b6
DEVICE=ens160
ONBOOT=yes
IPADDR=10.10.10.103
PREFIX=24
GATEWAY=10.10.10.1
DNS1=127.0.0.1
DOMAIN="teguhtriharto.com"
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no
[root@server network-scripts]#
[root@server network-scripts]# systemctl restart network

 4. Configure Hostname, network and resolv
[root@server teguht]# cat /etc/hostname
server
[root@server teguht]#

[root@server teguht]# cat /etc/sysconfig/network
# Created by anaconda
NETWORKING=yes
HOSTNAME=server
[root@server teguht]#

[root@server teguht]# cat /etc/resolv.conf
# Generated by NetworkManager
search teguhtriharto.com
nameserver 127.0.0.1
[root@server teguht]#

[root@server ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.10.103 teguhtriharto.com  server server.teguhtriharto.com
10.10.10.105 client client.teguhtriharto.com
# optional
10.10.5.240 nms.teguhtriharto

[root@server ~]#

5. Configuration
# vi /etc/named.conf
options {
    listen-on port 53 { 127.0.0.1; 10.10.10.103;};
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { localhost;10.10.10.0/24;};
    allow-transfer { none; }; 
   
6. Add zone forward

# vi /etc/named.conf

zone "teguhtriharto.com" IN {
type master;
file "/var/named/teguht.fwd";
allow-update { none; };
};

7. reverse
zone "10.10.10.in-addr.arpa" IN {
type master;
file "/var/named/teguht.rr";
allow-update { none; };
};

8. Create Forward Zone file
DNS records

A record  = is used to map hostname to an IPaddress
NS (Name server) record = identifies authoritative DNS server for the zone
MX (mail exchanger) record = specifies a mail server responsible for accepting of mail in the zone
CN (canonical name) record =specifies alias of one name to another name,

# vi /var/named/teguht.fwd

$TTL 86400
@   IN  SOA     ns1.teguhtriharto.com. root.teguhtriharto.com.(
2014112511  ;Serial
3600        ;Refresh
1800        ;Retry
604800      ;Expire
86400       ;Minimum TTL
);
;Name Server Information
@   IN  NS      ns1.teguhtriharto.com.
@  IN A     10.10.10.103
ns1  IN A     10.10.10.103

@  IN A     10.10.10.105
client  IN A     10.10.10.105

@  IN A     10.10.5.240
nms  IN A     10.10.5.240

9. Create Reserve Zone File
# vi /var/named/teguht.rr

$TTL 86400
@   IN  SOA     ns1.teguhtriharto.com. root.teguhtriharto.com.(
2014112511  ;Serial
3600        ;Refresh
1800        ;Retry
604800      ;Expire
86400       ;Minimum TTL
);
;Name Server Information
@   IN  NS      ns1.teguhtriharto.com.
ns1  IN A     10.10.10.103
103  IN PTR     ns1.teguhtriharto.com.
client  IN A     10.10.10.105
105  IN PTR     client.teguhtriharto.com.

nms  IN A     10.10.5.240
240  IN PTR     nms.teguhtriharto.com.

10. Restart bind service
# systemctl restart named

11. testing
# dig -x 127.0.0.1
# dig -x 10.10.10.103
# dig -x teguhtriharto.com
# dig -x ns1.teguhtriharto.com
# dig -x server.teguhtriharto.com
# dig -x client.teguhtriharto.com
# dig -x nms.teguhtriharto.com

# dig 127.0.0.1
# dig 10.10.10.103
# dig teguhtriharto.com
# dig ns1.teguhtriharto.com
# dig server.teguhtriharto.com
# dig client.teguhtriharto.com
# dig nms.teguhtriharto.com

# nslookup 127.0.0.1
# nslookup 10.10.10.103
# nslookup teguhtriharto.com
# nslookup ns1.teguhtriharto.com
# nslookup server.teguhtriharto.com
# nslookup client.teguhtriharto.com
# nslookup nms.teguhtriharto.com


B. CLient Server(example on linux)
1. additional Client IP
[root@client teguht]# cd /etc/sysconfig/network-scripts/
[root@client network-scripts]# cat ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens160
UUID=3405d451-483b-4ebe-a46b-cbb8979b57b6
DEVICE=ens160
ONBOOT=yes
IPADDR=10.10.10.22
PREFIX=24
GATEWAY=10.10.10.1
DNS1=127.0.0.1
DOMAIN="teguhtriharto.com"
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no
[root@client network-scripts]#
[root@client network-scripts]# systemctl restart network

2. Testing from client 
# dig -x 127.0.0.1
# dig -x 10.10.10.103
# dig -x 10.10.10.105
# dig -x teguhtriharto.com
# dig -x ns1.teguhtriharto.com
# dig -x server.teguhtriharto.com
# dig -x client.teguhtriharto.com
# dig -x nms.teguhtriharto.com

# dig 127.0.0.1
# dig 10.10.10.103
# dig 10.10.10.105
# dig teguhtriharto.com
# dig ns1.teguhtriharto.com
# dig server.teguhtriharto.com
# dig client.teguhtriharto.com
# dig nms.teguhtriharto.com

# nslookup 127.0.0.1
# nslookup 10.10.10.103
# nslookup 10.10.10.105
# nslookup teguhtriharto.com
# nslookup ns1.teguhtriharto.com
# nslookup server.teguhtriharto.com
# nslookup client.teguhtriharto.com
# nslookup nms.teguhtriharto.com
# nslookup google.com

3. Sample output Testing from client

[root@client network-scripts]# dig  -x teguhtriharto.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x teguhtriharto.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32997
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com.teguhtriharto.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
in-addr.arpa.        3600    IN    SOA    b.in-addr-servers.arpa. nstld.iana.org. 2019021535 1800 900 604800 3600

;; Query time: 277 msec
;; SERVER: 10.10.10.103#53(10.10.10.103)
;; WHEN: Mon Mar 11 15:28:56 WIB 2019
;; MSG SIZE  rcvd: 127

[root@client network-scripts]# dig teguhtriharto.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> teguhtriharto.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55990
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;teguhtriharto.com.        IN    A

;; ANSWER SECTION:
teguhtriharto.com.    86400    IN    A    10.10.10.105
teguhtriharto.com.    86400    IN    A    10.10.10.103
teguhtriharto.com.    86400    IN    A    10.10.5.240

;; AUTHORITY SECTION:
teguhtriharto.com.    86400    IN    NS    ns1.teguhtriharto.com.

;; ADDITIONAL SECTION:
ns1.teguhtriharto.com.    86400    IN    A    10.10.10.103

;; Query time: 2 msec
;; SERVER: 10.10.10.103#53(10.10.10.103)
;; WHEN: Mon Mar 11 15:28:58 WIB 2019
;; MSG SIZE  rcvd: 128

[root@client network-scripts]# dig google.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39179
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 4, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.            IN    A

;; ANSWER SECTION:
google.com.        215    IN    A    74.125.24.101
google.com.        215    IN    A    74.125.24.113
google.com.        215    IN    A    74.125.24.102
google.com.        215    IN    A    74.125.24.139
google.com.        215    IN    A    74.125.24.138
google.com.        215    IN    A    74.125.24.100

;; AUTHORITY SECTION:
google.com.        172714    IN    NS    ns3.google.com.
google.com.        172714    IN    NS    ns2.google.com.
google.com.        172714    IN    NS    ns1.google.com.
google.com.        172714    IN    NS    ns4.google.com.

;; ADDITIONAL SECTION:
ns2.google.com.        172714    IN    A    216.239.34.10
ns2.google.com.        172714    IN    AAAA    2001:4860:4802:34::a
ns1.google.com.        172714    IN    A    216.239.32.10
ns1.google.com.        172714    IN    AAAA    2001:4860:4802:32::a
ns3.google.com.        172714    IN    A    216.239.36.10
ns3.google.com.        172714    IN    AAAA    2001:4860:4802:36::a
ns4.google.com.        172714    IN    A    216.239.38.10
ns4.google.com.        172714    IN    AAAA    2001:4860:4802:38::a

;; Query time: 2 msec
;; SERVER: 10.10.10.103#53(10.10.10.103)
;; WHEN: Mon Mar 11 15:29:05 WIB 2019
;; MSG SIZE  rcvd: 383

[root@client network-scripts]# dig facebook.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36265
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;facebook.com.            IN    A

;; ANSWER SECTION:
facebook.com.        300    IN    A    157.240.25.35

;; AUTHORITY SECTION:
facebook.com.        172799    IN    NS    b.ns.facebook.com.
facebook.com.        172799    IN    NS    a.ns.facebook.com.

;; ADDITIONAL SECTION:
a.ns.facebook.com.    172799    IN    A    69.171.239.12
a.ns.facebook.com.    172799    IN    AAAA    2a03:2880:fffe:c:face:b00c:0:35
b.ns.facebook.com.    172799    IN    A    69.171.255.12
b.ns.facebook.com.    172799    IN    AAAA    2a03:2880:ffff:c:face:b00c:0:35

;; Query time: 803 msec
;; SERVER: 10.10.10.103#53(10.10.10.103)
;; WHEN: Mon Mar 11 15:29:12 WIB 2019
;; MSG SIZE  rcvd: 180

[root@client network-scripts]#

[root@client network-scripts]# nslookup 10.10.10.103
Server:        10.10.10.103
Address:    10.10.10.103#53

103.10.10.10.in-addr.arpa    name = ns1.teguhtriharto.com.

[root@client network-scripts]#
[root@client network-scripts]# nslookup 10.10.10.105
Server:        10.10.10.103
Address:    10.10.10.103#53

105.10.10.10.in-addr.arpa    name = client.teguhtriharto.com.

[root@client network-scripts]#


No comments:

Post a Comment

Popular Posts