How to setup a BIND DNS service to act as DNS server on Fedora 28
Test Environment
Fedora 28 Server edition (installed)
Here in this article we are trying to setup BIND DNS server on a Fedora 28 virtual machine hosted on VMware workstation.
Procedure
Step1: Install the following Bind and related packages
[root@fedmaster ~]# yum install bind bind-chroot bind-utils
...
Installed:
bind.x86_64 32:9.11.4-13.P2.fc28 bind-chroot.x86_64 32:9.11.4-13.P2.fc28 checkpolicy.x86_64 2.8-1.fc28
libcgroup.x86_64 0.41-20.fc28 policycoreutils-python-utils.noarch 2.8-1.fc28 python3-audit.x86_64 2.8.5-2.fc28
python3-libsemanage.x86_64 2.8-2.fc28 python3-policycoreutils.noarch 2.8-1.fc28 python3-setools.x86_64 4.1.1-9.fc28
Complete!Step2: Take backup of the following files
[root@fedmaster ~]# ls -ltr /etc/hosts*
-rw-r--r--. 1 root root 158 Apr 16 2018 /etc/hosts
-rw-r--r--. 1 root root 158 Jun 2 17:32 /etc/hosts_original
[root@fedmaster ~]#
[root@fedmaster ~]# ls -ltr /etc/named.conf*
-rw-r-----. 1 root named 1705 Jan 16 22:37 /etc/named.conf
-rw-r-----. 1 root root 1705 Jun 2 17:37 /etc/named.conf_original
[root@fedmaster ~]#
[root@fedmaster ~]# ls -ltr /etc/resolv.conf*
-rw-r--r--. 1 root root 55 Jun 2 17:31 /etc/resolv.conf
-rw-r--r--. 1 root root 55 Jun 2 17:33 /etc/resolv.conf_originalStep3: Edit the resolv.conf to use the host as Cache server
[root@fedmaster ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.184.128
#nameserver 192.168.184.2Validate the ping service to a public host
[root@fedmaster ~]# ping www.google.com
ping: www.google.com: Name or service not known[root@fedmaster ~]# dig www.google.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-13.P2.fc28 <<>> www.google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
As of now the DNS resolves will fail as we do not any working DNS server which is able to resolve the queries
Step3: Edit the named.conf as below
[root@fedmaster ~]# diff /etc/named.conf_original /etc/named.conf
11,12c11,13
< listen-on port 53 { 127.0.0.1; };
< listen-on-v6 port 53 { ::1; };
---
> listen-on port 53 { 127.0.0.1; 192.168.184.128; };
> //listen-on-v6 port 53 { ::1; };
> forwarders {8.8.8.8; 8.8.4.4; };
19c20
< allow-query { localhost; };
---
> allow-query { localhost; 192.168.184.0/24; };Step4: Enable and start the DNS named caching service
[root@fedmaster ~]# systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service ? /usr/lib/systemd/system/named.service.
[root@fedmaster ~]# systemctl start named
[root@fedmaster ~]# systemctl status named.service
? named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-06-02 18:03:41 IST; 15s ago
Process: 2103 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 2101 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF";>
Main PID: 2104 (named)Step5: Validate the public host resolution
[root@fedmaster ~]# dig www.ndtv.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-13.P2.fc28 <<>> www.ndtv.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25159
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e13ef91f386b139a693126635cf3c29c6f73a994d2fc6e23 (good)
;; QUESTION SECTION:
;www.ndtv.com. IN A
;; ANSWER SECTION:
www.ndtv.com. 19 IN A 104.120.86.175Now, after setting up the Cache service with the external DNS servers we are able to resolve some of the external DNS hosts as shown above.
Step6: Create forward zone file and include it in the named.conf
[root@fedmaster ~]# cat /var/named/stack.com.zone
; Authoritative data for stack.com zone
;
$TTL 1D
@ IN SOA fedmaster.stack.com root.fedmaster.stack.com. (
2017031301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
$ORIGIN stack.com.
stack.com. IN NS fedmaster.stack.com.
fedmaster IN A 127.0.0.1
server IN A 192.168.184.128
www IN CNAME server[root@fedmaster ~]# diff /etc/named.conf_original /etc/named.conf
11,12c11,13
< listen-on port 53 { 127.0.0.1; };
< listen-on-v6 port 53 { ::1; };
---
> listen-on port 53 { 127.0.0.1; 192.168.184.128; };
> //listen-on-v6 port 53 { ::1; };
> forwarders {8.8.8.8; 8.8.4.4; };
19c20
< allow-query { localhost; };
---
> allow-query { localhost; 192.168.184.0/24; };
54a56,60
> };
>
> zone "stack.com" IN {
> type master;
> file "stack.com.zone";Step7: Create reverse zone file and include it in the named.conf
[root@fedmaster named]# cat /var/named/184.168.192.in-addr.arpa
; Authoritative data for stack.com reverse zone
;
$TTL 1D
@ IN SOA fedmaster.stack.com root.fedmaster.stack.com. (
2017031501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS fedmaster.stack.com.
stack.com. IN NS fedmaster.stack.com.
128 IN PTR fedmaster.stack.com.[root@fedmaster ~]# diff /etc/named.conf /etc/named.conf_original
11,13c11,12
< listen-on port 53 { 127.0.0.1; 192.168.184.128; };
< //listen-on-v6 port 53 { ::1; };
< forwarders {8.8.8.8; 8.8.4.4; };
---
> listen-on port 53 { 127.0.0.1; };
> listen-on-v6 port 53 { ::1; };
20c19
< allow-query { localhost; 192.168.184.0/24; };
---
> allow-query { localhost; };
56,65d54
< };
<
< zone "stack.com" IN {
< type master;
< file "stack.com.zone";
< };
<
< zone "184.168.192.in-addr.arpa" IN {
< type master;
< file "184.168.192.in-addr.arpa";Step8: Validate the reverse DNS lookup using the dig tool
[root@fedmaster named]# dig -x 192.168.184.128
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-13.P2.fc28 <<>> -x 192.168.184.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50876
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 5cd7b4029b65deec2f25fd4c5cf72c96fe708418687d72f4 (good)
;; QUESTION SECTION:
;128.184.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
128.184.168.192.in-addr.arpa. 86400 IN PTR fedmaster.stack.com.
;; AUTHORITY SECTION:
184.168.192.in-addr.arpa. 86400 IN NS fedmaster.stack.com.
;; ADDITIONAL SECTION:
fedmaster.stack.com. 86400 IN A 192.168.184.128
;; Query time: 0 msec
;; SERVER: 192.168.184.128#53(192.168.184.128)
;; WHEN: Wed Jun 05 08:14:38 IST 2019
;; MSG SIZE rcvd: 148[root@fedmaster named]# nslookup 192.168.184.128
128.184.168.192.in-addr.arpa name = fedmaster.stack.com.Step9: Allow access from external hosts to connect to the new DNS server and query it
[root@fedmaster ~]# firewall-cmd --add-port=53/udp --permanent
success
[root@fedmaster ~]#
[root@fedmaster ~]# firewall-cmd --reload
successStep10: Edit the Host network setting to point to our new Name server for resolving private hosts
In my case i have used NAT network connection which is equivalent to VMnet8 in custom virtual network of VMware workstation.
Edit the preferred DNS to point to the new Name server which we created.
Step11: Validate the new DNS Host by ping with FQDN from Host OS (i.e where the VMware workstation is installed)
C:UsersAdmin>ping fedmaster.stack.com
Pinging fedmaster.stack.com [192.168.184.128] with 32 bytes of data:
Reply from 192.168.184.128: bytes=32 time<1ms TTL=64
Reply from 192.168.184.128: bytes=32 time<1ms TTL=64
Reply from 192.168.184.128: bytes=32 time<1ms TTL=64
Reply from 192.168.184.128: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.184.128:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0msHope you enjoyed reading this article. Thank you..
Leave a Reply
You must be logged in to post a comment.