How to configure Bind DNS Server

Home > Search > How-to
  by

First, configure the IPv6 address and IPv6 gateway on the DNS server. This assumes you have already installed and configured Bind DNS server for IPv4.

Let's determine how DNS works before we configure Bind. Assuming the router's IPv6 address is fd00::1, you should be able to ping the router. If you are unable to ping ipv6.google.com, this probably means you do not have a public IPv6 address. In this scenario, implement 6to4, or accept that you will only be able to IPv6 in your LAN.

[root@server1 ~]# ping6 -c4 fd00::1
[root@server1 ~]# ping6 -c4 ipv6.google.com

 

Configure iptables to allow traffic on port 53. Refer to the article on how to configure the iptables firewall in Linux. Remember to restart the iptables service, and then check the status of the iptables service to ensure it is active and running.

[root@server1 ~]# systemctl restart iptables
[root@server1 ~]# systemctl status iptables

 

View the current mapping between the nameserver and IP address. If the output is nameserver 192.168.0.6 and nameserver 8.8.8.8, this means that the Bind DNS server is using the internal Bind deamon (192.168.0.6) and Googles DNS servers (8.8.8.8).

[root@server1 ~]# cat /etc/resolv.conf
nameserver 192.168.0.6
nameserver 8.8.8.8

 

If you have already configured Bind DNS server with IPv4, you should have a forward and reverse file.

/var/named/forward.example.com
/var/named/reverse.example.com

 

The /var/named/forward.example.com file should already have a line that has an A record with the IPv4 address of the Bind DNS server. Simply add another line, with an AAAA record and the IPv6 address of your Bind DNS server.

$ORIGIN example.com.
$TTL 1D
@ IN SOA  ns1.example.com. root.example.com. (
                                2016010100 ; serial
                                1D         ; refresh
                                1H         ; retry
                                1W         ; expire
                                3H         ; minimum)
@     IN   NS          ns1.example.com.
ns1   IN   A           192.168.0.6
ns1   IN   AAAA        fd00::6

 

The /var/named/reverse.example.com file should already have a line that has an A record with the IPv4 address of the Bind DNS server. Simply add another line, with an AAAA record and the IPv6 address of your Bind DNS server.

$TTL 1D
@ IN SOA  ns1.example.com. root.example.com. (
                                2016010100 ; serial
                                1D         ; refresh
                                1H         ; retry
                                1W         ; expire
                                3H         ; minimum)

0.168.192.in-addr-arpa.  IN  NS  ns1.example.com.

@     IN   NS          ns1.example.com.
ns1   IN   A           192.168.0.6
ns1   IN   AAAA        fd00::6
10    IN   PTR         ns1.example.com.

 

The only modification to the /etc/named.conf file is to ensure listen-on-v6 port 53 is listed in the options section.

options {
. . .
  listen-on-v6 port 53 { ::1; };
. . .
}

 

Restart the named service, and ensure the service is active and running.

[root@server1 ~]# systemctl restart named
[root@server1 ~]# systemctl status named

 

Ensure the forward and reverse zones are OK.

[root@server1 ~]# named-checkzone example.com /var/named/forward.example.com.zone
. . .
OK

[root@server1 ~]# named-checkzone example.com /var/named/reverse.example.com.zone
. . .
OK

 

Change the interface so that DNS1 is the IPv4 address and DNS2 is the IPv6 address.

DNS1="fd00::6"
DNS2="192.168.0.6"

 

After making DNS changes, use the service network restart command to update the /etc/resolv.conf file.

[root@server1 ~]# systemctl restart network

 

To confirm that the DNS changes have taken effect, view the /etc/resolv.conf file. Googles DNS server is no longer listed (8.8.8.8). Instead, the IPv4 and IPv6 address of the internal Bind DNS server are listed.

[root@server1 ~]# cat /etc/resolv.conf
nameserver 192.168.0.6
nameserver fd00::6

 

To confirm that the newly added DNS server is working properly, type nslookup followed by the name of the DNS server.

[root@server1 ~]# nslookup -query=AAAA ns1.your.domain.com
Server:              192.168.0.6
Address:             192.168.0.6#53

ns1.your.domain.com  has AAAA address fd00::6

 

If ping and nsloookup fails, try to ping the default gateway, and also try to ping another computer in the LAN using the IP address. Next try to ping the DNS server using the name of the name server found in the /etc/forward.example.com file.

Change the DNS1 and DNS2 in the /etc/sysconfing/network-scripts/ifcfg-* file to use Google's DNS servers (8.8.8.8, 8.8.4.4). Then bring the interface down, bring the interface up, and try to ping and nslookup fails, the problem is not with Bind, and instead there is some other issue. SELinux or iptables may be configured to refuse ICMP connections.



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments