Bootstrap FreeKB - Bind Named DNS - Configure Bind DNS server on Linux
Bind Named DNS - Configure Bind DNS server on Linux
Updated:   |  Bind Named DNS articles

This assumes you have installed Bind on Linux, and that Bind is up and running.

Firewall

If you have a firewall between your Bind DNS server and your systems that will be using the Bind DNS server, configure the firewall to allow traffic on port 53. For example, if firewalld is running on your Bind DNS server, here is how you would allow traffic on port 53 in firewalld.

firewall-cmd --add-port=53/tcp --permanent
firewall-cmd --reload

 

DNSStubListener and resolved.conf

Use the lsof (list open files) command to determine if systemd is listening on port 53.

lsof -i tcp:53
lsof -i udp:53

 

Set the DNSStubListener directive in /etc/systemd/resolved.conf to "no".

DNSStubListener=no

 

Restart the systemd-resolved service for this change to take effect.

systemctl deamon-reload
systemctl restart systemd-resolved

 

named.conf

With the following in your named.conf, bind should be able to resolve entries listed in your forward and reverse lookup, and then use Googles name servers 8.8.8.8 and 8.8.4.4 for external lookup, storing successful resolutions in cache for quick, future lookups.

options {
  directory "/var/cache/bind";
  dnssec-validation auto;
  listen-on { any; };
  allow-query { any; };

  forwarders {
    8.8.8.8;
    8.8.4.4;
  };
};

 

Forward and Reverse lookups files

Create a forward and reverse lookup files. The forward lookup file resolves a hostname to an IP address. The reverse lookup file resolvs an IP address to a hostname.

The foward and reverse lookup files should be placed in the /var/named directory.

The forward.example.com.zone file could look something like this.

$ORIGIN example.com.
$TTL 1D
@ IN SOA  ns1.example.com. root.example.com. (
                                0  ; serial
                                1D ; refresh
                                1H ; retry
                                1W ; expire
                                3H ; minimum
)
; name servers
      IN   NS          ns1.example.com.
      IN   NS          ns2.example.com.

; hostname to IP address resolution
ns1   IN   A           192.168.0.6
ns2   IN   A           192.168.0.7
fs1   IN   A           192.168.0.8
fs2   IN   A           192.168.0.8

 

And the reverse.example.com.zone file something like this.

$TTL 1D
@ IN SOA  ns1.example.com. root.example.com. (
                                0  ; serial
                                1D ; refresh
                                1H ; retry
                                1W ; expire
                                3H ; minimum
)

0.168.192.in-addr.arpa.  IN  NS  ns1.example.com.
0.168.192.in-addr.arpa.  IN  NS  ns2.example.com.

@     IN   NS          ns1.example.com.
@     IN   NS          ns2.example.com.
ns1   IN   A           192.168.0.6
ns2   IN   A           192.168.0.7
6     IN   PTR         ns1.example.com.
7     IN   PTR         ns2.example.com.
8     IN   PTR         fs1.example.com.
9     IN   PTR         fs2.example.com.

 

Red Hat 7 and below (network scripts)

On systems using a Red Hat 7 or below distribution (CentOS, Fedora, Red Hat), the /etc/sysconfig/network-scripts/ifcfg-xxxxxxxxx file (or the /etc/network/interface file on a Debian distribution) is used to define the name servers the system will use.

PEERDNS=yes
DNS1=192.168.0.6
DNS2=192.168.0.7

 

Red Hat 8 and above (Network Manager)

The nmcli connection show (Network Manager CLI) command can be used to display the DNS servers being used.

~]# nmcli connection show ens192 | grep ipv4.dns
ipv4.dns:                               192.168.0.6,192.168.0.7
ipv4.dns-search:                        --

 

If needed, the nmcli connection modify command can be used to change the DNS servers being used. This change will be persistent, meaning the change will remain in place even if the system is rebooted.

nmcli connection modify eth0 ipv4.dns "10.124.141.51,10.112.42.10"
nmcli connection modify eth0 ipv4.dns-search example.com
nmcli device reapply eth0

 

resolv.conf

The /etc/resolv.conf file should now contains your name servers.

~]# cat /etc/resolv.conf
nameserver 192.168.0.6
nameserver 192.168.0.7
search example.com

 

And the resolvectl command should also contain your name servers.

~]# resolvectl
Global
       Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (eth0)
Current Scopes: DNS LLMNR/IPv4
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 8192.168.0.6 192.168.0.7

 

Restart Bind

Restart the named service, and ensure the service is active and running.

systemctl restart named
systemctl status named

 

Validate forward and reverse lookup zones

Ensure the forward and reverse zones return "OK".

[root@server1 ~]# named-checkzone example.com /var/named/forward.example.com.zone
zone example.com/IN: loaded serial 2016032200
OK

[root@server1 ~]# named-checkzone 0.168.192.in-addr.arpa /var/named/reverse.example.com.zone
zone example.com/IN: loaded serial 0
OK

 

nslookup

Use nslookup to see if the name server is able to resolve one of the hostnames in the forward lookup file to its IP address.

~]$ nslookup fs1.example.com
Server:              192.168.0.6
Address:             192.168.0.6#53

Non-authoritative answer:
Name:   fs1.example.com
Address: 192.168.0.8

 

And also reverse lookup.

~]# nslookup 192.168.0.8
8.0.168.192.in-addr.arpa       name = fs1.example.com.

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 001738 in the box below so that we can be sure you are a human.