• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Step by Step tutorial guide to configure BIND DNS server in chroot environment for Red Hat (RHEL/CentOS) 7

    I have already written two articles to configure BIND DNS server in chroot environment for different BIND versions on Red Hat Enterprise Linux 6

    Step by step tutorial to configure BIND-9.8 DNS server in Red Hat Linux 6
    Step by step tutorial to configure BIND-9.2 DNS server in Red Hat Linux 6
    In this article I will share the list of steps to configure DNS server on RHEL 7 or CentOS 7.

    For the demonstration of the steps I have used Red Hat Enterprise Linux 7.4
    Our aim to create one A record and one PTR record for forward and reverse lookup respectively.


    Firstly install the required rpms to configure your DNS server
    # yum install bind bind-chroot caching-nameserver



    My setup details
    # hostname
    golinuxhub-client.example

    My IP address is 192.168.1.7
    # ip address | egrep 'inet.*enp0s3'
        inet 192.168.1.7/24 brd 192.168.1.255 scope global dynamic enp0s3

    Since we will be using chroot environment disable the below services
    # systemctl stop named

    # systemctl disable named

    Next copy the required files inside chroot directory.

    NOTE: Use -p argument along with cp command to preserve the permission and ownership of all the files and directories
    [root@golinuxhub-client ~]# cp -rpvf /usr/share/doc/bind-9.9.4/sample/etc/*  /var/named/chroot/etc/
    ‘/usr/share/doc/bind-9.9.4/sample/etc/named.conf’ -> ‘/var/named/chroot/etc/named.conf’
    ‘/usr/share/doc/bind-9.9.4/sample/etc/named.rfc1912.zones’ -> ‘/var/named/chroot/etc/named.rfc1912.zones’

    Next copy the zone related files inside the new location
    [root@golinuxhub-client ~]# cp -rpvf /usr/share/doc/bind-9.9.4/sample/var/named/* /var/named/chroot/var/named/
    ‘/usr/share/doc/bind-9.9.4/sample/var/named/data’ -> ‘/var/named/chroot/var/named/data’
    ‘/usr/share/doc/bind-9.9.4/sample/var/named/my.external.zone.db’ -> ‘/var/named/chroot/var/named/my.external.zone.db’
    ‘/usr/share/doc/bind-9.9.4/sample/var/named/my.internal.zone.db’ -> ‘/var/named/chroot/var/named/my.internal.zone.db’
    ‘/usr/share/doc/bind-9.9.4/sample/var/named/named.ca’ -> ‘/var/named/chroot/var/named/named.ca’
    ‘/usr/share/doc/bind-9.9.4/sample/var/named/named.empty’ -> ‘/var/named/chroot/var/named/named.empty’
    ‘/usr/share/doc/bind-9.9.4/sample/var/named/named.localhost’ -> ‘/var/named/chroot/var/named/named.localhost’
    ‘/usr/share/doc/bind-9.9.4/sample/var/named/named.loopback’ -> ‘/var/named/chroot/var/named/named.loopback’
    ‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves’ -> ‘/var/named/chroot/var/named/slaves’
    ‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.ddns.internal.zone.db’ -> ‘/var/named/chroot/var/named/slaves/my.ddns.internal.zone.db’
    ‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.slave.internal.zone.db’ -> ‘/var/named/chroot/var/named/slaves/my.slave.internal.zone.db’

    Lets start configuring our primary configuration file
    # cd /var/named/chroot/etc/

    Clear the existing named.conf and paste the below content
    [root@golinuxhub-client etc]# vim named.conf
    options {
            listen-on port 53 { 127.0.0.1; any; };
    #       listen-on-v6 port 53 { ::1; };
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            allow-query     { localhost; any; };
            allow-query-cache { localhost; any; };
    };

    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };

    view my_resolver {
            match-clients      { localhost; any; };
            recursion yes;
            include "/etc/named.rfc1912.zones";
    };

    The zone related content information must be added in /var/named/chroot/etc/named.rfc1912.zones, append the below entries.



    Here example.zone is our forward zone file while example.rzone is our reverse zone file for reverse lookup entry
    IMPORTANT NOTE: The reverse lookup zone contains 1.168.192 because my host IP is 192.168.1.7
    zone "example" IN {
            type master;
            file "example.zone";
            allow-update { none; };
    };

    zone "1.168.192.in-addr.arpa" IN {
            type master;
            file "example.rzone";
            allow-update { none; };
    };

    The zone related files are available under below path
    # cd /var/named/chroot/var/named/

    Next lets create our forward and reverse zone file, the filenames will be same as what we gave in our named.rfc1912.zones file above, we already have some default templates which we can use as below
    # cp -p named.localhost  example.zone
    # cp -p named.loopback example.rzone

    As you see the existing permission of all the files and directories are owned by root
    [root@golinuxhub-client named]# ll
    total 32
    drwxr-xr-x. 2 root root    6 May 22  2017 data
    -rw-r--r--. 1 root root  168 May 22  2017 example.rzone
    -rw-r--r--. 1 root root  152 May 22  2017 example.zone
    -rw-r--r--. 1 root root   56 May 22  2017 my.external.zone.db
    -rw-r--r--. 1 root root   56 May 22  2017 my.internal.zone.db
    -rw-r--r--. 1 root root 2281 May 22  2017 named.ca
    -rw-r--r--. 1 root root  152 May 22  2017 named.empty
    -rw-r--r--. 1 root root  152 May 22  2017 named.localhost
    -rw-r--r--. 1 root root  168 May 22  2017 named.loopback
    drwxr-xr-x. 2 root root   71 Feb 12 21:02 slaves

    Change the permission of all the files under this location with root as user owner and named as the group owner
    # chown root:named *

    Although for the data partition the user and group owner must be 'named'
    # chown -R  named:named data

    # ls -l
    total 32
    drwxr-xr-x. 2 named named    6 May 22  2017 data
    -rw-r--r--. 1 root  named  168 May 22  2017 example.rzone
    -rw-r--r--. 1 root  named  152 May 22  2017 example.zone
    -rw-r--r--. 1 root  named   56 May 22  2017 my.external.zone.db
    -rw-r--r--. 1 root  named   56 May 22  2017 my.internal.zone.db
    -rw-r--r--. 1 root  named 2281 May 22  2017 named.ca
    -rw-r--r--. 1 root  named  152 May 22  2017 named.empty
    -rw-r--r--. 1 root  named  152 May 22  2017 named.localhost
    -rw-r--r--. 1 root  named  168 May 22  2017 named.loopback
    drwxr-xr-x. 2 root  named   71 Feb 12 21:02 slaves

    Append the below content for our forward zone file. Here we are creating A record for our localhost (golinuxhub-client) and one more for one of my server node (golinuxhub-server)
    # vim example.zone
    $TTL 1D
    @       IN SOA  example. root (
                                            1       ; serial
                                            3H      ; refresh
                                            15M     ; retry
                                            1W      ; expire
                                            1D )    ; minimum

                    IN NS           example.

                            IN A 192.168.1.7
    golinuxhub-server       IN A 192.168.1.5
    golinuxhub-client       IN A 192.169.1.7

    Append the below content for our reverse zone file. Here we are creating PTR record for our localhost and one more for one of my server node (golinuxhub-server)
    # vim example.rzone
    $TTL 1D
    @       IN SOA  example. root.example. (
                                            1997022700      ; serial
                                            28800           ; refresh
                                            14400           ; retry
                                            3600000         ; expire
                                            86400  )        ; minimum

            IN NS   example.
    5       IN PTR  golinuxhub-server.example.
    7       IN PTR  golinuxhub-client.example.





    Before we start our named-chroot service, we will validate the zone file configuration
    [root@golinuxhub-client named]# named-checkzone golinuxhub-client.example example.zone
    zone golinuxhub-client.example/IN: loaded serial 1
    OK

    [root@golinuxhub-client named]# named-checkzone golinuxhub-client.example example.rzone
    zone golinuxhub-client.example/IN: loaded serial 1997022700
    OK

    All looks ok there, check the configuration file using below command
    [root@golinuxhub-client named]# named-checkconf -t /var/named/chroot/ /etc/named.conf

    So our command executed successfully
    [root@golinuxhub-client named]# echo $?
    0

    IMPORTANT NOTE: For my setup SELinux is in permissive mode
    # getenforce
    Permissive

    Everything looks fine so time to start our named-chroot service
    [root@golinuxhub-client named]# systemctl restart named-chroot

    [root@golinuxhub-client named]# systemctl status named-chroot
    ● named-chroot.service - Berkeley Internet Name Domain (DNS)
       Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor preset: disabled)
       Active: active (running) since Mon 2018-02-12 21:53:23 IST; 19s ago
      Process: 5236 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
      Process: 5327 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS)
      Process: 5325 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
     Main PID: 5330 (named)
       CGroup: /system.slice/named-chroot.service
               └─5330 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot

    Feb 12 21:53:23 golinuxhub-client.example named[5330]: managed-keys-zone/my_resolver: loaded serial 0
    Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 0.in-addr.arpa/IN/my_resolver: loaded serial 0
    Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.0.0.127.in-addr.arpa/IN/my_resolver: loaded serial 0
    Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.168.192.in-addr.arpa/IN/my_resolver: loaded serial 1997022700
    Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone example/IN/my_resolver: loaded serial 1
    Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone localhost/IN/my_resolver: loaded serial 0
    Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/my_resolver: loaded serial 0
    Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone localhost.localdomain/IN/my_resolver: loaded serial 0
    Feb 12 21:53:23 golinuxhub-client.example named[5330]: all zones loaded
    Feb 12 21:53:23 golinuxhub-client.example named[5330]: running



    Make sure your resolv.conf contains the IP of your setup so that it can act as a DNS server
    # cat /etc/resolv.conf
    search example
    nameserver 192.168.1.7

    Lets validate our DNS server for our reverse zone file using dig
    [root@golinuxhub-client named]# dig -x 192.168.1.5

    ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -x 192.168.1.5
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40331
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;5.1.168.192.in-addr.arpa.      IN      PTR

    ;; ANSWER SECTION:
    5.1.168.192.in-addr.arpa. 86400 IN      PTR     golinuxhub-server.example.

    ;; AUTHORITY SECTION:
    1.168.192.in-addr.arpa. 86400   IN      NS      example.

    ;; ADDITIONAL SECTION:
    example.                86400   IN      A       192.168.1.7

    ;; Query time: 1 msec
    ;; SERVER: 192.168.1.7#53(192.168.1.7)
    ;; WHEN: Mon Feb 12 22:13:17 IST 2018
    ;; MSG SIZE  rcvd: 122

    As you see we do get a positive response with a ANSWER for our QUERY
    [root@golinuxhub-client named]# dig -x 192.168.1.7

    ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -x 192.168.1.7
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55804
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;7.1.168.192.in-addr.arpa.      IN      PTR

    ;; ANSWER SECTION:
    7.1.168.192.in-addr.arpa. 86400 IN      PTR     golinuxhub-client.example.

    ;; AUTHORITY SECTION:
    1.168.192.in-addr.arpa. 86400   IN      NS      example.

    ;; ADDITIONAL SECTION:
    example.                86400   IN      A       192.168.1.7

    ;; Query time: 1 msec
    ;; SERVER: 192.168.1.7#53(192.168.1.7)
    ;; WHEN: Mon Feb 12 22:12:54 IST 2018
    ;; MSG SIZE  rcvd: 122

    Similarly we can validate our forward zone file
    [root@golinuxhub-client named]# nslookup golinuxhub-client.example
    Server:         192.168.1.7
    Address:        192.168.1.7#53

    Name:   golinuxhub-client.example
    Address: 192.169.1.7

    [root@golinuxhub-client named]# nslookup golinuxhub-server.example
    Server:         192.168.1.7
    Address:        192.168.1.7#53

    Name:   golinuxhub-server.example
    Address: 192.168.1.5

    I hope the article was useful.

    Deepak Prasad

    is a techie and an author who is still trying to survive in this IT generation with very little knowledge he has on Linux/Unix, VMware, SAN Storage, Automation, networking etc

    You can follow him on Facebook or Google+


    Do you also have something to share here?
    Join GoLinuxHub Team as an Author, Click here for more information
    Step by Step tutorial guide to configure BIND DNS server in chroot environment for Red Hat (RHEL/CentOS) 7 Step by Step tutorial guide to configure BIND DNS server in chroot environment for Red Hat (RHEL/CentOS) 7 Reviewed by Deepak Prasad on Monday, February 12, 2018 Rating: 5

    No comments:

    Powered by Blogger.