How to Setup DNS Server in CentOS 6.5

DNS (Domain Name System) is the core component of network infrastructure. The DNS service resolves hostname into ip address and vice versa. For example if we type www.ostechnix.com in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.

DNS Server Installation in CentOS 6.5

This how-to tutorial will show you how to install and configure Primary and Secondary DNS server. The steps provided here were tested in CentOS 6.5 32 bit edition, but it should work in RHEL 6.x(x stands for version) and Scientific Linux 6.x too.

Scenario

Here are my test setup scenario

[A] Primary(Master) DNS Server Details:

Operating System     : CentOS 6.5 32 bit (Minimal Server)
Hostname             : masterdns.ostechnix.com
IP Address           : 192.168.1.200/24

[B] Secondary(Slave) DNS Server Details:

Operating System     : CentOS 6.5 32 bit (Minimal Server)
Hostname             : slavedns.ostechnix.com
IP Address           : 192.168.1.201/24  

Setup Primary(Master) DNS Server

[root@masterdns ~]# yum install bind* -y

1. Configure DNS Server

The main configuration of the DNS will look like below. Edit and add the entries below which were marked as bold in this configuration files.
[root@masterdns ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.200;};                      ## Master DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };                      ## IP Range ##
allow-transfer{ localhost; 192.168.1.201; };                        ## Slave DNS IP ##  
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type master;
file "fwd.ostechnix.com";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "rev.ostechnix.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Create Zone files

Now we should create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.

[A] Create Forward Zone

Create ‘fwd.ostechnix.com’ file in the ‘/var/named’ directory and add the entries for forward zone as shown below.
[root@masterdns ~]# vi /var/named/fwd.ostechnix.com 
$TTL 86400
@   IN  SOA     masterdns.ostechnix.com. root.ostechnix.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@IN  NS      masterdns.ostechnix.com.
@IN  NS     slavedns.ostechnix.com.masterdns     IN  A    192.168.1.200
slavedns     IN  A   192.168.1.201

[B] Create Reverse Zone

Create ‘rev.ostechnix.com’ file in the ‘/var/named’ directory and add the entries for reverse zone as shown below.
[root@masterdns ~]# vi /var/named/rev.ostechnix.com 
$TTL 86400
@   IN  SOA     masterdns.ostechnix.com. root.ostechnix.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@IN  NS      masterdns.ostechnix.com.
@IN  NS      slavedns.ostechnix.com.
masterdnsIN  A   192.168.1.200
slavedns IN  A   192.168.1.201
200       IN  PTR     masterdns.ostechnix.com.
201      IN  PTR    slavedns.ostechnix.com.

3. Start the bind service

[root@masterdns ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@masterdns ~]# chkconfig named on

4. Allow DNS Server through iptables

Add the lines shown in bold letters in ‘/etc/sysconfig/iptables’ file. This will allow all clients to access the DNS server.
[root@masterdns ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

5. Restart iptables to save the changes

[root@masterdns ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

6. Test syntax errors of DNS configuration and zone files

[A] Check DNS Config file

[root@masterdns ~]# named-checkconf /etc/named.conf 
[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones

[B] Check zone files

[root@masterdns ~]# named-checkzone ostechnix.com /var/named/fwd.ostechnix.com 
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone ostechnix.com /var/named/rev.ostechnix.com 
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]#

7. Test DNS Server

Method A:

[root@masterdns ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.ostechnix.com.INA
;; ANSWER SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 5 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 12:48:35 2013
;; MSG SIZE  rcvd: 110

Method B:

[root@masterdns ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 12:49:53 2013
;; MSG SIZE  rcvd: 150

Method C:

[root@masterdns ~]# nslookup masterdns
Server:192.168.1.200
Address:192.168.1.200#53
Name:masterdns.ostechnix.com
Address: 192.168.1.200
Thats it. Now the Primary DNS server is ready

Setup Secondary(Slave) DNS Server

[root@slavedns ~]# yum install bind* -y

1. Configure Slave DNS Server

Open the main configuration file ‘/etc/named.conf’ and add the lines as shown in bold letters.
[root@slavedns ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.201; };                    ## Slve DNS IP ##      
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };                     ## IP Range ##   
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type slave;
file "slaves/ostechnix.fwd";
masters { 192.168.1.200; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/ostechnix.rev";
masters { 192.168.1.200; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Start the DNS Service

[root@slavedns ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@slavedns ~]# chkconfig named on
Now the forward and reverse zones are automatically replicated from Master DNS server to Slave DNS server.
To verify, goto DNS database location(i.e ‘/var/named/slaves’) and use command ‘ls’.
[root@slavedns ~]# cd /var/named/slaves/
[root@slavedns slaves]# ls
ostechnix.fwd  ostechnix.rev
The forward and reverse zones are automatically replicated from Master DNS. Now check the zone files whether the correct zone files are replicated or not.

[A] Check Forward zone:

[root@slavedns slaves]# cat ostechnix.fwd 
$ORIGIN .
$TTL 86400; 1 day
ostechnix.comIN SOAmasterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NSmasterdns.ostechnix.com.
NSslavedns.ostechnix.com.
$ORIGIN ostechnix.com.
masterdnsA192.168.1.200
slavedns A192.168.1.201

[B] Check Reverse zone:

[root@slavedns slaves]# cat ostechnix.rev 
$ORIGIN .
$TTL 86400; 1 day
1.168.192.in-addr.arpaIN SOAmasterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NSmasterdns.ostechnix.com.
NSslavedns.ostechnix.com.
$ORIGIN 1.168.192.in-addr.arpa.
200PTRmasterdns.ostechnix.com.
201PTRslavedns.ostechnix.com.
masterdnsA192.168.1.200
slavedns A192.168.1.201

3. Add the DNS Server details to all systems

[root@slavedns ~]# vi /etc/resolv.conf 
# Generated by NetworkManager
search ostechnix.com
nameserver 192.168.1.200
nameserver 192.168.1.201
nameserver 8.8.8.8

4. Test DNS Server

Method A:

[root@slavedns ~]# dig slavedns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> slavedns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;slavedns.ostechnix.com.INA
;; ANSWER SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; Query time: 7 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:00:17 2013
;; MSG SIZE  rcvd: 110

Method B:

[root@slavedns ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.ostechnix.com.INA
;; ANSWER SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 13 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:01:02 2013
;; MSG SIZE  rcvd: 110

Method C:

[root@slavedns ~]# nslookup slavedns
Server:192.168.1.200
Address:192.168.1.200#53
Name:slavedns.ostechnix.com
Address: 192.168.1.201

Method D:

[root@slavedns ~]# nslookup masterdns
Server:192.168.1.200
Address:192.168.1.200#53
Name:masterdns.ostechnix.com
Address: 192.168.1.200

Method E:

[root@slavedns ~]# dig -x 192.168.1.201
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56991
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;201.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
201.1.168.192.in-addr.arpa. 86400 INPTRslavedns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:03:39 2013
;; MSG SIZE  rcvd: 150

Method F:

[root@slavedns ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42968
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 4 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:04:15 2013
;; MSG SIZE  rcvd: 150
That’s it. Both Primary and Secondary DNS Server is ready to use. Have a Good day!!!

You may also like...

  • Pingback: Setup FTP Server step by step in CentOS 6.x / RHEL 6.x / Scientific Linux 6.x | Ostechnix()

  • Pingback: Install Red Hat Enterprise Linux 6.0 – Step by Step Tutorial With Screen Shots | Ostechnix()

  • Pingback: Setup Local Email Server With SME Server 8.0 | Ostechnix()

  • Pingback: Setup LDAP server (389ds) in CentOS/RHEL/Scientific Linux 6.3 step by step. | Ostechnix()

  • Pingback: Setup Mail server using Postfix+Dovecot+Squirrelmail in CentOS/RHEL/Scientific Linux 6.3 step by step | Ostechnix()

  • Richard

    WHY? Why do I have to disable SELINUX? I don’t WANT to disable SELINUX. How about a guide that helps me setup DDNS with SELINUX enabled! I’m tired of seeing “disable selinux” as the first step to a “guide”.

    • SK

      Richard if you don’t disable SELINUX and iptables, DNS server won’t allow the clients to resolve hostnames. Thats why we have to disable SELINUX. Well, If you want to setup DNS server along with both iptables and SELINUX enabled, you should add the following two lines in ‘/etc/sysconfig/iptables’ file.

      -A INPUT -p udp -m state –state NEW –dport 53 -j ACCEPT
      -A INPUT -p tcp -m state –state NEW –dport 53 -j ACCEPT

      I have updated this how-to tutorial with both iptables and selinux enabled. Thanks for pointing out.
      I will post a how-to “DDNS setup with SELINIUX enabled” soon.

      Thanks for your comment.

      • Rohit Kumar Vij

        sir, i want add you wordpress.. is it possible
        Regards
        Rohit Vij

        • SK

          “Sir, i want add you wordpress.. is it possible” what do you mean? I really don’t understand.

  • Greg

    Thanks for the good guide it help me a lot of.
    I have a question , how we can add mail server ? I think I need add MX RECORD to Bind ?
    Also about fowarders I put the one off Google but I think I need to foward TCP/IP port 53 from my router to my server ?
    Last question , about secure Bind I’m trying with this guide but there is lot of errror 🙁 https://bachem.wordpress.com/2012/04/14/setup-dns-server-bind-chroot-centos-6-2/

    • SK

      Greg add your mail server hostname and ip address in forward and reverse zone files.

  • Pingback: bind server is not resolving...()

    • SK

      Did you add the client details in both zone files? If not pls add the client records(Hostname & IP Address) in zone files and try again. Anyhow it is worked for me and i can resolve both server and client well.

  • Awesome Post! Thank You!

    • SK

      Thank you Gilbert.

  • Does it take long for the root domain name servers to pick up my domain name after these settings I can resolve my domain name internally but i keep getting a loop detected alert when trying to resolve my name server from the outside world,

    I only stopped parking my domain on the servers they were previously on about an hour ago so should it maybe take 24 hours ?

  • wulbs

    Any format where to add MX Record, CNAME?

  • 🙂 i understand but wonder it can run in server fpt

  • First thank you for your post it is very helpful and full of details.
    Now my question is why do we have to configure two DNS server (primary and secondery) as you have shown?

    • SK

      Hi Maxwell thanks for the comment.

      The major advantage in having a secondary DNS server is as backup in the event the primary DNS server handling your domain goes down. A secondary DNS server is always up, and ready to serve. It can help balance the load on the network as there are now more than one authoritative place to get your information. Updates are generally performed automatically from the master DNS. Thus it is an exact clone of the master.

  • grisales

    Hello SK, I follow your instructions step by step while setting up and internal DNS (lab purposes) but I don’t know what I missed. something is not OK (I guess) my results are like this:

    [root@localhost /]# service iptables restart
    iptables: Flushing firewall rules: [ OK ]
    iptables: Setting chains to policy ACCEPT: filter [ OK ]
    iptables: Unloading modules: [ OK ]
    iptables: Applying firewall rules: [ OK ]
    [root@localhost /]# named-checkconf /etc/named.conf
    [root@localhost /]# named-checkconf /etc/named.rfc1912.zones
    [root@localhost /]# named-checkzone slashmail.dev /var/named/fwd.slashmail.dev
    zone slashmail.dev/IN: loaded serial 2011071001
    OK
    [root@localhost /]# named-checkzone slashmail.dev /var/named/rev.slashmail.dev
    zone slashmail.dev/IN: loaded serial 2011071001
    OK
    [root@localhost /]# dig masterdns.slashmail.dev

    ; <> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <> masterdns.slashmail.dev
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36351
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;masterdns.slashmail.dev. IN A

    ;; AUTHORITY SECTION:
    . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013050200 1800 900 604800 86400

    ;; Query time: 12 msec
    ;; SERVER: 200.162.194.244#53(200.162.194.244)
    ;; WHEN: Thu May 2 05:24:19 2013
    ;; MSG SIZE rcvd: 116

    [root@localhost /]# dig -x 192.168.1.107

    ; <> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <> -x 192.168.1.107
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48948
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;107.1.168.192.in-addr.arpa. IN PTR

    ;; AUTHORITY SECTION:
    168.192.in-addr.arpa. 3600 IN SOA ns.168.192.in-addr.arpa. hostmaster.168.192.in-addr.arpa. 1 3600 1200 604800 3600

    ;; Query time: 10 msec
    ;; SERVER: 200.162.194.244#53(200.162.194.244)
    ;; WHEN: Thu May 2 05:26:07 2013
    ;; MSG SIZE rcvd: 94

    [root@localhost /]# nslokup masterdns
    -bash: nslokup: command not found
    [root@localhost /]# nslookup masterdns
    Server: 200.162.194.244
    Address: 200.162.194.244#53

    ** server can't find masterdns: NXDOMAIN

    • SK

      Hi

      Did you allow the port ’53’ through firewall? And disable SELinux and try again. It is worked 100% for me without any errors. Try once more a fresh installation. It may work for you too.

      • grisales

        Hello SK, thank ou so much for your quick reply and your excellent help :).

        The installation I used for this is a fresh one of CentOS 6.3
        The Ip Tables look like this:

        Using username “root”.
        Last login: Thu May 2 21:51:47 2013 from 192.168.1.106
        [root@masterdns ~]# vi /etc/sysconfig/iptables
        # Firewall configuration written by system-config-firewall
        # Manual customization of this file is not recommended.
        *filter
        :INPUT ACCEPT [0:0]
        :FORWARD ACCEPT [0:0]
        :OUTPUT ACCEPT [0:0]
        -A INPUT -p udp -m state –state NEW –dport 53 -j ACCEPT
        -A INPUT -p tcp -m state –state NEW –dport 53 -j ACCEPT
        -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
        -A INPUT -p icmp -j ACCEPT
        -A INPUT -i lo -j ACCEPT
        -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
        -A INPUT -j REJECT –reject-with icmp-host-prohibited
        -A FORWARD -j REJECT –reject-with icmp-host-prohibited
        COMMIT
        ~
        ~
        “/etc/sysconfig/iptables” 15L, 592C

        And when I restart the service gives me ok on everything.

        [root@masterdns ~]# vi /etc/sysconfig/iptables
        [root@masterdns ~]# service iptables restart
        iptables: Flushing firewall rules: [ OK ]
        iptables: Setting chains to policy ACCEPT: filter [ OK ]
        iptables: Unloading modules: [ OK ]
        iptables: Applying firewall rules: [ OK ]
        [root@masterdns ~]#

        I don’t get what I am doing wrong 🙁

        I have a hunch this is related to the Zones…

        [root@masterdns ~]# vi /etc/named.conf
        channel default_debug {
        file “data/named.run”;
        severity dynamic;
        };
        };

        zone “.” IN {
        type hint;
        file “named.ca”;
        };
        zone “slashmail.dev” IN {
        type master;
        file “fwd.slashmail.dev”;
        allow-update { none; };
        };
        zone “1.168.192.in-addr.arpa” IN {
        type master;
        file “rev.slashmail.dev”;
        allow-update { none; };
        };
        include “/etc/named.rfc1912.zones”;
        include “/etc/named.root.key”;

        ~
        ~
        ~
        “/etc/named.conf” 51L, 1280C

        What do you think it could be?
        Should i change anything at the router?

  • SK

    Hello Grisales,

    Everything seems to be fine in your configuration. You should allow the port 53 through router and firewall. And post your ‘named.conf’ file and forward and reverse zone files here. I will look for any mistakes.

    • grisales

      Well… I check the setting at the router and there is anything to be changed… just in case i set the incoming request at the port 53 to forward to the local dns server (the one i’m setting up).

      As for the files:

      ====================================
      named conf:
      ====================================
      [root@masterdns ~]# vi /etc/named.conf
      //
      // named.conf
      //
      // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
      // server as a caching only nameserver (as a localhost DNS resolver only).
      //
      // See /usr/share/doc/bind*/sample/ for example named configuration files.
      //

      options {
      listen-on port 53 { 127.0.0.1; 192.168.1.25; };
      listen-on-v6 port 53 { ::1; };
      directory “/var/named”;
      dump-file “/var/named/data/cache_dump.db”;
      statistics-file “/var/named/data/named_stats.txt”;
      memstatistics-file “/var/named/data/named_mem_stats.txt”;
      allow-query { localhost; 192.168.1.0/24; };
      allow-transfer { localhost; 192.168.1.26; };
      recursion yes;
      dnssec-enable yes;
      dnssec-validation yes;
      dnssec-lookaside auto;
      /* Path to ISC DLV key */
      bindkeys-file “/etc/named.iscdlv.key”;
      managed-keys-directory “/var/named/dynamic”;
      };

      logging {
      channel default_debug {
      file “data/named.run”;
      severity dynamic;
      };
      };

      zone “.” IN {
      type hint;
      file “named.ca”;
      };
      zone “slashmail.dev” IN {
      type master;
      file “fwd.slashmail.dev”;
      allow-update { none; };
      };
      zone “1.168.192.in-addr.arpa” IN {
      type master;
      file “rev.slashmail.dev”;
      allow-update { none; };
      };
      include “/etc/named.rfc1912.zones”;
      include “/etc/named.root.key”;

      ~
      ~
      ~
      “/etc/named.conf” 51L, 1280C

      ====================================
      Forward zones
      ====================================
      [root@masterdns named]# vi fwd.slashmail.dev
      $TTL 86400
      @ IN SOA masterdns.slashmail.dev. root.slashmail.dev. (
      2011071001 ;Serial
      3600 ;Refresh
      1800 ;Retry
      604800 ;Expire
      86400 ;Minimum TTL
      )
      @ IN NS masterdns.slashmail.dev.
      @ IN NS slavedns.slashmail.dev.
      masterdns IN A 192.168.1.25
      slavedns IN A 192.168.1.26
      ~
      ~
      “fwd.slashmail.dev” 12L, 357C

      ====================================
      Reverse zones
      ====================================
      [root@masterdns named]# vi rev.slashmail.dev
      $TTL 86400
      @ IN SOA masterdns.slashmail.dev. root.slashmail.dev. (
      2011071001 ;Serial
      3600 ;Refresh
      1800 ;Retry
      604800 ;Expire
      86400 ;Minimum TTL
      )
      @ IN NS masterdns.slashmail.dev.
      @ IN NS slavedns.slashmail.dev.
      masterdns IN A 192.168.1.107
      slavedns IN A 192.168.1.116
      107 IN PTR masterdns.slashmail.dev.
      116 IN PTR slavedns.slashmail.dev.
      ~
      ~
      “rev.slashmail.dev” 14L, 442C

  • grisales

    ====================================
    Reverse zones (correction)
    ====================================
    $TTL 86400
    @ IN SOA masterdns.slashmail.dev. root.slashmail.dev. (
    2011071001 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL
    )
    @ IN NS masterdns.slashmail.dev.
    @ IN NS slavedns.slashmail.dev.
    masterdns IN A 192.168.1.25
    slavedns IN A 192.168.1.26
    25 IN PTR masterdns.slashmail.dev.
    26 IN PTR slavedns.slashmail.dev.
    ~
    ~
    “rev.slashmail.dev” 14L, 438C

    • SK

      Hi
      Correct your zone files as shown below:

      *********************
      Forward zone:
      *********************
      # vi /var/named/fwd.slashmail.dev
      $TTL 86400
      @ IN SOA masterdns.slashmail.dev. root.slashmail.dev. (
      2011071001 ;Serial
      3600 ;Refresh
      1800 ;Retry
      604800 ;Expire
      86400 ;Minimum TTL
      )
      @ IN NS masterdns.slashmail.dev.
      @ IN NS slavedns.slashmail.dev.
      @ IN A 192.168.1.25
      @ IN A 192.168.1.26
      masterdns IN A 192.168.1.25
      slavedns IN A 192.168.1.26

      ***************************
      Reverse Zone
      ***************************
      # vi /var/named/rev.slashmail.dev
      $TTL 86400
      @ IN SOA masterdns.slashmail.dev. root.slashmail.dev. (
      2011071001 ;Serial
      3600 ;Refresh
      1800 ;Retry
      604800 ;Expire
      86400 ;Minimum TTL
      )
      @ IN NS masterdns.slashmail.dev.
      @ IN NS slavedns.slashmail.dev.
      @ IN PTR slashmail.dev.
      masterdns IN A 192.168.1.25
      slavedns IN A 192.168.1.26
      25 IN PTR masterdns.slashmail.dev.
      26 IN PTR slavedns.slashmail.dev.

      Double Check domain names in the above configuration. May be some spelling mistakes found when i edit them.

  • Chaitanya Datkhile

    Hi SK,

    thanks for the post.It was very helpful to me and it resolve my issue.:-)

  • artiq

    Nice Guide

  • Andrey

    Hi, this is a good article..i just want to ask, how to tell that my slave dns is working? Thank you

    • SK

      You don’t need to create zone files manually. They are automatically replicated from masterdns. If they are replicated, you can realize that secondarydns is working. Refer the Secondarydns configuration section in the article. Thanks for the comment.

  • Nico

    Hi, I was struggling for some hours to get BIND working. Using your article I found solution for my problems. Thanks!

  • great, thank for you post. very usefull.

  • This Article is most helpful for me. Thank you very much dude. i tried the lot of times to configure zimbra server, but its not worked for me. im done step by step in using your article. thanks you very much. 🙂

    • SK

      Glad it helped you. Thanks.

    • SK

      I saw your personal website. Great and awsome design.

  • shekhar

    thanks. really nice post

  • Mohammad Latif

    thanks ……you are doing great …..God bless you

  • 1 or 2 completed
    I am trying step 3 but fail
    [root@linux65 ~]# service named restart
    Stopping named: [ OK ]
    Starting named: [FAILED]

    Check Reverse Zone
    [root@linux65 ~]# named-checkzone test.com /var/named/chroot/var/named/rev.test.com
    zone test.com/IN: loaded serial 2011071001
    OK
    Check Forward Zone
    [root@linux65 ~]# named-checkzone test.com /var/named/chroot/var/named/fwd.test.com
    zone test.com/IN: loaded serial 2011071001
    OK
    Please help me!

  • i am found that permission related problem are having
    solved it……………..
    #chgrp named /var/named/chroot/var/named/*
    thank a lot.

  • Pris0ner

    SK, I just want to build only Primary DNS, so Can It work or not?

    • SK

      Yes, it should work. Secondary DNS server is needed only in case you need a failover concept.