How to Setup DNS Server in CentOS 6.5

You may also like...

  • Pingback: Setup FTP Server step by step in CentOS 6.x / RHEL 6.x / Scientific Linux 6.x | Ostechnix()

  • Pingback: Install Red Hat Enterprise Linux 6.0 – Step by Step Tutorial With Screen Shots | Ostechnix()

  • Pingback: Setup Local Email Server With SME Server 8.0 | Ostechnix()

  • Pingback: Setup LDAP server (389ds) in CentOS/RHEL/Scientific Linux 6.3 step by step. | Ostechnix()

  • Pingback: Setup Mail server using Postfix+Dovecot+Squirrelmail in CentOS/RHEL/Scientific Linux 6.3 step by step | Ostechnix()

  • Richard

    WHY? Why do I have to disable SELINUX? I don’t WANT to disable SELINUX. How about a guide that helps me setup DDNS with SELINUX enabled! I’m tired of seeing “disable selinux” as the first step to a “guide”.

    • SK

      Richard if you don’t disable SELINUX and iptables, DNS server won’t allow the clients to resolve hostnames. Thats why we have to disable SELINUX. Well, If you want to setup DNS server along with both iptables and SELINUX enabled, you should add the following two lines in ‘/etc/sysconfig/iptables’ file.

      -A INPUT -p udp -m state –state NEW –dport 53 -j ACCEPT
      -A INPUT -p tcp -m state –state NEW –dport 53 -j ACCEPT

      I have updated this how-to tutorial with both iptables and selinux enabled. Thanks for pointing out.
      I will post a how-to “DDNS setup with SELINIUX enabled” soon.

      Thanks for your comment.

      • Rohit Kumar Vij

        sir, i want add you wordpress.. is it possible
        Regards
        Rohit Vij

        • SK

          “Sir, i want add you wordpress.. is it possible” what do you mean? I really don’t understand.

  • Greg

    Thanks for the good guide it help me a lot of.
    I have a question , how we can add mail server ? I think I need add MX RECORD to Bind ?
    Also about fowarders I put the one off Google but I think I need to foward TCP/IP port 53 from my router to my server ?
    Last question , about secure Bind I’m trying with this guide but there is lot of errror 🙁 https://bachem.wordpress.com/2012/04/14/setup-dns-server-bind-chroot-centos-6-2/

    • SK

      Greg add your mail server hostname and ip address in forward and reverse zone files.

  • Pingback: bind server is not resolving...()

    • SK

      Did you add the client details in both zone files? If not pls add the client records(Hostname & IP Address) in zone files and try again. Anyhow it is worked for me and i can resolve both server and client well.

  • Awesome Post! Thank You!

    • SK

      Thank you Gilbert.

  • Does it take long for the root domain name servers to pick up my domain name after these settings I can resolve my domain name internally but i keep getting a loop detected alert when trying to resolve my name server from the outside world,

    I only stopped parking my domain on the servers they were previously on about an hour ago so should it maybe take 24 hours ?

  • wulbs

    Any format where to add MX Record, CNAME?

  • 🙂 i understand but wonder it can run in server fpt

  • First thank you for your post it is very helpful and full of details.
    Now my question is why do we have to configure two DNS server (primary and secondery) as you have shown?

    • SK

      Hi Maxwell thanks for the comment.

      The major advantage in having a secondary DNS server is as backup in the event the primary DNS server handling your domain goes down. A secondary DNS server is always up, and ready to serve. It can help balance the load on the network as there are now more than one authoritative place to get your information. Updates are generally performed automatically from the master DNS. Thus it is an exact clone of the master.

  • grisales

    Hello SK, I follow your instructions step by step while setting up and internal DNS (lab purposes) but I don’t know what I missed. something is not OK (I guess) my results are like this:

    [root@localhost /]# service iptables restart
    iptables: Flushing firewall rules: [ OK ]
    iptables: Setting chains to policy ACCEPT: filter [ OK ]
    iptables: Unloading modules: [ OK ]
    iptables: Applying firewall rules: [ OK ]
    [root@localhost /]# named-checkconf /etc/named.conf
    [root@localhost /]# named-checkconf /etc/named.rfc1912.zones
    [root@localhost /]# named-checkzone slashmail.dev /var/named/fwd.slashmail.dev
    zone slashmail.dev/IN: loaded serial 2011071001
    OK
    [root@localhost /]# named-checkzone slashmail.dev /var/named/rev.slashmail.dev
    zone slashmail.dev/IN: loaded serial 2011071001
    OK
    [root@localhost /]# dig masterdns.slashmail.dev

    ; <> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <> masterdns.slashmail.dev
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36351
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;masterdns.slashmail.dev. IN A

    ;; AUTHORITY SECTION:
    . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013050200 1800 900 604800 86400

    ;; Query time: 12 msec
    ;; SERVER: 200.162.194.244#53(200.162.194.244)
    ;; WHEN: Thu May 2 05:24:19 2013
    ;; MSG SIZE rcvd: 116

    [root@localhost /]# dig -x 192.168.1.107

    ; <> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <> -x 192.168.1.107
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48948
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;107.1.168.192.in-addr.arpa. IN PTR

    ;; AUTHORITY SECTION:
    168.192.in-addr.arpa. 3600 IN SOA ns.168.192.in-addr.arpa. hostmaster.168.192.in-addr.arpa. 1 3600 1200 604800 3600

    ;; Query time: 10 msec
    ;; SERVER: 200.162.194.244#53(200.162.194.244)
    ;; WHEN: Thu May 2 05:26:07 2013
    ;; MSG SIZE rcvd: 94

    [root@localhost /]# nslokup masterdns
    -bash: nslokup: command not found
    [root@localhost /]# nslookup masterdns
    Server: 200.162.194.244
    Address: 200.162.194.244#53

    ** server can't find masterdns: NXDOMAIN

    • SK

      Hi

      Did you allow the port ’53’ through firewall? And disable SELinux and try again. It is worked 100% for me without any errors. Try once more a fresh installation. It may work for you too.

      • grisales

        Hello SK, thank ou so much for your quick reply and your excellent help :).

        The installation I used for this is a fresh one of CentOS 6.3
        The Ip Tables look like this:

        Using username “root”.
        Last login: Thu May 2 21:51:47 2013 from 192.168.1.106
        [root@masterdns ~]# vi /etc/sysconfig/iptables
        # Firewall configuration written by system-config-firewall
        # Manual customization of this file is not recommended.
        *filter
        :INPUT ACCEPT [0:0]
        :FORWARD ACCEPT [0:0]
        :OUTPUT ACCEPT [0:0]
        -A INPUT -p udp -m state –state NEW –dport 53 -j ACCEPT
        -A INPUT -p tcp -m state –state NEW –dport 53 -j ACCEPT
        -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
        -A INPUT -p icmp -j ACCEPT
        -A INPUT -i lo -j ACCEPT
        -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
        -A INPUT -j REJECT –reject-with icmp-host-prohibited
        -A FORWARD -j REJECT –reject-with icmp-host-prohibited
        COMMIT
        ~
        ~
        “/etc/sysconfig/iptables” 15L, 592C

        And when I restart the service gives me ok on everything.

        [root@masterdns ~]# vi /etc/sysconfig/iptables
        [root@masterdns ~]# service iptables restart
        iptables: Flushing firewall rules: [ OK ]
        iptables: Setting chains to policy ACCEPT: filter [ OK ]
        iptables: Unloading modules: [ OK ]
        iptables: Applying firewall rules: [ OK ]
        [root@masterdns ~]#

        I don’t get what I am doing wrong 🙁

        I have a hunch this is related to the Zones…

        [root@masterdns ~]# vi /etc/named.conf
        channel default_debug {
        file “data/named.run”;
        severity dynamic;
        };
        };

        zone “.” IN {
        type hint;
        file “named.ca”;
        };
        zone “slashmail.dev” IN {
        type master;
        file “fwd.slashmail.dev”;
        allow-update { none; };
        };
        zone “1.168.192.in-addr.arpa” IN {
        type master;
        file “rev.slashmail.dev”;
        allow-update { none; };
        };
        include “/etc/named.rfc1912.zones”;
        include “/etc/named.root.key”;

        ~
        ~
        ~
        “/etc/named.conf” 51L, 1280C

        What do you think it could be?
        Should i change anything at the router?

  • SK

    Hello Grisales,

    Everything seems to be fine in your configuration. You should allow the port 53 through router and firewall. And post your ‘named.conf’ file and forward and reverse zone files here. I will look for any mistakes.

    • grisales

      Well… I check the setting at the router and there is anything to be changed… just in case i set the incoming request at the port 53 to forward to the local dns server (the one i’m setting up).

      As for the files:

      ====================================
      named conf:
      ====================================
      [root@masterdns ~]# vi /etc/named.conf
      //
      // named.conf
      //
      // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
      // server as a caching only nameserver (as a localhost DNS resolver only).
      //
      // See /usr/share/doc/bind*/sample/ for example named configuration files.
      //

      options {
      listen-on port 53 { 127.0.0.1; 192.168.1.25; };
      listen-on-v6 port 53 { ::1; };
      directory “/var/named”;
      dump-file “/var/named/data/cache_dump.db”;
      statistics-file “/var/named/data/named_stats.txt”;
      memstatistics-file “/var/named/data/named_mem_stats.txt”;
      allow-query { localhost; 192.168.1.0/24; };
      allow-transfer { localhost; 192.168.1.26; };
      recursion yes;
      dnssec-enable yes;
      dnssec-validation yes;
      dnssec-lookaside auto;
      /* Path to ISC DLV key */
      bindkeys-file “/etc/named.iscdlv.key”;
      managed-keys-directory “/var/named/dynamic”;
      };

      logging {
      channel default_debug {
      file “data/named.run”;
      severity dynamic;
      };
      };

      zone “.” IN {
      type hint;
      file “named.ca”;
      };
      zone “slashmail.dev” IN {
      type master;
      file “fwd.slashmail.dev”;
      allow-update { none; };
      };
      zone “1.168.192.in-addr.arpa” IN {
      type master;
      file “rev.slashmail.dev”;
      allow-update { none; };
      };
      include “/etc/named.rfc1912.zones”;
      include “/etc/named.root.key”;

      ~
      ~
      ~
      “/etc/named.conf” 51L, 1280C

      ====================================
      Forward zones
      ====================================
      [root@masterdns named]# vi fwd.slashmail.dev
      $TTL 86400
      @ IN SOA masterdns.slashmail.dev. root.slashmail.dev. (
      2011071001 ;Serial
      3600 ;Refresh
      1800 ;Retry
      604800 ;Expire
      86400 ;Minimum TTL
      )
      @ IN NS masterdns.slashmail.dev.
      @ IN NS slavedns.slashmail.dev.
      masterdns IN A 192.168.1.25
      slavedns IN A 192.168.1.26
      ~
      ~
      “fwd.slashmail.dev” 12L, 357C

      ====================================
      Reverse zones
      ====================================
      [root@masterdns named]# vi rev.slashmail.dev
      $TTL 86400
      @ IN SOA masterdns.slashmail.dev. root.slashmail.dev. (
      2011071001 ;Serial
      3600 ;Refresh
      1800 ;Retry
      604800 ;Expire
      86400 ;Minimum TTL
      )
      @ IN NS masterdns.slashmail.dev.
      @ IN NS slavedns.slashmail.dev.
      masterdns IN A 192.168.1.107
      slavedns IN A 192.168.1.116
      107 IN PTR masterdns.slashmail.dev.
      116 IN PTR slavedns.slashmail.dev.
      ~
      ~
      “rev.slashmail.dev” 14L, 442C

  • grisales

    ====================================
    Reverse zones (correction)
    ====================================
    $TTL 86400
    @ IN SOA masterdns.slashmail.dev. root.slashmail.dev. (
    2011071001 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL
    )
    @ IN NS masterdns.slashmail.dev.
    @ IN NS slavedns.slashmail.dev.
    masterdns IN A 192.168.1.25
    slavedns IN A 192.168.1.26
    25 IN PTR masterdns.slashmail.dev.
    26 IN PTR slavedns.slashmail.dev.
    ~
    ~
    “rev.slashmail.dev” 14L, 438C

    • SK

      Hi
      Correct your zone files as shown below:

      *********************
      Forward zone:
      *********************
      # vi /var/named/fwd.slashmail.dev
      $TTL 86400
      @ IN SOA masterdns.slashmail.dev. root.slashmail.dev. (
      2011071001 ;Serial
      3600 ;Refresh
      1800 ;Retry
      604800 ;Expire
      86400 ;Minimum TTL
      )
      @ IN NS masterdns.slashmail.dev.
      @ IN NS slavedns.slashmail.dev.
      @ IN A 192.168.1.25
      @ IN A 192.168.1.26
      masterdns IN A 192.168.1.25
      slavedns IN A 192.168.1.26

      ***************************
      Reverse Zone
      ***************************
      # vi /var/named/rev.slashmail.dev
      $TTL 86400
      @ IN SOA masterdns.slashmail.dev. root.slashmail.dev. (
      2011071001 ;Serial
      3600 ;Refresh
      1800 ;Retry
      604800 ;Expire
      86400 ;Minimum TTL
      )
      @ IN NS masterdns.slashmail.dev.
      @ IN NS slavedns.slashmail.dev.
      @ IN PTR slashmail.dev.
      masterdns IN A 192.168.1.25
      slavedns IN A 192.168.1.26
      25 IN PTR masterdns.slashmail.dev.
      26 IN PTR slavedns.slashmail.dev.

      Double Check domain names in the above configuration. May be some spelling mistakes found when i edit them.

  • Chaitanya Datkhile

    Hi SK,

    thanks for the post.It was very helpful to me and it resolve my issue.:-)

  • artiq

    Nice Guide

  • Andrey

    Hi, this is a good article..i just want to ask, how to tell that my slave dns is working? Thank you

    • SK

      You don’t need to create zone files manually. They are automatically replicated from masterdns. If they are replicated, you can realize that secondarydns is working. Refer the Secondarydns configuration section in the article. Thanks for the comment.

  • Nico

    Hi, I was struggling for some hours to get BIND working. Using your article I found solution for my problems. Thanks!

  • great, thank for you post. very usefull.

  • This Article is most helpful for me. Thank you very much dude. i tried the lot of times to configure zimbra server, but its not worked for me. im done step by step in using your article. thanks you very much. 🙂

    • SK

      Glad it helped you. Thanks.

    • SK

      I saw your personal website. Great and awsome design.

  • shekhar

    thanks. really nice post

  • Mohammad Latif

    thanks ……you are doing great …..God bless you

  • 1 or 2 completed
    I am trying step 3 but fail
    [root@linux65 ~]# service named restart
    Stopping named: [ OK ]
    Starting named: [FAILED]

    Check Reverse Zone
    [root@linux65 ~]# named-checkzone test.com /var/named/chroot/var/named/rev.test.com
    zone test.com/IN: loaded serial 2011071001
    OK
    Check Forward Zone
    [root@linux65 ~]# named-checkzone test.com /var/named/chroot/var/named/fwd.test.com
    zone test.com/IN: loaded serial 2011071001
    OK
    Please help me!

  • i am found that permission related problem are having
    solved it……………..
    #chgrp named /var/named/chroot/var/named/*
    thank a lot.

  • Pris0ner

    SK, I just want to build only Primary DNS, so Can It work or not?

    • SK

      Yes, it should work. Secondary DNS server is needed only in case you need a failover concept.