Install & Configure the BIND DNS Server

Overview

BIND also known as NAMED is the most widely used DNS server software in the world. The Berkeley Internet Name Domain (BIND) is  domain name server software that can run on Linux, Unix, and Windows computer operating systems.


Command Steps

1. Make sure you have internet connectivity and install the BIND DNS server.
yum install bind

2. Set your DNS server setting to resolve to your loopback interface by echoing to /etc/resolv,.conf or by editing your your outside interface configuration file (example: ifcfg-eth0) adding the line: DNS1=127.0.0.1, and taking the interface down and up again (ifdown eth0, ifup eth0). The benefit to ediing the ifcfg file and then bringing the interface down and up again is that the confguration will be permanent, whereas echoing to resolv.conf is not a saved configuration. Once you set the DNS server setting to 127.0.0.1 you will lose internet connectivity until you restart BIND.
echo “nameserver 127.0.0.1” > /etc/resolv.conf 
or
vim /etc/sysconfig/network-scripts/ifcfg-eth0
add the following line to the configuration file: DNS1=127.0.0.1
ifdown eth0
ifup eth0

3. Check the resolve.conf file to verify that your DNS setting of 127.0.0.1 is available.
cat /etc/resolv.conf

4. Restart the BIND DNS server. The BIND DNS server is referenced by command as “named”  pronounced “name – d”, the name daemon.
service named restart 

{loadposition adposition6}

5. Now try to see if your DNS server can reach other DNS servers over the internet in order to resolve dns lookups.
nslookup google.com

Troubleshooting – If you get a “server can’t find google.com SERVFAIL” message you can try these troubleshooting scenarios:
1) If you are using VMware virtual machines try shutting down your Windows firewall
2) Make sure your iptables is accepting traffic on the loopback interface. Use the iptables-save command and you should see the following line: -A INPUT -i lo -j ACCEPT . If not, you can add it directly to the iptables configuration file by editing /etc/sysconfig/iptables. Then restart iptables: service iptables restart
3) Also, check that you have the right date set on your system. Use the
date command to check the date and timestamp. You can fix it with the following command: date -s ‘year-month-date time’ (e.g. 2012-4-23 12:10:00). I experienced DNS server nslookup failure due to incorrect date.
4) If you still have problems and are unable to resolve domain names using nslookup then try looking at your log files: tail /var/log/messages

6. Now put in a chkconfig command to allow BIND (NAMED) to start on system startup.
chkconfig named on

7. Before you begin configuring the DNS server you should know what your hostname. You were asked to create your hostname (computer name) during your CentOS linux installation. Your hostname follows your username and the “@” symbol in your terminal command prompt. For instance, my terminal shows the following prompt [dan@centos-server ~]$, “dan” is the username, “centos-server” is the hostname, ” ~ ” refers to my current directory – which is home, and the “$” prompt means I am in user mode as “dan” (a # would mean I am currently the root user). To verify your hostname type the command hostname in the terminal and hit enter.
hostname

You can temporarily change the hostname by issuing the hostname command. However this will not be permanent upon restart.
hostname <example-server-name>

To permanently change the system hostname even upon reboot, edit the following file in a text editor: /etc/sysconfig/network
nano /etc/sysconfig/network
and add the following line after NETWORKING=”yes”:
HOSTNAME=”example-server-hostname” 

8. Beyond knowing the server hostname, to use the full potential of the DNS server you will also need to know your fully qualified domain name (FQDN). You will probably need to configure your servers FQDN. To do this you will need to edit the configuration file of your outside facing network interface using a text editor, in my example the file is ifcfg-eth0.
nano /etc/sysconfig/network-scripts/ifcfg-eth0

and add your domain name by adding a line to the configuration file:
DOMAIN=”example.com”

{loadposition adposition6}then take the interface up and down. Check to see if the change is reflected in the /etc/resolv.conf file, and the run the hostname –fqdn command to see your FQDN. The FQDN should be your server hostname followed by a dot and your domain name (e.g. example-server-hostname.example.com). If your computer does not recognize your fully qualified domain name (fqdn), just keep going, the server should recognize the FQDN by the time you have finished configuring the DNS server conf file and zone files.
ifdown eth0
ifup eth0
cat /etc/resolv.conf
hostname –fqdn

9. Now that your hostname and fully qualified domain name are configured it is time to configure the BIND (NAMED) DNS server.The first file to configure is: /etc/named.conf
nano /etc/named.conf

10. Now you can add master lookup zones to the named.conf file like the entries in my example below. I inserted the two zones right before the line ( zone “.” IN { ). The first zone is for forward lookups and the second zone is for reverse lookups. Forward lookups resolve names to IP addresses and reverse lookups resolve ip addresses to names. Make sure to substitute your own domain name and the network portion of your IP address in reverse (outside interface).

 zone “example.com” IN {
type master;
file “example.com.zone”;
allow-update { none; };
};

zone “1.168.192.in-addr.arpa” IN {
type master;
file “example.com.rr.zone”;
allow-update { none; };
};

11. You can see in the two zones above that the third line in each zone references a file (example.com.zone and example.com.rr.zone). You will need to create two text files, one to match each of those names, and save them in the /var/named/ directory.
touch /var/named/example.com.zone
touch /var/named/example.com.rr.zone

12. Now you will need to edit and save each file with zone configurations. Make sure to substitute your own domain name and IP address (outside interface). First, the forward lookup zone file.
nano /var/named/example.com.zone

$ORIGIN example.com.
$TTL 86400
@    IN    SOA    dns1.example.com.    hostmaster.example.com. (
2001062501 ; serial
21600      ; refresh after 6 hours
3600       ; retry after 1 hour
604800     ; expire after 1 week
86400 )    ; minimum TTL of 1 day

IN    NS    dns1.example.com.

IN    MX    10    mail.example.com.

IN    A    192.168.1.113

dns1    IN    A    192.168.1.113

example-server-hostname    IN    A    192.168.1.113

ftp    IN    A    192.168.1.113

mail    IN    CNAME    example-server-hostname

www    IN    CNAME   
example-server-hostname
13. Second, the reverse lookup zone file.
nano /var/named/example.com.rr.zone

$ORIGIN 1.168.192.in-addr.arpa.
$TTL 86400
@    IN    SOA    dns1.example.com.    hostmaster.example.com. (
2001062501 ; serial
21600      ; refresh after 6 hours
3600       ; retry after 1 hour
604800     ; expire after 1 week
86400 )    ; minimum TTL of 1 day

@    IN    NS     example-server-hostname.example.com.

1    IN    PTR    example-server-hostname.example.com.

2    IN    PTR    dns1.example.com.

3    IN    PTR    ftp.example.com.

4    IN    PTR    mail.example.com.

14. Now restart your server and try resolving your domain names with nslookup. You should see that they resolve to your server!!!
service named restart
nslookup example.com
nslookup dns1.example.com
nslookup mail.example.com
nslookup ftp.example.com
nslookup www.example.com
nslookup example-server-hostname.example.com

Video Tutorials

In part 1, I install and troubleshoot the BIND (named) DNS Server in CentOS Linux

 

In part 2, I set the hostname, domain name, and edit the named.conf configuration file

In part 3, I configure the master forward and reverse lookup zones

Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

1 thought on “Install & Configure the BIND DNS Server”

  1. Alguém necessariamente auxiliar tornar seriamente posts Talvez еstado.
    É o primeiro tеmpo eu frequentava sua рágina web е a eѕte ponto ?
    Eᥙ surpreso сom օ pesquisa você feᴢ para criar
    neste real publicar incrível . Excelente processo !

Leave a Reply

Your email address will not be published. Required fields are marked *