1) Install bind packages :
yum -y install bind bind-chroot bind-utils caching-name-server
2) copy /usr/share/doc/bind/sample/etc/caching-name-server.conf /var/named/chroot/etc/named.conf
Make symbolic link for named.conf as
ln -s /var/named/chroot/etc/named.conf /etc/
3) Make changes in named.conf
4) copy named.root.hints file from /usr/share/doc/bind/sample/etc/named.root.hints
cp /usr/share/doc/bind-9.3.6/sample/etc/named.root.hints /var/named/chroot/etc/
5) Make symbolic link to named.root.hints file
ln -s /var/named/chroot/etc/named.root.hints /etc/
6) Copy named.root file from /usr/share/doc/bind/sample/var/named/named.root
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/ OR
Make a change as named.ca replacing named.root in named.root.hints file. This will solve the problem.
7) Also make symbolic link to the above respective files.
8) Change group to named for all the files in /var/named/chroot/var/named/ and /var/named/chroot/etc/
chgrp named /var/named/chroot/var/named/*
chgrp named /var/named/chroot/etc/*
9) comment ddns-key part from named.conf file. Otherwise named service will not start.
10) Make two views internal and external as such files :
Internal - for private IP
External - for public IP
Filename : example.com-internal.db - for forward lookup zone file
@ IN SOA test.example.com. root (
1 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS test.example.com.
@ IN A 10.0.0.5
test.example.com. IN A 10.0.0.5
www.example.com IN CNAME test.example.com.
Filename : example.com-external.db
@ IN SOA test.example.com. root (
1 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS test.example.com.
@ IN A 64.1.2.3
test.example.com. IN A 64.1.2.3
www.example.com IN CNAME test.example.com.
11) Make reverse lookup in config file /etc/named.conf file which is placed below forward lookup file as :
0.0.10.in-addr.arpa.db file in /var/named/chroot/var/named/
Filename : 0.0.10.in-addr.arpa.db
@ IN SOA test.example.com. root (
1 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS test.example.com.
5.0.0.10.in-addr.arpa IN PTR test.example.com.
OR u can write it as
5 IN PTR test.example.com.
Change the group permission to named for the file.
At this point, u will able to resolve sites quering from other client PC's in the same network as :
dig test.example.com @test.example.com
But the same query will not be executed from localhost.
In order to execute query from localhost, make changes as below
12) Add the zone file config in localhost_resolver view also in order to carry out forward and reverse lookup from localhost.
E.g :
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
# all views must contain the root hints zone:
// include "/etc/named.root.hints";
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/etc/named.rfc1912.zones";
zone "example.com" {
type master;
file "example.com-internal.db";
};
zone "0.0.10.in-addr.arpa" {
type master;
file "0.0.10.in-addr.arpa.db";
};
};
13) If you want to uncomment ddns-key, then generate a key with /usr/sbin/ddns-keygen given as named.conf file and add the same key in the file.
15) Also make sure everytime u make changes in named config file and restart the service, check the logs in /var/log/messages in order to troubleshoot the issues.
16) Also whnever u r making changes in zone file, change the serial no. in order to replicate zone files properly among all the slaves.
14) Transfer zone files from primary dns server to secondary dns server.
15) Install bind in secondary dns server.
16) In named.conf file, make changes as such :
zone "example.com" {
type slave;
masters { 10.0.0.5; }; // Assign this IP as per ur network configuration.
17) Stop the iptables on both the sides.
18) /etc/init.d/named restart
That's all, you are ready with your DNS server.
No comments:
Post a Comment