How to Install and Configure DNS on RHEL 8 and CENTOS 8

0
299

DNS Stands for domain name system, it translates website URL into IP addresses. You can say it is the phonebook of the internet as it is hard to remember IP addresses of each host so DNS makes it easy to remember URL instead of IP address.

In this tutorial you will learn that how to install and configure your own DNS server on the RHEL 8 and CentOS 8 server.

My Server Details:

Operating System:  RedHat Enterprise Linux 8
Hostname:               primary.osradar.localdomain
IP Address:             192.168.130.152

STEP 1:
Install bind (DNS) packages on your server.

yum install bind bind-utils -y

STEP 2:
Configure DNS Server

Edit /etc/named.conf file using below command and make below changes.

vi /etc/named.conf

i: Comment below lines so BIND DNS Server will listen to all IP addresses.

#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };

ii: Add your network in below line, It will allow clients to query the DNS for the name (URL) to IP translation. My network is 192.168.130.0/24

allow-query { localhost; 192.168.130.0/24; };

iii: Create Forward and Reverse Zones

zone "osradar.localdomain" IN {
type master;
file "forward.osradar";
allow-update { none; };
};
zone "130.168.192.in-addr.arpa" IN {
type master;
file "reverse.osradar";
allow-update { none; };
};
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; 192.168.130.0/24; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";

/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "osradar.localdomain" IN {
type master;
file "forward.osradar";
allow-update { none; };
};
zone "130.168.192.in-addr.arpa" IN {
type master;
file "reverse.osradar";
allow-update { none; };
};

STEP 3:
Create DNS Zone files

Create forward and reverse zone files which was added in the /etc/named.conf file.

i: Create Forward Zone

Create forward.osradar file in the /var/named directory.

vi /var/named/forward.osradar

Add the following lines:

$TTL 86400
@ IN SOA primary.osradar.localdomain. root.osradar.localdomain. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS primary.osradar.localdomain.
@ IN A 192.168.130.152

primary IN A 192.168.130.152

ii: Create Reverse Zone

Create reverse.osradar file in the /var/named directory.

vi /var/named/reverse.osradar

Add the following lines:

$TTL 86400
@ IN SOA primary.osradar.localdomain. root.osradar.localdomain. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS primary.osradar.localdomain.
@ IN PTR osradar.localdomain.
primary IN A 192.168.130.152

152 IN PTR primary.osradar.localdomain.

STEP 4:
Start the DNS service

systemctl start named
systemctl enable named

STEP 5:
Configure Firewall

We must allow the DNS service or its port 53 in firewall.

firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --reload

STEP 6:
Adding DNS Server in Network

Add the DNS Server IP in network interface file.

vi /etc/sysconfig/network-scripts/ifcfg-ens32

Note: ifcfg-xxxx will be your network interface file

I will add below entry as it is my DNS server IP address
DNS=”192.168.130.152″

Add DNS server IP in /etc/resolv.conf

vi /etc/resolv.conf

nameserver 192.168.130.152

Now restart Network

systemctl restart NetworkManager.service

OR

systemctl restart network

STEP 7:
Test DNS Server

dig primary.osradar.localdomain

Output

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0 <<>> primary.osradar.localdomain
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13585
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: df1e10c2a695c022e38035245cdafa6916303f22e15d5315 (good)
;; QUESTION SECTION:
;primary.osradar.localdomain. IN A

;; ANSWER SECTION:
primary.osradar.localdomain. 86400 IN A 192.168.130.152

;; AUTHORITY SECTION:
osradar.localdomain. 86400 IN NS primary.osradar.localdomain.

;; Query time: 2 msec
;; SERVER: 192.168.130.152#53(192.168.130.152)
;; WHEN: Tue May 14 22:27:05 PKT 2019
;; MSG SIZE rcvd: 114

nslookup osradar.localdomain

Output

Server: 192.168.130.152
Address: 192.168.130.152#53

Name: osradar.localdomain
Address: 192.168.130.152

Client Machine Configuration

Add the DNS server details in /etc/resolv.conf file of all desired client machines.

Run below command

vi /etc/resolv.conf

Then add below entry in that file where 192.168.130.152 will be replaced with your DNS server IP address.

nameserver 192.168.130.152

Now restart Your Network using one of following commands

systemctl restart NetworkManager.service

OR

systemctl restart network

 

Test DNS Server from Client machine

dig primary.osradar.localdomain
nslookup osradar.localdomain

 

That’s it. You have successfully installed BIND DNS on RHEL 8 / CENTOS 8 as master (Primary) server and now it is ready to use.

LEAVE A REPLY

Please enter your comment!
Please enter your name here