Before proceeding towards the installation procedure, make sure your system has a static IP configured.

Step 1: Update Your System

Before installing any new package, make sure your system is up-to date.

sudo apt -y update

Step 2: Download & Install the BIND DNS Server

Run the below command to install the bind dns server and required packages.

sudo apt install -y bind9 bind9utils bind9-doc dnsutils

Step 3: Configure DNS Server

Main configuration directory of DNS is located at /etc/bind.

Global DNS configuraiton file can be found at /etc/bind/named.conf that can’t be used for local DNS. For local DNS, /etc/bind/named.conf.local is used.

Create Zones

Edit the local DNS file with your favourite editor.

sudo nano /etc/bind/named.conf.local

And then create forward & reverse zones for your domain. Here I’ll create for osradar.com as seen below:

zone "osradar.local" IN { // Domain name

type master; // Primary DNS

file "/etc/bind/forward.osradar.local.db"; // Forward lookup file

allow-update { none; }; // Since this is the primary DNS, it should be none.

};

That was for the forward zone. Now, we’ll add for reverse zone.

zone "10.16.172.in-addr.arpa" IN { //Reverse lookup name, should match your network in reverse order

type master; // Primary DNS

file "/etc/bind/reverse.osradar.local.db"; //Reverse lookup file

allow-update { none; }; //Since this is the primary DNS, it should be none.

};

10.16.172.in-addr.arpa is the zone name of reverse DNS. (If network is 172.16.10.0, the name will be reversed as in 10.16.172).

Step 4: Configure Bind DNS Zone Lookup Files

As described earlier, the zone lookup files have the DNS records of the forward & reverse zones. So, we’ll configure them.

For Forward Zone Lookup File

Now, copy the sample forward zone lookup file to the file called forward.osradar.local.db located at /etc/bind directory.

sudo cp /etc/bind/db.local /etc/bind/forward.osradar.local.db

Now, edit the above file.

sudo nano /etc/bind/forward.osradar.local.db

$TTL 604800
@ IN SOA ns1.osradar.local. root.ns1.osradar.local. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
;@ IN NS localhost.
;@ IN A 127.0.0.1
;@ IN AAAA ::1

;Name Server Information

@ IN NS ns1.osradar.local.

;IP address of Name Server

ns1 IN A 172.16.10.2

;Mail Exchanger

osradar.local. IN MX 10 mail.osradar.local.

;A – Record HostName To Ip Address

www IN A 172.16.10.3
mail IN A 172.16.10.4

;CNAME record

ftp IN CNAME www.osradar.local.

For Reverse Zone Lookup File

Simply perform the above actions for reverse zone lookup file.

sudo cp /etc/bind/db.127 /etc/bind/reverse.osradar.local.db

And then modify the content.

sudo nano /etc/bind/reverse.osradar.local.db

;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA osradar.local. root.osradar.local. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;

;Name Server Information

@ IN NS ns1.osradar.local.
ns1 IN A 172.16.10.2

;Reverse lookup for Name Server

2 IN PTR ns1.osradar.local.

;PTR Record IP address to HostName

3 IN PTR www.osradar.local.
4 IN PTR mail.osradar.local.

Step 5: Verify Bind DNS Syntax

Hit the given command to verify the syntax of bind DNS it’ll return to the shell if everything is ok.

sudo named-checkconf

Fire the below commands to check the syntax for forward & reverse zones respectively.

sudo named-checkzone osradar.local /etc/bind/forward.osradar.local.db
sudo named-checkzone 10.16.172.in-addr.arpa /etc/bind/reverse.osradar.local.db

You’ll see the similar output respectively.

#####forward zone file
OK
#####reverse zone file
zone 10.16.172.in-addr.arpa/IN: loaded serial 1
OK

Finally, restart & enable BIND services.

sudo systemctl restart bind9
sudo systemctl enable bind9

Step 6: Test DNS Server On Ubuntu 20.04

We can change the DNS server on any of client machine to our newly created server. Every OS has different DNS settings. In Ubuntu type

sudo echo "nameserver 172.16.10.2" >> /etc/resolv.conf

Now, type dig command along with your domain name to test the DNS server.

root@ubuntu20:~# dig www.osradar.local

; <<>> DiG 9.16.1-Ubuntu <<>> www.osradar.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65241
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fabd20125b9ccbff010000005f8c7204e1387a993d58c22f (good)
;; QUESTION SECTION:
;www.osradar.local. IN A

;; ANSWER SECTION:
www.osradar.local. 604800 IN A 172.16.10.3

;; Query time: 4 msec
;; SERVER: 172.16.10.10#53(172.16.10.10)
;; WHEN: Sat Nov 28 16:49:08 UTC 2020
;; MSG SIZE rcvd: 100

And to test the reverse DNS, type

root@ubuntu:~# dig -x 172.16.10.3

; <<>> DiG 9.16.1-Ubuntu <<>> -x 172.16.10.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62529
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 7b8c9b8971f74afc010000005f8c72a8bdc5ebbdb4869578 (good)
;; QUESTION SECTION:
;3.10.16.172.in-addr.arpa. IN PTR

;; ANSWER SECTION:
3.10.16.172.in-addr.arpa. 604800 IN PTR www.osradar.local.

;; Query time: 0 msec
;; SERVER: 172.16.10.10#53(172.16.10.10)
;; WHEN: Sat Nov 28 16:51:52 UTC 2020
;; MSG SIZE rcvd: 122

So, you can see that both forward & reverse DNS are working properly. Hence, this is how you can install & Configure BIND DNS Server On Ubuntu 20.04

The post How To Install and Configure Master BIND DNS Server On Ubuntu 20.04 appeared first on Linux Windows and android Tutorials.

Step 1: Installing Bind DNS Server on CentOS 8 / RHEL 8

You can install the bind DNS server on CentOS / RHEL 8 by running the below command

$ dnf -y install bind bind-utils vim
CentOS-8 - AppStream                                   1.3 kB/s | 4.3 kB     00:03    
CentOS-8 - Base                                        1.2 kB/s | 3.9 kB     00:03    
CentOS-8 - Extras                                      467  B/s | 1.5 kB     00:03    
Dependencies resolved

Make sure to keep SELinux in Enforcing mode.

$ getenforce

Step 2: Configure BIND DNS Authoritative Server on CentOS 8 / RHEL 8

Now you can configure the BIND DNS Authoritative server by opening the configuration file. You can find out the config file in the /etc/named.conf.

In my case I’ll add the following settings to my DNS, you can set up as you required.

• osradar.com Zone (Domain Name)
• 192.168.109.0 Managed subnet
• 192.168.109.75 IP of slave server
• 192.168.109.59 IP of the master server

Edit the /etc/named.conf file by running below command and apply the settings.

$ sudo vim /etc/named.conf
 //
 // named.conf
 //
 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
 // server as a caching only nameserver (as a localhost DNS resolver only).
 //
 // See /usr/share/doc/bind*/sample/ for example named configuration files.
 //
 options {
          listen-on port 53 { any; }; ## Listen on any since it is an authoritative DNS Publicly available. 
          listen-on-v6 port 53 { any; }; ## You can also set the same for IPv6
          directory       "/var/named";
          dump-file       "/var/named/data/cache_dump.db";
          statistics-file "/var/named/data/named_stats.txt";
          memstatistics-file "/var/named/data/named_mem_stats.txt";
          secroots-file   "/var/named/data/named.secroots";
          recursing-file  "/var/named/data/named.recursing";
  ## Since this will be an authoritative Nameserver, allow query from any host 
         allow-query     { any; };          
         allow-transfer  {192.168.109.75; };     
 /*
 If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.                    - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion.       - If your recursive DNS server has a public IP address, you MUST enable access       control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface.
 */     
    recursion no; ## Following Advice from above.     
    dnssec-enable yes;     
    dnssec-validation yes;     
    managed-keys-directory "/var/named/dynamic";     
    pid-file "/run/named/named.pid";     
    session-keyfile "/run/named/session.key";      
 /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */     include "/etc/crypto-policies/back-ends/bind.config";
 };
 logging {
          channel default_debug {
                  file "data/named.run";
                  severity dynamic;
          };
 };
 zone "." IN {
          type hint;
          file "named.ca";
 };
 include "/etc/named.rfc1912.zones";
 include "/etc/named.root.key";
 Set your ZONE details as shown below for different domains. Set the forward and reverse details. You can set the names of files as you like
 zone "osradar.com" IN {
         type master;
         file "osradar.forward";
         allow-update { none; };
 };
 Make sure you follow the rule for reverse zone (109.168.192.in-addr.arpa). [If your IP is 192.168.10.10, It will be 10.168.192.in-addr.arpa]
 zone "109.168.192.in-addr.arpa" IN {
         type master;
         file "osradar.reverse";
         allow-update { none; };
 };

Make sure that your IP is Public one as this is an Authoritative DNS Server.

Step 3: Creating Zone Files

After finishing configuring in named.conf you will have to create the Zone files & place all the records that you would wish to add such as A/AAAA, MX,PTR & others.
Create the zone files in the /var/named/ directory.

$ sudo vim /var/named/osradar.com.forward


 $TTL 86400
  @   IN  SOA     dns1.osradar.com. root.osradar.com. (
  # You can use any numerical values for serial number but it is recommended to use [YYYYMMDDnn]
          2019112201  ;Serial
          3600        ;Refresh
          1800        ;Retry
          604800      ;Expire
          86400       ;Minimum TTL
 )
          # Set your Name Servers here
          IN  NS      dns1.osradar.com.
          IN  NS      dns2.osradar.com.
          # define Name Server's IP address
          IN  A       192.168.109.59
          # Set your Mail Exchanger (MX) Server here
          IN  MX 10   dns1.osradar.com.
 Set each IP address of a hostname. Sample A records.
 dns1     IN  A       192.168.109.59
 dns2     IN  A       192.168.109.75
 mail1    IN  A       192.168.109.78

Now create the corresponding reverse records for the same domain we had defined in the named.conf file.

$ sudo vim /var/named/osradar.reverse


 $TTL 86400
  @   IN  SOA     dns1.osradar.com. root.osradar.com. (
          2019112201  ;Serial
          3600        ;Refresh
          1800        ;Retry
          604800      ;Expire
          86400       ;Minimum TTL
  )
          # Set Name Server
          IN  NS      dns1.osradar.com.
 Set each IP address of a hostname. Sample PTR records.
 88      IN  PTR     dns1.osradar.com.
 94      IN  PTR     dns2.osradar.com.
 97      IN  PTR     mail1.osradar.com.

Step 4: Alter DNS Settings on Master Server

Now make our new DNS Server as the default Name Server. Edit the file /etc/resolv.conf & add the below lines into it.

$ sudo vim /etc/resolv.conf  
 nameserver 192.168.109.59

Note: Replace the IP Address with your one.

Step 5: Firewall

Allow dns service on the firewall

Run the below lines to allow dns service on the firewall

sudo firewall-cmd --add-service=dns --permanent
sudo firewall-cmd --reload

Make sure you’ve done the correct configuration. Double check the configuration by typing

sudo named-checkconf

Start and Enable bind services

sudo systemctl start named
sudo systemctl enable named

So far, we’ve configured our Master BIND DNS server. Let’s move toward our Slave server.

Step 6: Configuring Slave DNS Server

Run the below command on Slave server to install bind & bind utils.

sudo dnf -y install bind bind-utils vim

Now edit the file /etc/named.conf and edit it accordingly to configure the slave server.

$ sudo vim /etc/named.conf
 //
 // named.conf
 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
 // server as a caching only nameserver (as a localhost DNS resolver only).
 // See /usr/share/doc/bind*/sample/ for example named configuration files.
 // See the BIND Administrator's Reference Manual (ARM) for details about the
 // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
 options {
          listen-on port 53 { any; };
          listen-on-v6 port 53 { any; };
          directory       "/var/named";
          dump-file       "/var/named/data/cache_dump.db";
          statistics-file "/var/named/data/named_stats.txt";
          memstatistics-file "/var/named/data/named_mem_stats.txt";
          recursing-file  "/var/named/data/named.recursing";
          secroots-file   "/var/named/data/named.secroots";
          allow-query     { any; }; ## Allows hosts to query Slave DNS
          allow-transfer { none; }; ## Disable zone transfer
       /*        - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.       - If you are building a RECURSIVE (caching) DNS server, you need to enable          recursion.       - If your recursive DNS server has a public IP address, you MUST enable access          control to limit queries to your legitimate users. Failing to do so will         cause your server to become part of large scale DNS amplification          attacks. Implementing BCP38 within your network would greatly         reduce such attack surface       */
 Since this is a slave, lets allow recursion.
 recursion yes;      dnssec-enable yes;      dnssec-validation yes;
 /* Path to ISC DLV key */
      bindkeys-file "/etc/named.root.key";
     managed-keys-directory "/var/named/dynamic";     
     pid-file "/run/named/named.pid";     
     session-keyfile "/run/named/session.key";
 };
 logging {
          channel default_debug {
                  file "data/named.run";
                  severity dynamic;
          };
 };
 zone "." IN {
          type hint;
          file "named.ca";
 };
 include "/etc/named.rfc1912.zones";
 include "/etc/named.root.key";
 Let us create zone definitions for both forward and reverse dns lookups.
 The files will be created automatically on the slave.
 zone "osradar.com" IN {
          type slave;
          file "slaves/osradar.forward";
          masters { 192.168.109.59; }; ## Master server it is receiving DNS Records from
 };
 zone  "109.168.192.in-addr.arpa" IN {
          type slave;
          file "slaves/osradar.reverse";
          masters { 192.168.109.59; }; ## Master server it is receiving DNS Records from
 };

Step 7: Alter DNS Settings on Slave Server

Open the file /etc/resolv.conf & add the IP of slave

$ sudo vim /etc/resolv.conf

nameserver 192.168.109.59

nameserver 192.168.109.75

Now double check the configurations & start and enable bind services

sudo named-checkconf
sudo systemctl start named
sudo systemctl enable named

Check that zone files have transferred from the master.

$ ll /var/named/slaves/

total 12

-rw-r--r-- 1 named named 480 Dec 14 14:16 osradar.forward

-rw-r--r-- 1 named named 492 Dec 14 14:45 osradar.reverse

Congratulations! You have successfully Configured Master / Slave Server on CentOS 8.

The post How To Configure Master / Slave BIND DNS Server on CentOS 8 / RHEL 8 appeared first on Linux Windows and android Tutorials.