Step 1: Installing Bind DNS Server on CentOS 8 / RHEL 8

You can install the bind DNS server on CentOS / RHEL 8 by running the below command

$ dnf -y install bind bind-utils vim
CentOS-8 - AppStream                                   1.3 kB/s | 4.3 kB     00:03    
CentOS-8 - Base                                        1.2 kB/s | 3.9 kB     00:03    
CentOS-8 - Extras                                      467  B/s | 1.5 kB     00:03    
Dependencies resolved

Make sure to keep SELinux in Enforcing mode.

$ getenforce

Step 2: Configure BIND DNS Authoritative Server on CentOS 8 / RHEL 8

Now you can configure the BIND DNS Authoritative server by opening the configuration file. You can find out the config file in the /etc/named.conf.

In my case I’ll add the following settings to my DNS, you can set up as you required.

• osradar.com Zone (Domain Name)
• 192.168.109.0 Managed subnet
• 192.168.109.75 IP of slave server
• 192.168.109.59 IP of the master server

Edit the /etc/named.conf file by running below command and apply the settings.

$ sudo vim /etc/named.conf
 //
 // named.conf
 //
 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
 // server as a caching only nameserver (as a localhost DNS resolver only).
 //
 // See /usr/share/doc/bind*/sample/ for example named configuration files.
 //
 options {
          listen-on port 53 { any; }; ## Listen on any since it is an authoritative DNS Publicly available. 
          listen-on-v6 port 53 { any; }; ## You can also set the same for IPv6
          directory       "/var/named";
          dump-file       "/var/named/data/cache_dump.db";
          statistics-file "/var/named/data/named_stats.txt";
          memstatistics-file "/var/named/data/named_mem_stats.txt";
          secroots-file   "/var/named/data/named.secroots";
          recursing-file  "/var/named/data/named.recursing";
  ## Since this will be an authoritative Nameserver, allow query from any host 
         allow-query     { any; };          
         allow-transfer  {192.168.109.75; };     
 /*
 If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.                    - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion.       - If your recursive DNS server has a public IP address, you MUST enable access       control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface.
 */     
    recursion no; ## Following Advice from above.     
    dnssec-enable yes;     
    dnssec-validation yes;     
    managed-keys-directory "/var/named/dynamic";     
    pid-file "/run/named/named.pid";     
    session-keyfile "/run/named/session.key";      
 /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */     include "/etc/crypto-policies/back-ends/bind.config";
 };
 logging {
          channel default_debug {
                  file "data/named.run";
                  severity dynamic;
          };
 };
 zone "." IN {
          type hint;
          file "named.ca";
 };
 include "/etc/named.rfc1912.zones";
 include "/etc/named.root.key";
 Set your ZONE details as shown below for different domains. Set the forward and reverse details. You can set the names of files as you like
 zone "osradar.com" IN {
         type master;
         file "osradar.forward";
         allow-update { none; };
 };
 Make sure you follow the rule for reverse zone (109.168.192.in-addr.arpa). [If your IP is 192.168.10.10, It will be 10.168.192.in-addr.arpa]
 zone "109.168.192.in-addr.arpa" IN {
         type master;
         file "osradar.reverse";
         allow-update { none; };
 };

Make sure that your IP is Public one as this is an Authoritative DNS Server.

Step 3: Creating Zone Files

After finishing configuring in named.conf you will have to create the Zone files & place all the records that you would wish to add such as A/AAAA, MX,PTR & others.
Create the zone files in the /var/named/ directory.

$ sudo vim /var/named/osradar.com.forward


 $TTL 86400
  @   IN  SOA     dns1.osradar.com. root.osradar.com. (
  # You can use any numerical values for serial number but it is recommended to use [YYYYMMDDnn]
          2019112201  ;Serial
          3600        ;Refresh
          1800        ;Retry
          604800      ;Expire
          86400       ;Minimum TTL
 )
          # Set your Name Servers here
          IN  NS      dns1.osradar.com.
          IN  NS      dns2.osradar.com.
          # define Name Server's IP address
          IN  A       192.168.109.59
          # Set your Mail Exchanger (MX) Server here
          IN  MX 10   dns1.osradar.com.
 Set each IP address of a hostname. Sample A records.
 dns1     IN  A       192.168.109.59
 dns2     IN  A       192.168.109.75
 mail1    IN  A       192.168.109.78

Now create the corresponding reverse records for the same domain we had defined in the named.conf file.

$ sudo vim /var/named/osradar.reverse


 $TTL 86400
  @   IN  SOA     dns1.osradar.com. root.osradar.com. (
          2019112201  ;Serial
          3600        ;Refresh
          1800        ;Retry
          604800      ;Expire
          86400       ;Minimum TTL
  )
          # Set Name Server
          IN  NS      dns1.osradar.com.
 Set each IP address of a hostname. Sample PTR records.
 88      IN  PTR     dns1.osradar.com.
 94      IN  PTR     dns2.osradar.com.
 97      IN  PTR     mail1.osradar.com.

Step 4: Alter DNS Settings on Master Server

Now make our new DNS Server as the default Name Server. Edit the file /etc/resolv.conf & add the below lines into it.

$ sudo vim /etc/resolv.conf  
 nameserver 192.168.109.59

Note: Replace the IP Address with your one.

Step 5: Firewall

Allow dns service on the firewall

Run the below lines to allow dns service on the firewall

sudo firewall-cmd --add-service=dns --permanent
sudo firewall-cmd --reload

Make sure you’ve done the correct configuration. Double check the configuration by typing

sudo named-checkconf

Start and Enable bind services

sudo systemctl start named
sudo systemctl enable named

So far, we’ve configured our Master BIND DNS server. Let’s move toward our Slave server.

Step 6: Configuring Slave DNS Server

Run the below command on Slave server to install bind & bind utils.

sudo dnf -y install bind bind-utils vim

Now edit the file /etc/named.conf and edit it accordingly to configure the slave server.

$ sudo vim /etc/named.conf
 //
 // named.conf
 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
 // server as a caching only nameserver (as a localhost DNS resolver only).
 // See /usr/share/doc/bind*/sample/ for example named configuration files.
 // See the BIND Administrator's Reference Manual (ARM) for details about the
 // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
 options {
          listen-on port 53 { any; };
          listen-on-v6 port 53 { any; };
          directory       "/var/named";
          dump-file       "/var/named/data/cache_dump.db";
          statistics-file "/var/named/data/named_stats.txt";
          memstatistics-file "/var/named/data/named_mem_stats.txt";
          recursing-file  "/var/named/data/named.recursing";
          secroots-file   "/var/named/data/named.secroots";
          allow-query     { any; }; ## Allows hosts to query Slave DNS
          allow-transfer { none; }; ## Disable zone transfer
       /*        - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.       - If you are building a RECURSIVE (caching) DNS server, you need to enable          recursion.       - If your recursive DNS server has a public IP address, you MUST enable access          control to limit queries to your legitimate users. Failing to do so will         cause your server to become part of large scale DNS amplification          attacks. Implementing BCP38 within your network would greatly         reduce such attack surface       */
 Since this is a slave, lets allow recursion.
 recursion yes;      dnssec-enable yes;      dnssec-validation yes;
 /* Path to ISC DLV key */
      bindkeys-file "/etc/named.root.key";
     managed-keys-directory "/var/named/dynamic";     
     pid-file "/run/named/named.pid";     
     session-keyfile "/run/named/session.key";
 };
 logging {
          channel default_debug {
                  file "data/named.run";
                  severity dynamic;
          };
 };
 zone "." IN {
          type hint;
          file "named.ca";
 };
 include "/etc/named.rfc1912.zones";
 include "/etc/named.root.key";
 Let us create zone definitions for both forward and reverse dns lookups.
 The files will be created automatically on the slave.
 zone "osradar.com" IN {
          type slave;
          file "slaves/osradar.forward";
          masters { 192.168.109.59; }; ## Master server it is receiving DNS Records from
 };
 zone  "109.168.192.in-addr.arpa" IN {
          type slave;
          file "slaves/osradar.reverse";
          masters { 192.168.109.59; }; ## Master server it is receiving DNS Records from
 };

Step 7: Alter DNS Settings on Slave Server

Open the file /etc/resolv.conf & add the IP of slave

$ sudo vim /etc/resolv.conf

nameserver 192.168.109.59

nameserver 192.168.109.75

Now double check the configurations & start and enable bind services

sudo named-checkconf
sudo systemctl start named
sudo systemctl enable named

Check that zone files have transferred from the master.

$ ll /var/named/slaves/

total 12

-rw-r--r-- 1 named named 480 Dec 14 14:16 osradar.forward

-rw-r--r-- 1 named named 492 Dec 14 14:45 osradar.reverse

Congratulations! You have successfully Configured Master / Slave Server on CentOS 8.

The post How To Configure Master / Slave BIND DNS Server on CentOS 8 / RHEL 8 appeared first on Linux Windows and android Tutorials.