Sunday, March 12, 2017

How to install and configure Bind DNS Cluster in Linux

1. Introduction

Short for Domain Name System (or Service or Server), an internet service that converts domain names into IP addresses. Domain names are much easier to remember than IP addresses.
Information from all the domain name servers across the Internet are gathered together and housed at the Central Registry. Host companies and Internet Service Providers interact with the Central Registry on a regular schedule to get updated DNS information.

2. Requirements

For master DNS Server:
OS : Centos 7
IP Address : 192.168.1.18
For slave DNS Server:
OS : Ubuntu 14.04
IP Address : 192.168.1.19

3. Setup Master DNS Server

Install the bind packages
# yum install bind* -y
To configure the DNS server follow the below step.
# vi /etc/named.conf


//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 192.168.1.18; }; ## MASTER ##  
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 138.201.3.0/24; }; ## RANGE ##
        allow-transfer { localhost; 192.168.1.19; }; ## SLAVE ##
        /*

.
.
.
.
zone "." IN {
        type hint;
        file "named.ca";
};

zone "inhouse.inc" IN {
type master;
file "forward.zone";
allow-update { none; };
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

To create zone files as mentioned in /etc/named.conf, follow the steps below.
Important: Please make sure that you replace ‘@’ with ‘inhouse.inc.’ in both the zone files.
Create forward zone file.
# vi /var/named/forward.zone

$TTL 86400
@   IN  SOA     masterdns.inhouse.inc. root.inhouse.inc. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.inhouse.inc.
@       IN  NS          secondarydns.inhouse.inc.
@       IN  A           192.168.1.18
@       IN  A           192.168.1.19
masterdns       IN  A   192.168.1.18
secondarydns    IN  A   192.168.1.19
Create reverse zone file.
# vi /var/named/reverse.zone

$TTL 86400
@   IN  SOA     masterdns.inhouse.inc. root.inhouse.inc. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.inhouse.inc.
@       IN  NS          secondarydns.inhouse.inc.
@       IN  PTR         inhouse.inc.
masterdns       IN  A   192.168.1.18
secondarydns    IN  A   192.168.1.19
18     IN  PTR         masterdns.inhouse.inc.
19     IN  PTR         secondarydns.inhouse.inc.

Add the following line in /etc/resolv.conf
# vi /etc/resolv.conf

nameserver 192.168.1.18

Now start the named service
# systemctl named start
# chkconfig named on

Verify DNS configuration and zone files for any syntax errors
# named-checkconf /etc/named.conf 

# named-checkzone inhouse.inc /var/named/forward.zone

Output is as follows:
zone inhouse.inc/IN: loaded serial 2011071001
OK
Now we need to check the reverse zone.
# named-checkzone inhouse.inc /var/named/reverse.zone
Output is as follows:
zone inhouse.inc/IN: loaded serial 2011071001
OK
Now you can test the DNS server using the following commands. Testing with any one of the command is fine.
$~ dig masterdns.inhouse.inc

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> masterdns.inhouse.inc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57668
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.inhouse.inc.  IN A

;; AUTHORITY SECTION:
inhouse.inc.  86400 IN SOA ns1.inhouse.inc. sherin.syslint.com. 2015112001 86400 7200 3600000 86400

;; Query time: 0 msec
;; SERVER: 10.0.0.10#53(10.0.0.10)
;; WHEN: Fri Jan 15 02:23:30 IST 2016
;; MSG SIZE  rcvd: 108

Do an nslook for the domain name inhouse.inc
# nslookup inhouse.inc

Server:  192.168.1.18
Address: 192.168.1.18#53

Name: inhouse.inc
Address: 192.168.1.18
Name: inhouse.inc
Address: 192.168.1.19

4. Setup slave DNS server

Install the bind packages.
# apt-get install bind9 bind9utils bind9-doc

To configure slave DNS server follow the below step.
# vi /etc/bind/named.conf
Make sure it contains the following lines. If not, add them.
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
Save and quit the file.
# vi /etc/bind/named.conf.local
Add the following lines to it
zone"inhouse.inc" {
        type slave;
        file "/var/named/forward.zone";
        masters { 192.168.1.18; };
 };

Add the following line in /etc/resolv.conf
# vi /etc/resolv.conf

nameserver 192.168.1.18

Give permissions and change ownership
# chmod -R 755 /etc/bind
# chown -R bind:bind /etc/bind
Now restart the bind service
# service bind9 restart
Add dns-nameservers in /etc/network/interfaces
# vi /etc/network/interfaces

auto venet0:0
iface venet0:0 inet static
        address 192.168.1.19
        netmask 255.255.255.0
        broadcast 138.201.3.255
        gateway 138.201.3.1
        dns-nameservers 192.168.1.18
        dns-nameservers 192.168.1.19
        dns-search home
Now test the DNS server using the following commands. Testing with any one of the command is fine.
$~ dig masterdns.inhouse.local

; <<>> DiG 9.9.5-3ubuntu0.6-Ubuntu <<>> masterdns.inhouse.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21775
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.inhouse.local. IN A

;; AUTHORITY SECTION:
.   6364 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016011401 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 192.168.1.19#53(192.168.1.19)
;; WHEN: Fri Jan 15 00:02:14 MSK 2016
;; MSG SIZE  rcvd: 127

--------------------------------------------------

$~ dig secondarydns.inhouse.local

; <<>> DiG 9.9.5-3ubuntu0.6-Ubuntu <<>> secondarydns.inhouse.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2592
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;secondarydns.inhouse.local. IN A

;; AUTHORITY SECTION:
.   6600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016011401 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 192.168.1.19#53(192.168.1.19)
;; WHEN: Fri Jan 15 00:02:50 MSK 2016
;; MSG SIZE  rcvd: 130

----------------------------------------
# nslookup inhouse.inc
Server:  192.168.1.19
Address: 192.168.1.19#53

Name: inhouse.inc
Address: 192.168.1.18
Name: inhouse.inc
Address: 192.168.1.19

5. Finishing point

BIND includes a utility called rndc which allows command line administration of the named daemon from the localhost or a remote host.
You can now reload rndc on both servers.
# rndc reload

No comments:

Post a Comment