how to configure dns server in rhel 7 or rhel 8 step by step. dns server configuration in linux step by step centos. bind chroot. dns server configuration in linux step by step centos. how to configure dns server in rhel 7 step by step. named chroot. bind allow query. install bind centos 7 or centos 8. Configure forward zone file and reverse zone file using named chroot using centos or rhel 7 or centos 8. Sample forward zone file and reverse zone file on rhel 7 or rhel 8 linux. Verify bind dns server configuration files using named-checkconf. Do not copy chroot contents to /var/named/chroot. dns configuration step by step. setup dns server on red hat.
Install Bind Chroot RPM
To install BIND running in a chroot environment, you have to install the bind-chroot
package.
[root@centos-8 ~]# yum install -y bind-chroot
Verify the list of available bind packages installed with bind chroot
via yum
:
[root@centos-8 ~]# rpm -qa| grep bind bind-license-9.9.4-74.el7_6.1.noarch bind-chroot-9.9.4-74.el7_6.1.x86_64 keybinder3-0.3.0-1.el7.x86_64 bind-libs-9.9.4-74.el7_6.1.x86_64 bind-utils-9.9.4-74.el7_6.1.x86_64 bind-libs-lite-9.9.4-74.el7_6.1.x86_64 bind-9.9.4-74.el7_6.1.x86_64 rpcbind-0.2.0-47.el7.x86_64
Below list of directories and files will be created with bind chroot package on your CentOS/RHEL 7/8 Linux host:
[root@centos-8 ~]# ls -l /var/named/chroot/ total 20 drwxr-x---. 2 root named 4096 Jun 21 16:11 dev drwxr-x---. 4 root named 4096 Jun 21 16:11 etc drwxr-x---. 3 root named 4096 Jun 21 16:11 run drwxr-xr-x. 3 root root 4096 Jun 21 16:11 usr drwxr-x---. 5 root named 4096 Jun 21 16:11 var
Turn ON the bind chroot environment, with this all your Bind DNS server related files and directories will be mount on /var/named/chroot
bind chroot
package, the BIND service will run in the chroot environment. In that case, the initialization script will mount all of the BIND configuration files into the chroot location using the mount --bind
command, so that you can manage the configuration outside this environment. There is no need to copy anything into the /var/named/chroot/
directory because it is mounted automatically.[root@centos-8 ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
Next verify the list of mount paths on /var/named/chroot
[root@centos-8 ~]# mount | grep chroot /dev/mapper/centos-root on /var/named/chroot/etc/named type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/usr/lib64/bind type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/localtime type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/named type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/named.root.key type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/named.conf type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/named.rfc1912.zones type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/rndc.key type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/named.iscdlv.key type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/protocols type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/services type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/usr/lib64/bind type ext4 (rw,relatime,data=ordered) tmpfs on /var/named/chroot/run/named type tmpfs (rw,nosuid,nodev,mode=755) /dev/mapper/centos-root on /var/named/chroot/var/named type ext4 (rw,relatime,data=ordered)
We will note our IP Address which we will use to configure our BIND DNS in chroot environment
[root@centos-8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:df:87:41 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.32/8 brd 10.255.255.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fedf:8741/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:95:c3:cd brd ff:ff:ff:ff:ff:ff
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:b0:af:fb brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:b0:af:fb brd ff:ff:ff:ff:ff:ff
Configure DNS Server (named.conf)
To configure DNS server first thing is to update our /etc/named.conf
file. We have made the below highlighted changes in our named.conf
file:
[root@centos-8 ~]# cat /etc/named.conf options { listen-on port 53 { 127.0.0.1; any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; any; }; allow-query-cache { localhost; any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
Add zone records
Next we need to add zone records for forward zone file and reverse zone file location in /etc/named.rfc1912.zones
file. here example.com contains details for our forward zone file and 2.0.10.in-addr.arpa
contains information about reverse zone file.
zone "example.com" IN { type master; file "example.com.zone"; allow-update { none; }; }; zone "2.0.10.in-addr.arpa" IN { type master; file "example.com.rzone"; allow-update { none; }; };
10.0.2.32
, I have used 2.0.10.in-addr.arpa
as the zone name, similarly if your IP is 192.168.0.XX
then your reverse zone name syntax would be 0.168.192.in-addr.arpa
We will create our forward and reverse zone files in the next steps.
Create Forward Zone File
Navigate to /var/named
where we will have some default templates which can be used to configure our forward zone file.
[root@centos-8 ~]# cd /var/named/
List the content of /var/named
[root@centos-8 named]# ls -l total 32 drwxr-x---. 2 root named 4096 Jun 21 16:12 chroot drwxrwx---. 2 named named 4096 Jun 5 00:56 data drwxrwx---. 2 named named 4096 Jun 5 00:56 dynamic -rw-r-----. 1 root named 2281 May 22 2017 named.ca -rw-r-----. 1 root named 152 Dec 15 2009 named.empty -rw-r-----. 1 root named 152 Jun 21 2007 named.localhost -rw-r-----. 1 root named 168 Dec 15 2009 named.loopback drwxrwx---. 2 named named 4096 Jun 5 00:56 slaves
Create forward zone file using named.localhost
[root@centos-8 named]# cat named.loopback > example.com.zone
Change the permission and ownership of the forward zone file (example.com.zone
) as shown below:
[root@centos-8 named]# chmod 644 example.com.zone [root@centos-8 named]# chown root:named example.com.zone [root@centos-8 named]# ls -l example.com.zone -rw-r--r--. 1 root named 260 Jun 21 16:28 example.com.zone
Update the forward zone file with the details from your setup and environment. Below is my sample forward zone file:
[root@centos-8 named]# cat example.com.zone $TTL 1D @ IN SOA example.com root ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS localhost localhost IN A 127.0.0.1 centos-7 IN A 10.0.2.30 rhel-8 IN A 10.0.2.31 centos-8 IN A 10.0.2.32
Create Reverse Zone File
Similarly create a reverse zone file using named.localhost.
[root@centos-8 named]# cat named.localhost > example.com.rzone
Change the permission and ownership of the reverse zone file (example.com.rzone
) as shown below:
[root@centos-8 named]# chmod 644 example.com.rzone [root@centos-8 named]# chown root:named example.com.rzone [root@centos-8 named]# ls -l example.com.rzone -rw-r--r--. 1 root named 260 Jun 21 16:28 example.com.rzone
Next update the values of your reverse zone file depending upon your environment. Below is my sample reverse zone file:
[root@centos-8 named]# cat example.com.rzone $TTL 1D @ IN SOA example.com. root.example.com. ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS localhost. 30 IN PTR centos-7.example.com. 31 IN PTR rhel-8.example.com. 32 IN PTR centos-8.example.com.
Verify the bind chroot configuration
Before you start the named-chroot
service, it is important that you verify your bind chroot configuration file for any syntax errors:
[root@centos-8 named]# named-checkconf -t /var/named/ etc/named.conf
Here -t
means chroot to directory so that include directives in the configuration file are processed as if run by a similarly chrooted named. Make sure all the content of /var/named/
are mounted on /var/named/chroot
before you execute this command or else you may get open: etc/named.conf: file not found
error.
Check the /etc/mtab
content using mount
command
[root@centos-8 ~]# mount | grep chroot /dev/mapper/centos-root on /var/named/chroot/etc/named type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/usr/lib64/bind type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/localtime type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/named type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/named.root.key type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/named.conf type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/named.rfc1912.zones type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/rndc.key type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/named.iscdlv.key type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/protocols type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/etc/services type ext4 (rw,relatime,data=ordered) /dev/mapper/centos-root on /var/named/chroot/usr/lib64/bind type ext4 (rw,relatime,data=ordered) tmpfs on /var/named/chroot/run/named type tmpfs (rw,nosuid,nodev,mode=755) /dev/mapper/centos-root on /var/named/chroot/var/named type ext4 (rw,relatime,data=ordered)
If you do not see these paths mounted on /var/named/chroot
then turn off the chroot mount using
[root@centos-8 ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot off
and then turn it back ON
[root@centos-8 ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
Next re-verify the mount | grep chroot
command output. You should see that all required devices are mounted on /var/named/chroot
. This is important to refresh all the changes what you have performed recently should be visible under /var/named/chroot
Now you can run below command to verify your chroot config files
[root@centos-8 named]# named-checkconf -t /var/named/ etc/named.conf
Start named-chroot service
To configure dns server on Red Hat Enterprise Linux 7 the installation of bind-chroot
does NOT change how the named service is run. On the contrary it installs new named-chroot
service that needs to be started using systemctl
command, if you want to run named service in a chroot environment.
But before, make sure to stop and disable any named service which is available and running on your RHEL 7 Linux host:
[root@centos-8 named]# systemctl stop named [root@centos-8 named]# systemctl disable named
Next start named-chroot
service using systemctl:
[root@centos-8 named]# systemctl start named-chroot
[root@centos-8 ~]# systemctl status named-chroot
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2019-06-21 17:00:25 IST; 1min 1s ago
Process: 5321 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS)
Process: 5319 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 5323 (named)
Tasks: 4
CGroup: /system.slice/named-chroot.service
└─5323 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot
Jun 21 17:00:25 centos-8.example.com named[5323]: zone 2.0.10.in-addr.arpa/IN: loaded serial 1
Jun 21 17:00:25 centos-8.example.com named[5323]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jun 21 17:00:25 centos-8.example.com named[5323]: zone localhost.localdomain/IN: loaded serial 0
Jun 21 17:00:25 centos-8.example.com named[5323]: zone example.com/IN: loaded serial 1
Jun 21 17:00:25 centos-8.example.com named[5323]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0....ial 0
Jun 21 17:00:25 centos-8.example.com named[5323]: zone localhost/IN: loaded serial 0
Jun 21 17:00:25 centos-8.example.com named[5323]: all zones loaded
Jun 21 17:00:25 centos-8.example.com named[5323]: running
Jun 21 17:00:25 centos-8.example.com named[5323]: zone example.com/IN: sending notifies (serial 1)
Jun 21 17:00:25 centos-8.example.com named[5323]: zone 2.0.10.in-addr.arpa/IN: sending notifies (serial 1)
Hint: Some lines were ellipsized, use -l to show in full.
Now our configure dns server steps are almost done, enable the named-chroot
service to start the service automatically after every reboot:
[root@centos-8 ~]# systemctl enable named-chroot Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.
Configure DNS server using resolv.conf
Now the last step to configure dns server is to update our /etc/resolv.conf
with our DNS server IP i.e. 10.0.2.32
[root@centos-8 ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 10.0.2.32 nameserver 8.8.8.8
Verify Bind Chroot DNS Server
Now you can use different tools to verify your bind chroot DNS server configuration. In this example I am using nslookup
and dig to verify my forward and reverse zone configuration
[root@centos-8 ~]# nslookup centos-7.example.com
Server: 10.0.2.32
Address: 10.0.2.32#53
Name: centos-7.example.com
Address: 10.0.2.30
So the nslookup
was able to get a response for centos-7.example.com
using our bind chroot DNS server 10.0.2.32
. Similarly look out for ANSWER SECTION
using dig
command for reverse zone file content.
[root@centos-8 ~]# dig -x 10.0.2.30
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> -x 10.0.2.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55495
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;30.2.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
30.2.0.10.in-addr.arpa. 86400 IN PTR centos-7.example.com.
;; AUTHORITY SECTION:
2.0.10.in-addr.arpa. 86400 IN NS localhost.
;; ADDITIONAL SECTION:
localhost. 86400 IN A 127.0.0.1
localhost. 86400 IN AAAA ::1
;; Query time: 0 msec
;; SERVER: 10.0.2.32#53(10.0.2.32)
;; WHEN: Fri Jun 21 17:02:28 IST 2019
;; MSG SIZE rcvd: 149
Configure DNS Server on Client
To configure DNS server on a client you do not need to install any additional bind chroot related rpms, you only need to update the /etc/resolv.conf
file on all the clients to use nameserver IP of the DNS server.
For example on my client node:
[root@rhel-8 ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 10.0.2.32
Let us verify the DNS server configuration by using nslookup
:
[root@rhel-8 ~]# nslookup centos-8.example.com Server: 10.0.2.32 Address: 10.0.2.32#53 Name: centos-8.example.com Address: 10.0.2.32
As you see the client is properly able to get the response from the DNS server running on 10.0.2.32
rhel linux host.
Lastly I hope the steps from the article to configure DNS server using bind chroot environment on Linux (CentOS/RHEL 7/8) was helpful. So, let me know your suggestions and feedback using the comment section.
Great tutorial, saved me a lot of time and effort. Thank you very much!
It would be nice to have a section for how to go about updating an existing chroot’d environment to add records or update the named.conf.
Once you have the DNS server then it should be very easy to update records, is there anything specific you want help with?
From https://access.redhat.com/articles/770133
When editing files:
vim -c “set backupcopy=yes” /etc/named.conf
should be change to named-checkconf -t /var/named/chroot /etc/named.conf
I have modified this section in the article. Actually it should be
named-checkconf -t /var/named/chroot etc/named.conf
but there are certain pre-requisites before executing this step or you may get unwanted errors.I did not see this updated in the article. It took me a while to figure out what was wrong. Also, perhaps should mention that the chroot environment needs to be recycled after any changes to the config files. Thanks!
Very good tutorial man, so clear and usefull. Congratulation!
It’s very good tutorials to understand for initial Linux learner.