Friday, February 4, 2022

DNS Server Configuration

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

DNS Server Configuration 

https://www.youtube.com/watch?v=0X9em99Vcl0

How to configure DNS Server on CentOS 7

https://www.unixmen.com/setting-dns-server-centos-7/


CIDR - IP RANGE : https://www.ipaddressguide.com/cidr

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


>> BIND is a DNS package on the linux OS


  • We will go through what is DNS 
  • How a DNS Server Works
  • How it will look for various servers in the root hierarchy
  • How it will look for a particular IP Address from that domain 
  • How it will look for an IP address of a system which is in completely in a different geography
  • Finally the 10 step configuration to setup a DNS server
Domain Name System 

What is DNS ?

Translates Internet Domain and host names to IP Addresses and vice-versa . Every Host is physically identified by using its IP address , but most of you might not know that each IP address is unique only to that domain .

The act of sending a request is called the lookup request ,  and what you get in response from the DNS server is the lookup - response

Whichever machine you configure the DNS is called the DNS server , and every system that accesses the server is called the DNS client . So we do not have much of a configuration to from the DNS client side . 

DNS LookUp request  :


Forward Lookup : when you enter a hostname in your URL , an IP address is return - this is called a forward lookup. it resolved a hostname to an IP Address . 

Reverse Lookup : if you enter an IP address of the hostname , it will return you with the hostname this is called reverse lookup. 

Where does the DNS sever gets the IP address of the hostname ?

Let's say we are trying to access google.com now that request will first of all go to a resolver - Now your resolver is nothing but your ISP server - It is basically built into your network operating system and the IP Address of google.com will be built into resolver , it will be present in the cache memory and since the IPADDRESS rez would be present the hostname will be resolved 

But if you are trying to access a new website and the resolver does not have your IP Address . We have the different root hierarchies of DNS , those would be accessed , that's when the whole concept of DNS comes to the picture , that's where we have something called as the root server . Now the root server sit at the top of the DNS hierarchy

There are about 13 sets of root server placed strategically around the world and about 12 organizations access or control these root servers .

The root servers will not tell you the IP Address to which your hostname is resolved to . What the root server will do is it will point you to another server and that is called the "Top-Level-Domain Servers" . Also called TLD servers and when they point you to TLD server , TLD servers will have further information - They will point you to a direction where you will get the IP Address 

So the root server will point you back to the TLD Servers in which your domain may be hosted. The domain that you are trying to access that may be hosted on one of the domains over here . One of these domains is what make up these 13 sets of root servers . From the 13 you shortlist one of them , those come to the resolver it tries to access the Top-Level-Domain servers and these top-level domain server store information such as .com , .net , .dot.org domains  be it google.com , facebook.com those kind of information shall be present in the top level domain servers 

Even now you cannot total resolve to particular domains IP Address , suppose I want to access a particular IP Address inside a domain . The top level  domain servers only knows that these kind of IPAddress are hosted in these servers . What the TLD will do is it will again return back the particular domain -- lets say authoritative name server , - The TLD will return authoritative name server authoritative name server  to the resolver - so based on that information the resolver will query the authoritative nameserver . Now name server is what knows everything about the domain including the IP Address .

Root server will return the top-level domain servers ie .com , .net, or .org . and the top level domain servers will return the domains where your IPAddress is part of that is through the authoritative name servers and finally the resolver will get to the respective IP Address through the authoritative name server . Finally it will store the IP Address in its cache locally for later use. 


So if the next time someone is trying to access this website through your ISP they can straight away fetch the IP address from the resolvers cache . 

DNS Server : There are loads of DNS server available in the market 

We will be using "BIND DNS Servers" . BIND is the most popular and the one of the oldest DNS servers and it is basically a nameserver and can also be configured for mail service 

Others DNS servers  : Unbound , Power DNS

Configure a BIND DNS server in 10 steps .

Firstly we need to install BIND , because BIND is a DNS service and we will have to install it. 

You can use "yum" command in CentOS machines to install them , in Ubuntu machines "apt-get install"



1. Step : Install DNS Package


2. Step : Assign a Static IP Address

Why we add a static IP address to your machine where you are configuring the DNS server . 

>> because if your server reboots you do not want your IP Address to change , that is the reason for having a Static IP Address. You say Boot protocol is static 


We need to add these lines IPADDR, NETMASK,GATEWAY - the rest remains the same. 

Then you need to define a fully qualified hostname

Assign A FQDN for server 


Configure /etc/hosts file


In this case you can avoid the "dns1" here but you need to put in the domain name "vardhan.com"

Configure /etc/resolv.conf

This is something that you also have to configure on your DNS client machine . This is the only step that you need to do it in the DNS client side.

you must say name server and point your IP Address that you want to act as the DNS Server 


> Configure /etc/named.conf  -- From here the configuration is about BIND DNS

 This file is popped up when you install BIND 


You will have the key word : localhost here you need to replace this with the IPAddress . You will have one more number which is the IPV6 Port number . You need to comment out this line , you don't need this line any more .

  • You will have the key word : localhost here you need to replace this with the IPAddress
  • You will have one more number which is the IPV6 Port number . You need to comment out this line , you don't need this line any more .
  • allow-query = any   // you need to replace "none" with any


> Configure /etc/rfc.1912.zones --  This file appears when you install BIND , here is where you define your zones . 

Now there are two concepts of "Forward Lookup" and "Reverse Lookup" 

when you type "hostname" and hit enter that is called the Forward Lookup howevet you enter the IPAddress that is the reverse lookup . 

If you want people to query your server either in the forward or reverse fashion one of these lookup fashions that time for that purpose you need to setup two different zones. 

So your first zone will have rules and settings for what should be returned to them when they access you from forward look up. And when they access your server from the reverse lookup then the settings will be present in this zone . 

  • I have configured the forward look up as my domain name below which is like a domain name for the reverse look up it will be from the IP Address and i have named it as reverse. Zone 

the reverse configuration is a little trick at this step . Stay tuned to know more .

Next step is configuring the forward and the reverse zones - we have created a new file "Forward.zone" and another file "Reversed.zone"  .


> Configuring the Forward and the Reverse Zones :

We have to add the rules over here that's what you will do over here you create one and you open them you will have a basic template , you need to edit that template and replace it with  your hostname and your IPAddress.

  • In the forward.zone file you will replace template with your domain name 
  • In the reverse.zone file you will replace template with your IPAddress
When you do this your DNS servers is well and good , however when you do this you may have to change your group ownership 

> Change the group ownership of those two files. 

After changing the group ownership of those file.

Restart your DNS servers and your service will be up and running . 

 

> Hands On


> NEXT VIDEO -- DNS server configuration .

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Hindi Video : https://www.youtube.com/watch?v=MgIHgbcKjIw

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

check if BIND package is present on OS

$ rpm -qa |  grep bind 


BIND is already present on this system . Choose another system where the bind was not available . to install DNS server .

Below is the command to install DNS server .

  • $ yum install bind    
  • or 
  • $ yum install bind*  -- prefered

> Configuring DNS Server :

DNS Configuration file is > named.conf   > /etc/named.conf 

DNS Port 53 and works on UDP protocol 


The things to edit in this area of the file > /etc/named.conf

Check the IP Address of your DNS Server  > ifconfig

You will have to edit the first line with the IPAddress, you can keep the IPAddress mentioned in there . You can even remove that , but it advisable to keep that and add your IPAddress by adding a semi-colon . 


Next parameter : 

which machines can query the DNS server .


   "any" = allows any client to query the DNS server . 

But if you have a particular network and you want to only provide a set of IP Addresses to query your DNS server then  you can specify the IP range, 


If it is a public DNS we normally use "any" for this parameter . 

This file also has two files included . And there is no other changes that need to perform on this 

There are two files included here. 

  • /etc/named.rfc1912.zone > example : include "/etc/named.rfc1912.zone"
  • /etc/named.root.key >  example :  include "/etc/named.root.key "


This we use for DDNS : Dynamic DNS Server ,  when you set up your DHCP and when your client machine takes the IP from the DHCP , then the DHCP provides the hostname -- when does it give when you set up DDNS 

So that it pickups the hostname of the machine which is available in the computer and it register the name in the DDNS and this is done dynamically . 

DDNS is used when DHCP is used. Without DHCP you cannot configure DDNS server .

But we are setting static DNS server where the registry is manually done . 

-- We make the following changes .


if you are removing this from the file :  include "/etc/named.rfc1912.zone  -- you will have to give the path of the zone inside the same file configuration file 

since this is already included you don't need to open this file . 

save the file  /etc/named.conf 

Open this file : /etc/named.rfc1912.zone


Editing the domain name and the zone 


if you create the file as "/data/f.zone";  -- then you need to create the directory /data and f.zone file with in it. 

or keep it as f.zone alone without a directory - if you need to create a directory you can do that indeed. 

The above ENTRY is for forward.zone 

Now lets make an entry of reverse.zone -- go to the bottom of the page


copy paste the above configuration and make the editing


and we change the "f.zone" in above configuration to "example.com"


 We copied both the configurations that we made into a Notepad . 

Save file : /etc/named.rfc1912.zone

Now create the zone file > cd /var/named

-- One thing that you need to make sure if these file are are present in the /var/named

  1. name.localhost
Go to /etc/named.rfc1912.zone

There is a default entry 



2. name.loopback 


 So these two files needs to be there under /var/named


copy the named.localhost > cp named.localhost example.com



opy the named.loopback > cp named.loopback 



cp named.loopback 0.168.192.in-addr.arpa










No comments:

Post a Comment