Tech Junkie Blog - Real World Tutorials, Happy Coding!: Networking: Configuring DNS in a Linux Server

Monday, May 31, 2021

Networking: Configuring DNS in a Linux Server

 In this post we are going to to go over how to install and configure the DNS capability in our Linux server.  A DNS server translate IP addresses into hostnames.  When you type in google.com in the backend it actually maps to an IP address on the internet.  Therefore DNS is at the heart of the internet but you don't know that you are using it.

Here are the steps to configuring a DNS server on a Linux server:

Before you do anything get the name of you network adaptor and the IP address for it, my network adapter is enp0s3 and my IP address is 192.168.0.14.  Yours will be different

ifconfig command on terminal session

You also want to know the hostname of the server for the configuration, you can find out what the hostname is by typing hostname

hostname command on a terminal session





1. Open a terminal session and type in the following command to install the tools needed to install the DNS server dnf install bind bind-utils -y

DNS tool install command










2. Now you want to edit the /etc/named.conf file with the command vi /etc/named.conf, you want to scroll down to the options section and add the IP address of the server to the listen-on port 53 line, make sure you end it with a ; and a space

named.conf file options for DNS

Now scroll to the end of the file until you see the "include" lines, what you want to do is the change the zone section to match the information about your server's hostname, so my zone section looks like this

named.conf DNS zone configuration







Now you have to define the reverse lookup which is a little tricky like Run DMC (pretty corny), instead of the typing in the address in normal order you have to type it in reverse order and it has to end with a .in-addr.arpa.  You just need the first three octet so it would look like this 0.168.192.in-addr.arpa.  The configuration would look something like this.

IP reverse lookup for DNS




That's it for the named.conf file edit type esc then type :wq! to save and quit

3.  The next step is to create the forward.dc and reverse.dc files that we specified in the named.conf file. Navigate to the /var/named folder and create the forward.dc file with command vi forward.dc and vi reverse.dc once you are in the /var/named folder

Create reverse and forward IP files with vi


Type in the following in the forward.dc file

$TTL 86400
@ IN SOA masterdns.acmebanking.com. root.acmebanking.coml. (
772125207 ;Serial
3600 ;Refresh
  1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.acmebanking.com.
@ IN A 192.168.0.14
masterdns IN A 192.168.0.14
apps IN A 192.168.0.15
nets IN A 192.168.0.16

The thing you have to pay attention to is the serial option, every time you make a change to the file you have to have a unique serial number.  The clients (apps, nets)  are there for testing purposes only.

$TTL 86400
@ IN SOA masterdns.acmebanking.com. root.acmebanking.com. (
  28259135 ;Serial
  3600 ;Refresh
  1800 ;Retry
  604800 ;Expire
  86400 ;Minimum TTL
)
@ IN NS masterdns.acmebanking.com.
@ IN PTR dc.acmebanking.com.
masterdns IN A 192.168.0.14
14 IN PTR masterdns.acmebanking.com.
15 IN PTR apps.acmebanking.com.
16 IN PTR nets.acmebanking.com.

4.  Now that we've configured our DNS server, we are ready to enable and restart it.  Type in the following commands into the terminal server

systemctl start named
systemctl enable named

5. Now we want to disable the firewall because we want to test our DNS server, this is just for testing to make sure eveything is working correctly.  In production you would want to create a rule on your firewall to allow port 53 for DNS server.  Type in the following to disable the firewall

systemctl stop firewalld
systemctl disable firewalld

Disable firewall with systemctl command





6.  If you are using SELinux you want to configure the permission and ownership for the named directory and named.conf file

Type in the following commands if you have SELinux

Commands for SELinux








7. Linux has a very useful command to check that there's no syntax error in the configuration files before we bring everything up.  First lets check the configuration in the named.conf file with this command

named-checkconf /etc/named.conf 

if the command prompt is returned that means your configuration is good.  Now let's check the zone files with the following commands

named-checkzone dc.acmebanking.com /var/named/forward.dc
named-checkzone dc.acmebanking.com /var/named/reverse.dc

If you get the OK response that means your zone files are configured correctly

Run named-checkconf to check the named.conf file

8. Since our named configuration files are correct we are now ready to the add the DNS to our network adapter.  In the beginning of the post we got the network adapter's name with the ifconfig command it's enp0s3 each network adapter in Linux has it's own configuration.  First we want to navigate to the network configuration directory with this command

cd /etc/sysconfig/network-scripts/ then you want to edit the adapter file with the following command
vi ifcfg-enp0s3 at the end of the file you want to add the DNS IP to it like this.  Then press esc then :wq! to save the file.

Edit network adapter file for DNS

9. Restart the network with the following command 
systemctl restart NetworkManager.service 

10. Now you want to edit the name server setting so that the network adapter resolves to the DNS server instead of the default gateway.  Edit the resovl.conf file with the command vi /etc/resolv.conf and add the filing line nameserver 192.168.0.14 type esc then :wq! to save the file

Edit resolv.conf file for DNS

11. We are now ready to test the DNS, type in the following command to see the settings for the DNS

dig masterdns.dc.acmebanking.com
Test DNS with the dig command

If configured correctly you should see that the DNS server is now resolving to the IP address of our network adapter.

12.  You can do the same for the apps.acmebanking.com and nets.acmebanking.com clients witht eh following commands nsloopup apps.acmebanking.com and nslookup nets.acmebanking.com or the reverse lookup with nslookup 192.168.0.14 or nslookup 192.168.0.16
Use nslookup command to test reverse and forward IP settings


In most situations you would want a static IP with your DNS server so that you don't have the change resolv.conf file everytime the network starts.  But in this post we just want to configure and make sure the DNS server works.



3 comments:

  1. It's really an awesome article,
    love reading this as it was very attractive and helpful.
    Please keep posting such a nice article.
    Future of Diploma in Mechanical Engineering in India

    ReplyDelete
  2. I am very happy after visiting your website with very useful information. I am from one of the digital marketing institute... To visit my institute, click on link
    Visit Digital Guru

    ReplyDelete
  3. This is a very nice one and gives in-depth information. I am really happy with the quality and presentation of the article. I’d really like to appreciate the efforts you get with writing this post. Thanks for sharing.
    CCNA training in Ahmednagar

    ReplyDelete

Search This Blog