DNS
Establish Local Resolution
- Verify the Contents and Order of
/etc/nsswitch.conf- verify
files comes before dns in the hosts section
1
2
| // vim /etc/nsswitch.conf
hosts: files dns myhostname
|
- Modify
/etc/hosts to Include www.example.com (the files)- resolve www.example.com to local IP.
1
2
| // vim /etc/hosts
10.0.1.10 www.example.com
|
- Verify Connect to the Locally Running Webserver at www.example.com
1
2
| curl localhost
curl www.example.com
|
Creating Name Servers
example.com ns1.example.com ns2.example.com
bind / unbond
1. Install BIND on the Primary DNS Host
1
2
3
4
5
6
7
8
9
| $ yum install bind bind-utils bash-completion
$ systemctl enable named
$ host google.com
$ getent ahosts google.com
$ curl -I google.com
|
sample config: /usr/share/doc/bind-$VERSION/sample/etc/named.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| // edit the primary configuration file: /etc/named.conf
// Add local IP to the listen-on line:
listen-on port 53 { 127.0.0.1; 10.0.1.10;};
// Limit queries to localhost and Secondary DNS host, and permit transfers to the Secondary DNS host:
allow-query { localhost; 10.0.1.0/24};
allow-transfer { localhost; 10.0.1.11; };
// Disable recursion:
recursion no;
// Add forward and reverse zones above the includes at the bottom:
zone "example.com" IN {
type master;
file "forward.example.com";
allow-update { none; };
};
// reverse zone
zone "1.0.10.in-addr.arpa" IN {
type master;
file "reverse.example.com";
allow-update { none; };
};
|
3. Create Zone Files on the Primary DNS Host
sample config: /usr/share/doc/bind-$VERSION/sample/var/named/named.empty
create var/named/forward.example.com
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| $TTL 86400
@ IN SOA ns1.example.com. server1.example.com. (
2018091201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
server1 IN A 10.0.1.10
ns1 IN A 10.0.1.10
server2 IN A 10.0.1.11
ns2 IN A 10.0.1.11
client1 IN A 10.0.1.12
|
create var/named/reverse.example.com
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| $TTL 86400
@ IN SOA ns1.example.com. server1.example.com. (
2018091201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
server1 IN A 10.0.1.10
ns1 IN A 10.0.1.10
server2 IN A 10.0.1.11
ns2 IN A 10.0.1.11
client1 IN A 10.0.1.12
10 IN PTR server1.example.com.
10 IN PTR ns1.example.com.
11 IN PTR server2.example.com.
11 IN PTR ns2.example.com.
12 IN PTR client1.example.com.
|
4. Verify the Configuration of the Primary DNS Host
1
2
3
| named-checkconf /etc/named.conf
named-checkzone example.com var/named/forward.example.com
named-checkzone example.com var/named/reverse.example.com
|
5. Start BIND on the Primary Host
1
2
3
4
5
6
7
8
9
10
11
12
| # systemctl enable named && systemctl start named
dig example.com
dig @localhost server1.example.com
# firewall-cmd --permanent --add-service=dns
# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.11" destination address=10.0.1.10 port port=53 protocol=tcp accept'
# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.11" destination address=10.0.1.10 port port=53 protocol=udp accept'
# firewall-cmd --reload
|
1
2
| $ yum install bind bind-utils bash-completion
$ systemctl enable named
|
sample config: /usr/share/doc/bind-$VERSION/sample/etc/named.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| // edit the primary configuration file: /etc/named.conf
// Add local IP to the listen-on line:
listen-on port 53 { 127.0.0.1; 10.0.1.11;};
// Limit queries to localhost and Secondary DNS host, and permit transfers to the Secondary DNS host:
allow-query { localhost; 10.0.1.0/24};
// Disable recursion:
recursion no;
// Add forward and reverse zones above the includes at the bottom:
zone "example.com" IN {
type slave;
file "/slaves/example.com.fwd";
masters { 10.0.1.10; };
};
zone "1.0.10.in-addr.arpa" IN {
type slave;
file "/slaves/example.com.rev";
masters { 10.0.1.10; };
};
|
7. Start BIND on the Secondary Host
1
2
3
4
5
6
7
| # systemctl enable named && systemctl start named
# firewall-cmd --permanent --add-service=dns && firewall-cmd --reload
# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.11" destination address=10.0.1.10 port port=53 protocol=tcp accept'
# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.11" destination address=10.0.1.10 port port=53 protocol=udp accept'
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| # yum install NetworkManager
# systemctl enable NetworkManager && systemctl start NetworkManager
// Configure the interface to be static
// assign the secondary host IP as the DNS
# nmcli con mod System\ eth0 ipv4.method manual ipv4.addresses 10.0.1.12/24 ipv4.gateway 10.0.1.1 ipv4.dns 10.0.1.11 ipv4.dns-search example.com
// Remove the ec2.internal search domain from /etc/resolv.conf:
# sed -i '/ec2.internal/d' /etc/resolv.conf
// Restart networking to pickup the configuration change:
# systemctl restart network
// Verify that it works with dig:
# dig server1.example.com
|
Troubleshooting DNS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| 1. try to reach
curl -I website
dig website
dig @1.1.1.1 website // Check Resolution Using other DNS
dig NS website
2. check config
cat /etc/nsswitch.conf | grep hosts
cat /etc/hosts
hosts: files dns myhostname
cat /etc/resolv.conf // nameserver 172.31.0.1
3. check internal nameserver port
telnet 172.31.0.1 53
4. check route
route -n
ping 1.1.1.1
5. dns cache
dig website +noall answer //dns cache
dig website +nssearch // namezone
dig Anameserver SOA website
|
.
Comments powered by Disqus.