Linux Quickies #3 – Build a DNS Server

The third in a short series of posts concerning things I’ve probably documented elsewhere (though not always) but which could do with being re-stated or refreshed a bit. This time, it’s how to turn a freshly-built RCSL distro into a functioning DNS server. As before, this depends on having basic networking already sorted, which was discussed in the first post of the series.

Note that in this article, I’m only going to bother doing forward names resolution. That is, I’m going to configure my DNS server to be able to turn the hostname “alpher.dizwell.home” into an IP address of 192.168.8.101. I’m not interested here in being able to turn an IP address back into a hostname, which is called reverse names lookup. If you are interested in doing that, my full-blown DNS article has the details.

Finally, note that the example data used in this article suits the networking setup I described in an earlier post. You would obviously want to change domain names, host names and IP addresses to suit your own environment.

Anyway… let’s get on!

Do all that follows as root:

1. Install the software

yum install bind bind-utils

2. Configure the “named” service

vi /etc/named.conf

Remove all existing content and add the following:

options {
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { localhost; 192.168.8.0/24; };
    recursion yes;
    dnssec-enable no;
    dnssec-validation no;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};
logging {
    channel default_debug {
        file "data/named.run";
        severity dynamic;
     };
};
zone "." IN {
     type hint;
     file "named.ca";
};
zone "dizwell.home" IN {
    type master;
    file "dizwell.hosts";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Note that this configuration doesn’t include anything about “forwarders” –DNS servers to forward lookup requests to if this server can’t resolve them itself. That’s because the network this is intended for can’t get to the Internet (see the earlier post for an explanation of why this is a design feature!), and therefore there’s nothing to forward to. Forwarding is included in my full-scale DNS article, though.

3. Configure the forward lookup zone

vi /var/named/dizwell.hosts

#Add the following
$TTL 86400
@ IN SOA marconi.dizwell.home. hjr.dizwell.com. (
2013030001     ;Serial
3600         ;Refresh
1800         ;Retry
604800         ;Expire
86400         ;Minimum TTL 
)

        IN NS   marconi.dizwell.home.
        IN A    192.168.8.250

marconi         IN A    192.168.8.250
alpher          IN A    192.168.8.101
bethe           IN A    192.168.8.102
gamow          IN A    192.168.8.103
dalton          IN A    192.168.8.104
tesla           IN A    192.168.8.251
;; end of zone
;;

4. Finish Up

vi /etc/resolv.conf

Make sure the following lines exist:

search dizwell.home
nameserver 192.168.8.250

You set these two lines to tell a machine which host is acting as the DNS server for lookups in which zone. Here, I’m configuring the DNS server itself to know that it should consult itself for lookups that involve anything to do with the dizwell.home domain. All other servers I build as part of this domain will also need to have the resolv.conf file configured in this way.

service named start
chkconfig named on

The first command turns on the “named” service now; the chkconfig command ensures it restarts automatically every time the server is rebooted. Once the service is running correctly, you should be able to do something like this:

nslookup bethe

That should return a result such as:

Server:     192.168.8.250
Address:    192.168.8.250#53

Name:    bethe.dizwell.home
Address: 192.168.8.102

…which indicates that a successful name resolution lookup has been performed. Note that this should work even if you haven’t built a server called “Bethe” yet. The point is that the DNS server knows what IP address that name maps to, regardless of whether the IP address is actually being used yet or not.