A
DNS server, or name server, is used to resolve an IP address to a hostname or
vice versa.
You can set up four different types of DNS servers:
You can set up four different types of DNS servers:
·
A master
DNS server for your domain(s), which stores authoritative records for
your domain.
·
A slave
DNS server, which relies on a master DNS server for data.
·
A caching-only
DNS server, which stores recent requests like a proxy server. It
otherwise refers to other DNS servers.
· A forwarding-only
DNS server, which refers all requests to other DNS servers.
Before
configuring BIND to create a DNS server, you must understand some basic DNS concepts.
The
entire hostname with its domain such as server.example.com is
called a fully qualified domain name (FQDN). The right-most part of the FQDN
such as .com or .net is called the top level domain, with
the remaining parts of the FQDN, which are separated by periods, being
sub-domains.
These
sub-domains are used to divide FQDNs into zones, with the DNS information for
each zone being maintained by at least oneauthoritative name server.
The
authoritative server that contains the master zone file, which can be modified
to update DNS information about the zone, is called the primary
master server, or just master server.
The
additional name servers for the zone are called secondary servers or slave
servers. Secondary servers retrieve information about the zone
through a zone transfer from the master server or from another secondary
server. DNS information about a zone is never modified directly on the
secondary server
chroot features
chroot
feature is run named as user named, and it also limit the files
named can see. When installed, named is fooled into thinking
that the directory /var/named/chroot is actually the root
or / directory. Therefore, named files normally found in the /etc directory
are found in /var/named/chroot/etc directory instead, and
those you would expect to find in /var/named are actually
located in/var/named/chroot/var/named.
The
advantage of the chroot feature is that if a hacker enters your system via a
BIND exploit, the hacker's access to the rest of your system is isolated to the
files under the chroot directory and nothing else. This type of security is
also known as a chroot jail.
Configure dns server
In
this example we will configure a dns server and will test from client side.
For
this example we are using three systems one linux server one linux clients and
one window clients.
bind and caching-nameserver rpm is
required to configure dns. check them for install if not found install them.
set hostname to server.example.com and ip address to 192.168.0.254
main
configuration file for dns server is named.conf. By default
this file is not created in /var/named/chroot/etc/ directory.
Instead of named.conf a sample file /var/named/chroot/etc/named.caching-nameserver.conf is
created. This file is use to make a caching only name server. You can also do
editing in this file after changing its name to named.conf to
configure master dns server or you can manually create a new named.conf file.
In
our example we are creating a new named.conf file
We are using bind's chroot features so all our necessary files
will be located in chroot directory. Set directory location to/var/named. Further we will set the location of forward zone and reverse lookup zone files. If you cannot create this file manually
then download this file and copy to /var/named/chroot/etc/
Or do editing exactly as shown here in image
save
this file with :wq and exit
Configure zone file
We
have defined two zone files example.com.zone for forward zone
and 0.168.192.in-addr.arpa for reverse zone. These files will
be store in /var/named/chroot/var/named/ location. We will use
two sample files for creating these files.
Change
directory to /var/named/chroot/var/named and copy the sample
files to name which we have set in named.conf
Now open forward zone file example.com.zone
By default this file will look like this
Change this file exactly as shown in image below
By default this file will look like this
Change this file exactly as shown in image below
If you feel difficulty to modify
this file then download this configured file and copy to /var/named/chroot/var/named
Now open reverse lookup zone file 0.168.192.in-addr.arpa
By default this file will look like this
Change this file exactly as shown in image below
If you feel difficulty to modify this file then download this configured file and copy to /var/named/chroot/var/named
By default this file will look like this
Change this file exactly as shown in image below
If you feel difficulty to modify this file then download this configured file and copy to /var/named/chroot/var/named
Now changed the ownership of these zone files to named group
Now start the named service
If service restart without any
error means you have successfully configured master name server in our next
article we will learn how to configure salve dns server and test it.