1. Install Bind Chroot DNS server :
[root@centos64 ~]# yum install bind-chroot bind -y
2. Copy all bind related files to prepare bind chrooted environments :
[root@centos64 ~]# cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named/3. Create bind related files into chrooted directory :
[root@centos64 ~]# touch /var/named/chroot/var/named/data/cache_dump.db [root@centos64 ~]# touch /var/named/chroot/var/named/data/named_stats.txt [root@centos64 ~]# touch /var/named/chroot/var/named/data/named_mem_stats.txt [root@centos64 ~]# touch /var/named/chroot/var/named/data/named.run [root@centos64 ~]# mkdir /var/named/chroot/var/named/dynamic [root@centos64 ~]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind4. Bind lock file should be writeable, therefore set the permission to make it writable as below :
[root@centos64 ~]# chmod -R 777 /var/named/chroot/var/named/data [root@centos64 ~]# chmod -R 777 /var/named/chroot/var/named/dynamic5. Set if you do not use IPv6 :
[root@centos64 ~]# echo 'OPTIONS="-4"' >> /etc/sysconfig/named6. Copy /etc/named.conf chrooted bind config folder :
[root@centos64 ~]# cp -p /etc/named.conf /var/named/chroot/etc/named.conf7.Configure main bind configuration in /etc/named.conf. Append the ehowstuff.local information to the file :
[root@centos64 ~]# vi /var/named/chroot/etc/named.confa. Add bind DNS IP addresses :
..
listen-on port 53 { 127.0.0.1;192.168.2.62;192.168.2.63; };
..
b. Create forward and reverse zone :..
..
zone "ehowstuff.local" {
type master;
file "ehowstuff.local.zone";
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "192.168.2.zone";
};
..
..
Full configuration for named.conf ://
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1;192.168.2.62;192.168.2.63; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ehowstuff.local" {
type master;
file "ehowstuff.local.zone";
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "192.168.2.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
8. Create Forward and Reverse zone files for domain ehowstuff.local.a) Create Forward Zone :
[root@centos64 ~]# vi /var/named/chroot/var/named/ehowstuff.local.zone
;
; Addresses and other host information.
;
@ IN SOA ehowstuff.local. hostmaster.ehowstuff.local. (
2013042201 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
; Define the nameservers and the mail servers
IN NS ns1.ehowstuff.local.
IN NS ns2.ehowstuff.local.
IN A 192.168.2.62
IN MX 10 mail.ehowstuff.local.
centos64 IN A 192.168.2.62
mail IN A 192.168.2.62
ns1 IN A 192.168.2.62
ns2 IN A 192.168.2.63
b) Create Reverse Zone :[root@centos64 ~]# vi /var/named/chroot/var/named/192.168.2.zone
;
; Addresses and other host information.
;
@ IN SOA ehowstuff.local. hostmaster.ehowstuff.local. (
2013042201 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
2.168.192.in-addr.arpa. IN NS centos64.ehowstuff.local.
62.2.168.192.in-addr.arpa. IN PTR mail.ehowstuff.local.
62.2.168.192.in-addr.arpa. IN PTR ns1.ehowstuff.local.
63.2.168.192.in-addr.arpa. IN PTR ns2.ehowstuff.local.
9. Start Bind service :[root@centos64 ~]# /etc/init.d/named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ]10. Configure Bind auto start at boot :
[root@centos64 ~]# chkconfig --levels 235 named on11. Test and verify Bind DNS setup :
a. Test and verify using host command :
[root@centos64 ~]# host -t ns ehowstuff.local ehowstuff.local name server ns1.ehowstuff.local. ehowstuff.local name server ns2.ehowstuff.local. [root@centos64 ~]# host -t mx ehowstuff.local ehowstuff.local mail is handled by 10 mail.ehowstuff.local.b. Test and verify using nslookup command :
[root@centos64 ~]# nslookup
> set type=any
> ehowstuff.local
Server: 192.168.2.62
Address: 192.168.2.62#53
ehowstuff.local
origin = ehowstuff.local
mail addr = hostmaster.ehowstuff.local
serial = 2013042201
refresh = 43200
retry = 3600
expire = 3600000
minimum = 2592000
ehowstuff.local nameserver = ns1.ehowstuff.local.
ehowstuff.local nameserver = ns2.ehowstuff.local.
Name: ehowstuff.local
Address: 192.168.2.62
ehowstuff.local mail exchanger = 10 mail.ehowstuff.local.
> exit
c. Test and verify using dig command :[root@centos64 ~]# dig ehowstuff.local ; < <>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 < <>> ehowstuff.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6958 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;ehowstuff.local. IN A ;; ANSWER SECTION: ehowstuff.local. 2592000 IN A 192.168.2.62 ;; AUTHORITY SECTION: ehowstuff.local. 2592000 IN NS ns1.ehowstuff.local. ehowstuff.local. 2592000 IN NS ns2.ehowstuff.local. ;; ADDITIONAL SECTION: ns1.ehowstuff.local. 2592000 IN A 192.168.2.62 ns2.ehowstuff.local. 2592000 IN A 192.168.2.63 ;; Query time: 1 msec ;; SERVER: 192.168.2.62#53(192.168.2.62) ;; WHEN: Wed Apr 3 00:03:40 2013 ;; MSG SIZE rcvd: 117
I've tried to follow your post. I am able to start the service without any errors but when I try to use this newly created dns server on my client, it is unable to see the outside network.
ReplyDeleteCan you please post the contents of the following files:
/etc/resolv.conf
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth1
/etc/hosts
Thanks
Ram
Try change bind options "allow-query { localhost; };" to "allow-query { any; };"
DeleteWhen you listen-on 127.0.0.1 or localhost or ::1, and/or allow-query from localhost only, bind will answer only to queries originating from the same computer that runs bind. (It set this way in "testing" probably because they probably just meant to test that bind works without opening it to outside for security reasons.)
It is normal to set those to "any" so that it will be accessible from outside.
Quality articles or reviews is the main to invite the visitors
ReplyDeleteto visit the web site, that's what this website is providing.
My web site; dragon city Cheats
The keyword text of your links is also important in establishing how relevant your website is to browsers searching under that specific phrase.
ReplyDeleteYour web designer will make your web site attractive to look at and your SEO expert will get your site looked
at by more people, which means more potential customers. Having the
ability to connect with your target audience is crucial for
your online success.
Feel free to visit my weblog seo gigs
You can definitely see your skills within the article you
ReplyDeletewrite. The world hopes for even more passionate writers such as you who are not
afraid to mention how they believe. At all times go after your heart.
Feel free to surf to my blog post: dragon city cheats
Signe astrologique du verseau tarot diinatoire
ReplyDeleteMy web page :: voyance