DNS (Domain Name System) is the core component of network infrastructure. The DNS service resolves hostname into ip address and vice versa.
For example if we type www.google.com in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.
Port- 53
Daemon- named
Script- /etc/init.d/named
Configfile- /etc/named.conf
/etc/named.rfc1912.zones
* BIND stands for Berkley Internet Naming Daemon.
BIND is the most common program used for maintaining a name server on Linux.
1- Caching Only DNS Server
2- Master DNS Server
3- Slave DNS Server
Note-
- Caching Only DNS Server:
- Hostname: server.ashu.com
- IP: 192.168.0.1
- Master DNS Server:
- Hostname: server.ashu.com
- IP: 192.168.0.1
- Slave DNS Server:
- Hostname: slave.ashu.com
- IP: 192.168.0.2
System-1
1- Configure Caching Only DNS Server-
A caching-only name server maintains a cache of resolved domain name-to-IP address mapping. The caching-only server does not have control over any specific zone, but it communicates with other master servers in resolving the IP addresses.
Step-1 Set Static IP..
[root@server ~]# vim /etc/sysconfig/netwprk-scripts/ifcfg-eth0
DEVICE=eth0HWADDR=40:2c:29:84:6d:8c
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=192.168.0.1
BOOTPROTO=none
NETMASK=255.255.255.0
DNS=192.168.0.1
BROADCAST=210.207.201.255
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
[root@server ~]# /etc/init.d/NetworkManager restart
[root@server ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 40:2c:29:84:6d:8c
inet addr:192.168.0.1 Bcast:210.207.201.255 Mask:255.255.255.0
inet6 addr: fe80::7627:eaff:fe0d:b3f8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:471976 errors:0 dropped:0 overruns:0 frame:0
TX packets:194066 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:184958609 (176.3 MiB) TX bytes:35739546 (34.0 MiB)
Step-2 Change Host Name-
[root@server ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=server.ashu.com
[root@server ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.1 server.ashu.com server
[root@server ~]# hostname
server.ashu.com
Step-3 Now Install 'bind' package
[root@server ~]# yum install bind* -y
Step-4 Configure Caching-Only DNS server
[root@server ~]# cd /etc/
Step-5 Edit the named.conf file
[root@server etc]# vim named.conf
______________________________________________________________________________
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer{ localhost; 192.168.0.2; };
## --> Note-
##--> allow-query { any; }; - Every or
##--> add particular network {192.168.0.0/24;}
##--> allow-transfer{ localhost; 192.168.0.2; }; -Slave DNS
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
:wq!
______________________________________________________________________________
[root@server etc]# cd
Step-6 Add the nameserver in resolve file
[root@server ~]# vim /etc/resolv.conf
search ashu.com
nameserver 192.168.0.1
[root@server ~]# /etc/init.d/NetworkManager restart
Step-7 Restart named Services-
[root@server ~]# /etc/init.d/NetworkManager restart;chkconfig named on
or
[root@server ~]# service named restart
[root@server ~]# chkconfig named on
Step-8 Now Test on the other server
[root@server ~]# dig @192.168.0.1 google.com
______________________________________________________________________________
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @192.168.0.1 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55804
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 2
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 16 IN A 173.194.36.72
google.com. 16 IN A 173.194.36.73
google.com. 16 IN A 173.194.36.78
google.com. 16 IN A 173.194.36.64
google.com. 16 IN A 173.194.36.65
google.com. 16 IN A 173.194.36.66
google.com. 16 IN A 173.194.36.67
google.com. 16 IN A 173.194.36.68
google.com. 16 IN A 173.194.36.69
google.com. 16 IN A 173.194.36.70
google.com. 16 IN A 173.194.36.71
;; AUTHORITY SECTION:
. 5805 IN NS a.root-servers.net.
. 5805 IN NS b.root-servers.net.
. 5805 IN NS c.root-servers.net.
. 5805 IN NS d.root-servers.net.
. 5805 IN NS e.root-servers.net.
. 5805 IN NS f.root-servers.net.
. 5805 IN NS g.root-servers.net.
. 5805 IN NS h.root-servers.net.
. 5805 IN NS i.root-servers.net.
. 5805 IN NS j.root-servers.net.
. 5805 IN NS k.root-servers.net.
. 5805 IN NS l.root-servers.net.
. 5805 IN NS m.root-servers.net.;; ADDITIONAL SECTION:
a.root-servers.net. 156649 IN A 198.41.0.4
a.root-servers.net. 156649 IN AAAA 2001:503:ba3e::2:30
;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Mar 19 17:02:52 2014
;; MSG SIZE rcvd: 459
______________________________________________________________________________
Caching Only DNS Server Configuration finished. So Enjoy............................!
System-1
Configure Primary DNS Server-
A master server has control over a specific DNS zone and is regarded as the authoritative server for address resolution of the specific zone. The master server also responds to resolution requests for this specific zone, coming in from other caching servers.
Step-1 Set Static IP..
[root@server ~]# vim /etc/sysconfig/netwprk-scripts/ifcfg-eth0
DEVICE=eth0HWADDR=40:2c:29:84:6d:8c
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=192.168.0.1
BOOTPROTO=none
NETMASK=255.255.255.0
DNS=192.168.0.1
BROADCAST=210.207.201.255
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
[root@server ~]# /etc/init.d/NetworkManager restart
[root@server ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 40:2c:29:84:6d:8c
inet addr:192.168.0.1 Bcast:210.207.201.255 Mask:255.255.255.0
inet6 addr: fe80::7627:eaff:fe0d:b3f8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:471976 errors:0 dropped:0 overruns:0 frame:0
TX packets:194066 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:184958609 (176.3 MiB) TX bytes:35739546 (34.0 MiB)
Step-2 Change Host Name-
[root@server ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=server.ashu.com
[root@server ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.1 server.ashu.com server
[root@server ~]# hostname
server.ashu.com
Step-3 Now Install 'bind' package
[root@server ~]# yum install bind* -y
Step-4 Configure Primary DNS server
[root@server ~]# cd /etc/
Edit the named.conf file
[root@server etc]# vim named.conf
______________________________________________________________________________
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.1; }; ##-->Master DNS IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; }; #IP Range
allow-transfer{ localhost; 192.168.0.2; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ashu.com" IN {
type master;
file "forward.ashu.com";
allow-update {none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "reverse.ashu.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
:wq!
______________________________________________________________________________
[root@server etc]# cd
Step-6 Now Create forward and reverse zone file which we mention in the '/etc/named.conf'
1- Copy File..
[root@server ~]# cd /var/named/
[root@server named]# ll
drwxr-x---. 6 root named 4096 Feb 19 17:59 chroot
drwxrwx---. 2 named named 4096 Jan 20 23:07 data
drwxrwx---. 2 named named 4096 Jan 20 23:07 dynamic
-rw-r-----. 1 root named 1892 Feb 18 2008 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 20 23:07 slaves
[root@server named]# cp -rvf named.localhost forward.ashu.com
`named.localhost' -> `forward.ashu.com'
[root@server named]# cp -rvf named.loopback reverse.ashu.com
`named.loopback' -> `reverse.ashu.com'
[root@server named]# ll
drwxr-x---. 6 root named 4096 Feb 19 17:59 chroot
drwxrwx---. 2 named named 4096 Jan 20 23:07 data
drwxrwx---. 2 named named 4096 Jan 20 23:07 dynamic
-rw-r-----. 1 root root 152 Mar 21 12:34 forward.ashu.com
-rw-r-----. 1 root named 1892 Feb 18 2008 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
-rw-r-----. 1 root root 168 Mar 21 12:38 reverse.ashu.com
drwxrwx---. 3 named named 4096 Mar 20 20:46 slaves
2- Change the group permission
[root@server named]# chgrp named forward.ashu.com
[root@server named]# chgrp named reverse.ashu.com
[root@server named]# ll
drwxr-x---. 6 root named 4096 Feb 19 17:59 chroot
drwxrwx---. 2 named named 4096 Jan 20 23:07 data
drwxrwx---. 2 named named 4096 Jan 20 23:07 dynamic
-rw-r-----. 1 root named 152 Mar 21 12:34 forward.ashu.com
-rw-r-----. 1 root named 1892 Feb 18 2008 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
-rw-r-----. 1 root named 168 Mar 21 12:38 reverse.ashu.com
drwxrwx---. 3 named named 4096 Mar 20 20:46 slaves
3- Edit the forward zone (name to ip Addr) :
[root@server named]# vim forward.ashu.com
______________________________________________________________________________
$TTL 1D
@ IN SOA @ server.ashu.com.root.server.ashu.com. (
201421 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server.ashu.com
NS slave.ashu.com
A 192.168.0.1
server A 192.168.0.1
slave A 192.168.0.2
:wq!
______________________________________________________________________________
4- Edit the reverse zone (ip Addr to name)
[root@server named]# vim reverse.ashu.com
______________________________________________________________________________
TTL 1D
@ IN SOA @ server.ashu.com.root.server.ashu.com. (
201421 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server.ashu.com
NS slave.ashu.com
A 192.168.0.1
A 192.168.0.2
1 PTR server.ashu.com
2 PTR slave.ashu.com
:wq!
______________________________________________________________________________
Step-7 Then Add the nameserver in resolve file
[root@server ~]# vim /etc/resolv.conf
search ashu.com
nameserver 192.168.0.1
[root@server ~]# /etc/init.d/NetworkManager restart
Step- 8 Restart the bind service....
[root@server ~]# /etc/init.d/named restart;chkconfig named on
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
Step-9 Allow DNS Server through iptables
Add the lines shown in bold letters in ‘/etc/sysconfig/iptables’ file. This will allow all clients to access the DNS server.
[root@server ~]# vim /etc/sysconfig/iptables
______________________________________________________________________________
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
___________________________________________________________________________________________
Step-10 Restart iptables to save the changes
[root@server ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Step-11 Test syntax errors of DNS configuration and zone files
Check DNS Config file-
[root@server ~]# named-checkconf /etc/named.conf
Check zone files-
[root@server ~]# named-checkzone ashu.com /var/named/forward.ashu.com
zone ashu.com/IN: loaded serial 201421
OK
[root@server ~]# named-checkzone ashu.com /var/named/chroot/var/named/reverse.ashu.com
zone ashu.com/IN: loaded serial 201421
OK
Step- 16 Test DNS Server..
[root@server ~]# dig server.ashu.com
@ forward lookup
______________________________________________________________________________
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> server.ashu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50351
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
; server.ashu.com. IN A
;; ANSWER SECTION:
server.ashu.com. 86400 IN A 192.168.0.1
;; AUTHORITY SECTION:
ashu.com. 86400 IN NS server.ashu.com.
;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Mar 20 19:02:52 2014
;; MSG SIZE rcvd: 45
______________________________________________________________________________
[root@server ~]# dig -x 192.168.0.1
@ reverse lookup
______________________________________________________________________________
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> -x 192.168.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45077
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
0.168.192.in-addr.arpa. 86400 IN PTR server.ashu.com.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400 IN NS server.ashu.com.
;; ADDITIONAL SECTION:
server.ashu.com. 86400 IN A 192.168.0.1
;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Mar 20 19:03:52 2014
;; MSG SIZE rcvd: 108
______________________________________________________________________________
[root@server ~]# nslookup
@ Using nslookup command with also working in windows family
______________________________________________________________________________
> server.ashu.com
Server: 192.168.0.1
Address: 192.168.0.1#53
Name: server.ashu.com
Address: 192.168.0.1
> 192.168.0.1
Server: 192.168.0.1
Address: 192.168.0.1#53
0.168.192.in-addr.arpa name = server.ashu.com.
>
______________________________________________________________________________
Primary DNS Server Configuration finished. So Enjoy............................!
System-2
Configure Secondary (Slave) DNS Server-
A secondary DNS Server is used as a backup DNS Server in case the primary fails. The configuration is almost identical.
Step-1 Set Static IP..
[root@slave ~]# vim /etc/sysconfig/netwprk-scripts/ifcfg-eth0
DEVICE=eth0HWADDR=40:2c:29:84:5d:7c
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=192.168.0.2
BOOTPROTO=none
NETMASK=255.255.255.0
BROADCAST=210.207.201.255
DNS=192.168.0.1
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
[root@slave ~]# /etc/init.d/NetworkManager restart
[root@slave ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 40:2c:29:84:5d:7c
inet addr:192.168.0.2 Bcast:210.207.201.255 Mask:255.255.255.0
inet6 addr: fe80::7627:eaff:fe0d:b3f8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:471976 errors:0 dropped:0 overruns:0 frame:0
TX packets:194066 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:184958609 (176.3 MiB) TX bytes:35739546 (34.0 MiB)
Step-2 Change Host Name-
[root@slave ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=slave.ashu.com
[root@slave ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.1 server.ashu.com server
192.168.0.2 slave.ashu.com slave
[root@slave ~]# hostname
slave.ashu.com
Step-3 Now Install 'bind' package
[root@slave ~]# yum install bind* -y
Step-4 Configure Secondary (Slave) DNS server
[root@slave ~]# cd /var/etc/
Step-5 Edit the named.conf file
[root@slave etc]# vim named.conf
______________________________________________________________________________
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.2; };#Slve DNS IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24;}; # IP Range
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ashu.com" IN {
type slave;
file "slaves/ashu.forward";
masters {192.168.0.1; };
};
zone "0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/ashu.reverse";
masters {192.168.0.1; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
:wq!
______________________________________________________________________________
[root@slave etc]# cd
Step-6 Add the nameserver in resolve file
[root@slave ~]# vim /etc/resolv.conf
search ashu.com
nameserver 192.168.0.1
nameserver 192.168.0.2
[root@slave ~]# /etc/init.d/NetworkManager restart
Step- 7 Restart the bind service....
[root@slave ~]# /etc/init.d/named restart;chkconfig named on
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
Step-8 Allow DNS Server through iptables
Add the lines shown in bold letters in ‘/etc/sysconfig/iptables’ file. This will allow all clients to access the DNS server.
[root@slave ~]# vim /etc/sysconfig/iptables
______________________________________________________________________________
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
______________________________________________________________________________
Step-9 Restart iptables to save the changes
[root@slave ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Now the secondary DNS Server is ready. The zone files from the primary server will be automatically copied to the secondary server.
To verify, goto DNS database location(i.e ‘/var/named/slaves’)
[root@slave ~]# cd /var/named/slaves/
[root@slave slaves]# ll
ashu.forward ashu.reverse
[root@slave slaves]# cat ashu.forward (Check Zone file)
[root@slave slaves]# cat ashu.forward (Check Zone file)
Note-
While configuring the secondary DNS Server, the following should be kept in mind -
- We don't need to define the zone files in the secondary DNS Server. It will automatically be transferred from primary DNS Server.
- While updating the zone files in the primay DNS Server, the serial number has to be updated. The secondary DNS Server will transfer zone files only if the serial number is different.
[root@slave slaves]# cd
[root@slave ~]# dig slave.ashu.com
[root@slave ~]# diz -x 192.168.0.2
[root@slave ~]# nslookup 192.168.0.2
[root@slave ~]# nslookup slave.ashu.com
Secondary (Slave) DNS Server Configuration finished. So Enjoy............................!
_____________________________________________________________________________________________
DNS Troubleshooting in Linux
Some basic DNS troubleshooting in Linux.
- First collect the information which has created the problem by doing some investigation(such as logs, debug messages etc) .
- Prepare your tools which is required for your troubleshooting.
- Troubleshooting is nothing but considering so many issues that may cause the problem and working one by one to pin point the actual culprit which created the issue.
- once issue is pin-pointed you have to work on that issue with the tools/commands/logs all other resources and have to resolve it.
I will take one scenario “suppose my client is unable to resolve host-names to IP address”
Step1:Check the DNS server is configured on Client end or not
check in below file if name server is configured to proper DNS server or not
#vim /etc/resolv.confIf the client is configured with proper DNS server follow to next step
Stpe2:Ping to DNS server ip address
#ping serveripadd
Step3:So pinging is happening…
then there is a communication path between Server-client, so we have to check weather DNS server is running or not. Here nmap can be used to check what ports opened on server.
#nmap serveripadd
Example:
#nmap 125.22.73.23
this command will give you output what are the services running/ports opened on remote server, if DNS server is running and working fine means you can see DNS port(53) in the list of opened ports.
Step4:Now checking DNS server issue in deep
- Checking under whom the DNS server is register and its properties .
- Checking what server is used to resolve and some basic info.
- Checking who is resolving and what is resolving in details about DNS server.
Read....
DNS Interview Question and Answer-
Q:
- which are the important configuration files for DNS server ?
BIND uses /etc/named.conf as its main configuration file, the /etc/rndc.conf file as the
configuration file for name server control utility rndc, and the /var/named/ directory for zone files and the like.
Q: - What is BIND ?
BIND stands for Berkeley Internet Name Domain which is the most commonly used Domain Name System (DNS) server on the Internet.
Q: - On which version of bind u have worked ?
BIND 9.8.2
or
# rpm -qi bind
Name : bind Version : 9.8.2 Vendor: CentOS
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
Q: - What is the role of DNS ?
A DNS server, or name server, is used to resolve an IP address to a hostname or vice versa.
Q: - On which port DNS server works ?
DNS servers use port 53 by default. Incoming and outgoing packets should be allowed on
port 53. Also allow connections on port 921 if you configure a lightweight resolver server.
The DNS control utility, rndc, connects to the DNS server with TCP port 953 by default. If
you are running rndc on the name server, connections on this TCP port from localhost
should be allowed. If you are running rndc on additional systems, allow connections to
port 953 (or whatever port you have chosen to configure) from these additional systems.
Q: - What is round robin DNS?
Round robin DNS is usually used for balancing the load of geographically distributed Web servers. For example, a company has one domain name and three identical home pages residing on three servers with three different IP addresses. When one user accesses the home page it will be sent to the first IP address. The second user who accesses the home page will be sent to the next IP address, and the third user will be sent to the third IP address. In each case, once the IP address is given out, it goes to the end of the list. The fourth user, therefore, will be sent to the first IP address, and so forth.
Q: - What is Name Server?
A name server keeps information for the translation of domain names to IP addresses and IP addresses to domain names. The name server is a program that performs the translation at the request of a resolver or another name server.
Q: - What is Primary name server or primary master server?
Primary name server/primary master is the main data source for the zone. It is the authoritative server for the zone. This server acquires data about its zone from databases saved on a local disk. The primary server must be published as an authoritative name server for the domain in the SOA resource record, while the primary master server does not need to be published.
Q: - What is Secondary name server/slave name server?
Secondary name server/slave name server acquires data about the zone by copying the data from the primary name server (respectively from the master server) at regular time intervals. It makes no sense to edit these databases on the secondary name servers, although they are saved on the local server disk because they will be rewritten during further copying.
Q: - what is Root name server?
Root name server is an authoritative name server for the root domain (for the dot). Each root name server is a primary server, which differentiates it from other name servers.
Q: - what is Stealth name server?
Stealth name server is a secret server. This type of name server is not published anywhere. It is only known to the servers that have its IP address statically listed in their configuration. It is an authoritative server. It acquires the data for the zone with the help of a zone transfer. It can be the main server for the zone. Stealth servers can be used as a local backup if the local servers are unavailable.
Q: - What do you mean by "Resource Records"?
Information on domain names and their IP addresses, as well as all the other information distributed via DNS is stored in the memory of name servers as Resource Records (RR).
Q: - Explain "TTL"?
Time to live. A 32-bit number indicating the time the particular RR can be kept valid in a server cache. When this time expires, the record has to be considered invalid. The value 0 keeps nonauthoritative servers from saving the RR to their cache memory.
Q: - Tell me 5 Types of DNS records?
A, NS, CNAME, SOA, PTR, MX.
BIND uses /etc/named.conf as its main configuration file, the /etc/rndc.conf file as the
configuration file for name server control utility rndc, and the /var/named/ directory for zone files and the like.
Q: - What is BIND ?
BIND stands for Berkeley Internet Name Domain which is the most commonly used Domain Name System (DNS) server on the Internet.
Q: - On which version of bind u have worked ?
BIND 9.8.2
or
# rpm -qi bind
Name : bind Version : 9.8.2 Vendor: CentOS
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
Q: - What is the role of DNS ?
A DNS server, or name server, is used to resolve an IP address to a hostname or vice versa.
Q: - On which port DNS server works ?
DNS servers use port 53 by default. Incoming and outgoing packets should be allowed on
port 53. Also allow connections on port 921 if you configure a lightweight resolver server.
The DNS control utility, rndc, connects to the DNS server with TCP port 953 by default. If
you are running rndc on the name server, connections on this TCP port from localhost
should be allowed. If you are running rndc on additional systems, allow connections to
port 953 (or whatever port you have chosen to configure) from these additional systems.
Q: - What is round robin DNS?
Round robin DNS is usually used for balancing the load of geographically distributed Web servers. For example, a company has one domain name and three identical home pages residing on three servers with three different IP addresses. When one user accesses the home page it will be sent to the first IP address. The second user who accesses the home page will be sent to the next IP address, and the third user will be sent to the third IP address. In each case, once the IP address is given out, it goes to the end of the list. The fourth user, therefore, will be sent to the first IP address, and so forth.
Q: - What is Name Server?
A name server keeps information for the translation of domain names to IP addresses and IP addresses to domain names. The name server is a program that performs the translation at the request of a resolver or another name server.
Q: - What is Primary name server or primary master server?
Primary name server/primary master is the main data source for the zone. It is the authoritative server for the zone. This server acquires data about its zone from databases saved on a local disk. The primary server must be published as an authoritative name server for the domain in the SOA resource record, while the primary master server does not need to be published.
Q: - What is Secondary name server/slave name server?
Secondary name server/slave name server acquires data about the zone by copying the data from the primary name server (respectively from the master server) at regular time intervals. It makes no sense to edit these databases on the secondary name servers, although they are saved on the local server disk because they will be rewritten during further copying.
Q: - what is Root name server?
Root name server is an authoritative name server for the root domain (for the dot). Each root name server is a primary server, which differentiates it from other name servers.
Q: - what is Stealth name server?
Stealth name server is a secret server. This type of name server is not published anywhere. It is only known to the servers that have its IP address statically listed in their configuration. It is an authoritative server. It acquires the data for the zone with the help of a zone transfer. It can be the main server for the zone. Stealth servers can be used as a local backup if the local servers are unavailable.
Q: - What do you mean by "Resource Records"?
Information on domain names and their IP addresses, as well as all the other information distributed via DNS is stored in the memory of name servers as Resource Records (RR).
Q: - Explain "TTL"?
Time to live. A 32-bit number indicating the time the particular RR can be kept valid in a server cache. When this time expires, the record has to be considered invalid. The value 0 keeps nonauthoritative servers from saving the RR to their cache memory.
Q: - Tell me 5 Types of DNS records?
A, NS, CNAME, SOA, PTR, MX.
Q:- explain "SOA Record"?
The Start of Authority (SOA) record determines the name server that is an authoritative source of information for the particular domain. There is always only one SOA record in the file, and it is placed at the beginning of the file of authoritative resource records.
Q: - what is "A Record"
A (Address) records assign IP addresses to domain names of computers. The IP address cannot have a dot at the end.
Q: - Explain "CNAME Record"?
Synonyms to domain names can be created using CNAME records. This is often referred to as 'creating aliases for computer names'.
Q: - What are "HINFO and TXT Records"?
HINFO and TXT records are for information only. An HINFO record has two items in its data part. The first item is information about hardware, and the second one is information about software. A TXT record contains a general data string in its data part.
Example :
test.com IN SOA ...
...
mail IN A 192.1.1.2
IN HINFO My_Server UNIX
IN TXT my server
Q: - what are "MX Records"?
MX records specify the mailing server of the domain. An MX record shows to which computer a mail of a particular domain should be sent. The MX record also includes a priority number, which can be used to determine several computers where the mail for the domain can be sent. The first attempt is to deliver the mail to the computer with the highest priority (lowest value). If this attempt fails, the mail goes to the next computer (with a higher priority value), and so on.
linuxhowto.in IN SOA ...
...
mail IN A 192.1.1.2
IN HINFO AlphaServer UNIX
IN TXT my server
IN MX 30 mail2.linuxhowto.in
IN MX 20 mail3.linuxhowto.in
IN MX 10 mail2.linuxhowto.in
Q: - Explain "PTR Records"?
A Pointer Record (PTR) is used to translate an IP address into a domain name.
Q: - What is Dynamic DNS?
Dynamic DNS a method of keeping a domain name linked to a changing IP address as not all computers use static IP addresses. Typically, when a user connects to the Internet, the user's ISP assigns an unused IP address from a pool of IP addresses, and this address is used only for the duration of that specific connection. This method of dynamically assigning addresses extends the usable pool of available IP addresses. A dynamic DNS service provider uses a special program that runs on the user's computer, contacting the DNS service each time the IP address provided by the ISP changes and subsequently updating the DNS database to reflect the change in IP address.
Q: - What is the role of "named-checkconf Utility"?
The named-checkconf utility checks the syntax of the named.conf configuration file.
Syntax: named-checkconf [-t directory] [filename]
Q: - what is the role of "named-checkzone Utility"?
The named-checkzone utility checks the syntax and consistency of the zone file.
Syntax: named-checkzone [-dgv] [-c class] zone [filename]
Q: - what is DNS zone and how does it work?
Every domain name, which is a part of the DNS system, has several DNS settings, also known as DNS records. In order for these DNS records to be kept in order, the DNS zone was created.
A DNS zone refers to a certain portion or administrative space within the global Domain Name System (DNS). Each DNS zone represents a boundary of authority subject to management by certain entities. The total of all DNS zones, which are organized in a hierarchical tree-like order of cascading lower-level domains, form the DNS namespace.
The DNS Zone file is the representation of the DNS Zone - it is the actual file, which contains all the records for a specific domain. In a DNS Zone file, each line can hold only one record, and each DNS Zone file must start with the TTL (Time to Live), which specifies for how long the records should be kept in the DNS Server's cache. The other mandatory record for a DNS Zone file is the SOA (Start of Authority) record - it specifies the primary authoritative name server for the DNS Zone.
After these two records are specified, additional records, such as A or NS records, can be added. When adding a record for a hostname, the hostname must end with a period (.). Hostnames, which do not end with a period, are considered relative to the main domain name, for which the DNS Zone was created. For example, when specifying the "www" record, there is no need to place a period after it. Ads by Google
The Start of Authority (SOA) record determines the name server that is an authoritative source of information for the particular domain. There is always only one SOA record in the file, and it is placed at the beginning of the file of authoritative resource records.
Q: - what is "A Record"
A (Address) records assign IP addresses to domain names of computers. The IP address cannot have a dot at the end.
Q: - Explain "CNAME Record"?
Synonyms to domain names can be created using CNAME records. This is often referred to as 'creating aliases for computer names'.
Q: - What are "HINFO and TXT Records"?
HINFO and TXT records are for information only. An HINFO record has two items in its data part. The first item is information about hardware, and the second one is information about software. A TXT record contains a general data string in its data part.
Example :
test.com IN SOA ...
...
mail IN A 192.1.1.2
IN HINFO My_Server UNIX
IN TXT my server
Q: - what are "MX Records"?
MX records specify the mailing server of the domain. An MX record shows to which computer a mail of a particular domain should be sent. The MX record also includes a priority number, which can be used to determine several computers where the mail for the domain can be sent. The first attempt is to deliver the mail to the computer with the highest priority (lowest value). If this attempt fails, the mail goes to the next computer (with a higher priority value), and so on.
linuxhowto.in IN SOA ...
...
mail IN A 192.1.1.2
IN HINFO AlphaServer UNIX
IN TXT my server
IN MX 30 mail2.linuxhowto.in
IN MX 20 mail3.linuxhowto.in
IN MX 10 mail2.linuxhowto.in
Q: - Explain "PTR Records"?
A Pointer Record (PTR) is used to translate an IP address into a domain name.
Q: - What is Dynamic DNS?
Dynamic DNS a method of keeping a domain name linked to a changing IP address as not all computers use static IP addresses. Typically, when a user connects to the Internet, the user's ISP assigns an unused IP address from a pool of IP addresses, and this address is used only for the duration of that specific connection. This method of dynamically assigning addresses extends the usable pool of available IP addresses. A dynamic DNS service provider uses a special program that runs on the user's computer, contacting the DNS service each time the IP address provided by the ISP changes and subsequently updating the DNS database to reflect the change in IP address.
Q: - What is the role of "named-checkconf Utility"?
The named-checkconf utility checks the syntax of the named.conf configuration file.
Syntax: named-checkconf [-t directory] [filename]
Q: - what is the role of "named-checkzone Utility"?
The named-checkzone utility checks the syntax and consistency of the zone file.
Syntax: named-checkzone [-dgv] [-c class] zone [filename]
Q: - what is DNS zone and how does it work?
Every domain name, which is a part of the DNS system, has several DNS settings, also known as DNS records. In order for these DNS records to be kept in order, the DNS zone was created.
A DNS zone refers to a certain portion or administrative space within the global Domain Name System (DNS). Each DNS zone represents a boundary of authority subject to management by certain entities. The total of all DNS zones, which are organized in a hierarchical tree-like order of cascading lower-level domains, form the DNS namespace.
The DNS Zone file is the representation of the DNS Zone - it is the actual file, which contains all the records for a specific domain. In a DNS Zone file, each line can hold only one record, and each DNS Zone file must start with the TTL (Time to Live), which specifies for how long the records should be kept in the DNS Server's cache. The other mandatory record for a DNS Zone file is the SOA (Start of Authority) record - it specifies the primary authoritative name server for the DNS Zone.
After these two records are specified, additional records, such as A or NS records, can be added. When adding a record for a hostname, the hostname must end with a period (.). Hostnames, which do not end with a period, are considered relative to the main domain name, for which the DNS Zone was created. For example, when specifying the "www" record, there is no need to place a period after it. Ads by Google
_____________________________________________________________________________________________