Configure Caching only DNS, Master DNS And Slave DNS Server & Interview Q. & A.


DNS (Domain Name System) is the core component of network infrastructure. The DNS service resolves hostname into ip address and vice versa.
For example if we type www.google.com in browser, the DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.

Package-    bind*
Port-          53
Daemon-    named
Script-       /etc/init.d/named
Configfile- /etc/named.conf
                 /etc/named.rfc1912.zones

* BIND stands for Berkley Internet Naming Daemon.
BIND is the most common program used for maintaining a name server on Linux.

1- Caching Only DNS Server
2- Master DNS Server
3- Slave DNS Server

Note-
  • Caching Only DNS Server:
    • Hostname: server.ashu.com
    • IP: 192.168.0.1
  • Master DNS Server:
    • Hostname: server.ashu.com
    • IP: 192.168.0.1
  • Slave DNS Server:
    • Hostname: slave.ashu.com
    • IP: 192.168.0.2

System-1
1- Configure Caching Only DNS Server-

A caching-only name server maintains a cache of resolved domain name-to-IP address mapping. The caching-only server does not have control over any specific zone, but it communicates with other master servers in resolving the IP addresses.

Step-1 Set Static IP..

[root@server ~]# vim /etc/sysconfig/netwprk-scripts/ifcfg-eth0
 
DEVICE=eth0
HWADDR=40:2c:29:84:6d:8c
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=192.168.0.1
BOOTPROTO=none
NETMASK=255.255.255.0
DNS=192.168.0.1 
BROADCAST=210.207.201.255
TYPE=Ethernet
IPV6INIT=no
USERCTL=no

[root@server ~]# /etc/init.d/NetworkManager restart
[root@server ~]# ifconfig eth0

eth0   Link encap:Ethernet  HWaddr 40:2c:29:84:6d:8c 
          inet addr:192.168.0.1  Bcast:210.207.201.255   Mask:255.255.255.0
          inet6 addr: fe80::7627:eaff:fe0d:b3f8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:471976 errors:0 dropped:0 overruns:0 frame:0
          TX packets:194066 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:184958609 (176.3 MiB)  TX bytes:35739546 (34.0 MiB)
 

Step-2 Change Host Name-

[root@server ~]# vim /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=server.ashu.com

[root@server ~]# vim /etc/hosts


127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1  localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.1      server.ashu.com         server

[root@server ~]# hostname
server.ashu.com

Step-3  Now Install 'bind' package

[root@server ~]# yum install bind* -y

Step-4 Configure Caching-Only DNS server

[root@server ~]# cd /etc/

Step-5 Edit the named.conf file

[root@server etc]# vim named.conf
______________________________________________________________________________
 //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// 
//
options {
        listen-on port 53 { 127.0.0.1; 192.168.0.1; };     
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        allow-transfer{ localhost; 192.168.0.2; };

 ## --> Note-

 ##--> allow-query { any; }; - Every  or
 ##--> add particular network {192.168.0.0/24;}
 ##--> allow-transfer{ localhost; 192.168.0.2; };  -Slave DNS 
    
        recursion yes;


        dnssec-enable yes;

        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

:wq!
______________________________________________________________________________

[root@server etc]# cd 

Step-6 Add the nameserver in resolve file

[root@server ~]# vim /etc/resolv.conf

search ashu.com
nameserver 192.168.0.1

[root@server ~]# /etc/init.d/NetworkManager restart

Step-7 Restart named Services-

[root@server ~]# /etc/init.d/NetworkManager restart;chkconfig named on

   or


[root@server ~]# service named restart
[root@server ~]# chkconfig named on

Step-8 Now Test on the other server

[root@server ~]# dig @192.168.0.1 google.com
______________________________________________________________________________

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @192.168.0.1 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55804
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 2

;; QUESTION SECTION:
;google.com.            IN    A

;; ANSWER SECTION:
google.com.        16    IN    A    173.194.36.72
google.com.        16    IN    A    173.194.36.73
google.com.        16    IN    A    173.194.36.78
google.com.        16    IN    A    173.194.36.64
google.com.        16    IN    A    173.194.36.65
google.com.        16    IN    A    173.194.36.66
google.com.        16    IN    A    173.194.36.67
google.com.        16    IN    A    173.194.36.68
google.com.        16    IN    A    173.194.36.69
google.com.        16    IN    A    173.194.36.70
google.com.        16    IN    A    173.194.36.71

;; AUTHORITY SECTION:
.            5805    IN    NS    a.root-servers.net.
.            5805    IN    NS    b.root-servers.net.
.            5805    IN    NS    c.root-servers.net.
.            5805    IN    NS    d.root-servers.net.
.            5805    IN    NS    e.root-servers.net.
.            5805    IN    NS    f.root-servers.net.
.            5805    IN    NS    g.root-servers.net.
.            5805    IN    NS    h.root-servers.net.
.            5805    IN    NS    i.root-servers.net.
.            5805    IN    NS    j.root-servers.net.
.            5805    IN    NS    k.root-servers.net.
.            5805    IN    NS    l.root-servers.net.
.            5805    IN    NS    m.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net.    156649    IN    A    198.41.0.4
a.root-servers.net.    156649    IN    AAAA    2001:503:ba3e::2:30

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Mar 19 17:02:52 2014
;; MSG SIZE  rcvd: 459

______________________________________________________________________________

Caching Only DNS Server Configuration finished. So Enjoy............................!

System-1

Configure Primary DNS Server-

A master server has control over a specific DNS zone and is regarded as the authoritative server for address resolution of the specific zone. The master server also responds to resolution requests for this specific zone, coming in from other caching servers. 

Step-1 Set Static IP..

[root@server ~]# vim /etc/sysconfig/netwprk-scripts/ifcfg-eth0
 
DEVICE=eth0
HWADDR=40:2c:29:84:6d:8c
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=192.168.0.1
BOOTPROTO=none
NETMASK=255.255.255.0
DNS=192.168.0.1
BROADCAST=210.207.201.255 
TYPE=Ethernet
IPV6INIT=no
USERCTL=no

[root@server ~]# /etc/init.d/NetworkManager restart
[root@server ~]# ifconfig eth0

eth0   Link encap:Ethernet  HWaddr 40:2c:29:84:6d:8c 
          inet addr:192.168.0.1  Bcast:210.207.201.255 Mask:255.255.255.0
          inet6 addr: fe80::7627:eaff:fe0d:b3f8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:471976 errors:0 dropped:0 overruns:0 frame:0
          TX packets:194066 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:184958609 (176.3 MiB)  TX bytes:35739546 (34.0 MiB)
 

Step-2 Change Host Name-

[root@server ~]# vim /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=server.ashu.com

[root@server ~]# vim /etc/hosts

127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.1      server.ashu.com         server

[root@server ~]# hostname
server.ashu.com

Step-3  Now Install 'bind' package

[root@server ~]# yum install bind* -y

Step-4 Configure Primary DNS server

 [root@server ~]# cd /etc/


 Edit the named.conf file


[root@server etc]# vim named.conf
______________________________________________________________________________
 //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// 
//
options {
        listen-on port 53 { 127.0.0.1; 192.168.0.1; };   ##-->Master DNS IP
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24; };  #IP Range
        allow-transfer{ localhost; 192.168.0.2; };
    
        recursion yes;


        dnssec-enable yes;

        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

 zone "ashu.com" IN {
        type master;
        file "forward.ashu.com";
        allow-update {none; };
};


zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "reverse.ashu.com";
       

       allow-update { none; };
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

:wq! 
______________________________________________________________________________

[root@server etc]# cd

Step-6 Now Create forward and reverse zone file which we mention in the '/etc/named.conf'

1- Copy File..
 

[root@server ~]# cd /var/named/
[root@server named]# ll

drwxr-x---. 6 root  named 4096 Feb 19 17:59 chroot
drwxrwx---. 2 named named 4096 Jan 20 23:07 data
drwxrwx---. 2 named named 4096 Jan 20 23:07 dynamic
-rw-r-----. 1 root  named 1892 Feb 18  2008 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback

drwxrwx---. 2 named named 4096 Jan 20 23:07 slaves


[root@server named]# cp -rvf named.localhost forward.ashu.com

`named.localhost' -> `forward.ashu.com'

[root@server named]# cp -rvf named.loopback reverse.ashu.com

 `named.loopback' -> `reverse.ashu.com'


[root@server named]# ll
drwxr-x---. 6 root  named 4096 Feb 19 17:59 chroot
drwxrwx---. 2 named named 4096 Jan 20 23:07 data
drwxrwx---. 2 named named 4096 Jan 20 23:07 dynamic
-rw-r-----. 1 root  root   152 Mar 21 12:34 forward.ashu.com
-rw-r-----. 1 root  named 1892 Feb 18  2008 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
-rw-r-----. 1 root  root   168 Mar 21 12:38 reverse.ashu.com
drwxrwx---. 3 named named 4096 Mar 20 20:46 slaves

2- Change the group permission

[root@server named]# chgrp named forward.ashu.com
[root@server named]# chgrp named reverse.ashu.com

[root@server named]# ll
drwxr-x---. 6 root  named 4096 Feb 19 17:59 chroot
drwxrwx---. 2 named named 4096 Jan 20 23:07 data
drwxrwx---. 2 named named 4096 Jan 20 23:07 dynamic
-rw-r-----. 1 root  named   152 Mar 21 12:34 forward.ashu.com
-rw-r-----. 1 root  named 1892 Feb 18  2008 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
-rw-r-----. 1 root  named   168 Mar 21 12:38 reverse.ashu.com
drwxrwx---. 3 named named 4096 Mar 20 20:46 slaves

3- Edit the forward zone (name to ip Addr) :

[root@server named]# vim forward.ashu.com
______________________________________________________________________________

$TTL 1D
@       IN SOA  @ server.ashu.com.root.server.ashu.com. (
                                   201421    ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        

                    NS      server.ashu.com
                    NS      slave.ashu.com
                     A       192.168.0.1

server           A       192.168.0.1
slave             A       192.168.0.2


:wq!
______________________________________________________________________________

4- Edit the reverse zone (ip Addr to name) 

[root@server named]# vim reverse.ashu.com
______________________________________________________________________________
 
TTL 1D
@       IN SOA  @ server.ashu.com.root.server.ashu.com. (
                                   201421   ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        

                     NS      server.ashu.com
                     NS      slave.ashu.com
                      A       192.168.0.1

                      A       192.168.0.2
      1            PTR     server.ashu.com

      2            PTR     slave.ashu.com       

:wq!  
______________________________________________________________________________


Step-7 Then Add the nameserver in resolve file

[root@server ~]# vim /etc/resolv.conf

search ashu.com
nameserver 192.168.0.1

[root@server ~]# /etc/init.d/NetworkManager restart

Step- 8 Restart the bind service....

[root@server ~]# /etc/init.d/named restart;chkconfig named on

Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                                [  OK  ]

Step-9  Allow DNS Server through iptables
Add the lines shown in bold letters in ‘/etc/sysconfig/iptables’ file. This will allow all clients to access the DNS server.

[root@server ~]# vim /etc/sysconfig/iptables

______________________________________________________________________________


# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
___________________________________________________________________________________________ 


Step-10 Restart iptables to save the changes

 [root@server ~]# service iptables restart 


iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter [  OK  ]
iptables: Unloading modules:                             [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

Step-11 Test syntax errors of DNS configuration and zone files

Check DNS Config file-

[root@server ~]# named-checkconf /etc/named.conf


  
Check zone files-

[root@server ~]# named-checkzone ashu.com /var/named/forward.ashu.com

zone ashu.com/IN:  loaded serial   201421
OK

[root@server ~]# named-checkzone ashu.com /var/named/chroot/var/named/reverse.ashu.com

zone ashu.com/IN:  loaded serial   201421
OK

Step- 16 Test DNS Server..

[root@server ~]# dig server.ashu.com

@ forward lookup
______________________________________________________________________________
 
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> server.ashu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50351
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
; server.ashu.com.           IN      A

;; ANSWER SECTION:
server.ashu.com.    86400   IN      A       192.168.0.1

;; AUTHORITY SECTION:
ashu.com.              86400   IN      NS      server.ashu.com.

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Mar 20 19:02:52 2014
;; MSG SIZE  rcvd: 45
______________________________________________________________________________


[root@server ~]# dig -x 192.168.0.1

@ reverse lookup
______________________________________________________________________________
 
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> -x 192.168.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45077
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;0.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
0.168.192.in-addr.arpa. 86400 IN     PTR     server.ashu.com.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400  IN      NS      server.ashu.com.

;; ADDITIONAL SECTION:
server.ashu.com.    86400   IN      A       192.168.0.1


;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Mar 20 19:03:52 2014
;; MSG SIZE  rcvd: 108
______________________________________________________________________________

[root@server ~]# nslookup

@ Using nslookup command with also working in windows family
______________________________________________________________________________

> server.ashu.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: server.ashu.com
Address: 192.168.0.1
> 192.168.0.1
Server: 192.168.0.1
Address: 192.168.0.1#53
0.168.192.in-addr.arpa name = server.ashu.com.
>
______________________________________________________________________________

Primary DNS Server Configuration finished. So Enjoy............................!

System-2
Configure Secondary (Slave) DNS Server- 

A secondary DNS Server is used as a backup DNS Server in case the primary fails. The configuration is almost identical.

Step-1 Set Static IP..

[root@slave ~]# vim /etc/sysconfig/netwprk-scripts/ifcfg-eth0
 
DEVICE=eth0
HWADDR=40:2c:29:84:5d:7c
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=192.168.0.2
BOOTPROTO=none
NETMASK=255.255.255.0
BROADCAST=210.207.201.255 
DNS=192.168.0.1
TYPE=Ethernet
IPV6INIT=no
USERCTL=no

[root@slave ~]# /etc/init.d/NetworkManager restart
[root@slave ~]# ifconfig eth0

eth0   Link encap:Ethernet  HWaddr 40:2c:29:84:5d:7c 
          inet addr:192.168.0.2  Bcast:210.207.201.255 Mask:255.255.255.0
          inet6 addr: fe80::7627:eaff:fe0d:b3f8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:471976 errors:0 dropped:0 overruns:0 frame:0
          TX packets:194066 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:184958609 (176.3 MiB)  TX bytes:35739546 (34.0 MiB)
 

Step-2 Change Host Name-

[root@slave ~]# vim /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=slave.ashu.com

[root@slave ~]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.1      server.ashu.com       server
192.168.0.2      slave.ashu.com         slave

[root@slave ~]# hostname
slave.ashu.com

Step-3  Now Install 'bind' package

[root@slave ~]# yum install bind* -y

Step-4 Configure Secondary (Slave) DNS server

[root@slave ~]# cd /var/etc/

Step-5 Edit the named.conf file

[root@slave etc]# vim named.conf
______________________________________________________________________________
 //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// 
//
options {
     listen-on port 53 { 127.0.0.1; 192.168.0.2; };#Slve DNS IP

        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24;}; # IP Range
    
        recursion yes;


        dnssec-enable yes;

        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

 zone "ashu.com" IN {
        type slave;
        file "slaves/
ashu.forward";
       masters {192.168.0.1; };
};


zone "0.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/ashu.reverse";
       

        masters {192.168.0.1; };

 };


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

:wq!
______________________________________________________________________________

[root@slave etc]# cd
 
Step-6 Add the nameserver in resolve file

[root@slave ~]# vim /etc/resolv.conf

search ashu.com
nameserver 192.168.0.1
nameserver 192.168.0.2

[root@slave ~]# /etc/init.d/NetworkManager restart

Step- 7 Restart the bind service....

[root@slave ~]# /etc/init.d/named restart;chkconfig named on

Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                                [  OK  ]

Step-8 Allow DNS Server through iptables
Add the lines shown in bold letters in ‘/etc/sysconfig/iptables’ file. This will allow all clients to access the DNS server.

[root@slave ~]# vim /etc/sysconfig/iptables

______________________________________________________________________________


# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
______________________________________________________________________________ 


Step-9 Restart iptables to save the changes

[root@slave ~]# service iptables restart 

iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter [  OK  ]
iptables: Unloading modules:                             [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]


Now the secondary DNS Server is ready. The zone files from the primary server will be automatically copied to the secondary server.
To verify, goto DNS database location(i.e ‘/var/named/slaves’)

[root@slave ~]# cd /var/named/slaves/

[root@slave slaves]# ll
 
 ashu.forward   ashu.reverse

[root@slave slaves]# cat ashu.forward    (Check Zone file)


[root@slave slaves]# cat ashu.forward    (Check Zone file)
  
Note-

While configuring the secondary DNS Server, the following should be kept in mind -


  1. We don't need to define the zone files in the secondary DNS Server. It will automatically be transferred from primary DNS Server.
  2. While updating the zone files in the primay DNS Server, the serial number has to be updated. The secondary DNS Server will transfer zone files only if the serial number is different.
Step-9 Test slave DNS Server..

[root@slave slaves]# cd

[root@slave ~]# dig slave.ashu.com

[root@slave ~]# diz -x 192.168.0.2

[root@slave ~]# nslookup 192.168.0.2

[root@slave ~]# nslookup slave.ashu.com


Secondary (Slave) DNS Server Configuration finished. So Enjoy............................!
_____________________________________________________________________________________________
Click Back..                                Click Home..


https://docs.google.com/forms/d/1iNRZlJJO6rBFizzPcFmyOTEtfkdjhdVRmpM74IbiT3o/viewform


DNS Troubleshooting in Linux

Some basic DNS troubleshooting in Linux.


  1. First collect the information which has created the problem by doing some investigation(such as logs, debug messages etc) .
  2. Prepare your tools which is required for your troubleshooting.
  3. Troubleshooting is nothing but considering so many issues that may cause the problem and working one by one to pin point the actual culprit which created the issue.
  4. once issue is pin-pointed you have to work on that issue with the tools/commands/logs all other resources and have to resolve it.
Coming to troubleshooting DNS aka named services, here are the steps how we can resolve the DNS related issue:

I will take one scenario “suppose my client is unable to resolve host-names to IP address”
Step1:Check the DNS server is configured on Client end or not
check in below file if name server is configured to proper DNS server or not
 

#vim /etc/resolv.confIf the client is configured with proper DNS server follow to next step
Stpe2:Ping to DNS server ip address
#ping serveripadd


Step3:So pinging is happening
 then there is a communication path between Server-client, so we have to check weather DNS server is running or not. Here nmap can be used to check what ports opened on server.
#nmap serveripadd

Example:
#nmap 125.22.73.23

this command will give you output what are the services running/ports opened on remote server, if DNS server is running and working fine means you can see DNS port(53) in the list of opened ports.
Step4:Now checking DNS server issue in deep

  • Checking under whom the DNS server is register and its properties .
#whois example.com

  • Checking what server is used to resolve and some basic info.
#nslookup www.example.com
  • Checking who is resolving and what is resolving in details about DNS server.
#dig www.example.com

Read.... 

DNS Interview Question and Answer-


Q: - which are the important configuration files for DNS server ?
BIND uses /etc/named.conf as its main configuration file, the /etc/rndc.conf file as the
configuration file for name server control utility rndc, and the /var/named/ directory for zone files and the like.

Q: - What is BIND ?

BIND stands for Berkeley Internet Name Domain which is the most commonly used Domain Name System (DNS) server on the Internet.

Q: - On which version of bind u have worked ?

BIND 9.8.2


or

# rpm -qi bind
 
Name        : bind                         Version     : 9.8.2                             Vendor: CentOS

Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.


Q: - What is the role of DNS ?

A DNS server, or name server, is used to resolve an IP address to a hostname or vice versa.

Q: - On which port DNS server works ?

DNS servers use port 53 by default. Incoming and outgoing packets should be allowed on
port 53. Also allow connections on port 921 if you configure a lightweight resolver server.
The DNS control utility, rndc, connects to the DNS server with TCP port 953 by default. If
you are running rndc on the name server, connections on this TCP port from localhost
should be allowed. If you are running rndc on additional systems, allow connections to
port 953 (or whatever port you have chosen to configure) from these additional systems.

Q: - What is round robin DNS?

Round robin DNS is usually used for balancing the load of geographically distributed Web servers. For example, a company has one domain name and three identical home pages residing on three servers with three different IP addresses. When one user accesses the home page it will be sent to the first IP address. The second user who accesses the home page will be sent to the next IP address, and the third user will be sent to the third IP address. In each case, once the IP address is given out, it goes to the end of the list. The fourth user, therefore, will be sent to the first IP address, and so forth.


Q: - What is Name Server?

A name server keeps information for the translation of domain names to IP addresses and IP addresses to domain names. The name server is a program that performs the translation at the request of a resolver or another name server.


Q: - What is Primary name server or primary master server?

Primary name server/primary master is the main data source for the zone. It is the authoritative server for the zone. This server acquires data about its zone from databases saved on a local disk. The primary server must be published as an authoritative name server for the domain in the SOA resource record, while the primary master server does not need to be published.


Q: - What is Secondary name server/slave name server?

Secondary name server/slave name server acquires data about the zone by copying the data from the primary name server (respectively from the master server) at regular time intervals. It makes no sense to edit these databases on the secondary name servers, although they are saved on the local server disk because they will be rewritten during further copying.


Q: - what is Root name server?

Root name server is an authoritative name server for the root domain (for the dot). Each root name server is a primary server, which differentiates it from other name servers.


Q: - what is Stealth name server?

Stealth name server is a secret server. This type of name server is not published anywhere. It is only known to the servers that have its IP address statically listed in their configuration. It is an authoritative server. It acquires the data for the zone with the help of a zone transfer. It can be the main server for the zone. Stealth servers can be used as a local backup if the local servers are unavailable.

Q: - What do you mean by "Resource Records"?

Information on domain names and their IP addresses, as well as all the other information distributed via DNS is stored in the memory of name servers as Resource Records (RR).

Q: - Explain "TTL"?

Time to live. A 32-bit number indicating the time the particular RR can be kept valid in a server cache. When this time expires, the record has to be considered invalid. The value 0 keeps nonauthoritative servers from saving the RR to their cache memory.


Q: - Tell me 5 Types of DNS records?

A, NS, CNAME, SOA, PTR, MX.
 
Q:- explain "SOA Record"?

The Start of Authority (SOA) record determines the name server that is an authoritative source of information for the particular domain. There is always only one SOA record in the file, and it is placed at the beginning of the file of authoritative resource records.


Q: - what is "A Record"

A (Address) records assign IP addresses to domain names of computers. The IP address cannot have a dot at the end.


Q: - Explain "CNAME Record"?

Synonyms to domain names can be created using CNAME records. This is often referred to as 'creating aliases for computer names'.


Q: - What are "HINFO and TXT Records"?

HINFO and TXT records are for information only. An HINFO record has two items in its data part. The first item is information about hardware, and the second one is information about software. A TXT record contains a general data string in its data part.
Example :
test.com IN SOA ...
...
mail IN A 192.1.1.2
IN HINFO My_Server UNIX
IN TXT my server


Q: - what are "MX Records"?

MX records specify the mailing server of the domain. An MX record shows to which computer a mail of a particular domain should be sent. The MX record also includes a priority number, which can be used to determine several computers where the mail for the domain can be sent. The first attempt is to deliver the mail to the computer with the highest priority (lowest value). If this attempt fails, the mail goes to the next computer (with a higher priority value), and so on.

 linuxhowto.in IN SOA ...
...
mail IN A 192.1.1.2
IN HINFO AlphaServer UNIX
IN TXT my server
  IN MX 30 mail2.linuxhowto.in
  IN MX 20 mail3.linuxhowto.in
  IN MX 10 mail2.linuxhowto.in

Q: - Explain "PTR Records"?

A Pointer Record (PTR) is used to translate an IP address into a domain name.


Q: - What is Dynamic DNS?

Dynamic DNS a method of keeping a domain name linked to a changing IP address as not all computers use static IP addresses. Typically, when a user connects to the Internet, the user's ISP assigns an unused IP address from a pool of IP addresses, and this address is used only for the duration of that specific connection. This method of dynamically assigning addresses extends the usable pool of available IP addresses. A dynamic DNS service provider uses a special program that runs on the user's computer, contacting the DNS service each time the IP address provided by the ISP changes and subsequently updating the DNS database to reflect the change in IP address.


Q: - What is the role of "named-checkconf Utility"?

The named-checkconf utility checks the syntax of the named.conf configuration file.
Syntax: named-checkconf [-t directory] [filename]

Q: - what is the role of "named-checkzone Utility"?

The named-checkzone utility checks the syntax and consistency of the zone file.
Syntax: named-checkzone [-dgv] [-c class] zone [filename]


Q: - what is DNS zone and how does it work?


Every domain name, which is a part of the DNS system, has several DNS settings, also known as DNS records. In order for these DNS records to be kept in order, the DNS zone was created.

A DNS zone refers to a certain portion or administrative space within the global Domain Name System (DNS). Each DNS zone represents a boundary of authority subject to management by certain entities. The total of all DNS zones, which are organized in a hierarchical tree-like order of cascading lower-level domains, form the DNS namespace.


The DNS Zone file is the representation of the DNS Zone - it is the actual file, which contains all the records for a specific domain. In a DNS Zone file, each line can hold only one record, and each DNS Zone file must start with the TTL (Time to Live), which specifies for how long the records should be kept in the DNS Server's cache. The other mandatory record for a DNS Zone file is the SOA (Start of Authority) record - it specifies the primary authoritative name server for the DNS Zone.

After these two records are specified, additional records, such as A or NS records, can be added. When adding a record for a hostname, the hostname must end with a period (.). Hostnames, which do not end with a period, are considered relative to the main domain name, for which the DNS Zone was created. For example, when specifying the "www" record, there is no need to place a period after it. Ads by Google
_____________________________________________________________________________________________
Click Back..                                Click Home..


https://docs.google.com/forms/d/1iNRZlJJO6rBFizzPcFmyOTEtfkdjhdVRmpM74IbiT3o/viewform