Creating Name Servers

2 hours
  • 8 Learning Objectives

About this Hands-on Lab

In this learning activity, you are tasked with setting up two DNS hosts, a master and a slave, as well as configuring a client.

***NOTE:*** This is not a secure implementation and should not be implemented in a production environment.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Install BIND on the Primary DNS Host

You will need to install BIND prior to configuring it:

# yum install bind bind-utils

You should then enable the service, but not start it until configuration is complete:

# systemctl enable named

Configure BIND on the Primary DNS Host

You will need to edit the primary configuration file: /etc/named.conf

You can find sample configurations under: /usr/share/doc/bind-$VERSION

Add the local IP to the listen-on line:

listen-on port 53 { 127.0.0.1; 10.0.1.10;};

Limit queries to localhost and Secondary DNS host, and permit transfers to the Secondary DNS host:

allow-query     { localhost; 10.0.1.11; };
allow-transfer  { localhost; 10.0.1.11; };

Disable recursion:

recursion no;

Add forward and reverse zones above the includes at the bottom:

zone "example.com" IN {
type master;
file "forward.example.com";
allow-update { none; };
};
zone "1.0.10.in-addr.arpa" IN {
type master;
file "reverse.example.com";
allow-update { none; };
};
Create Zone Files on the Primary DNS Host

Sample config files may be found in /usr/share/doc/bind-$VERSION

The files should be located in /var/named/ and must match the files referenced in /etc/named.conf: forward.example.com, and reverse.example.com.

Use the following if you don’t want to construct the files from scratch:

forward.example.com:

$TTL 86400
@   IN  SOA     ns1.example.com. server1.example.com. (
        2018091201  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@           IN  NS  ns1.example.com.
@           IN  NS  ns2.example.com.
server1     IN  A   10.0.1.10
ns1         IN  A   10.0.1.10
server2     IN  A   10.0.1.11
ns2         IN  A   10.0.1.11
client1     IN  A   10.0.1.12

reverse.example.com:

$TTL 86400
@   IN  SOA     ns1.example.com. server1.example.com. (
        2018091201  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@           IN  NS  ns1.example.com.
@           IN  NS  ns2.example.com.
server1     IN  A   10.0.1.10
ns1         IN  A   10.0.1.10
server2     IN  A   10.0.1.11
ns2         IN  A   10.0.1.11
client1     IN  A   10.0.1.12
10          IN PTR server1.example.com.
10          IN PTR ns1.example.com.
11          IN PTR server2.example.com.
11          IN PTR ns2.example.com.
12          IN PTR client1.example.com.
Verify the Configuration of the Primary DNS Host (10.0.1.10)

You should verify the syntax of the files prior to starting the service:

# named-checkconf /etc/named.conf

# named-checkzone example.com /var/named/FORWARD ZONE FILE

# named-checkzone example.com /var/named/REVERSE ZONE FILE

Start BIND on the Primary Host

# systemctl start named

Be sure to watch for any errors. You can look in /var/log/messages for more details.
If your configuration is sane, BIND should be running, and can be verified with:

# dig @localhost server1.example.com

Modify the firewall to the Secondary DNS Host:

# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.11" destination address=10.0.1.10 port port=53 protocol=tcp accept'

# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.11" destination address=10.0.1.10 port port=53 protocol=udp accept'

# firewall-cmd --reload

Configure the Secondary Host

On Server2, install BIND and enable it:

# yum install bind bind-utils

# systemctl enable named

Edit /etc/named.conf like on Server1:

Add the local IP to the listen-on line:

listen-on port 53 { 127.0.0.1; 10.0.1.11;};

Limit queries to the local subnet:

allow-query     { localhost; 10.0.1.0/24; };

Disable recursion:

recursion no;

Add forward and reverse (slave) zones above the includes at the bottom:

zone "example.com" IN {
type slave;
file "/slaves/example.com.fwd";
masters { 10.0.1.10; };
};
zone "1.0.10.in-addr.arpa" IN {
type slave;
file "/slaves/example.com.rev";
masters { 10.0.1.10; };
};
Start BIND on the Secondary Host

Verify the configuration:

# named-checkconf /etc/named.conf

And start BIND:

# systemctl start named

Be sure to watch for any errors. You can look in /var/log/messages for more details.
If your configuration is sane, BIND should be running and can be verified with:

# dig @localhost server1.example.com

Enable DNS traffic through the firewall

# firewall-cmd --permanent --add-service=dns && firewall-cmd --reload

Configure the Client to Use the Secondary DNS Host (10.0.1.11) for DNS

Install NetworkManager and start the service:

# yum install NetworkManager

# systemctl enable NetworkManager && systemctl start NetworkManager

Configure the interface to be static, then assign the secondary host IP as the DNS, and the DNS search to be example.com:

# nmcli con mod System eth0 ipv4.method manual ipv4.addresses 10.0.1.12/24 ipv4.gateway 10.0.1.1 ipv4.dns 10.0.1.11 ipv4.dns-search example.com

Remove the ec2.internal search domain from /etc/resolv.conf:

# sed -i '/ec2.internal/d' /etc/resolv.conf

Restart networking to pickup the configuration change:

# systemctl restart network

Verify that it works with dig:

# dig server1.example.com

Additional Resources

You are provided with three hosts:

Server1
This host should be configured as a master DNS host for the example.com zone, with valid forward and reverse records.

Server2
This host should be configured as a slave DNS host for dns1, and have an A record (and resolve) to dns2.example.com.

Client1
This host should be configured to use dns2.example.com as it's primary DNS host, and successfully resolve dns1.example.com and dns2.example.com to their respective internal IPs.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!