In this learning activity, you are tasked with setting up two DNS hosts, a master and a slave, as well as configuring a client.
***NOTE:*** This is not a secure implementation and should not be implemented in a production environment. The lab now uses ens5 instead of eth0.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Install BIND on the Primary DNS Host
You will need to install BIND prior to configuring it:
# yum install bind bind-utilsYou should then enable the service, but not start it until configuration is complete:
# systemctl enable named- Configure BIND on the Primary DNS Host
You will need to edit the primary configuration file:
/etc/named.confYou can find sample configurations under:
/usr/share/doc/bind-$VERSIONAdd the local IP to the listen-on line:
listen-on port 53 { 127.0.0.1; 10.0.1.10;};Limit queries to localhost and Secondary DNS host, and permit transfers to the Secondary DNS host:
allow-query { localhost; 10.0.1.11; }; allow-transfer { localhost; 10.0.1.11; };Disable recursion:
recursion no;Add forward and reverse zones above the includes at the bottom:
zone "example.com" IN { type master; file "forward.example.com"; allow-update { none; }; }; zone "1.0.10.in-addr.arpa" IN { type master; file "reverse.example.com"; allow-update { none; }; };- Create Zone Files on the Primary DNS Host
Sample config files may be found in
/usr/share/doc/bind-$VERSIONThe files should be located in
/var/named/and must match the files referenced in/etc/named.conf:forward.example.com, andreverse.example.com.Use the following if you don’t want to construct the files from scratch:
forward.example.com:$TTL 86400 @ IN SOA ns1.example.com. server1.example.com. ( 2018091201 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS ns1.example.com. @ IN NS ns2.example.com. server1 IN A 10.0.1.10 ns1 IN A 10.0.1.10 server2 IN A 10.0.1.11 ns2 IN A 10.0.1.11 client1 IN A 10.0.1.12reverse.example.com:$TTL 86400 @ IN SOA ns1.example.com. server1.example.com. ( 2018091201 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS ns1.example.com. @ IN NS ns2.example.com. server1 IN A 10.0.1.10 ns1 IN A 10.0.1.10 server2 IN A 10.0.1.11 ns2 IN A 10.0.1.11 client1 IN A 10.0.1.12 10 IN PTR server1.example.com. 10 IN PTR ns1.example.com. 11 IN PTR server2.example.com. 11 IN PTR ns2.example.com. 12 IN PTR client1.example.com.- Verify the Configuration of the Primary DNS Host (10.0.1.10)
You should verify the syntax of the files prior to starting the service:
# named-checkconf /etc/named.conf# named-checkzone example.com /var/named/FORWARD ZONE FILE# named-checkzone example.com /var/named/REVERSE ZONE FILE- Start BIND on the Primary Host
# systemctl start namedBe sure to watch for any errors. You can look in
/var/log/messagesfor more details.
If your configuration is sane, BIND should be running, and can be verified with:# dig @localhost server1.example.comModify the firewall to the Secondary DNS Host:
# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.11" destination address=10.0.1.10 port port=53 protocol=tcp accept'# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.11" destination address=10.0.1.10 port port=53 protocol=udp accept'# firewall-cmd --reload- Configure the Secondary Host
On Server2, install BIND and enable it:
# yum install bind bind-utils# systemctl enable namedEdit
/etc/named.conflike on Server1:Add the local IP to the listen-on line:
listen-on port 53 { 127.0.0.1; 10.0.1.11;};Limit queries to the local subnet:
allow-query { localhost; 10.0.1.0/24; };Disable recursion:
recursion no;Add forward and reverse (slave) zones above the includes at the bottom:
zone "example.com" IN { type slave; file "/slaves/example.com.fwd"; masters { 10.0.1.10; }; }; zone "1.0.10.in-addr.arpa" IN { type slave; file "/slaves/example.com.rev"; masters { 10.0.1.10; }; };- Start BIND on the Secondary Host
Verify the configuration:
# named-checkconf /etc/named.confAnd start BIND:
# systemctl start namedBe sure to watch for any errors. You can look in
/var/log/messagesfor more details.
If your configuration is sane, BIND should be running and can be verified with:# dig @localhost server1.example.comEnable DNS traffic through the firewall
# firewall-cmd --permanent --add-service=dns && firewall-cmd --reload- Configure the Client to Use the Secondary DNS Host (10.0.1.11) for DNS
Install NetworkManager and start the service:
# yum install NetworkManager# systemctl enable NetworkManager && systemctl start NetworkManagerConfigure the interface to be static, then assign the secondary host IP as the DNS, and the DNS search to be
example.com:# nmcli con mod System ens5 ipv4.method manual ipv4.addresses 10.0.1.12/24 ipv4.gateway 10.0.1.1 ipv4.dns 10.0.1.11 ipv4.dns-search example.comRemove the
ec2.internalsearch domain from/etc/resolv.conf:# sed -i '/ec2.internal/d' /etc/resolv.confRestart networking to pickup the configuration change:
# systemctl restart networkVerify that it works with
dig:# dig server1.example.com
