Install the bind package:
# yum install -y bind
Edit the /etc/named.conf file and change the ‘listen-on’ option from 127.0.0.1 to any:
listen-on port 53 { any; };
In the same file, change the ‘allow-query’ option from localhost to any:
allow-query { any; };
In the same file, disable the ‘dnssec-validation’ option:
dnssec-validation no;
Still in the same file, below the ‘recursion‘ option, add the two following lines (with 192.168.1.1 being the DNS IP address of your Internet provider):
forward only; forwarders { 192.168.1.1; };
After the ‘logging‘ stanza and still in the /etc/named.conf file, add the following lines (example.com is supposed to be your domain name):
zone "example.com" { type master; file "example.com.zone"; allow-update { none; }; }; zone "1.168.192.in-addr.arpa" { type master; file "example.com.revzone"; allow-update { none; }; };
Create the /var/named/example.com.zone file and insert the following lines (where gateway is your gateway to Internet, dns your DNS server, mail your mail server and client a simple client):
$TTL 86400 @ IN SOA dns.example.com. root.example.com. ( 2013092906 ; Serial 1d ; refresh 2h ; retry 4w ; expire 1h ) ; min cache IN NS dns.example.com. IN MX 10 mail.example.com. gateway IN A 192.168.1.1 dns IN A 192.168.1.5 mail IN A 192.168.1.10 client IN A 192.168.1.15
Create the /var/named/example.com.revzone file and insert the following lines:
$TTL 86400 @ IN SOA dns.example.com. root.example.com. ( 2013092902 ; Serial 1d ; refresh 2h ; retry 4w ; expire 1h ) ; min cache IN NS dns.example.com. 1 IN PTR gateway.example.com. 5 IN PTR dns.example.com. 10 IN PTR mail.example.com. 15 IN PTR client.example.com.
Check the configuration files:
# named-checkconf
Note: don’t forget to increment the serial number each time you change something in a zone file, otherwise it will not be taken into account even after restarting the named service.
Add two new rules to the firewall:
# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT # iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
Save the firewall configuration:
# service iptables save
Activate the DNS service at boot:
# chkconfig named on
Start the DNS service:
# service named start
Check the configuration:
# nslookup cnn.com 127.0.0.1 # dig @127.0.0.1 cnn.com
Leave a Reply
You must be logged in to post a comment.