Saturday, September 12, 2015

BIND Example for a Local Network with CentOS 7

Steps to setup a DNS server with BIND on CentOS 7. These steps assume you already have a CentOS 7 server up-and-running. Other notes about this example:
  • Targetting for a 192.168.1.0/24 network.
  • DNS server is 192.168.1.3.
  • IPv4 example only.
Feel free to adjust as desired.



Install required modules:
sudo yum install bind bind-utils
Prepare directory to store your DNS zone information:
sudo chmod 755 /etc/named
sudo mkdir /etc/named/zones
Edit BIND's root configuration:
sudo vi /etc/named.conf
 With the following adjustments:
...
options {
        listen-on port 53 { 127.0.0.1; 192.168.1.3; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.1.0/24; } 
...
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.inside";
Create your new custom named configuration file:
sudo vi /etc/named/named.conf.inside
 Set the following contents:
zone "dns" {
    type master;
    file "/etc/named/zones/db.inside";
};
zone "1.168.192.in-addr.arpa" IN {
    type master;
    file "/etc/named/zones/db.1.168.192";
};
Create your inside zone file:
sudo vi /etc/named/zones/db.inside
Set the following contents and add your custom domains:
$TTL  864000
@   N  SOA  dns.inside. root.inside (
        3       ; Serial
        864000  ; Refresh
        86400   ; Retry
        2592000 ; Expire
        864000  ; Negative Cache TTL
)
; Name servers (NS).
@             IN  NS dns.inside.

; Local servers.
dns.inside.   IN  A  192.168.1.3
test1.inside. IN  A  192.168.1.10
test2.inside. IN  A  192.168.1.11
Create your inside reverse zone file:
sudo vi /etc/named/zones/db.1.168.192
Set the following contents (adjust accordingly based on settings set in your db.inside file):
$TTL  864000
@   N  SOA  dns.inside. root.inside (
        3       ; Serial
        864000  ; Refresh
        86400   ; Retry
        2592000 ; Expire
        864000  ; Negative Cache TTL
)

; Name servers (NS).
@          NS dns.inside.

; Local servers.
   IN  PTR  dns.inside.
10   IN  PTR  test1.inside.
11   IN  PTR  test2.inside.
 Configure BIND for IPv4 only by opening the following file:
sudo vi /etc/sysconfig/named
And adding the following line at the bottom:
OPTIONS="-4"
Allow DNS through your local firewall:
sudo firewall-cmd --zone=public --add-service=dns --permanent
sudo firewall-cmd --reload
 Restart BIND:
sudo systemctl restart named
(optional) Troubleshoot by invoking the following:
sudo tail -f /var/log/messages
Test by invoking the any of the following commands:
dig dns.inside @192.168.1.3 
nslookup dns.inside 192.168.1.3