Setup Master Slave Chroot BIND DNS in CentOS 6 or Red Hat 6

Setup Master Slave DNS in CentOS 6 or Red Hat 6

In this tutorial we will learn about how to setup Master Slave DNS in CentOS 6 or Red Hat 6.
DNS is a big concept and the Internet World run on it.In this post I tried to write the how to as simple as I can.

Because we are configuring server in chroot, the all configuration file are in /var/named/chroot

Details:

Package Name : BIND Version 9.8.2

[root@localhost ~]# rpm -qa|grep bind
bind-libs-9.8.2-0.17.rc1.el6_4.4.i686
bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686
bind-9.8.2-0.17.rc1.el6_4.4.i686
[root@localhost ~]#

Operating System : Red Hat 6.4 and CentOS 6.4

Master DNS Server
= 192.168.122.9 ns1.example.com
Slave DNS Server = 192.168.122.10 ns2.example.com

IPTABLES =
Disabled
SELINUX = Disabled

Setup Master DNS server

Follow the given below steps in Master DNS Server (ns1.example.com 192.168.122.9):

Step 1: Install bind-chroot by using yum command, there are some other dependency will also install bydefault. See in below content

[root@localhost ~]# yum install bind-chroot
.
.
.
.
.
.
.
Dependencies Resolved

=======================================================================================================================
 Package                    Arch                Version                                   Repository              Size
=======================================================================================================================
Installing:
 bind-chroot                i686                32:9.8.2-0.17.rc1.el6_4.4                 updates                 71 k
Installing for dependencies:
 bind                       i686                32:9.8.2-0.17.rc1.el6_4.4                 updates                4.0 M
 bind-libs                  i686                32:9.8.2-0.17.rc1.el6_4.4                 updates                889 k
 portreserve                i686                0.0.4-9.el6                               base                    22 k

Transaction Summary
=======================================================================================================================
Install       4 Package(s)

Total download size: 4.9 M
Installed size: 9.6 M
Is this ok [y/N]: y

Step 2: After installing bind-chroot package we will get some bind docs in our system.Which we will use it in our setup .

ls -l /usr/share/doc/bind-9.8.2/

Step 3: Set the FQDN of Master DNS server

Edit the /etc/hosts file and replace the ip address and domain name with yours ipaddress and domain name

vi /etc/hosts

192.168.122.9 ns1.example.com ns1

Edit the /etc/sysconfig/network and replace HOSTNAME value

vi /etc/sysconfig/network

HOSTNAME=ns1

Restart the network service

/etc/init.d/network restart

Now check Hostname and FQDN you are getting properly.
Once logout and re-login or Restart the server

[root@ns1 named]# hostname
ns1

[root@ns1 named]# hostname -f
ns1.example.com

Edit /etc/resolv.conf file

[root@ns1 named]# vi /etc/resolv.conf 

domain example.com
search example.com
nameserver 192.168.122.9
[root@ns1 named]#

Step 3: Create a named.conf file in chroot directory

[root@ns1 named]# cp -prvf /usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones /var/named/chroot/etc/named.conf
`/usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones' -> `/var/named/chroot/etc/named.conf'
[root@ns1 named]# 

[root@ns1 named]# vi /var/named/chroot/etc/named.conf

#######remove old contents and  paste the below given contents ########

include "/etc/rndc.key";

options {
        directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named .
        forwarders {192.168.122.10; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.122.10
};


//Forward zone section for example.com

zone "example.com" IN {
        type master;
        file "example.com.forward-zone"; //forward zone files in /var/named
        allow-update { none; };
};

// Reverse Zone Section for example.com

zone "122.168.192.in-addr.arpa" IN {
        type master; // Declaring as DNS Master Server
        file "example.com.reverse-zone"; // reverse zone files in /var/named
        allow-update { none; };
};

Step 4: Create Forward Zone and Reverse zone file.

Forward Zone File:

[root@ns1 ~]# cd /var/named/chroot/var/named

[root@localhost named]# cp -prvf /usr/share/doc/bind-9.8.2/sample/var/named/named.localhost .
`/usr/share/doc/bind-9.8.2/sample/var/named/named.localhost' -> `./named.localhost'
[root@localhost named]# ls -l
total 4
-rw-r--r-- 1 named named 152 Mar 29 04:18 named.localhost
[root@ns1 named]#

[root@ns1 named]# mv named.localhost example.com.forward-zone

[root@ns1 named]# vi  example.com.forward-zone 

;comment is given by symbol ; ,hence this line is commented
; IN SOA we give Start Of Authority email id in this pattern, username.domainname.tld eg. admin.example.com
; FQDN must have period (.) sign at trailing end,see given below "IN NS ns1.example.com."

$TTL 1D
@	IN SOA	ns1.example.com sharadchhetri.example.com. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	IN	NS	ns1.example.com.
	IN	A	192.168.122.9
NS1	IN	A	192.168.122.9
www	IN	A	192.168.122.11

Reverse Zone File:

[root@ns1 ~]# cd /var/named/chroot/var/named

[root@ns1 named]# vi example.com.reverse-zone 
;Reverse Zone File for example.com
; do not forget to use period (.) at trailing end of FQDN

$TTL 1D

@       IN SOA  ns1.example.com sharadchhetri.example.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS     ns1.example.com.
9    IN PTR  ns1.example.com.
11     IN PTR  www.example.com.


Step 5: Changing ownership and group of files.

cd /var/named/chroot/var/named

chown named:named example.com.*

Step 6: Restart the named service. When you first time restart the named service,new rndc.key file will be generated and named service will take time to restart

[root@ns1 named]# /etc/init.d/named restart

Now Run the test

Use dig or host command to check if DNS server resolving the query

Note: For dig and host command , you have to install bind-utils package

yum install bind-utils 
[root@ns1 named]# host -l example.com
example.com name server ns1.example.com.
example.com has address 192.168.122.9
NS1.example.com has address 192.168.122.9
www.example.com has address 192.168.122.11
[root@ns1 named]# 

[root@ns1 named]# dig example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 642
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		86400	IN	A	192.168.122.9

;; AUTHORITY SECTION:
example.com.		86400	IN	NS	ns1.example.com.

;; ADDITIONAL SECTION:
ns1.example.com.	86400	IN	A	192.168.122.9

;; Query time: 0 msec
;; SERVER: 192.168.56.101#53(192.168.122.9)
;; WHEN: Fri Jul 19 21:18:07 2013
;; MSG SIZE  rcvd: 79

[root@ns1 named]#

Setup Slave DNS Server

Follow the given below steps in slave DNS server (192.168.122.10 ns2.example.com)

Step 7: Install bind-chroot and bind-utils package

yum install bind-chroot bind-utils 

Step 8: Configure FQDN or hostname

Edit the /etc/hosts file and replace the ip address and domain name with yours ipaddress and domain name

vi /etc/hosts

192.168.122.10 ns2.example.com ns2

Edit the /etc/sysconfig/network and replace HOSTNAME value

vi /etc/sysconfig/network

HOSTNAME=ns2

Restart the network service

/etc/init.d/network restart

Now check Hostname and FQDN you are getting properly.
Once logout and relogin or Restart the server

[root@localhost named]# hostname
ns2

[root@localhost named]# hostname -f
ns2.example.com

Edit /etc/resolv.conf file

[root@localhost named]# vi /etc/resolv.conf 

domain example.com
search example.com
nameserver 192.168.122.9
nameserver 192.168.122.10

Step 9: Create named.conf file in /var/named/chroot/etc

[root@ns2 ~]# vi /var/named/chroot/etc/named.conf 

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package 
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

####### New line Addition ########

include "/etc/rndc.key";

options {
        directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named .
        forwarders {192.168.122.9; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.56.122.9
};


//Forward zone section for example.com

zone "example.com" IN {
        type slave;
        file "example.com.forward-zone"; //forward zone files
	  allow-transfer {192.168.122.9/32; };
	  masters {192.168.122.9; };
};

// Reverse Zone Section for example.com

zone "122.168.192.in-addr.arpa" IN {
        type slave; // Declaring as DNS Slave Server
        file "example.com.reverse-zone"; // reverse zone file
	  allow-transfer {192.168.122.9/32; };
	  masters {192.168.122.9; };
};

Step 9: Change the permission of /var/named/chroot/var/named directory.
So that when we restart the named service in ns2, bydefault all zone file will be transfer.

[root@ns2 ~]# chmod 770 /var/named/chroot/var/named

Step 10: Restart the named service

/etc/init.d/named restart

Note 1: Now check all zone files are bydefault transfered to slave DNS server

[root@ns2 ~]# ls -l /var/named/chroot/var/named/
total 40
drwxr-x--- 6 root  named 4096 Jul 18 23:23 chroot
drwxrwx--- 2 named named 4096 Mar 29 04:18 data
drwxrwx--- 2 named named 4096 Mar 29 04:18 dynamic
-rw-r--r-- 1 named named  378 Jul 20 16:58 example.com.forward-zone
-rw-r--r-- 1 named named  452 Jul 20 17:01 example.com.reverse-zone
-rw-r----- 1 root  named 1892 Feb 18  2008 named.ca
-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx--- 2 named named 4096 Mar 29 04:18 slaves
[root@ns2 ~]# 

Note 2: Whenever you do any update in master DNS server in zone files increase the serial otherwise slave will not get update from master.
After this ,restart the named service by using command /etc/init.d/named restart

For eg. see reverse zone file at serial tag .

[root@ns1 ~]# cat /var/named/chroot/var/named/example.com.reverse-zone 
$ORIGIN .
$TTL 86400	; 1 day
122.168.192.in-addr.arpa IN SOA	ns1.example.com.122.168.192.in-addr.arpa. sharadchhetri.example.com. (
				2          ; serial
				86400      ; refresh (1 day)
				3600       ; retry (1 hour)
				604800     ; expire (1 week)
				10800      ; minimum (3 hours)
				)
			NS	ns1.example.com.
			NS	ns2.example.com.
$ORIGIN 122.168.192.in-addr.arpa.
10			PTR	ns2.example.com.
11			PTR	www.example.com.
9			PTR	ns1.example.com.
[root@ns1 ~]# 

9 thoughts on “Setup Master Slave Chroot BIND DNS in CentOS 6 or Red Hat 6”

  1. Since you disabled seliux and iptables, can you just post a root account to your server? I don’t want to waste 5 minutes to get it opened.

    IPTABLES = Disabled
    SELINUX = Disabled

    Please spread the word, that is exactly what you should do once linux installed. Disable anything you could.

    Reply
  2. Thanks for this link.

    I’m very big confuse in the setup of DNS server w/chroot. I look so many tutorials online and I see different of ways of configuring named.conf file.

    still the forward and reverse zone are the same.

    hope you can inlighten up or explain details what is named.conf on each line.

    thanks for your toturials.

    Reply
    • Hello Anthony,

      Appreciate that you raised your doubts.
      BIND DNS server can be configured in Linux box with or without chroot.
      In Linux BIND service is known as named (that is why we run command, /etc/init.d/named restart)
      By default, most of the important application/service configuration files are located in /etc and they have extension .conf.
      Lets take example of BIND DNS.
      Without chroot, the configuration file i.e named.conf file exist in /etc

      First you have to understand what is chroot ?
      chroot is an environment (normally not accessible) from where we run the programs rather than designated directory(here, designated directory is /etc). It is good way to secure the program/service by running from chroot environment. The directory which is used for chroot is called chroot jail. I suggest you to read Wikipedia link

      named.conf file is main important file for named service. It has all the information related to named service.

      Read this pdf file from ISC, we follow the ISC standards . download bind pdf

      Let me know if still you have doubt and any specific term you need some clarification.
      Recommend you to read the pdf first.

      Reply
  3. Thank you very much – I went through 5 url sites till I found yours DNS configuration example.

    You have save me hours of work – I do appreciate the other lack luster sites , because the more information that was missing the more I read.

    Nice Job Sharad on these notes!!

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.