28 September 2018

Creating Master And Slave DNS Server.

DNS Sep 24 2018
*Domain Name Server*

1) Requirements:
Master DNS Server  -- main.gurukul.com   -- 192.168.100.50
Slave DNS Server   -- submain.gurukul.com     -- 192.168.100.51
Client Machine     -- rhcsa.gurukul.com      -- 192.168.100.53

2) Installation:

Installation of Bind packages on CentOS7 with below command.

#yum install bind bind-utils

Packages installation on Master and Salve DNS servers are same, so above yum install command will work for both DNS 
Servers. bind and bind-utils are main packages required to work for DNS bind configuration. Below packages installed on
my DNS machine.

3) Configure Master DNS:

I hope you know how to configure Single DNS Server, In our earlier post we configured Single DNS machine. Now for 
Master DNS Server. we need to edit named.conf file again with some other derivatives.

#vim /etc/named.conf

Change the below things:

options {
        listen-on port 53 { 127.0.0.1; 192.168.100.50; };
#listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.100.51; 192.168.100.50; localhost; };

};
Zone    "gurukul.com" IN {
        type master;
        file "gurukul.com.zone";
        also-notify { 192.168.100.51; };
        allow-transfer { 192.168.100.51; };
};

Zone    "100.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.100.zone";
        also-notify {192.168.100.51;};
        allow-transfer {192.168.100.51;};
        };

:wq!
listen-on port 53: This derivatives used for every DNS server and important as it would mentioned on which Internet protocol address (IP address) DNS service should listen on machine.
Allow-query: Which host could allow to Query this DNS server, This derivative could used in every DNS machines. In Master DNS for security purpose i only used localhost, own IP and Slave DNS server IP address. Any other then this can’t query Master DNS server. This way we can isolate Master DNS server from any attack with LAN.
Also-notify: This derivative is only relevant for Master DNS Server. It define Slave DNS IP address to notify them when Master zone file is reloaded.
Allow-transfer: This derivative is only relevant for both Master or Slave DNS Server, this allow defied IP address to allow zone transfer (copy). We can use this globally or zone specific. The Default behaviour is to allow zone transfer towards any host, but more friendly and un-secure. It always suggested to enable transfer towards your slave DNS Server.
Now we have to build our zones file as we mentioned in named.conf above. So first work on forward lookup zone file.


4) Creating Forward lookup Zone:
#vim / var/named/gurukul.com.zone
Enter the below things:
$TTL 86400
@ IN SOA gurukul.com. root.gurukul.com. (
2017092101 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS main.gurukul.com.
IN NS submain.gurukul.com.
main.gurukul.com. IN A 192.168.100.50
submain.gurukul.com. IN A 192.168.100.51
rhcsa.gurukul.com. IN A 192.168.100.53
:wq!

5) Creating Reverse lookup zone:
Enter the below things:


$TTL 86400
@ IN SOA gurukul.com. root.gurukul.com. (
2017092101 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
NS main.gurukul.com.
NS submain.gurukul.com.
50 IN PTR main.gurukul.com.
51 IN PTR submain.gurukul.com.
53 IN PTR rhcsa.gurukul.com.
:wq!


6) #firewall-cmd –-permanent –add-service=dns
7) #firewall-cmd --reload
8) #systemctl restart named
9) #systemctl enable named


Configuring Slave DNS Serve



Installation part of Slave DNS Server is same as of Master DNS Server. Packages required and installation method is same as of Master DNS Server.
To configure Slave DNS Server, it need to edit named.conf file of Slave DNS Server and start named service its should transfer zones file automatically. Let’s start editing named.conf for Slave DNS Server. Below is named.conf of Slave DNS Server.
1) #vim /etc/named.conf

Change the below things:

options {
        listen-on port 53 { 127.0.0.1; 192.168.100.51; };
#listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.100.0/24; 127.0.0.1; };

Zone    "gurukul.com" IN {
        type slave;
        masters { 192.168.100.50; };
        file "slaves/db.gurukul.com.zone";
};
Zone    "100.168.192.in-addr.arpa" IN {
        type slave;
        masters { 192.168.100.50; };
        file "slaves/db.192.168.100.zone";
        };
:wq!

In this named.conf, we have some different derivatives than Master DNS. Let study them below.

Allow-query:    { 192.168.100.0/24; };
allow-query: This derivative used to query a complete subnet in comparison of Master where we only query for few Host for 
security purpose.

type slave;
type: This denote as slave as it used to mention slave zone file

masters {192.168.100.50;};
masters: This derivative is only relevant to Slave DNS as it defines Master DNS IP address of particular zone.

Now we need to start named service, this will transfer zone file from Master towards Slave DNS Server.
2) #firewall-cmd –-permanent –add-service=dns
3) #firewall-cmd --reload
4) #systemctl restart named
5) #systemctl enable named
6) Now go to cd /var/named/slaves/
#ls
here you will be found 2 files named: 
db.gurukul.com.zone
db.192.168.100.zone
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)