Setting Up DNS Server On CentOS 7 | Unixmen

1 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

DNS, stands for Domain Name System, translates hostnames or URLs into IP addresses. F
example, if we type www.unixmen.com in browser, the DNS server translates the doma
name into its associated ip address. Since the IP addresses are hard to remember all time, D
servers are used to translate the hostnames like www.unixmen.com to 173.xxx.xx.xxx. So
makes easy to remember the domain names instead of its IP address.
This detailed tutorial will help you to set up a local DNS server on your CentOS 7 syste
However, the steps are applicable for setting up DNS server on RHEL and Scientific Linux 7 too.

For the purpose of this tutorial, I will be using three nodes. One will be acting as Master D
server, the second system will be acting as Secondary DNS, and the third will be our DNS clie
Here are my three systems details.

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

2 de 16

Operating System

: CentOS 7 minimal server

Hostname

: masterdns.unixmen.local

IP Address

: 192.168.1.101/24

Operating System

: CentOS 7 minimal server

Hostname

: secondarydns.unixmen.local

IP Address

: 192.168.1.102/24

Operating System

: CentOS 6.5 Desktop

Hostname

: client.unixmen.local

IP Address

: 192.168.1.103/24

https://www.unixmen.com/setting-dns-server-centos-7/

Install bind9 packages on your server.

yum install bind bind-utils -y

Edit /etc/named.conf file.

vi /etc/named.conf
Add the lines as shown in bold:

//
// named.conf
//

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

3 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1; 192.168.1.101;}; ### Master DNS IP ###
#

listen-on-v6 port 53 { ::1; };

directory

"/var/named";

dump-file

"/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query

{ localhost; 192.168.1.0/24;}; ### IP Range ###

allow-transfer{ localhost; 192.168.1.102; };

### Slave DNS IP ###

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable
access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

4 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "unixmen.local" IN {
type master;
file "forward.unixmen";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Create forward and reverse zone files which we mentioned in the /etc/named.conf file.

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

5 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

Create forward.unixmen file in the /var/named directory.

vi /var/named/forward.unixmen
Add the following lines:

$TTL 86400
@

IN

SOA

masterdns.unixmen.local. root.unixmen.local. (

2011071001

;Serial

3600

;Refresh

1800

;Retry

604800

;Expire

86400

;Minimum TTL

)
@

IN

NS

masterdns.unixmen.local.

IN

NS

secondarydns.unixmen.local.

IN

192.168.1.101

IN

192.168.1.102

IN

192.168.1.103

masterdns

IN

192.168.1.101

secondarydns

IN

192.168.1.102

client

IN

192.168.1.103

Create reverse.unixmen file in the /var/named directory.

vi /var/named/reverse.unixmen
Add the following lines:

$TTL 86400
@

IN

SOA

masterdns.unixmen.local. root.unixmen.local. (

2011071001

;Serial

3600

;Refresh

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

6 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

1800

;Retry

604800

;Expire

86400

;Minimum TTL

)
@

IN

NS

masterdns.unixmen.local.

IN

NS

secondarydns.unixmen.local.

IN

PTR

unixmen.local.

masterdns

IN

192.168.1.101

secondarydns

IN

192.168.1.102

client

IN

192.168.1.103

101

IN

PTR

masterdns.unixmen.local.

102

IN

PTR

secondarydns.unixmen.local.

103

IN

PTR

client.unixmen.local.

Enable and start DNS service:

systemctl enable named

systemctl start named

We must allow the DNS service default port 53 through firewall.

firewall-cmd --permanent --add-port=53/tcp

firewall-cmd --permanent --add-port=53/udp

firewall-cmd --reload

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

7 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

Run the following commands one by one:

chgrp named -R /var/named

chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

Check DNS default configuration file:

named-checkconf /etc/named.conf
If it returns nothing, your configuration file is valid.
Check Forward zone:

named-checkzone unixmen.local /var/named/forward.unixmen

Sample output:

zone unixmen.local/IN: loaded serial 2011071001

OK
Check reverse zone:

named-checkzone unixmen.local /var/named/reverse.unixmen

Sample Output:

zone unixmen.local/IN: loaded serial 2011071001

OK
Add the DNS Server details in your network interface config file.

vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

8 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.101"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS="192.168.1.101"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,

vi /etc/resolv.conf
Add the name server ip address:

nameserver

192.168.1.101

Save and close the file.

Restart network service:

systemctl restart network

dig masterdns.unixmen.local

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

9 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

Sample Output:

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.unixmen.local.

IN

;; ANSWER SECTION:
masterdns.unixmen.local. 86400

IN

192.168.1.101

;; AUTHORITY SECTION:
unixmen.local.

86400

IN

NS

secondarydns.unixmen.local.

unixmen.local.

86400

IN

NS

masterdns.unixmen.local.

;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 IN

192.168.1.102

;; Query time: 0 msec

;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Wed Aug 20 16:20:46 IST 2014
;; MSG SIZE

rcvd: 125

nslookup unixmen.local
Sample Output:

Server:
Address:

Name:

192.168.1.101
192.168.1.101#53

unixmen.local

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

10 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

Address: 192.168.1.103
Name:

unixmen.local

Address: 192.168.1.101
Name:

unixmen.local

Address: 192.168.1.102
Now the Primary DNS server is ready to use.
It is time to configure our Secondary DNS server.

Install bind packages using the following command:

yum install bind bind-utils -y

Edit file /etc/named.conf:

vi /etc/named.conf
Make the changes as shown in bold.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

11 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query

{ localhost; 192.168.1.0/24; };

.
.
.
.
zone "." IN {
type hint;
file "named.ca";
};
zone "unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.101; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.101; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

systemctl enable named

systemctl start named
Now the forward and reverse zones are automatically replicated from Master DNS server
/var/named/slaves/ in Secondary DNS server.

ls /var/named/slaves/
Sample Output:

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

12 de 16

unixmen.fwd

https://www.unixmen.com/setting-dns-server-centos-7/

unixmen.rev

Add the DNS Server details in your network interface config file.

vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.102"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS1="192.168.1.101"
DNS2="192.168.1.102"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,

vi /etc/resolv.conf
Add the name server ip address:

nameserver

192.168.1.101

nameserver

192.168.1.102

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

13 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

Save and close the file.

Restart network service:

systemctl restart network

We must allow the DNS service default port 53 through firewall.

firewall-cmd --permanent --add-port=53/tcp

firewall-cmd --reload

chgrp named -R /var/named

chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

dig masterdns.unixmen.local
Sample Output:

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18204
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

14 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.unixmen.local.

IN

;; ANSWER SECTION:
masterdns.unixmen.local. 86400

IN

192.168.1.101

;; AUTHORITY SECTION:
unixmen.local.

86400

IN

NS

masterdns.unixmen.local.

unixmen.local.

86400

IN

NS

secondarydns.unixmen.local.

;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 IN

192.168.1.102

;; Query time: 0 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Wed Aug 20 17:04:30 IST 2014
;; MSG SIZE

rcvd: 125

dig secondarydns.unixmen.local
Sample Output:

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> secondarydns.unixmen.local

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60819
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;secondarydns.unixmen.local.

IN

;; ANSWER SECTION:

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

15 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

secondarydns.unixmen.local. 86400 IN

192.168.1.102

;; AUTHORITY SECTION:
unixmen.local.

86400

IN

NS

masterdns.unixmen.local.

unixmen.local.

86400

IN

NS

secondarydns.unixmen.local.

;; ADDITIONAL SECTION:
masterdns.unixmen.local. 86400

IN

192.168.1.101

;; Query time: 0 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Wed Aug 20 17:05:50 IST 2014
;; MSG SIZE

rcvd: 125

nslookup unixmen.local
Sample Output:

Server:
Address:

Name:

192.168.1.102
192.168.1.102#53

unixmen.local

Address: 192.168.1.101
Name:

unixmen.local

Address: 192.168.1.103
Name:

unixmen.local

Address: 192.168.1.102

Add the DNS server details in /etc/resolv.conf file in all client systems

vi /etc/resolv.conf

# Generated by NetworkManager

1/10/2016 15:44

Setting Up DNS Server On CentOS 7 | Unixmen

16 de 16

https://www.unixmen.com/setting-dns-server-centos-7/

search unixmen.local
nameserver 192.168.1.101
nameserver 192.168.1.102
Restart network service or reboot the system.

Now, you can test the DNS server using any one of the following commands:

dig masterdns.unixmen.local

dig secondarydns.unixmen.local

dig client.unixmen.local

nslookup unixmen.local
Thats all about now. The primary and secondary DNS servers are ready to use.
If you want to setup DNS server on Ubuntu systems, check the following link.
Setup DNS Server In Ubuntu
Cheers!
Loading...

1/10/2016 15:44