banner
云野阁

云野阁

闲云野鹤,八方逍遥
HomeArchives关于

Setting up a DNS server

#Linux运维#DNS62
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
To set up a DNS server using BIND9 on a Linux system, follow these steps: 1. **Install BIND9**: Use the command `yum install -y bind bind-utils`. 2. **Start the Service**: Run `systemctl start named`. 3. **Check Service Status**: Use `systemctl status named`. 4. **Enable Autostart**: Configure the service to start on boot with `systemctl enable named`. 5. **Configure named.conf**: Modify `/etc/named.conf` to set DNS log paths and allow queries from specific IP ranges. 6. **Set Up DNS Zones**: Edit `/etc/named.rfc1912.zones` to define DNS zones, including localhost and custom domain "elk.com". 7. **Create Zone Data File**: Define DNS records for "elk.com" in `/var/named/elk.com.zone`. 8. **Set Permissions and Firewall**: Create a log directory, set permissions, and configure the firewall to allow DNS service. 9. **Update DNS Settings**: Change the DNS server to "10.10.2.103" using `nmtui` and restart the network. 10. **Verify Configuration**: Test the DNS setup by pinging external and internal domains. Make sure to restart the named service and network manager after making changes to ensure they take effect.

Server Side#

(1) Install bind9 online

yum install -y bind bind-utils

(2) Start the service

systemctl start named

(3) Check the service status

systemctl status named

(4) Configure the service to start on boot

systemctl enable named

(5) Modify the named service configuration file to set the DNS log path

vi /etc/named.conf
-------------------named.conf-------------------
options {
        // Accept DNS requests from any network interface
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        // Allowed IP range for access
        allow-query     { 10.10.0.0/16; };

# Some prompt information omitted for formatting convenience
};
logging {
    //    channel default_debug {
    //            file "data/named.run";
    //            severity dynamic;
    //    };
        
        channel named_log {
                // Specify the path of the log file, set the log file version limit to 5, with a maximum size of 50m for each file
                file "/var/log/dns/named.log" versions 5 size 50m;
                // Use ISO 8601 standard for log entry time format
                print-time iso8601;
                // Print the category of log entries
                print-category yes;
               // Print the severity of log entries
                print-severity yes;
                severity info;
        };
        // Define multiple log entry categories
        category default   { named_log; };
        category general   { named_log; };
        category config   { named_log; };
        category client   { named_log; };
        category network   { named_log; };
        category notify   { named_log; };
        category queries   { named_log; };
        category update   { named_log; };
        category query-errors  { named_log; };
        category resolver   { named_log; };
        category xfer-in   { named_log; };
        category xfer-out   { named_log; };
        category dnssec   { named_log; };
};
# Some prompt information omitted for formatting convenience
-------------------named.conf-------------------

(6) Configure DNS zones to complete the setup of the DNS server

vi /etc/named.rfc1912.zones
-------------------named.rfc1912.zones-------------------
// If private ranges should be forwarded, add
// disable-empty-zone "."; into options
//

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};
// Custom domain zone and DNS record set
zone "elk.com" IN {
        type master;
        file "/var/named/elk.com.zone";
        allow-update { none; };
};
-----------------------------------------------

(7) Create the zone data file for "elk.com" and define the DNS server's domain as “dns.elk.com” and the client's domain as “test.elk.com”.

# Create the zone data file for "elk.com"
vi /var/named/elk.com.zone
# Define the DNS server and client domains
-------------------named.rfc1912.zones-------------------
$TTL 1D
@       IN SOA  dns.elk.com. admin.elk.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@   IN  NS      dns.elk.com.
dns     IN      A   10.10.2.103
test    IN      A   10.10.2.113
-------------------------------------------------------

(8) Set log service permissions, configure the firewall, and restart the service to apply the configuration

# Create a directory to store logs and set permissions
mkdir /var/log/dns
chmod -R 777 /var/log/dns/
# Configure DNS service access policy to allow normal access
firewall-cmd --permanent --add-service=dns
# Reload the firewall policy
firewall-cmd --reload
# Restart the named service to apply the configuration
 systemctl restart named

(9) Change the DNS to “10.10.2.103” and restart the network to apply.

# Use nmtui to manage network connections
nmtui

Select “Edit Connections”, press Enter, choose the network card “ens32”, and in the “Edit Connections” interface, change the DNS server to “10.10.2.103”, save and exit.

After saving and exiting, restart the network to apply the DNS server configuration.

systemctl restart NetworkManager

(10) Verify if the DNS server is configured successfully.

ping www.baidu.com
ping dns.elk.com
ping test.elk.com

Client Side#

Change the DNS configuration to “10.10.2.103”, refer to “(9)” in “Step 1: Virtual Machine Planning” for specific steps.

After restarting the network, verify if the DNS configuration is effective.

ping www.baidu.com
ping dns.elk.com
ping test.elk.com
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.