If you can see this check that

next section prev section up prev page next page

DNS and Named


DNS named

User:
Password:

This tutorial in concerned with the setting up of your own DNS server using "named". It is for Centos 7. Other distributions may need a different setup.

Question 1: Basic Setup

Each DNS server needs its own particular setup when working in each particular environment. In LinuxZoo, all DNS traffic is intercepted for security reasons by the gateway server and handled via a proxy. You must update the named configuration to take this into account.

Configure the /etc/named.conf file with the new options (so put this in the "options {...} area of the file) of

        forwarders { 10.200.0.1; };
        forward only;

Tests - not attempted
FORWARDERS seems to be in /etc/named.conf UNTESTED
FORWARD ONLY seems to be in /etc/named.conf UNTESTED

Question 2: See it working

Start up the NAMED service (named.service) and check that it works. If you have been playing with the firewall configuration you will need to reset the firewall settings to the defaults. do that with:

systemctl restart iptables

To start NAMED run "systemctl start named.service". Note this make take quite a few seconds, especially the first time, as it rebuilds its root cache. You have to reload or restart this service when you make a configuration change remember. The easiest way to check that the service and config files work is:

dig localhost @localhost

If it responds then your server is up. It should indicate that the SERVER was 127.0.0.1 (or perhaps ::1 if localhost is considered an IPv6 address) and that localhost an A record of 127.0.0.1.

Tests - not attempted
Service Running UNTESTED

Question 3: New Zone

Create a brand new forward zone for domain "sillynet.net" in the named configuration directory /var/named/.

To create a new zonefile, go to /var/named and copy named.localhost to sillynet.zone (and make sure the "named" user can read the file). In this new sillynet.zone file, remove any "A" or "AAAA" lines. It should initially look something like this:

$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
The SOA and NS records are fine the way they are, and do not need to be changed. Add this file, along with its zone information, to the configuration file /etc/named.conf. Do not delete or mangle other information in named.conf. Keep the "." zone!

By editing the sillynet.zone file, this new zone should provide:

sillynet.net -> IP address 12.0.0.20
www.sillynet.net -> IP address 12.0.0.30
Hints. It is a master type. The zone file must be readable by the user "named". Remember to use "service named reload" when you change the config file. If you reload and it does not work, what does "systemctl -l status named.service" tell you?

Tests - not attempted
sillynet.zone seems ok in named.conf UNTESTED
sillynet.zone seems like a master zone in named.conf UNTESTED
sillynet.zone has ZONE record in named.conf UNTESTED
sillynet.zone has A record for .20 UNTESTED
sillynet.zone permissions ok UNTESTED
sillynet.zone has A record for .30 UNTESTED
Check sillynet.net resolves UNTESTED
Check www.sillynet.net resolves UNTESTED

Question 4: New Zone

Now you need to build a reverse zone for sillynet.zone, mapping the 12.0.0.0/24 range to these 2 new names created in the previous question. What is the zone name in in-addr.arpa format for such a zone?

Zone name:

Tests - not attempted
arpa name is correct UNTESTED

Now build a reverse zone for sillynet.zone, mapping the 12.0.0.0/24 range to these 2 new forward names created in the earlier question. Put their definitions into a file called "sillynet.rev".

The easiest way to create the initial format for sillynet.rev is to copy from "named.loopback". If you do use this file as your template, then remove the PTR and A and AAAA records from sillynet.rev before you start. Leave the other stuff as is. It should look something like this:

$TTL 1D
@       IN SOA  sillynet.net. rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      sillynet.net.

In answering this question, update this new reverse zone file to produce:

12.0.0.20 -> sillynet.net
12.0.0.30 -> www.sillynet.net
A nameserver definition for the zone of sillynet.net.

Hints. Remember to have a zone in named.conf. Dots are important. Can the named user read the new file? Any errors in /var/log/messages?

Tests - not attempted
sillynet.rev has PTR record for .20 UNTESTED
sillynet.zone has PTR record for .30 UNTESTED
sillynet.rev has ZONE record in named.conf UNTESTED
sillynet.rev permissions ok UNTESTED
Check reverse sillynet.net resolves UNTESTED
Check reverse www.sillynet.net resolves UNTESTED

Use dig to verify the reverse lookup is operating normally. Use "dig" with the "-x" flag, to query the reverse zone for 12.0.0.30. Make sure you send this query to your own DNS server "@localhost".

In response to this dig, what is IP number returned in the A resource record information returned within the ";; ADDITIONAL SECTION" glue records?

Tests - not attempted
Glue A record IP UNTESTED

Question 5: Advanced Zone

Create a brand new forward zone for domain "advanced.com". For this create a new forward zone file "advanced.zone" (copy named.localhost as a starting point), and a new reverse zone file "advanced.rev" (copy "named.loopback" as a starting point). Add both forward and reverse zones, along with the zone information, to the configuration file /etc/named.conf. The zone will use the 172.16.1.0/24 network, so in the named.conf file the reverse zone will be "1.16.172.in-addr.arpa".

This zone should give:

advanced.com     -> IP address 172.16.1.1
                 -> MX record mail.advanced.com, priority 10
                 -> MX record mail.offsite.com, priority 20
www.advanced.com -> IP address 172.16.1.10,
                               172.16.1.11,
                               172.16.1.12 using a round-robin selection.
mail.advanced.com -> IP address 172.16.1.1

172.16.1.1 -> advanced.com
172.16.1.10 -> www.advanced.com
172.16.1.11 -> www.advanced.com
172.16.1.12 -> www.advanced.com
A nameserver definition for the reverse zone of advanced.com.

Set the responsible person email in both SOA records to me@advanced.com.

Tests - not attempted
forward zone record in named.conf UNTESTED
reverse zone record in named.conf UNTESTED
forward zone file has A record for advanced.com UNTESTED
forward zone file mentions .10, .11, and .12 UNTESTED
reverse zone file mentions .1, .10, .11, and .12 UNTESTED
MX records in file are present UNTESTED
PTR record count seems ok UNTESTED
SOA rev email ok UNTESTED
SOA forward email ok UNTESTED
forward file permissions ok UNTESTED
reverse file permissions ok UNTESTED
Check advanced.com resolves UNTESTED
Check www.advanced.com has all A records UNTESTED
Check reverse advanced.com resolves UNTESTED
Check reverse www.advanced.com resolves UNTESTED
Check MX for advanced.com UNTESTED


Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net fwall DNS diag Apache1 Apache2
Caine 6.0: Essentials | Basic | Search | SysIntro | 5a | 5b | 5c | 6 | 7 | 8a | 8b | WebBrowserA | WebBrowserB | Registry | Browser
Digital Investigation: Editing | Email | Logs | Strength
Kali: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7a | 8a | 8b | 9 | 10 |
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions
Site Links:XMLZoo ActiveSQL ProgZoo SQLZoo

Copyright @ 2004-2014 Gordon Russell. All rights reserved.