Skip to main content

Configuring and Deploying DNS servers (primary, secondary, root and cache on centos 6.5) - Part 3 - Root and Cache

Configuration on Root DNS Server:

The root zone maintains information regarding top-level domains. Root-zone servers for internet top-level domains are already deployed. With this you can create your own internet naming scheme, which is usually done in intranets who have their own top-level domains
  • Install bind packages
    • yum install bind bind-utils bind-chroot bind-libs
  • Edit named.conf
    • vi /etc/named.conf
listen-on port 53 { 192.168.12.4; }; //change this to your ip address
*remove the allow-query line
*optional remove recursion line

 zone "." IN {
        type master;
        file "root.net";
      };



  • Create and edit root.net
    • vi /var/named/root.net
 $TTL 86400
@    IN    SOA    root.msm.net.    admin.root.msm.net. (
            535 ; serial
            3H ; refresh
            15M ; retry
            1W ; expiry
            1D ) ; minimum
@                IN    NS    root.msm.net.
root.msm.net.    999999        IN    A    192.168.12.4 //root servers ip and fqdn
msm.net.            IN    NS    ns.msm.net. //primary server's fqdn and zone name
12.168.192.in-addr.arpa        IN    NS     ns.msm.net. // reverse zone named and fqdn of primary dns server
ns.msm.net.            IN    A    192.168.12.2 //fqdn and ip of primary dns server, you can also add similar entries for secondary dns below



  • Open Firwalls
    • iptables -I INPUT -p tcp --dport 53 -j ACCEPT
    • iptables -I INPUT -p udp --dport 53 -j ACCEPT 
  •  edit resolv.conf
    • vi /etc/resolv.conf
search msm.net
nameserver 192.168.12.4 //resolve to its own ip address just to check if server is functioning



  • Start named daemon
    • service named start
  • Query some records that are stored in primary server's database
    • nslookup
      • cache.msm.net 

 Configuration on Cache DNS server:

when DNS(bind named) is installed, by default it configures the machine as a caching server. All we have to do is change the file-name in named.conf and create a file accordingly to point towards our own root DNS server.

  • Install bind packages
    • yum install bind bind-utils bind-chroot bind-libs 
  •  Edit named.conf
    • vi /etc/named.conf

listen-on port 53 { 192.168.12.5; }; //change this to your ip address
*Remove the allow-query line
*Remove dnssec-lookaside auto;
*DON'T remove the recursion line. Of all the servers, this is the only one that must do recursion

 zone "." IN {
        type hint;
        file "file.ca";
      };


*Remove include "/etc/named.root.key";

  • Create and edit file.ca
    • vi /var/named/file.ca
  .        999999    IN    NS    root.msm.net. \\fqdn of root dns server
root.msm.net.    999999        A    192.168.12.4 \\fqdn and ip address of root dns server


  • Open Firwalls
    • iptables -I INPUT -p tcp --dport 53 -j ACCEPT
    • iptables -I INPUT -p udp --dport 53 -j ACCEPT 
  •  edit resolv.conf
    • vi /etc/resolv.conf
search msm.net
nameserver 192.168.12.5 //resolve to its own ip address


  • Start named daemon
    • service named start
  • Query some records that are stored in primary server's database
    • nslookup
      • cache.msm.net
 If this is successful then change the /etc/resolv.conf in all the DNS servers to point to caching server IP address to reduce the load on Primary/Secondary and distribute it towards cache.

Prefer a Video Walkthrough?



Check this wiki page for more information on what's being done
http://en.wikipedia.org/wiki/Alternative_DNS_root

 That's all folks.
 Enjoy.

Comments

Popular posts from this blog

ASUS RT N16 + OpenWRT + nodogsplash = WiFi Hotspot (For beginners)

1.Make sure you are directly connected to the router through a cable ·Take an ethernet cable from your ASUS modem and plug it into your pc/laptop
2.Now access your modem by going into the browser and typing: 192.168.1.1 ·Go to administration tab and click on Firmware upgrade/update NOTE: Please use internet explorer for all of these configurations. There are some issues reported in other browsers. 3.You will have to load a DD-WRT basic image first to load the openWRT image. You cannot directly load openWRT image for some reason I dont know of ·Download the image by clicking on the link: www.dd-wrt.com/routerdb/de/download/Asus/RT-N16/-/dd-wrt.v24-14896_NEWD-2_K2.6_mini_RT-N16.trx/3763
4.Once the image is downloaded just click on browse on the ASUS firmware upgrade page and browse to the DDWRT image and upload it
5.

How to Install GTK-RecordMyDesktop on RHEL 7 (best screen recording software imo)

If you want to record your screen to make tutorials or something else, GTK-recordmydesktop is capable of doing it. Most of the screen-recording programs that I have come across requires you to record your audio separately, however this software is also capable of recording audio without any extra step. It can also work with JACK audio server.

PART 1 - Install EPL repository for RHEL 7:
Open a terminalInstall epel using the following command: yum -y install epel-release.Refresh repo by typing the following commad: yum repolist.PART 2 - Install GTK-RecordMyDesktop: yum install gtk-recordmydesktop That's it, it should work right away. If it doesn't, it is possible that you might be missing some codecs as I installed them from nux and epel repos earlier.

Create isolated network on Virtual Machine Manager - Centos 6.5

Since most of the Linux administration practice is done in a virtual environment, I thought I should create a video about it, as I am aware that some students at my college struggle with it in their labs. Please let me know if I missed anything or did not explain anything clearly.

Thanks,