Thursday 20 February 2014

Configuring and Deploying DNS servers (primary, secondary, root and cache on centos 6.5) - Part 3 - Root and Cache

Configuration on Root DNS Server:

The root zone maintains information regarding top-level domains. Root-zone servers for internet top-level domains are already deployed. With this you can create your own internet naming scheme, which is usually done in intranets who have their own top-level domains
  • Install bind packages
    • yum install bind bind-utils bind-chroot bind-libs
  • Edit named.conf
    • vi /etc/named.conf
listen-on port 53 { 192.168.12.4; }; //change this to your ip address
*remove the allow-query line
*optional remove recursion line

 zone "." IN {
        type master;
        file "root.net";
      };



  • Create and edit root.net
    • vi /var/named/root.net
 $TTL 86400
@    IN    SOA    root.msm.net.    admin.root.msm.net. (
            535 ; serial
            3H ; refresh
            15M ; retry
            1W ; expiry
            1D ) ; minimum
@                IN    NS    root.msm.net.
root.msm.net.    999999        IN    A    192.168.12.4 //root servers ip and fqdn
msm.net.            IN    NS    ns.msm.net. //primary server's fqdn and zone name
12.168.192.in-addr.arpa        IN    NS     ns.msm.net. // reverse zone named and fqdn of primary dns server
ns.msm.net.            IN    A    192.168.12.2 //fqdn and ip of primary dns server, you can also add similar entries for secondary dns below



  • Open Firwalls
    • iptables -I INPUT -p tcp --dport 53 -j ACCEPT
    • iptables -I INPUT -p udp --dport 53 -j ACCEPT 
  •  edit resolv.conf
    • vi /etc/resolv.conf
search msm.net
nameserver 192.168.12.4 //resolve to its own ip address just to check if server is functioning



  • Start named daemon
    • service named start
  • Query some records that are stored in primary server's database
    • nslookup
      • cache.msm.net 

 Configuration on Cache DNS server:

when DNS(bind named) is installed, by default it configures the machine as a caching server. All we have to do is change the file-name in named.conf and create a file accordingly to point towards our own root DNS server.

  • Install bind packages
    • yum install bind bind-utils bind-chroot bind-libs 
  •  Edit named.conf
    • vi /etc/named.conf

listen-on port 53 { 192.168.12.5; }; //change this to your ip address
*Remove the allow-query line
*Remove dnssec-lookaside auto;
*DON'T remove the recursion line. Of all the servers, this is the only one that must do recursion

 zone "." IN {
        type hint;
        file "file.ca";
      };


*Remove include "/etc/named.root.key";

  • Create and edit file.ca
    • vi /var/named/file.ca
  .        999999    IN    NS    root.msm.net. \\fqdn of root dns server
root.msm.net.    999999        A    192.168.12.4 \\fqdn and ip address of root dns server


  • Open Firwalls
    • iptables -I INPUT -p tcp --dport 53 -j ACCEPT
    • iptables -I INPUT -p udp --dport 53 -j ACCEPT 
  •  edit resolv.conf
    • vi /etc/resolv.conf
search msm.net
nameserver 192.168.12.5 //resolve to its own ip address


  • Start named daemon
    • service named start
  • Query some records that are stored in primary server's database
    • nslookup
      • cache.msm.net
 If this is successful then change the /etc/resolv.conf in all the DNS servers to point to caching server IP address to reduce the load on Primary/Secondary and distribute it towards cache.

Prefer a Video Walkthrough?



Check this wiki page for more information on what's being done
http://en.wikipedia.org/wiki/Alternative_DNS_root

 That's all folks.
 Enjoy.

No comments:

Post a Comment

Virtual Machine doesn't start, stuck at "PCI2.10 PnP PMM"

Another day another problem, I was setting up a lab environment, after creating a Virtual Machine using Virtual Machine Manager, My machine ...