LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page couldn't configure bind dns server in centos 7
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-09-2018, 05:01 AM   #1
shan2naruto
LQ Newbie
 
Registered: Jan 2018
Posts: 4

Rep: Reputation: Disabled
Unhappy couldn't configure bind dns server in centos 7

hi,
Guys my name is shanker and i'm new here and am studying linux now. Currently i'm trying to configure a bind DNS server in my centos7 virtual machine but for some reason its not working. I'm following this tutorial right now
Code:
https://www.tecmint.com/setup-master-slave-dns-server-in-centos/
here are my forward and reverse zones along with my named file details i have configured so far.

my master DNS config:
.fwd.zone file:
Code:
$TTL 1D
@	IN SOA	dns-master-local.net. root.local.net. (
					2018010700	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	;NS	@
	;A	127.0.0.1
	;AAAA	::1
;Name server's
@	IN	 NS	 dns-master-local.net.
@	IN 	 NS	 dns-slave-local.net.

;Name server hostname to ip resole
@	IN	A	10.0.2.10
@	IN 	A 	10.0.2.11
;hosts in this domain
@	IN 	A	10.0.2.15
@	IN 	A	10.0.2.16
masterdns	IN 	A	10.0.2.10
slavedns	IN	A 	10.0.2.11
node1		IN 	A	10.0.2.15
rhel		IN 	A	10.0.2.16
my .rev.zone file:

Code:
$TTL 1D
@	IN SOA	dns-master-local.com. root.dns-master-local.com (
					2018010700	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum

@ 	IN 	NS     ns1.dns-master-local.net.
@	IN	NS	ns2.dns-slave-local.net.
@	IN	PTR     local.net.

;Name server hostname to ip resolve
dns-master-local	IN 	A	10.0.2.10
dns-slave-local	IN 	A	10.0.2.11
;hosts in domain

ns1	IN 	A	10.0.2.15
ns2 	IN	A	10.0.2.16
10	IN 	PTR 	dns-master-local.net.
11	IN 	PTR 	dns-slave-local.net.
15	IN 	PTR 	ns1.dns-master-local.net.
16	IN 	PTR	ns2.dns-slave-local.net.
my master named file:
Code:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { 127.0.0.1; 10.0.2.10;};
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; 10.0.2.0/24;};
        allow-transfer     { localhost; 10.0.2.11; };  # Here we need to our Slave DNS server IP.
recursion no;
	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/


	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};
zone "dns-master-local.net" IN {
type master;
file "dns-master-local.fwd.zone";
allow-update {none;};
};

zone "2.0.10.in-addr.arpa" IN{
type master;
file "dns-master-local.rev.zone";
allow-update{none;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
And here are my slave config files:

.fwd.zone files:
Code:
$TTL 1D
@	IN SOA	dns-master-local.net. root.local.net. (
					2018010700	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	;NS	@
	;A	127.0.0.1
	;AAAA	::1
;Name server's
@	IN	 NS	 dns-master-local.net.
@	IN 	 NS	 dns-slave-local.net.

;Name server hostname to ip resole
@	IN	A	10.0.2.10
@	IN 	A 	10.0.2.11
;hosts in this domain
@	IN 	A	10.0.2.15
@	IN 	A	10.0.2.16
masterdns	IN 	A	10.0.2.10
slavedns	IN	A 	10.0.2.11
ns1		IN 	A	10.0.2.15
ns2		IN 	A	10.0.2.16
here is my reverse dns config:

Code:
$TTL 1D
@	IN SOA	dns-master-local.com. root.dns-master-local.com (
					2018010700	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum

@ 	IN 	NS     ns1.dns-master-local.net.
@	IN	NS	ns2.dns-slave-local.net.
@	IN	PTR     local.net.

;Name server hostname to ip resolve
dns-master-local	IN 	A	10.0.2.10
dns-slave-local	IN 	A	10.0.2.11
;hosts in domain

ns1	IN 	A	10.0.2.15
ns2 	IN	A	10.0.2.16
10	IN 	PTR 	dns-master-local.net.
11	IN 	PTR 	dns-slave-local.net.
15	IN 	PTR 	ns1.dns-master-local.net.
16	IN 	PTR	ns2.dns-slave-local.net.
output of the testing in master virtual machine:
Code:
[shan@dns-master-local ~]$ nslookup dns-master-local.net 
Server:		208.67.222.222
Address:	208.67.222.222#53

Non-authoritative answer:
Name:	dns-master-local.net.net
Address: 52.50.81.210

[shan@dns-master-local ~]$ nslookup dns-slave-local.net 
Server:		208.67.222.222
Address:	208.67.222.222#53

Non-authoritative answer:
Name:	dns-slave-local.net.net
Address: 52.50.81.210

[shan@dns-master-local ~]$ dig dns-slave-local.net 

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> dns-slave-local.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22377
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns-slave-local.net.		IN	A

;; AUTHORITY SECTION:
net.			899	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1515495395 1800 900 604800 86400

;; Query time: 346 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Jan 09 16:26:43 IST 2018
;; MSG SIZE  rcvd: 124

[shan@dns-master-local ~]$ ping dns-slave-local.net
PING dns-slave-local.net.net (52.50.81.210) 56(84) bytes of data.
^Z
[1]+  Stopped                 ping dns-slave-local.net
[shan@dns-master-local ~]$ ping 10.0.2.11
PING 10.0.2.11 (10.0.2.11) 56(84) bytes of data.
From 10.0.2.10 icmp_seq=1 Destination Host Unreachable
From 10.0.2.10 icmp_seq=2 Destination Host Unreachable
From 10.0.2.10 icmp_seq=3 Destination Host Unreachable
From 10.0.2.10 icmp_seq=4 Destination Host Unreachable
From 10.0.2.10 icmp_seq=5 Destination Host Unreachable
From 10.0.2.10 icmp_seq=6 Destination Host Unreachable
From 10.0.2.10 icmp_seq=7 Destination Host Unreachable
^Z
[2]+  Stopped                 ping 10.0.2.11
[shan@dns-master-local ~]$
kindly help me in learning and resolving this.
 
Old 01-10-2018, 12:49 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,165
Blog Entries: 1

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
Hi,

Quote:
@ IN NS dns-master-local.net.
@ IN NS dns-slave-local.net.
In master zonefile you don't have A RRs for these hostnames. Instead you have:
Quote:
masterdns IN A 10.0.2.10
slavedns IN A 10.0.2.11
So use either one of the 2 sets of hostnames, increase the serial and reload zone. And of course you use the same in the slave zonefile


Quote:
nslookup dns-master-local.net
Server: 208.67.222.222
Address: 208.67.222.222#53

Non-authoritative answer:
Name: dns-master-local.net.net
Address: 52.50.81.210
I also notice that the responses you get to your dig/nslookup queries are from the opendns servers. Make sure you have yours nameservers listed first in /etc/resolv.conf

Also related to the above:
Quote:
ping dns-slave-local.net
PING dns-slave-local.net.net (52.50.81.210) 56(84) bytes of data.
Wrong IP.


Quote:
ping 10.0.2.11
PING 10.0.2.11 (10.0.2.11) 56(84) bytes of data.
From 10.0.2.10 icmp_seq=1 Destination Host Unreachable
<snip>
Make sure the server is reachable and don't forget to open port 53 UDP/TCP in firewall
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] CentOS BIND Local DNS server samarudge Linux - Server 6 11-29-2010 10:33 AM
CentOS Server - How to configure DNS redh Linux - Server 4 11-02-2010 01:41 AM
[SOLVED] How to configure DNS master server on centos shridhar005 Linux - Newbie 3 10-31-2010 08:00 PM
Dynamic DHCP and DNS Server Bind Chroot on CentOS 5.3 or Ubuntu nyu2009 Linux - Server 2 10-19-2009 01:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:08 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration