Table of Contents
- 1. System environment
- 2. Install bind
- 3. Configuration
- 4. firewalld
- 5. Run named
- 6. Execution result
1 System environment
Private network address is 192.168.11.0/24.
Private network name is my.net.
IP address of DNS server is 192.168.11.70.
IP address of local machine inside private network is 192.168.11.128.
2 Install bind
Install bind with yum.
$ sudo yum install -y bind
3 Configuration
Editing /etc/named.conf and adding zone file for my.net.
3.1 /etc/named.conf
Allow query from private network and disallow recursion query.
Load zone file “my.net.zone” for private network “my.net”.
And do not load other zone files.
A directory directive defines path of zone files.
$ sudo diff -uprN /etc/named.conf{.org,}— /etc/named.conf.org 2016-05-02 15:15:34.378542110 +0900+++ /etc/named.conf 2016-05-02 15:48:28.273186281 +0900@@ -8,13 +8,13 @@ // options {- listen-on port 53 { 127.0.0.1; };+ listen-on port 53 { 127.0.0.1; 192.168.11.0/24;}; listen-on-v6 port 53 { ::1; }; directory “/var/named”; dump-file “/var/named/data/cache_dump.db”; statistics-file “/var/named/data/named_stats.txt”; memstatistics-file “/var/named/data/named_mem_stats.txt”;- allow-query { localhost; };+ allow-query { localhost; 192.168.11.0/24;}; /* – If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.@@ -26,7 +26,7 @@ options { attacks. Implementing BCP38 within your network would greatly reduce such attack surface */- recursion yes;+ recursion no; dnssec-enable yes; dnssec-validation yes;@@ -47,10 +47,17 @@ logging { }; };+/* zone “.” IN { type hint; file “named.ca”; };+*/++zone “my.net” IN {+ type master;+ file “my.net.zone”;+}; include “/etc/named.rfc1912.zones”; include “/etc/named.root.key”;
3.2 /var/named/my.net.zone
Mapping 192.168.11.70, which is IP address of DNS server, to centos-7-server as NS record.
Mapping 192.168.11.128, which is IP address of local machine, to centos-7-client as A record. If you want to map more, please append A record.
$ sudo cat /var/named/my.net.zone$TTL 86400@ IN SOA my.net root.my.net ( 2016050204 3600 900 604800 86400)@ IN NS centos-7-servercentos-7-server IN A 192.168.11.70centos-7-client IN A 192.168.11.128
3.3 Validation
named-checkconf validates /etc/named.conf.
$ sudo named-checkconf
named-checkzone validates zone file.
$ sudo named-checkzone my.net /var/named/my.net.zonezone my.net/IN: loaded serial 2016050204OK
4 firewalld
Open 53/tcp and 53/udp with a service file of dns at /usr/lib/firewalld/services/dns.xml.
$ sudo firewall-cmd –add-service=dns –permanentsuccess$ sudo firewall-cmd –reloadsuccess
5 Run named
Run named with systemctl.
$ sudo systemctl enable named$ sudo systemctl start named
6 Execution result
/etc/resolv.conf is as below.
This uses 192.168.11.70 for private network name resolution and 192.168.11.1 for internet name resolution.
/etc/resolv.conf in CentOS 7 will be created by dhcp server.
$ cat /etc/resolv.conf# Generated by NetworkManagersearch my.netnameserver 192.168.11.70nameserver 192.168.11.1
Running ping command to centos-7-server and centos-7-client.
$ ping -c 4 centos-7-serverPING centos-7-server.my.net (192.168.11.70) 56(84) bytes of data.64 bytes from 192.168.11.70: icmp_seq=1 ttl=64 time=0.166 ms64 bytes from 192.168.11.70: icmp_seq=2 ttl=64 time=0.250 ms64 bytes from 192.168.11.70: icmp_seq=3 ttl=64 time=0.259 ms64 bytes from 192.168.11.70: icmp_seq=4 ttl=64 time=0.227 ms— centos-7-server.my.net ping statistics —4 packets transmitted, 4 received, 0% packet loss, time 3001msrtt min/avg/max/mdev = 0.166/0.225/0.259/0.039 ms$ ping -c 4 centos-7-clientPING centos-7-client.my.net (192.168.11.128) 56(84) bytes of data.64 bytes from centos-7 (192.168.11.128): icmp_seq=1 ttl=64 time=0.020 ms64 bytes from centos-7 (192.168.11.128): icmp_seq=2 ttl=64 time=0.053 ms64 bytes from centos-7 (192.168.11.128): icmp_seq=3 ttl=64 time=0.046 ms64 bytes from centos-7 (192.168.11.128): icmp_seq=4 ttl=64 time=0.039 ms— centos-7-client.my.net ping statistics —4 packets transmitted, 4 received, 0% packet loss, time 3005msrtt min/avg/max/mdev = 0.020/0.039/0.053/0.013 ms