CentOS 7: Install bind and run DNS server for private network

Table of Contents

1 System environment

Private network address is

Private network name is my.net.

IP address of DNS server is

IP address of local machine inside private network is

2 Install bind

Install bind with yum.

$ sudo yum install -y bind

3 Configuration

Editing /etc/named.conf and adding zone file for my.net.

3.1 /etc/named.conf

Allow query from private network and disallow recursion query.

Load zone file “my.net.zone” for private network “my.net”.

And do not load other zone files.

A directory directive defines path of zone files.

$ sudo diff -uprN /etc/named.conf{.org,}— /etc/named.conf.org 2016-05-02 15:15:34.378542110 +0900+++ /etc/named.conf 2016-05-02 15:48:28.273186281 +0900@@ -8,13 +8,13 @@ // options {- listen-on port 53 {; };+ listen-on port 53 {;;}; listen-on-v6 port 53 { ::1; }; directory “/var/named”; dump-file “/var/named/data/cache_dump.db”; statistics-file “/var/named/data/named_stats.txt”; memstatistics-file “/var/named/data/named_mem_stats.txt”;- allow-query { localhost; };+ allow-query { localhost;;}; /* – If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.@@ -26,7 +26,7 @@ options { attacks. Implementing BCP38 within your network would greatly reduce such attack surface */- recursion yes;+ recursion no; dnssec-enable yes; dnssec-validation yes;@@ -47,10 +47,17 @@ logging { }; };+/* zone “.” IN { type hint; file “named.ca”; };+*/++zone “my.net” IN {+ type master;+ file “my.net.zone”;+}; include “/etc/named.rfc1912.zones”; include “/etc/named.root.key”;

3.2 /var/named/my.net.zone

Mapping, which is IP address of DNS server, to centos-7-server as NS record.

Mapping, which is IP address of local machine, to centos-7-client as A record. If you want to map more, please append A record.

$ sudo cat /var/named/my.net.zone$TTL 86400@ IN SOA my.net root.my.net ( 2016050204 3600 900 604800 86400)@ IN NS centos-7-servercentos-7-server IN A IN A

3.3 Validation

named-checkconf validates /etc/named.conf.

$ sudo named-checkconf

named-checkzone validates zone file.

$ sudo named-checkzone my.net /var/named/my.net.zonezone my.net/IN: loaded serial 2016050204OK

4 firewalld

Open 53/tcp and 53/udp with a service file of dns at /usr/lib/firewalld/services/dns.xml.

$ sudo firewall-cmd –add-service=dns –permanentsuccess$ sudo firewall-cmd –reloadsuccess

5 Run named

Run named with systemctl.

$ sudo systemctl enable named$ sudo systemctl start named

6 Execution result

/etc/resolv.conf is as below.

This uses for private network name resolution and for internet name resolution.

/etc/resolv.conf in CentOS 7 will be created by dhcp server.

$ cat /etc/resolv.conf# Generated by NetworkManagersearch my.netnameserver

Running ping command to centos-7-server and centos-7-client.

$ ping -c 4 centos-7-serverPING centos-7-server.my.net ( 56(84) bytes of data.64 bytes from icmp_seq=1 ttl=64 time=0.166 ms64 bytes from icmp_seq=2 ttl=64 time=0.250 ms64 bytes from icmp_seq=3 ttl=64 time=0.259 ms64 bytes from icmp_seq=4 ttl=64 time=0.227 ms— centos-7-server.my.net ping statistics —4 packets transmitted, 4 received, 0% packet loss, time 3001msrtt min/avg/max/mdev = 0.166/0.225/0.259/0.039 ms$ ping -c 4 centos-7-clientPING centos-7-client.my.net ( 56(84) bytes of data.64 bytes from centos-7 ( icmp_seq=1 ttl=64 time=0.020 ms64 bytes from centos-7 ( icmp_seq=2 ttl=64 time=0.053 ms64 bytes from centos-7 ( icmp_seq=3 ttl=64 time=0.046 ms64 bytes from centos-7 ( icmp_seq=4 ttl=64 time=0.039 ms— centos-7-client.my.net ping statistics —4 packets transmitted, 4 received, 0% packet loss, time 3005msrtt min/avg/max/mdev = 0.020/0.039/0.053/0.013 ms

Android | Linux | SDL - Narrow Escape