Installing BIND9 DNS on CentOS
For all the time, I did not encounter installing DNS on the server, but here I had to install Slave DNS on the new client server. I think that the procedure will be useful, as admins and web-developers.
Go to the server (for example, Master DNS will be placed on a server with IP 10.10.10.10, Slave DNS - IP 20.20.20.20)
In the beginning check that the system has all the latest updates.
If you do not specify the "-y" key, you will have to answer all the questions of the installer, and with it all the answers are automatically set by default.
Install bind and bind-utils.
')
Using the example of my domain “sibway.pro”, for your own, change all the occurrences in the examples. We will assume that master has IP 10.10.10.10, slave 20.20.20.20. Master and slave, as far as I understand, the division is conditional, since both of them will perform the same functions, the only difference is that the slave takes all the data from the master.
Now we will edit the configuration file with any text editor, I use vi as it is always on any system.
When installing bind, the configuration file is set automatically and we only need to edit it.
We comment on the line so that the server can listen to the broadcast from all addresses and ports (you can probably just specify IP 10.10.10.10, but did not experiment with the hands. From the outside, it still closes the firewall).
We allow you to request a server from any address.
We allow to take information about domains to slave servers.
Add a domain zone, in the same configuration file is prescribed.
In the configuration file, we specified the sibway.pro.zone file as the configuration file for the domain of the sibway.pro zone.
The easiest way is to take any existing and edit to the desired configuration. Files can be placed in a subdirectory.
Here is a simple example of what needs to be registered in the domain zone.
We make server name restar
Determine that the server name starts when the system boots.
Now let's check how our name server works.
The response must indicate the correct IP of the requested domain. Now configure the slave server.
Configuring the server's slave name is the same as master except for two things:
In the configuration file, you must specify the type slave and specify the IP master server.
Do not forget to start the server and enable it to start automatically at system startup.
Now we have two configured name servers.
It remains to open the port in the firewall
Edit the / etc / sysconfig / iptables file:
Add the following rules for port 53.
Update iptable
Do not forget to update this file on both servers.
Now we have two working server names.
Master DNS installation
Go to the server (for example, Master DNS will be placed on a server with IP 10.10.10.10, Slave DNS - IP 20.20.20.20)
In the beginning check that the system has all the latest updates.
yum update -y If you do not specify the "-y" key, you will have to answer all the questions of the installer, and with it all the answers are automatically set by default.
Install bind and bind-utils.
')
yum install bind bind-utils -y Using the example of my domain “sibway.pro”, for your own, change all the occurrences in the examples. We will assume that master has IP 10.10.10.10, slave 20.20.20.20. Master and slave, as far as I understand, the division is conditional, since both of them will perform the same functions, the only difference is that the slave takes all the data from the master.
Now we will edit the configuration file with any text editor, I use vi as it is always on any system.
vi /etc/named.conf When installing bind, the configuration file is set automatically and we only need to edit it.
options { #listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-transfer { localhost; 20.20.20.20; }; recursion no; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; #listen-on port 53 { 127.0.0.1; }; We comment on the line so that the server can listen to the broadcast from all addresses and ports (you can probably just specify IP 10.10.10.10, but did not experiment with the hands. From the outside, it still closes the firewall).
allow-query { any; }; We allow you to request a server from any address.
allow-transfer { localhost; 20.20.20.20; }; We allow to take information about domains to slave servers.
Add a domain zone, in the same configuration file is prescribed.
zone "sibway.pro" IN { type master; file "sibway.pro.zone"; allow-update { none; }; }; Configuring domain zones
In the configuration file, we specified the sibway.pro.zone file as the configuration file for the domain of the sibway.pro zone.
The easiest way is to take any existing and edit to the desired configuration. Files can be placed in a subdirectory.
vi /var/named/sibway.pro.zone Here is a simple example of what needs to be registered in the domain zone.
$TTL 86400 @ IN SOA ns1.sibway.pro. root.sibway.pro. ( 2014120801 ;Serial !!! , slave 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) ; name IN NS ns1.sibway.pro. IN NS ns2.sibway.pro. ; IP name ns1 IN A 10.10.10.10 ns2 IN A 20.20.20.20 ; Define hostname -> IP @ IN A 213.133.100.77 www IN A 213.133.100.77 We make server name restar
service named restart Determine that the server name starts when the system boots.
chkconfig named on Now let's check how our name server works.
dig @10.10.10.10 sibway.pro The response must indicate the correct IP of the requested domain. Now configure the slave server.
Server slave configuration
Configuring the server's slave name is the same as master except for two things:
- When editing the configuration file named.conf, you need to specify which domain zones slave
- Do not add domain zones, as they are automatically updated from the master server
In the configuration file, you must specify the type slave and specify the IP master server.
zone "sibway.pro" IN { type slave; masters { 10.10.10.10; }; file "sibway.pro.zone"; }; Do not forget to start the server and enable it to start automatically at system startup.
service named start chkconfig named on Now we have two configured name servers.
It remains to open the port in the firewall
Edit the / etc / sysconfig / iptables file:
# vi /etc/sysconfig/iptables Add the following rules for port 53.
-A INPUT -p udp -m udp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT Update iptable
# /etc/init.d/iptables restart Do not forget to update this file on both servers.
Now we have two working server names.
Source: https://habr.com/ru/post/245857/
All Articles