Posted on

How to Setup Bind Chroot DNS Server on CentOS 6.3 x86_64

bindBIND (the Berkeley Internet Name Domain) also known as NAMED is the most widely used DNS server in the internet. Bind DNS helps to resolve domain name to ip address and ip address to domain name. There are essentially a few reasons to running your own internet DNS Server. First, of course we need to have full control of our registered domain name and second is to improve the speed of domain lookups. This post covers the steps on how to install Bind Chroot DNS Server on CentOS 6.3 64 Bit. It will describes some extra security precautions that you can take when you install BIND. The idea of chroot is fairly simple. When you run BIND in a chroot jail, the process is simply unable to see any part of the filesystem outside the jail. For example, in this post, i will setting up BIND to run chrooted to the directory /var/named/chroot/. Well, to BIND, the contents of this directory will appear to be /, the root directory. A “jail” is a software mechanism for limiting the ability of a process to access resources outside a very limited area, and it’s purposely to enhance the security.

Where is Bind chrooted directory set ?

[root@CentOS63 ~]# more /etc/sysconfig/named

It was by default configured to /var/named/chroot as below :

..
..
ROOTDIR=/var/named/chroot

It is assumed that you already know how to install, configure and use BIND. If not, I would recommend that you read the Bind DNS HOWTO first.

1. Install Bind-Chroot :

[root@CentOS63 ~]# yum install bind-chroot bind -y

2. Copy all bind related files to prepare bind chrooted environments :

 
[root@CentOS63 ~]# cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named/

3. Create bind related files into chrooted directory :

[root@CentOS63 ~]# touch /var/named/chroot/var/named/data/cache_dump.db
[root@CentOS63 ~]# touch /var/named/chroot/var/named/data/named_stats.txt
[root@CentOS63 ~]# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[root@CentOS63 ~]# touch /var/named/chroot/var/named/data/named.run
[root@CentOS63 ~]# mkdir /var/named/chroot/var/named/dynamic
[root@CentOS63 ~]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind

4. Bind lock file should be writeable, therefore set the permission to make it writable as below :

[root@CentOS63 ~]# chmod -R 777 /var/named/chroot/var/named/data
[root@CentOS63 ~]# chmod -R 777 /var/named/chroot/var/named/dynamic

5. Set if you do not use IPv6 :

[root@CentOS63 ~]# echo 'OPTIONS="-4"' >> /etc/sysconfig/named

6. Configure main bind configuration in /etc/named.conf. Append the ehowstuff.local information to the file :

[root@CentOS63 ~]# vi /var/named/chroot/etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1;192.168.2.58; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "ehowstuff.local" {
    type master;
    file "ehowstuff.local.zone";
};

zone "2.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.2.zone";
};

include "/etc/rndc.key";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

7. Create Forward and Reverse zone files for domain ehowstuff.local.

a) Create Forward Zone :

[root@CentOS63 ~]# vi /var/named/chroot/var/named/ehowstuff.local.zone

;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     ehowstuff.local. hostmaster.ehowstuff.local. (
                               2013022401      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns.ehowstuff.local.
               IN      A       192.168.2.58
               IN      MX      10 mail.ehowstuff.local.

mail            IN      A       192.168.2.58
ns              IN      A       192.168.2.58

b) Create Reverse Zone :

[root@CentOS63 ~]# vi /var/named/chroot/var/named/192.168.2.zone

;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     ehowstuff.local. hostmaster.ehowstuff.local. (
                               2013022402      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

2.168.192.in-addr.arpa. IN      NS      centos63.ehowstuff.local.

58.2.168.192.in-addr.arpa. IN PTR mail.ehowstuff.local.
58.2.168.192.in-addr.arpa. IN PTR ns.ehowstuff.local.

8. RHEL 6 and CentOS 6 apparently no longer generates the rndc.key during installation. Instead, the key is automatically generated on the first start of named service.

Start Bind service :

[root@CentOS6 ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

9. Configure Bind auto start at boot :

[root@CentOS63 ~]# chkconfig --levels 235 named on

10. Verifying permissions and ownership. Created the files required inside the jail, but the matter of setting the permissions and ownership should remains.

Go to chroot/var/named/ directory :

[root@CentOS63 ~]# cd /var/named/chroot/var/named/

Change owner as below :

[root@CentOS63 named]# chown root:named ehowstuff.local.zone
[root@CentOS63 named]# chown root:named 192.168.2.zone
[root@CentOS63 named]# chown root:named my.external.zone.db
[root@CentOS63 named]# chown root:named my.internal.zone.db
[root@CentOS63 named]# chown root:named named.ca
[root@CentOS63 named]# chown root:named named.localhost
[root@CentOS63 named]# chown root:named named.loopback

Verify permissions and ownership rest of the chrooted directories :

[root@CentOS63 ~]# ll /var/named/

total 32
drwxr-x--- 6 root  named 4096 Feb 24 13:51 chroot
drwxrwx--- 2 named named 4096 Dec  7 04:49 data
drwxrwx--- 2 named named 4096 Dec  7 04:49 dynamic
-rw-r----- 1 root  named 1892 Feb 18  2008 named.ca
-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx--- 2 named named 4096 Dec  7 04:49 slaves

[root@CentOS63 ~]# ll /var/named/chroot/

total 16
drwxr-x--- 2 root named 4096 Feb 24 13:51 dev
drwxr-x--- 4 root named 4096 Feb 24 14:40 etc
drwxr-x--- 3 root named 4096 Feb 24 13:51 usr
drwxr-x--- 6 root named 4096 Feb 24 13:51 var

[root@CentOS63 ~]# ll /var/named/chroot/etc

total 32
-rw-r--r-- 1 root root   372 Feb 20 06:51 localtime
drwxr-x--- 2 root named 4096 Dec  7 04:49 named
-rw-r--r-- 1 root named 1201 Feb 24 14:16 named.conf
-rw-r--r-- 1 root named 2389 Dec  7 04:49 named.iscdlv.key
-rw-r----- 1 root named  931 Jun 21  2007 named.rfc1912.zones
-rw-r--r-- 1 root named  487 Jul 19  2010 named.root.key
drwxr-x--- 3 root named 4096 Feb 24 13:51 pki
-rw-r----- 1 root named   77 Feb 24 14:00 rndc.key

[root@CentOS63 ~]# ll /var/named/chroot/var/named/

total 44
-rw-r-xr-x 1 root  named  551 Feb 24 15:28 192.168.2.zone
drwxrwxrwx 2 named named 4096 Feb 24 14:04 data
drwxrwxrwx 2 named named 4096 Feb 24 15:30 dynamic
-rw-r-xr-x 1 root  named  681 Feb 24 15:28 ehowstuff.local.zone
-rw-r--r-- 1 root  named   56 Feb 24 13:54 my.external.zone.db
-rw-r--r-- 1 root  named   56 Feb 24 13:54 my.internal.zone.db
-rw-r--r-- 1 root  named 1892 Feb 24 13:54 named.ca
-rw-r--r-- 1 root  root   152 Feb 24 13:54 named.empty
-rw-r--r-- 1 root  named  152 Feb 24 13:54 named.localhost
-rw-r--r-- 1 root  named  168 Feb 24 13:54 named.loopback
drwxr-xr-x 2 named named 4096 Feb 24 13:54 slaves

11. Test and make sure it’s working.

[root@CentOS63 ~]# host -t mx ehowstuff.local
ehowstuff.local mail is handled by 10 mail.ehowstuff.local.
[root@CentOS63 ~]# nslookup
> set type=any
> ehowstuff.local
Server:         192.168.2.58
Address:        192.168.2.58#53

ehowstuff.local
        origin = ehowstuff.local
        mail addr = hostmaster.ehowstuff.local
        serial = 2013023401
        refresh = 43200
        retry = 3600
        expire = 3600000
        minimum = 2592000
ehowstuff.local nameserver = ns.ehowstuff.local.
Name:   ehowstuff.local
Address: 192.168.2.58
ehowstuff.local mail exchanger = 10 mail.ehowstuff.local.
>

12. If your server does not have nslookup, host or dig command, then you should install bind-utils. All this utilities are the friendly and useful utilities to test and diagnose the DNS issue.

[root@CentOS6 ~]# yum install bind-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.biz.net.id
 * extras: centos.biz.net.id
 * updates: centos.biz.net.id
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-utils.x86_64 32:9.8.2-0.10.rc1.el6_3.6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
 Package                   Arch                  Version                                   Repository              Size
========================================================================================================================
Installing:
 bind-utils                x86_64                32:9.8.2-0.10.rc1.el6_3.6                 updates                182 k

Transaction Summary
========================================================================================================================
Install       1 Package(s)

Total download size: 182 k
Installed size: 438 k
Is this ok [y/N]: y
Downloading Packages:
bind-utils-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm                                                     | 182 kB     00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 32:bind-utils-9.8.2-0.10.rc1.el6_3.6.x86_64                                                          1/1
  Verifying  : 32:bind-utils-9.8.2-0.10.rc1.el6_3.6.x86_64                                                          1/1

Installed:
  bind-utils.x86_64 32:9.8.2-0.10.rc1.el6_3.6

Complete!
Posted on

How to Check or Test Reverse DNS on Linux and Windows

dnsReverse Domain Name System (DNS) lookup (also known as rDNS) is a process to determine the hostname associated with a given IP address. It is part of the behavior of the DNS. Its main function is to translate the numeric addresses(IP addresses)of the websites to domain or host names, as opposed to the Forward DNS process. Reverse DNS is separate from forward DNS. Many internet mail servers use reverse DNS to confirm that the server trying to deliver mail to them is genuine, this can help to reduce amount of spam that comes in to their network. Follow the following steps to check or test reverse DNS on linux and Windows operating system.

1. To Check or Test Reverse DNS on Linux operating system :

host <IP Address>

Example :

[root@centos63 ~]# host 184.173.214.97
97.214.173.184.in-addr.arpa domain name pointer 184.173.214.97-static.reverse.softlayer.com.

2. To Check or Test Reverse DNS on Windows Operating system :

C:\>nslookup <IP Address>

C:\>nslookup 184.173.214.97
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    184.173.214.97-static.reverse.softlayer.com
Address:  184.173.214.97
Posted on

How to Install and Configure Bind 9 DNS on CentOS 6.3

bindThis post covers the steps on how to install Bind DNS server on CentOS 6.3. Bind is the most popular software and the most widely used Domain Name System (DNS) software on the Internet for providing DNS services. The name BIND stands for “Berkeley Internet Name Domain” and it’s an implementation of the DNS protocols.

1. To install Bind 9 on linux CentOS 6.3 server, run the following command :

[root@centos63 ~]# yum install bind -y

Examples :

[root@centos63 ~]# yum install bind -y
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
 * base: ossm.utm.my
 * extras: ossm.utm.my
 * updates: ossm.utm.my
CentOS6.3-Repository                                                         | 4.0 kB     00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.i686 32:9.8.2-0.10.rc1.el6_3.2 will be installed
--> Processing Dependency: portreserve for package: 32:bind-9.8.2-0.10.rc1.el6_3.2.i686
--> Running transaction check
---> Package portreserve.i686 0:0.0.4-9.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package            Arch        Version                           Repository                   Size
====================================================================================================
Installing:
 bind               i686        32:9.8.2-0.10.rc1.el6_3.2         updates                     4.0 M
Installing for dependencies:
 portreserve        i686        0.0.4-9.el6                       CentOS6.3-Repository         22 k

Transaction Summary
====================================================================================================
Install       2 Package(s)

Total download size: 4.0 M
Installed size: 7.2 M
Downloading Packages:
Setting up and reading Presto delta metadata
updates/prestodelta                                                          | 104 kB     00:00
Processing delta metadata
Package(s) data still to download: 4.0 M
(1/2): bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm                                  | 4.0 MB     00:43
----------------------------------------------------------------------------------------------------
Total                                                                93 kB/s | 4.0 MB     00:43
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : portreserve-0.0.4-9.el6.i686                                                     1/2
  Installing : 32:bind-9.8.2-0.10.rc1.el6_3.2.i686                                              2/2
  Verifying  : portreserve-0.0.4-9.el6.i686                                                     1/2
  Verifying  : 32:bind-9.8.2-0.10.rc1.el6_3.2.i686                                              2/2

Installed:
  bind.i686 32:9.8.2-0.10.rc1.el6_3.2

Dependency Installed:
  portreserve.i686 0:0.0.4-9.el6

Complete!

2. Setup and configure zone with the name of example.local :

[root@centos63 ~]# vi /var/named/example.local

Add zone record as below :


;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     example.local. hostmaster.example.local. (
                               2012080701      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns.example.local.
               IN      A       192.168.1.54
               IN      MX      10 mail.example.local.

mail            IN      A       192.168.1.51
ns              IN      A       192.168.1.54
www             IN      A       192.168.1.54

3. Add example.local zone below to named.conf. This is main configuration file for bind dns server.

Modify named.conf :

[root@centos63 ~]# vi /etc/named.conf

Add the following :

zone "example.local" {
    type master;
    file "/var/named/example.local";
};

Full named.conf configuration file :

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "example.local" {
    type master;
    file "/var/named/example.local";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

4. start Named service :

[root@centos63 ~]# /etc/init.d/named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

5. If you want to restart and check the named status, execute the following :

[root@centos63 ~]# /etc/init.d/named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]

[root@centos63 ~]# /etc/init.d/named status
version: 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2
CPUs found: 1
worker threads: 1
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid  2405) is running...

6. For extra checking, verify mx record whether working or not :

[root@centos63 ~]# host -t mx example.local
example.local mail is handled by 10 mail.example.local.
Posted on

How to Install and Configure Bind Chroot DNS Server on Fedora 16

DNS is the Domain Name System that maintains a database that can help user’s computer to translate domain names such as www.ehowstuff.com to IP addresses such as 184.173.214.97. DNS on CentOS and Fedora is based on the named daemon, which is built on the BIND package developed through the Internet Software Consortium. (More information is available from the BIND home page at www.isc.org/products/BIND.) However, these are RPM packages associated with DNS. But not all required to build Bind Chroot DNS Server. bind Includes the basic name server software, including /usr/sbin/named. bind-chroot Includes directories that isolate BIND in a so-called “chroot jail,” which limits access if DNS is compromised. In this post, i will guide you on how to install and configure Bind Chroot DNS server on linux Fedora 16 server.

1. Simply run this command to install Bind Chroot DNS Server :

[root@fedora16 ~]# yum install bind-chroot -y

Examples :

[root@fedora16 ~]# yum install bind-chroot -y
Fedora16-Repository                                                          | 3.7 kB     00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.i686 32:9.8.2-1.fc16 will be installed
--> Processing Dependency: bind = 32:9.8.2-1.fc16 for package: 32:bind-chroot-9.8.2-1.fc16.i686
--> Running transaction check
---> Package bind.i686 32:9.8.2-1.fc16 will be installed
--> Processing Dependency: bind-libs = 32:9.8.2-1.fc16 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: liblwres.so.80 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: libisccfg.so.82 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: libisccc.so.80 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: libisc.so.83 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: libdns.so.81 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: libbind9.so.80 for package: 32:bind-9.8.2-1.fc16.i686
--> Running transaction check
---> Package bind-libs.i686 32:9.8.2-1.fc16 will be installed
--> Processing Dependency: bind-license = 32:9.8.2-1.fc16 for package: 32:bind-libs-9.8.2-1.fc16.i686
--> Running transaction check
---> Package bind-license.noarch 32:9.8.1-2.fc16 will be updated
--> Processing Dependency: bind-license = 32:9.8.1-2.fc16 for package: 32:bind-libs-lite-9.8.1-2.fc16.i686
---> Package bind-license.noarch 32:9.8.2-1.fc16 will be an update
--> Running transaction check
---> Package bind-libs-lite.i686 32:9.8.1-2.fc16 will be updated
---> Package bind-libs-lite.i686 32:9.8.2-1.fc16 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                   Arch              Version                       Repository          Size
====================================================================================================
Installing:
 bind-chroot               i686              32:9.8.2-1.fc16               updates             71 k
Installing for dependencies:
 bind                      i686              32:9.8.2-1.fc16               updates            2.0 M
 bind-libs                 i686              32:9.8.2-1.fc16               updates            860 k
Updating for dependencies:
 bind-libs-lite            i686              32:9.8.2-1.fc16               updates            621 k
 bind-license              noarch            32:9.8.2-1.fc16               updates             72 k

Transaction Summary
====================================================================================================
Install       3 Packages
Upgrade       2 Packages

Total download size: 3.6 M
Downloading Packages:
(1/5): bind-9.8.2-1.fc16.i686.rpm                                            | 2.0 MB     00:18
(2/5): bind-chroot-9.8.2-1.fc16.i686.rpm                                     |  71 kB     00:00
(3/5): bind-libs-9.8.2-1.fc16.i686.rpm                                       | 860 kB     00:07
(4/5): bind-libs-lite-9.8.2-1.fc16.i686.rpm                                  | 621 kB     00:04
(5/5): bind-license-9.8.2-1.fc16.noarch.rpm                                  |  72 kB     00:00
----------------------------------------------------------------------------------------------------
Total                                                               113 kB/s | 3.6 MB     00:32
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : 32:bind-license-9.8.2-1.fc16.noarch                                              1/7
  Installing : 32:bind-libs-9.8.2-1.fc16.i686                                                   2/7
  Installing : 32:bind-9.8.2-1.fc16.i686                                                        3/7
  Installing : 32:bind-chroot-9.8.2-1.fc16.i686                                                 4/7
  Updating   : 32:bind-libs-lite-9.8.2-1.fc16.i686                                              5/7
  Cleanup    : 32:bind-libs-lite-9.8.1-2.fc16.i686                                              6/7
  Cleanup    : 32:bind-license-9.8.1-2.fc16.noarch                                              7/7

Installed:
  bind-chroot.i686 32:9.8.2-1.fc16

Dependency Installed:
  bind.i686 32:9.8.2-1.fc16                      bind-libs.i686 32:9.8.2-1.fc16

Dependency Updated:
  bind-libs-lite.i686 32:9.8.2-1.fc16              bind-license.noarch 32:9.8.2-1.fc16

Complete!

2. Create a file /var/named/chroot/var/named/fedora16.local with the following configuration:

[root@fedora16 ~]# vi /var/named/chroot/var/named/fedora16.local

Examples :

;
;       Addresses and other host information.
;
@       IN      SOA     fedora16.local. hostmaster.fedora16.local. (
                               2012051901      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns.fedora16.local.
               IN      A       192.168.1.47
               IN      MX      10 mail.fedora16.local.

mail            IN      A       192.168.1.51
ns              IN      A       192.168.1.47

3. Generate an RNDC key :
The rndc tool is used to managed the named daemon. We need to generate a keyfile called /etc/rndc.key which is referenced both by /etc/rndc.conf and /etc/named.conf To do this we use the following command :

[root@fedora16 ~]# rndc-confgen -a -c /etc/rndc.key
wrote key file "/etc/rndc.key"

View the content of the RNDC key :

[root@fedora16 ~]# cat /etc/rndc.key

key "rndc-key" {
        algorithm hmac-md5;
        secret "B2rQEFnrdcAzAt2BiUmBug==";
};

4. Edit the /var/named/chroot/etc/named.conf file for fedora16.local

[root@fedora16 ~]# vi /var/named/chroot/etc/named.conf

options {
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
forwarders { 8.8.8.8; };
};
include "/etc/rndc.key";
// We are the master server for fedora16.local

zone "fedora16.local" {
    type master;
    file "fedora16.local";
};

5. Start the DNS service using the following command :

[root@fedora16 ~]# /etc/init.d/named start
Starting named (via systemctl):                            [  OK  ]

6. Make named daemon auto start during boot :

[root@fedora16 ~]# chkconfig named on

7. Before testing, make sure your pc or server using the Bind Chroot DNS Server that has been set up :

Test DNS using host command :

[root@fedora16 ~]# host -t mx fedora16.local
fedora16.local mail is handled by 10 mail.fedora16.local.

Test DNS using nslookup command :

[root@fedora16 ~]# nslookup
> ns.fedora16.local
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   ns.fedora16.local
Address: 192.168.1.47
> mail.fedora16.local
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   mail.fedora16.local
Address: 192.168.1.51
Posted on

How to Configure Bind Chroot DNS Server on Linux CentOS 5.7 Server

In this post, i will guide you on how to configure Bind Chroot DNS server on Linux CentOS 5.7 Server. DNS is the Domain Name System that maintains a database that can help user’s computer to translate domain names such as www.ehowstuff.com to IP addresses such as 184.173.214.97. DNS on CentOS is based on the named daemon, which is built on the BIND package developed through the Internet Software Consortium. (More information is available from the BIND home page at www.isc.org/products/BIND.) This steps has been tested on linux CentOS 5.7 but it may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5 and CentOS 5.6.

1. Install Bind Chroot DNS Server :

[root@CentOS57 ~]# yum install bind-chroot -y

2. Create a file /var/named/chroot/var/named/bloggerbaru.local with the following configuration :

[root@CentOS57 ~]# vi /var/named/chroot/var/named/bloggerbaru.local

;
;       Addresses and other host information.
;
@       IN      SOA     bloggerbaru.local. hostmaster.bloggerbaru.local. (
                               2011030801      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns.bloggerbaru.local.
               IN      A       192.168.1.45
               IN      MX      10 mail.bloggerbaru.local.

mail            IN      A       192.168.1.45
ns              IN      A       192.168.1.45

3. Generate an RNDC key :
The rndc tool is used to managed the named daemon. We need to generate a keyfile called /etc/rndc.key which is referenced both by /etc/rndc.conf and /etc/named.conf. Execute the following command to generate the RNDC key :

[root@CentOS57 ~]# rndc-confgen -a -c /etc/rndc.key
wrote key file "/etc/rndc.key"

4. View the content of the RNDC key :

[root@CentOS57 ~]# cat /etc/rndc.key

key "rndckey" {
        algorithm hmac-md5;
        secret "jwsFpL7OJR+x9w+YRkGrXA==";
};

5. Edit the /var/named/chroot/etc/named.conf file for bloggerbaru.local :

[root@CentOS57 ~]# vi /var/named/chroot/etc/named.conf

options {
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
forwarders { 8.8.8.8; };
};
include "/etc/rndc.key";
// We are the master server for bloggerbaru.local

zone "bloggerbaru.local" {
    type master;
    file "bloggerbaru.local";
};

6. Start the DNS service using the following command :

[root@CentOS57 ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]

or

[root@CentOS57 ~]# service named start
Starting named:                                            [  OK  ]

7. To ensure the named daemon will start at boot, execute the following chkconfig :

[root@CentOS57 ~]# chkconfig named on

8. Before testing, make sure your pc or server pointing to the DNS Server that has been set up. In this case, i want to ensure that CentOS 5.7 poiting to itself :

[root@CentOS57 ~]# cat /etc/resolv.conf
nameserver 127.0.0.1

9. Test your DNS service :

[root@CentOS57 ~]# host -t mx bloggerbaru.local
bloggerbaru.local mail is handled by 10 mail.bloggerbaru.local.

[root@CentOS57 ~]# host -t mx bloggerbaru.local
bloggerbaru.local mail is handled by 10 mail.bloggerbaru.local.
Posted on

How to Install Bind Chroot DNS Server on Linux CentOS 5.7 Server

DNS is the Domain Name System that maintains a database that can help user’s computer to translate domain names such as www.ehowstuff.com to IP addresses such as 184.173.214.97. DNS on CentOS is based on the named daemon, which is built on the BIND package developed through the Internet Software Consortium. (More information is available from the BIND home page at www.isc.org/products/BIND.) In this post, i will guide you on how to install Bind Chroot DNS server on linux CentOS 5.7 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5 and CentOS 5.6.

1. Install Bind Chroot DNS Server on Linux CentOS 5.7 Server

[root@CentOS57 ~]# yum install bind-chroot -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.oscc.org.my
 * extras: mirror.oscc.org.my
 * rpmforge: ftp-stud.fht-esslingen.de
 * updates: mirror.oscc.org.my
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.i386 30:9.3.6-20.P1.el5 set to be updated
--> Processing Dependency: bind = 30:9.3.6-20.P1.el5 for package: bind-chroot
--> Running transaction check
---> Package bind.i386 30:9.3.6-20.P1.el5 set to be updated
--> Processing Dependency: bind-libs = 30:9.3.6-20.P1.el5 for package: bind
--> Running transaction check
--> Processing Dependency: bind-libs = 30:9.3.6-16.P1.el5_7.1 for package: bind-utils
---> Package bind-libs.i386 30:9.3.6-20.P1.el5 set to be updated
--> Running transaction check
---> Package bind-utils.i386 30:9.3.6-20.P1.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                  Arch              Version                         Repository         Size
====================================================================================================
Installing:
 bind-chroot              i386              30:9.3.6-20.P1.el5              base               47 k
Installing for dependencies:
 bind                     i386              30:9.3.6-20.P1.el5              base              981 k
Updating for dependencies:
 bind-libs                i386              30:9.3.6-20.P1.el5              base              863 k
 bind-utils               i386              30:9.3.6-20.P1.el5              base              174 k

Transaction Summary
====================================================================================================
Install       2 Package(s)
Upgrade       2 Package(s)

Total download size: 2.0 M
Downloading Packages:
(1/4): bind-chroot-9.3.6-20.P1.el5.i386.rpm                                  |  47 kB     00:00
(2/4): bind-utils-9.3.6-20.P1.el5.i386.rpm                                   | 174 kB     00:01
(3/4): bind-libs-9.3.6-20.P1.el5.i386.rpm                                    | 863 kB     00:07
(4/4): bind-9.3.6-20.P1.el5.i386.rpm                                         | 981 kB     00:08
----------------------------------------------------------------------------------------------------
Total                                                               111 kB/s | 2.0 MB     00:18
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : bind-libs                                                                    1/6
  Installing     : bind                                                                         2/6
  Installing     : bind-chroot                                                                  3/6
  Updating       : bind-utils                                                                   4/6
  Cleanup        : bind-libs                                                                    5/6
  Cleanup        : bind-utils                                                                   6/6

Installed:
  bind-chroot.i386 30:9.3.6-20.P1.el5

Dependency Installed:
  bind.i386 30:9.3.6-20.P1.el5

Dependency Updated:
  bind-libs.i386 30:9.3.6-20.P1.el5                bind-utils.i386 30:9.3.6-20.P1.el5

Complete!

2. Check the DNS named service :

[root@CentOS57 ~]# service named status
rndc: connect failed: 127.0.0.1#953: connection refused
named is stopped

named daemon service is stop, You must configure the bind chroot before you start it.

Posted on

How to Install and Configure Bind9 DNS on Ubuntu 11.10

Bind is the most popular software and the most widely used Domain Name System (DNS) software on the Internet for providing DNS services. The name BIND stands for “Berkeley Internet Name Domain” and it’s an implementation of the DNS protocols. In this post i will show the steps how to install and configure Bind 9 DNS service on Ubuntu 11.10 linux server.

1. Install Bind9 :

ehowstuff@ehowstuff:~$ sudo apt-get install bind9 -y

2. Setup and configure zone with the name of ehowstuff.local

ehowstuff@ehowstuff:~$ sudo vim /etc/bind/named.conf.local

Add a DNS zone to BIND9. Edit named.conf.local as below :

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "ehowstuff.local" {
             type master;
             file "/etc/bind/db.ehowstuff.local";
        };
~

3. Copy and Use an existing zone file as a template:

ehowstuff@ehowstuff:/etc/bind$ sudo cp /etc/bind/db.local /etc/bind/db.ehowstuff.local

Edit the new zone file db.ehowstuff.local.

ehowstuff@ehowstuff:~$ sudo vim /etc/bind/db.ehowstuff.local

Change configuration as below :

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.ehowstuff.local. root.ehowstuff.local. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.ehowstuff.local.
ns      IN      A       192.168.1.49
box     IN      A       192.168.1.49

4. Any changes that you’ve made to the zone file BIND9 will need to be restarted before it to take effect:

 
ehowstuff@ehowstuff:~$ sudo /etc/init.d/bind9 restart
 * Stopping domain name service... bind9                                            [ OK ]
 * Starting domain name service... bind9                                            [ OK ]

5. Make sure you own workstation or server pointing to dns server. In this case, this Ubuntu server pointed to itself since it’s running bind9.

ehowstuff@ehowstuff:~$ sudo vim /etc/resolv.conf

nameserver 127.0.0.1

6. test your bind9 server :

ehowstuff@ehowstuff:~$ nslookup
> set type=ns
> ehowstuff.local
Server:         127.0.0.1
Address:        127.0.0.1#53

ehowstuff.local nameserver = ns.ehowstuff.local.
Posted on

How to Install and Configure Bind 9 as a Caching Server on Ubuntu 11.10

Bind is the most popular software and the most widely used Domain Name System (DNS) software on the Internet for providing DNS services. The name BIND stands for “Berkeley Internet Name Domain” and it’s an implementation of the DNS protocols. In this post i will show the steps how to install and configure Bind 9 to act as a caching server on Ubuntu 11.10 linux server.

root@ehowstuff:~# apt-get install bind9 -y

Example :

root@ehowstuff:~# apt-get install bind9 -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  bind9-host bind9utils dnsutils libbind9-60 libcap2 libdns69 libisc62 libisccc60 libisccfg62
  liblwres60
Suggested packages:
  bind9-doc resolvconf rblcheck
The following NEW packages will be installed:
  bind9 bind9utils libcap2
The following packages will be upgraded:
  bind9-host dnsutils libbind9-60 libdns69 libisc62 libisccc60 libisccfg62 liblwres60
8 upgraded, 3 newly installed, 0 to remove and 56 not upgraded.
Need to get 1,592 kB of archives.
After this operation, 1,479 kB of additional disk space will be used.
Get:1 http://sg.archive.ubuntu.com/ubuntu/ oneiric-updates/main dnsutils i386 1:9.7.3.dfsg-1ubuntu4.1 [142 kB]
Get:2 http://sg.archive.ubuntu.com/ubuntu/ oneiric-updates/main bind9-host i386 1:9.7.3.dfsg-1ubuntu4.1 [53.9 kB]
Get:3 http://sg.archive.ubuntu.com/ubuntu/ oneiric-updates/main libisc62 i386 1:9.7.3.dfsg-1ubuntu4.1 [160 kB]
Get:4 http://sg.archive.ubuntu.com/ubuntu/ oneiric-updates/main libdns69 i386 1:9.7.3.dfsg-1ubuntu4.1 [676 kB]
Get:5 http://sg.archive.ubuntu.com/ubuntu/ oneiric-updates/main libisccc60 i386 1:9.7.3.dfsg-1ubuntu4.1 [18.0 kB]
Get:6 http://sg.archive.ubuntu.com/ubuntu/ oneiric-updates/main libisccfg62 i386 1:9.7.3.dfsg-1ubuntu4.1 [38.8 kB]
Get:7 http://sg.archive.ubuntu.com/ubuntu/ oneiric-updates/main liblwres60 i386 1:9.7.3.dfsg-1ubuntu4.1 [38.6 kB]
Get:8 http://sg.archive.ubuntu.com/ubuntu/ oneiric-updates/main libbind9-60 i386 1:9.7.3.dfsg-1ubuntu4.1 [23.0 kB]
Get:9 http://sg.archive.ubuntu.com/ubuntu/ oneiric/main libcap2 i386 1:2.21-2 [12.5 kB]
Get:10 http://sg.archive.ubuntu.com/ubuntu/ oneiric-updates/main bind9utils i386 1:9.7.3.dfsg-1ubuntu4.1 [102 kB]
Get:11 http://sg.archive.ubuntu.com/ubuntu/ oneiric-updates/main bind9 i386 1:9.7.3.dfsg-1ubuntu4.1 [327 kB]
Fetched 1,592 kB in 18s (88.4 kB/s)
Preconfiguring packages ...
(Reading database ... 50749 files and directories currently installed.)
Preparing to replace dnsutils 1:9.7.3.dfsg-1ubuntu4 (using .../dnsutils_1%3a9.7.3.dfsg-1ubuntu4.1_i386.deb) ...
Unpacking replacement dnsutils ...
Preparing to replace bind9-host 1:9.7.3.dfsg-1ubuntu4 (using .../bind9-host_1%3a9.7.3.dfsg-1ubuntu4.1_i386.deb) ...
Unpacking replacement bind9-host ...
Preparing to replace libisc62 1:9.7.3.dfsg-1ubuntu4 (using .../libisc62_1%3a9.7.3.dfsg-1ubuntu4.1_i386.deb) ...
Unpacking replacement libisc62 ...
Preparing to replace libdns69 1:9.7.3.dfsg-1ubuntu4 (using .../libdns69_1%3a9.7.3.dfsg-1ubuntu4.1_i386.deb) ...
Unpacking replacement libdns69 ...
Preparing to replace libisccc60 1:9.7.3.dfsg-1ubuntu4 (using .../libisccc60_1%3a9.7.3.dfsg-1ubuntu4.1_i386.deb) ...
Unpacking replacement libisccc60 ...
Preparing to replace libisccfg62 1:9.7.3.dfsg-1ubuntu4 (using .../libisccfg62_1%3a9.7.3.dfsg-1ubuntu4.1_i386.deb) ...
Unpacking replacement libisccfg62 ...
Preparing to replace liblwres60 1:9.7.3.dfsg-1ubuntu4 (using .../liblwres60_1%3a9.7.3.dfsg-1ubuntu4.1_i386.deb) ...
Unpacking replacement liblwres60 ...
Preparing to replace libbind9-60 1:9.7.3.dfsg-1ubuntu4 (using .../libbind9-60_1%3a9.7.3.dfsg-1ubuntu4.1_i386.deb) ...
Unpacking replacement libbind9-60 ...
Selecting previously deselected package libcap2.
Unpacking libcap2 (from .../libcap2_1%3a2.21-2_i386.deb) ...
Selecting previously deselected package bind9utils.
Unpacking bind9utils (from .../bind9utils_1%3a9.7.3.dfsg-1ubuntu4.1_i386.deb) ...
Selecting previously deselected package bind9.
Unpacking bind9 (from .../bind9_1%3a9.7.3.dfsg-1ubuntu4.1_i386.deb) ...
Processing triggers for man-db ...
Processing triggers for ufw ...
Processing triggers for ureadahead ...
ureadahead will be reprofiled on next reboot
Setting up libisc62 (1:9.7.3.dfsg-1ubuntu4.1) ...
Setting up libdns69 (1:9.7.3.dfsg-1ubuntu4.1) ...
Setting up libisccc60 (1:9.7.3.dfsg-1ubuntu4.1) ...
Setting up libisccfg62 (1:9.7.3.dfsg-1ubuntu4.1) ...
Setting up libbind9-60 (1:9.7.3.dfsg-1ubuntu4.1) ...
Setting up liblwres60 (1:9.7.3.dfsg-1ubuntu4.1) ...
Setting up bind9-host (1:9.7.3.dfsg-1ubuntu4.1) ...
Setting up dnsutils (1:9.7.3.dfsg-1ubuntu4.1) ...
Setting up libcap2 (1:2.21-2) ...
Setting up bind9utils (1:9.7.3.dfsg-1ubuntu4.1) ...
Setting up bind9 (1:9.7.3.dfsg-1ubuntu4.1) ...
Adding group `bind' (GID 113) ...
Done.
Adding system user `bind' (UID 105) ...
Adding new user `bind' (UID 105) with group `bind' ...
Not creating home directory `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
#
 * Starting domain name service... bind9                                                     [ OK ]
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place

The main configuration is stored in the following files:

root@ehowstuff:~# ls /etc/bind | grep named
named.conf
named.conf.default-zones
named.conf.local
named.conf.options

To configure bind9 to act as a caching server, all that is required is simply adding the IP numbers of your ISP’s DNS servers or alternatively you can use free google dns server as below :

root@ehowstuff:~# vim /etc/bind/named.conf.options

Uncomment and edit the following in /etc/bind/named.conf.options :

.
.
.
    forwarders {
                8.8.8.8;
         };
.
.
.

Start or restart caching named service :

As a root :

root@ehowstuff:~# /etc/init.d/bind9 restart
 * Stopping domain name service... bind9                                                     [ OK ]
 * Starting domain name service... bind9                                                     [ OK ]

or restart bind as normal user :

ehowstuff@ehowstuff:~$ sudo /etc/init.d/bind9 restart
[sudo] password for ehowstuff:
 * Stopping domain name service... bind9                                                     [ OK ]
 * Starting domain name service... bind9                                                     [ OK ]

Verify caching dns server completely working using dig command. Use dig command to query google.com :

root@ehowstuff:~# dig www.google.com

; <<>> DiG 9.7.3 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40642
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         86322   IN      CNAME   www.l.google.com.
www.l.google.com.       223     IN      A       209.85.175.99
www.l.google.com.       223     IN      A       209.85.175.103
www.l.google.com.       223     IN      A       209.85.175.104
www.l.google.com.       223     IN      A       209.85.175.105
www.l.google.com.       223     IN      A       209.85.175.106
www.l.google.com.       223     IN      A       209.85.175.147

;; AUTHORITY SECTION:
.                       14355   IN      NS      m.root-servers.net.
.                       14355   IN      NS      l.root-servers.net.
.                       14355   IN      NS      f.root-servers.net.
.                       14355   IN      NS      d.root-servers.net.
.                       14355   IN      NS      k.root-servers.net.
.                       14355   IN      NS      j.root-servers.net.
.                       14355   IN      NS      g.root-servers.net.
.                       14355   IN      NS      h.root-servers.net.
.                       14355   IN      NS      i.root-servers.net.
.                       14355   IN      NS      a.root-servers.net.
.                       14355   IN      NS      e.root-servers.net.
.                       14355   IN      NS      b.root-servers.net.
.                       14355   IN      NS      c.root-servers.net.

;; Query time: 14 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Apr  8 16:21:07 2012
;; MSG SIZE  rcvd: 359
Posted on

How to Fix “/etc/rndc.key: permission denied” for named Service Error

Symptoms :

I keep getting this error every time I try to start the named daemon service :

    [root@centos62 ~]# service named start
Starting named:                                            [FAILED]

Then i checked at the /var/log/messages, i get the following messages :

    [root@centos62 ~]# tail -f /var/log/messages

    Feb  6 21:51:22 centos62 named[1341]: loading configuration from '/etc/named.conf'
Feb  6 21:51:22 centos62 named[1341]: /etc/named.conf:7: open: /etc/rndc.key: permission denied
Feb  6 21:51:22 centos62 named[1341]: loading configuration: permission denied
Feb  6 21:51:22 centos62 named[1341]: exiting (due to fatal error)

Solutions :
Change the owner and the files permission of the ‘/etc/named.conf’ :

    [root@centos62 ~]# chown named:named /etc/rndc.key
[root@centos62 ~]# chmod 644 /etc/rndc.key

Start named services :

    [root@centos62 ~]# service named start
Starting named:                                            [  OK  ]
Posted on

How to Configure Bind Chroot DNS Server on CentOS 6.2

In this post, i will show you on how to configure Bind Chroot DNS Server on CentOS 6.2. Assumed that you have installed Bind Chroot DNS.

1. Install Bind Chroot DNS Server

    [root@centos62 ~]# yum install bind-chroot -y

2. Create a file /var/named/chroot/var/named/ehowstuff.local with the following configuration:

    [root@centos62 ~]# vi /var/named/chroot/var/named/ehowstuff.local

    ;
;       Addresses and other host information.
;
@       IN      SOA     ehowstuff.local. hostmaster.ehowstuff.local. (
                               2011030801      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum
 
;       Define the nameservers and the mail servers
 
               IN      NS      ns.ehowstuff.local.
               IN      A       192.168.1.44
               IN      MX      10 mail.ehowstuff.local.
 
mail            IN      A       192.168.1.42
ns              IN      A       192.168.1.44

3. Generate an RNDC key :
The rndc tool is used to managed the named daemon. We need to generate a keyfile called /etc/rndc.key which is referenced both by /etc/rndc.conf and /etc/named.conf To do this we use the following command;

    [root@centos62 ~]# rndc-confgen -a -c /etc/rndc.key
wrote key file "/etc/rndc.key"

View the content of the RNDC key :

    [root@centos62 ~]# cat /etc/rndc.key
key "rndc-key" {
        algorithm hmac-md5;
        secret "T6tduqyMQ/YbIDXOmE0Fzg==";
};

4. Edit the /var/named/chroot/etc/named.conf file for ehowstuff.local

    [root@centos62 ~]# vi /var/named/chroot/etc/named.conf

    options {
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
forwarders { 8.8.8.8; };
};
include "/etc/rndc.key";
// We are the master server for ehowstuff.local

zone "ehowstuff.local" {
    type master;
    file "ehowstuff.local";
};

5. Start the DNS service using the following command :

    [root@centos62 ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]

6. Make named daemon auto start during boot :

    [root@centos62 ~]# chkconfig named on

7. Before testing, make sure your pc or server using the Bind Chroot DNS Server that has been set up :

    [root@centos62 ~]# cat /etc/resolv.conf
nameserver 192.168.1.44

8. Test your DNS service :

    [root@centos62 ~]# host -t mx ehowstuff.local
ehowstuff.local mail is handled by 10 mail.ehowstuff.local.

[root@centos62 ~]# host -t ns ehowstuff.local
ehowstuff.local name server ns.ehowstuff.local.
Posted on

How to Install Bind Chroot DNS Server on CentOS 6.2

In this post, i will guide you on how to install Bind Chroot DNS server on CentOS 6.2. DNS is the Domain Name System that maintains a database that can help user’s computer to translate domain names such as www.ehowstuff.com to IP addresses such as 184.173.214.97. DNS on CeentOS is based on the named daemon, which is built on the BIND package developed through the Internet Software Consortium. (More information is available from the BIND home page at www.isc.org/products/BIND.) However, these are RPM packages associated with DNS. But not all required to build Bind Chroot DNS Server.

bind Includes the basic name server software, including /usr/sbin/named.

bind-chroot Includes directories that isolate BIND in a so-called “chroot jail,” which limits access if DNS is compromised.

bind-devel Includes development libraries for BIND.

bind-libbind-devel Contains the libbind BIND resolver library.

bind-libs Adds library files used by the bind and bind-utils RPMs.

bind-sdb Supports alternative databases, such as LDAP. Per the Red Hat Exam Prep guide and course outlines, I see no evidence that such relationships are covered on the Red Hat exams.

bind-utils Contains tools such as dig and host that provide information about a specific Internet host. It should already be installed in any minimum installation of RHEL.

caching-nameserver Includes files associated with a caching nameserver.

system-config-bind A GUI configuration tool useful for adding host and reverse address lookup data. It’s not officially a part of the DNS Name Server package group.

Simply run this command to install Bind Chroot DNS Server :

    [root@centos62 ~]# yum install bind-chroot -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.maulvi.net
 * extras: centos.maulvi.net
 * rpmforge: fr2.rpmfind.net
 * updates: centos.maulvi.net
rpmforge                                                                     | 1.1 kB     00:00
rpmforge/primary                                                             | 1.5 MB     00:18
rpmforge                                                                                  4233/4233
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.i686 32:9.7.3-8.P3.el6_2.2 will be installed
--> Processing Dependency: bind = 32:9.7.3-8.P3.el6_2.2 for package: 32:bind-chroot-9.7.3-8.P3.el6_2.2.i686
--> Running transaction check
---> Package bind.i686 32:9.7.3-8.P3.el6_2.2 will be installed
--> Processing Dependency: bind-libs = 32:9.7.3-8.P3.el6_2.2 for package: 32:bind-9.7.3-8.P3.el6_2.2.i686
--> Processing Dependency: libdns.so.69 for package: 32:bind-9.7.3-8.P3.el6_2.2.i686
--> Processing Dependency: libbind9.so.60 for package: 32:bind-9.7.3-8.P3.el6_2.2.i686
--> Processing Dependency: libisccc.so.60 for package: 32:bind-9.7.3-8.P3.el6_2.2.i686
--> Processing Dependency: libisccfg.so.62 for package: 32:bind-9.7.3-8.P3.el6_2.2.i686
--> Processing Dependency: liblwres.so.60 for package: 32:bind-9.7.3-8.P3.el6_2.2.i686
--> Processing Dependency: libisc.so.62 for package: 32:bind-9.7.3-8.P3.el6_2.2.i686
--> Running transaction check
---> Package bind-libs.i686 32:9.7.3-8.P3.el6_2.2 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                Arch            Version                            Repository          Size
====================================================================================================
Installing:
 bind-chroot            i686            32:9.7.3-8.P3.el6_2.2              updates             68 k
Installing for dependencies:
 bind                   i686            32:9.7.3-8.P3.el6_2.2              updates            3.9 M
 bind-libs              i686            32:9.7.3-8.P3.el6_2.2              updates            850 k

Transaction Summary
====================================================================================================
Install       3 Package(s)

Total download size: 4.8 M
Installed size: 9.2 M
Downloading Packages:
(1/3): bind-9.7.3-8.P3.el6_2.2.i686.rpm                                      | 3.9 MB     00:35
(2/3): bind-chroot-9.7.3-8.P3.el6_2.2.i686.rpm                               |  68 kB     00:00
(3/3): bind-libs-9.7.3-8.P3.el6_2.2.i686.rpm                                 | 850 kB     00:08
----------------------------------------------------------------------------------------------------
Total                                                               109 kB/s | 4.8 MB     00:45
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : 32:bind-libs-9.7.3-8.P3.el6_2.2.i686                                             1/3
  Installing : 32:bind-9.7.3-8.P3.el6_2.2.i686                                                  2/3
  Installing : 32:bind-chroot-9.7.3-8.P3.el6_2.2.i686                                           3/3

Installed:
  bind-chroot.i686 32:9.7.3-8.P3.el6_2.2

Dependency Installed:
  bind.i686 32:9.7.3-8.P3.el6_2.2                bind-libs.i686 32:9.7.3-8.P3.el6_2.2

Complete!

Next : How to Configure Bind Chroot DNS Server on CentOS 6.2

Posted on

How to Install nslookup on CentOS

nslookup is part of the bind-utils package. Without bind-utils package installed, you will get the following error when you try to nslookup any domain:

[root@centos6 ~]# nslookup
-bash: nslookup: command not found

To install the nslookup in CentOS, simply run this command :

[root@centos6 ~]# yum install bind-utils
Loaded plugins: fastestmirror
Determining fastest mirrors
CentOS6.2-Repository                                                  | 1.3 kB     00:00 ...
CentOS6.2-Repository/primary                                          | 1.2 MB     00:00 ...
CentOS6.2-Repository                                                               3042/3042
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-utils.i686 32:9.7.3-8.P3.el6 will be installed
--> Processing Dependency: bind-libs = 32:9.7.3-8.P3.el6 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: liblwres.so.60 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: libisccfg.so.62 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: libisccc.so.60 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: libisc.so.62 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: libdns.so.69 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: libbind9.so.60 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Running transaction check
---> Package bind-libs.i686 32:9.7.3-8.P3.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================
 Package           Arch        Version                     Repository                   Size
=============================================================================================
Installing:
 bind-utils        i686        32:9.7.3-8.P3.el6           CentOS6.2-Repository        177 k
Installing for dependencies:
 bind-libs         i686        32:9.7.3-8.P3.el6           CentOS6.2-Repository        849 k

Transaction Summary
=============================================================================================
Install       2 Package(s)

Total download size: 1.0 M
Installed size: 2.6 M
Is this ok [y/N]: n
Exiting on user Command
[root@centos6 ~]# nslookup
-bash: nslookup: command not found
[root@centos6 ~]# yum install bind-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-utils.i686 32:9.7.3-8.P3.el6 will be installed
--> Processing Dependency: bind-libs = 32:9.7.3-8.P3.el6 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: liblwres.so.60 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: libisccfg.so.62 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: libisccc.so.60 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: libisc.so.62 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: libdns.so.69 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Processing Dependency: libbind9.so.60 for package: 32:bind-utils-9.7.3-8.P3.el6.i686
--> Running transaction check
---> Package bind-libs.i686 32:9.7.3-8.P3.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================
 Package           Arch        Version                     Repository                   Size
=============================================================================================
Installing:
 bind-utils        i686        32:9.7.3-8.P3.el6           CentOS6.2-Repository        177 k
Installing for dependencies:
 bind-libs         i686        32:9.7.3-8.P3.el6           CentOS6.2-Repository        849 k

Transaction Summary
=============================================================================================
Install       2 Package(s)

Total download size: 1.0 M
Installed size: 2.6 M
Is this ok [y/N]: y
Downloading Packages:
---------------------------------------------------------------------------------------------
Total                                                        6.1 MB/s | 1.0 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 32:bind-libs-9.7.3-8.P3.el6.i686                                          1/2
  Installing : 32:bind-utils-9.7.3-8.P3.el6.i686                                         2/2

Installed:
  bind-utils.i686 32:9.7.3-8.P3.el6

Dependency Installed:
  bind-libs.i686 32:9.7.3-8.P3.el6

Complete!

Now you can start use nslookup:

[root@centos6 ~]# nslookup
> www.google.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
www.google.com  canonical name = www.l.google.com.
Name:   www.l.google.com
Address: 209.85.175.105
Name:   www.l.google.com
Address: 209.85.175.106
Name:   www.l.google.com
Address: 209.85.175.147
Name:   www.l.google.com
Address: 209.85.175.99
Name:   www.l.google.com
Address: 209.85.175.103
Name:   www.l.google.com
Address: 209.85.175.104
> set type=ns
> www.google.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
www.google.com  canonical name = www.l.google.com.

Authoritative answers can be found from:
l.google.com
        origin = ns1.google.com
        mail addr = dns-admin.google.com
        serial = 1473322
        refresh = 900
        retry = 900
        expire = 1800
        minimum = 60
>