How to Install and Configure Bind Chroot DNS Server on CentOS 6.4 VPS

This article will explain the steps to install and configure the DNS Server chroot binding on CentOS 6.4 virtual private server (VPS) or dedicated server. Usually if you plan to install email server or your own web server, it is good to have your own domain name service (DNS), so that you will have full control of the domain and subdomain. BIND (the Berkeley Internet Name Domain) also known as NAMED is the most widely used DNS server in the internet. Bind DNS helps to resolve domain name to ip address and ip address to domain name. Beside having full control of our registered domain name, it will also help to improve the speed of domain lookups. All these steps has been tested on CentOS 6.4 64 bit. When you run BIND in a chroot jail, the process is simply unable to see any part of the filesystem outside the jail. As an example, i will setting up BIND to run chrooted to the directory /var/named/chroot/. Well, to BIND, the contents of this directory will appear to be /, the root directory. A “jail” is a software mechanism for limiting the ability of a process to access resources outside a very limited area, and it’s purposely to enhance the security. Bind Chroot DNS server was by default configured to /var/named/chroot.

1. Install Bind Chroot DNS server :

[root@centos64 ~]# yum install bind-chroot bind -y

2. Copy all bind related files to prepare bind chrooted environments :

[root@centos64 ~]# cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named/

3. Create bind related files into chrooted directory :

[root@centos64 ~]# touch /var/named/chroot/var/named/data/cache_dump.db
[root@centos64 ~]# touch /var/named/chroot/var/named/data/named_stats.txt
[root@centos64 ~]# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[root@centos64 ~]# touch /var/named/chroot/var/named/data/named.run
[root@centos64 ~]# mkdir /var/named/chroot/var/named/dynamic
[root@centos64 ~]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind

4. Bind lock file should be writeable, therefore set the permission to make it writable as below :

[root@centos64 ~]# chmod -R 777 /var/named/chroot/var/named/data
[root@centos64 ~]# chmod -R 777 /var/named/chroot/var/named/dynamic

5. Set if you do not use IPv6 :

[root@centos64 ~]# echo 'OPTIONS="-4"' >> /etc/sysconfig/named

6. Copy /etc/named.conf chrooted bind config folder :

[root@centos64 ~]# cp -p /etc/named.conf /var/named/chroot/etc/named.conf

7.Configure main bind configuration in /etc/named.conf. Append the ehowstuff.local information to the file :

[root@centos64 ~]# vi /var/named/chroot/etc/named.conf

a. Add bind DNS IP addresses :

..
listen-on port 53 { 127.0.0.1;192.168.2.62;192.168.2.63; };
..

b. Create forward and reverse zone :

..
..
zone "ehowstuff.local" {
    type master;
    file "ehowstuff.local.zone";
};

zone "2.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.2.zone";
};
..
..

Full configuration for named.conf :

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1;192.168.2.62;192.168.2.63; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "ehowstuff.local" {
    type master;
    file "ehowstuff.local.zone";
};

zone "2.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.2.zone";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

8. Create Forward and Reverse zone files for domain ehowstuff.local.

a) Create Forward Zone :

[root@centos64 ~]# vi /var/named/chroot/var/named/ehowstuff.local.zone
;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     ehowstuff.local. hostmaster.ehowstuff.local. (
                               2013042201      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns1.ehowstuff.local.
               IN      NS      ns2.ehowstuff.local.
               IN      A       192.168.2.62
               IN      MX      10 mail.ehowstuff.local.

centos64           IN      A       192.168.2.62
mail            IN      A       192.168.2.62
ns1              IN      A       192.168.2.62
ns2              IN      A       192.168.2.63

b) Create Reverse Zone :

[root@centos64 ~]# vi /var/named/chroot/var/named/192.168.2.zone
;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     ehowstuff.local. hostmaster.ehowstuff.local. (
                               2013042201      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

2.168.192.in-addr.arpa. IN      NS      centos64.ehowstuff.local.

62.2.168.192.in-addr.arpa. IN PTR mail.ehowstuff.local.
62.2.168.192.in-addr.arpa. IN PTR ns1.ehowstuff.local.
63.2.168.192.in-addr.arpa. IN PTR ns2.ehowstuff.local.

9. Start Bind service :

[root@centos64 ~]# /etc/init.d/named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

10. Configure Bind auto start at boot :

[root@centos64 ~]# chkconfig --levels 235 named on

11. Test and verify Bind DNS setup :
a. Test and verify using host command :

[root@centos64 ~]# host -t ns ehowstuff.local
ehowstuff.local name server ns1.ehowstuff.local.
ehowstuff.local name server ns2.ehowstuff.local.
[root@centos64 ~]# host -t mx ehowstuff.local
ehowstuff.local mail is handled by 10 mail.ehowstuff.local.

b. Test and verify using nslookup command :

[root@centos64 ~]# nslookup
> set type=any
> ehowstuff.local
Server:         192.168.2.62
Address:        192.168.2.62#53

ehowstuff.local
        origin = ehowstuff.local
        mail addr = hostmaster.ehowstuff.local
        serial = 2013042201
        refresh = 43200
        retry = 3600
        expire = 3600000
        minimum = 2592000
ehowstuff.local nameserver = ns1.ehowstuff.local.
ehowstuff.local nameserver = ns2.ehowstuff.local.
Name:   ehowstuff.local
Address: 192.168.2.62
ehowstuff.local mail exchanger = 10 mail.ehowstuff.local.
> exit

c. Test and verify using dig command :

[root@centos64 ~]# dig ehowstuff.local

; < <>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 < <>> ehowstuff.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;ehowstuff.local.               IN      A

;; ANSWER SECTION:
ehowstuff.local.        2592000 IN      A       192.168.2.62

;; AUTHORITY SECTION:
ehowstuff.local.        2592000 IN      NS      ns1.ehowstuff.local.
ehowstuff.local.        2592000 IN      NS      ns2.ehowstuff.local.

;; ADDITIONAL SECTION:
ns1.ehowstuff.local.    2592000 IN      A       192.168.2.62
ns2.ehowstuff.local.    2592000 IN      A       192.168.2.63

;; Query time: 1 msec
;; SERVER: 192.168.2.62#53(192.168.2.62)
;; WHEN: Wed Apr  3 00:03:40 2013
;; MSG SIZE  rcvd: 117

Securing and Hardening Linux Dedicated Server

securing linuxWhen we hosted the linux dedicated server or virtual private server(VPS) in a data center, security of the system is very important in order to ensure the data and the information are safe from the hackers. Securing and hardening linux dedicated server is mandatory when nearly every computing resources and the application systems is online and susceptible to attack. This post share basic security and hardening tips for the linux dedicated server. If you are plan to host your own linux dedicated server, then this post should able to provide you a good baseline and ideas. The following are the best practices to securing and hardening linux dedicated server :

1. Patching Linux Systems
2. Keep Linux Kernel and Software such as WordPress/Joomla Up to Date
3. Secure SSH
4. Enforcing Stronger Passwords and Password Aging
5. Disable Unnecessary Processes, Services and Daemons
6. Install a host based firewall to protect your dedicated server from unauthorized access
7. Implement Linux Kernel /etc/sysctl.conf hardening
8. Configure Logging and Auditing
9. Install And Use Intrusion Detection System

9 Steps to Setup Dedicated Server for your Website

dedicated serverThere are different types of hosting services are used in the computer technology such as shared hosting, VPS (Virtual Private Server) and Dedicated Server hosting. For new websites with low numbers of visitors, I would highly recommend getting a shared hosting. If you need more control of the server, then you should moving from shared hosting to a VPS. There are plenty of hosting companies offering Virtual Private Servers, and VPS hosting is getting cheaper. This blog hosted at RamNode VPS.

At some point, your site will get super slow server performance impact on limited resources when running VPS hosting. More server resources required is due to the increased number of visitors to the tens of thousands or hundreds of thousands per day.

At the situation when you are hitting super slow website performance due to huge numbers of traffic, I would recommend you to getting dedicated servers. Cheaper way is to setup VPS additional to balance the load. If cost is not an issue, I always recommend you to purchase a dedicated server as this will give you excellent processing performance. In a dedicated server environment , resources such as memory , hard drive storage capacity, processing power, and network access are all 100% to dedicated servers instead of shared with multiple VPS or dozens of shared hosting customers. Popular websites on the Internet certainly have excellent servers behind them. Without such an excellent server, web sites with high concurrency of visitors will not be able to survive.

If you are an experienced system administrator, the following articles may not attract you, but for web developers and those new to the web hosting, the following article can be a useful guide on their first steps. I believe the popular website on the internet has been setup by a consultant who specializes in servers or installed by an experienced system administrator. In this article, I would like to share 9 steps to setup Dedicated Server for your Website.

Once you have purchased a dedicated server, you can log in to your server to complete the setup of your server from start to finish. Below is a guide and checklist for you who are new to server administration.

9 Steps to Setup Dedicated Server

1. Choose and Install Linux operating system :

Choosing the right platform on which to host your dedicated server. Please make sure that you are familiar with the preferred operating system (OS) either CentOS or Fedora or Ubuntu or maybe Windows OS. If you choose linux OS, I would recommend you to do a clean minimal installed of the OS.

2. Update operating system :

Make sure that the OS has been applied the latest patches.
How to Update CentOS 6.4 System using ‘yum update’

3. Install Apache or Nginx Web server :

Apache httpd is one of the most popular web servers and has a lot of features that make it very extensible and useful for many different types of websites. As an alternative to Apache http server, you also can install NGINX. Nginx or “engine x” is a free, open-source HTTP server that provide high-performance edge web server with the lowest memory footprint and the key features to build modern and efficient web infrastructure. I used Nginx to run this blog.

How to Setup Nginx With PHP-FastCGI on CentOS 6.2/CentOS 6.3 VPS Server

4. Install MySQL Database server :

MySQL server is a database server that can stores and retrieves data for the blog, websites and applications. It is one of the most popular most used in the internet especially for content management and blogging site.

5. Install PHP :

PHP: Hypertext Preprocessor is a widely used, free and open-source server-side scripting language that was especially designed for web development to produce dynamic web pages and can be embedded into HTML.

6. Install Bind DNS server :

BIND (the Berkeley Internet Name Domain) also known as NAMED is the most widely used DNS server in the internet. Bind DNS helps to resolve domain name to ip address and ip address to domain name.

7. Install FTP server :

File Transfer Protocol (FTP) is a network protocol used transfer file in the network. one of the most popular FTP server for Unix/Linux is vsftpd. Vsftpd stand for Very Secure FTP Daemon. Vsftpd not only just another popular FTP server for Unix/Linux systems, but vsftpd delivers excellent performance by consuming less memory.

8. Harden and Secure the dedicated server :

There are a few steps to harden the OS of dedicated server.
a) Install a host based firewall to protect your dedicated server from unauthorized access:
Once you have your web server running, you have to install host based firewall and open only certain port in your firewall. I would recommend you tosetting up iptables on your linux dedicated server.

b) Use Strong passwords :
Password complexity requirements should be in place to enforce strong password. A strong password should have mixed case, special characters, numbers, and be longer than 8 characters. Additional security, the passwords should be changed regularly.

c) Disable Unnecessary Processes, Services and Daemons :
I would recommend you to disable unneeded processes,services and daemon such as bluetooth, hidd, cups, yum-updatesd, ypbind, nfs, snmpd, saslauthd, netfs, gpm, pcmcia and sendmail. SELinux also should be set to “Disabled”. This is still very experimental so I would leave this disabled unless you really know what you are doing.

9. Install or migrate over the content of your website or blog :

You can start to migrate over the content of your website or blog to your new dedicated server. For dynamic content blog, i would recommend you to use WordPress as a platform. WordPress is an open-source blogging platform. It’s a free blogging tool and content management system (CMS) based on PHP and MySQL.

I hope that this 9 steps to setup dedicated server can be a useful guide on your first steps to have your own dedicated server to run a websites.

How to Setup Bind Chroot DNS Server on CentOS 6.3 x86_64

bindBIND (the Berkeley Internet Name Domain) also known as NAMED is the most widely used DNS server in the internet. Bind DNS helps to resolve domain name to ip address and ip address to domain name. There are essentially a few reasons to running your own internet DNS Server. First, of course we need to have full control of our registered domain name and second is to improve the speed of domain lookups. This post covers the steps on how to install Bind Chroot DNS Server on CentOS 6.3 64 Bit. It will describes some extra security precautions that you can take when you install BIND. The idea of chroot is fairly simple. When you run BIND in a chroot jail, the process is simply unable to see any part of the filesystem outside the jail. For example, in this post, i will setting up BIND to run chrooted to the directory /var/named/chroot/. Well, to BIND, the contents of this directory will appear to be /, the root directory. A “jail” is a software mechanism for limiting the ability of a process to access resources outside a very limited area, and it’s purposely to enhance the security.

Where is Bind chrooted directory set ?

[root@CentOS63 ~]# more /etc/sysconfig/named

It was by default configured to /var/named/chroot as below :

..
..
ROOTDIR=/var/named/chroot

It is assumed that you already know how to install, configure and use BIND. If not, I would recommend that you read the Bind DNS HOWTO first.

1. Install Bind-Chroot :

[root@CentOS63 ~]# yum install bind-chroot bind -y

2. Copy all bind related files to prepare bind chrooted environments :

 
[root@CentOS63 ~]# cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named/

3. Create bind related files into chrooted directory :

[root@CentOS63 ~]# touch /var/named/chroot/var/named/data/cache_dump.db
[root@CentOS63 ~]# touch /var/named/chroot/var/named/data/named_stats.txt
[root@CentOS63 ~]# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[root@CentOS63 ~]# touch /var/named/chroot/var/named/data/named.run
[root@CentOS63 ~]# mkdir /var/named/chroot/var/named/dynamic
[root@CentOS63 ~]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind

4. Bind lock file should be writeable, therefore set the permission to make it writable as below :

[root@CentOS63 ~]# chmod -R 777 /var/named/chroot/var/named/data
[root@CentOS63 ~]# chmod -R 777 /var/named/chroot/var/named/dynamic

5. Set if you do not use IPv6 :

[root@CentOS63 ~]# echo 'OPTIONS="-4"' >> /etc/sysconfig/named

6. Configure main bind configuration in /etc/named.conf. Append the ehowstuff.local information to the file :

[root@CentOS63 ~]# vi /var/named/chroot/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1;192.168.2.58; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "ehowstuff.local" {
    type master;
    file "ehowstuff.local.zone";
};

zone "2.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.2.zone";
};

include "/etc/rndc.key";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

7. Create Forward and Reverse zone files for domain ehowstuff.local.

a) Create Forward Zone :

[root@CentOS63 ~]# vi /var/named/chroot/var/named/ehowstuff.local.zone
;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     ehowstuff.local. hostmaster.ehowstuff.local. (
                               2013022401      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns.ehowstuff.local.
               IN      A       192.168.2.58
               IN      MX      10 mail.ehowstuff.local.

mail            IN      A       192.168.2.58
ns              IN      A       192.168.2.58

b) Create Reverse Zone :

[root@CentOS63 ~]# vi /var/named/chroot/var/named/192.168.2.zone
;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     ehowstuff.local. hostmaster.ehowstuff.local. (
                               2013022402      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

2.168.192.in-addr.arpa. IN      NS      centos63.ehowstuff.local.

58.2.168.192.in-addr.arpa. IN PTR mail.ehowstuff.local.
58.2.168.192.in-addr.arpa. IN PTR ns.ehowstuff.local.

8. RHEL 6 and CentOS 6 apparently no longer generates the rndc.key during installation. Instead, the key is automatically generated on the first start of named service.

Start Bind service :

[root@CentOS6 ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

9. Configure Bind auto start at boot :

[root@CentOS63 ~]# chkconfig --levels 235 named on

10. Verifying permissions and ownership. Created the files required inside the jail, but the matter of setting the permissions and ownership should remains.

Go to chroot/var/named/ directory :

[root@CentOS63 ~]# cd /var/named/chroot/var/named/

Change owner as below :

[root@CentOS63 named]# chown root:named ehowstuff.local.zone
[root@CentOS63 named]# chown root:named 192.168.2.zone
[root@CentOS63 named]# chown root:named my.external.zone.db
[root@CentOS63 named]# chown root:named my.internal.zone.db
[root@CentOS63 named]# chown root:named named.ca
[root@CentOS63 named]# chown root:named named.localhost
[root@CentOS63 named]# chown root:named named.loopback

Verify permissions and ownership rest of the chrooted directories :

[root@CentOS63 ~]# ll /var/named/
total 32
drwxr-x--- 6 root  named 4096 Feb 24 13:51 chroot
drwxrwx--- 2 named named 4096 Dec  7 04:49 data
drwxrwx--- 2 named named 4096 Dec  7 04:49 dynamic
-rw-r----- 1 root  named 1892 Feb 18  2008 named.ca
-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx--- 2 named named 4096 Dec  7 04:49 slaves
[root@CentOS63 ~]# ll /var/named/chroot/
total 16
drwxr-x--- 2 root named 4096 Feb 24 13:51 dev
drwxr-x--- 4 root named 4096 Feb 24 14:40 etc
drwxr-x--- 3 root named 4096 Feb 24 13:51 usr
drwxr-x--- 6 root named 4096 Feb 24 13:51 var
[root@CentOS63 ~]# ll /var/named/chroot/etc
total 32
-rw-r--r-- 1 root root   372 Feb 20 06:51 localtime
drwxr-x--- 2 root named 4096 Dec  7 04:49 named
-rw-r--r-- 1 root named 1201 Feb 24 14:16 named.conf
-rw-r--r-- 1 root named 2389 Dec  7 04:49 named.iscdlv.key
-rw-r----- 1 root named  931 Jun 21  2007 named.rfc1912.zones
-rw-r--r-- 1 root named  487 Jul 19  2010 named.root.key
drwxr-x--- 3 root named 4096 Feb 24 13:51 pki
-rw-r----- 1 root named   77 Feb 24 14:00 rndc.key
[root@CentOS63 ~]# ll /var/named/chroot/var/named/
total 44
-rw-r-xr-x 1 root  named  551 Feb 24 15:28 192.168.2.zone
drwxrwxrwx 2 named named 4096 Feb 24 14:04 data
drwxrwxrwx 2 named named 4096 Feb 24 15:30 dynamic
-rw-r-xr-x 1 root  named  681 Feb 24 15:28 ehowstuff.local.zone
-rw-r--r-- 1 root  named   56 Feb 24 13:54 my.external.zone.db
-rw-r--r-- 1 root  named   56 Feb 24 13:54 my.internal.zone.db
-rw-r--r-- 1 root  named 1892 Feb 24 13:54 named.ca
-rw-r--r-- 1 root  root   152 Feb 24 13:54 named.empty
-rw-r--r-- 1 root  named  152 Feb 24 13:54 named.localhost
-rw-r--r-- 1 root  named  168 Feb 24 13:54 named.loopback
drwxr-xr-x 2 named named 4096 Feb 24 13:54 slaves

11. Test and make sure it’s working.

[root@CentOS63 ~]# host -t mx ehowstuff.local
ehowstuff.local mail is handled by 10 mail.ehowstuff.local.
[root@CentOS63 ~]# nslookup
> set type=any
> ehowstuff.local
Server:         192.168.2.58
Address:        192.168.2.58#53

ehowstuff.local
        origin = ehowstuff.local
        mail addr = hostmaster.ehowstuff.local
        serial = 2013023401
        refresh = 43200
        retry = 3600
        expire = 3600000
        minimum = 2592000
ehowstuff.local nameserver = ns.ehowstuff.local.
Name:   ehowstuff.local
Address: 192.168.2.58
ehowstuff.local mail exchanger = 10 mail.ehowstuff.local.
>

12. If your server does not have nslookup, host or dig command, then you should install bind-utils. All this utilities are the friendly and useful utilities to test and diagnose the DNS issue.

[root@CentOS6 ~]# yum install bind-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.biz.net.id
 * extras: centos.biz.net.id
 * updates: centos.biz.net.id
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-utils.x86_64 32:9.8.2-0.10.rc1.el6_3.6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
 Package                   Arch                  Version                                   Repository              Size
========================================================================================================================
Installing:
 bind-utils                x86_64                32:9.8.2-0.10.rc1.el6_3.6                 updates                182 k

Transaction Summary
========================================================================================================================
Install       1 Package(s)

Total download size: 182 k
Installed size: 438 k
Is this ok [y/N]: y
Downloading Packages:
bind-utils-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm                                                     | 182 kB     00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 32:bind-utils-9.8.2-0.10.rc1.el6_3.6.x86_64                                                          1/1
  Verifying  : 32:bind-utils-9.8.2-0.10.rc1.el6_3.6.x86_64                                                          1/1

Installed:
  bind-utils.x86_64 32:9.8.2-0.10.rc1.el6_3.6

Complete!

How to Check or Test Reverse DNS on Linux and Windows

dnsReverse Domain Name System (DNS) lookup (also known as rDNS) is a process to determine the hostname associated with a given IP address. It is part of the behavior of the DNS. Its main function is to translate the numeric addresses(IP addresses)of the websites to domain or host names, as opposed to the Forward DNS process. Reverse DNS is separate from forward DNS. Many internet mail servers use reverse DNS to confirm that the server trying to deliver mail to them is genuine, this can help to reduce amount of spam that comes in to their network. Follow the following steps to check or test reverse DNS on linux and Windows operating system.

1. To Check or Test Reverse DNS on Linux operating system :

host <IP Address>

Example :

[root@centos63 ~]# host 184.173.214.97
97.214.173.184.in-addr.arpa domain name pointer 184.173.214.97-static.reverse.softlayer.com.

2. To Check or Test Reverse DNS on Windows Operating system :

C:\>nslookup <IP Address>
C:\>nslookup 184.173.214.97
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    184.173.214.97-static.reverse.softlayer.com
Address:  184.173.214.97

How to Install and Configure Bind 9 DNS on CentOS 6.3

bindThis post covers the steps on how to install Bind DNS server on CentOS 6.3. Bind is the most popular software and the most widely used Domain Name System (DNS) software on the Internet for providing DNS services. The name BIND stands for “Berkeley Internet Name Domain” and it’s an implementation of the DNS protocols.

1. To install Bind 9 on linux CentOS 6.3 server, run the following command :

[root@centos63 ~]# yum install bind -y

Examples :

[root@centos63 ~]# yum install bind -y
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
 * base: ossm.utm.my
 * extras: ossm.utm.my
 * updates: ossm.utm.my
CentOS6.3-Repository                                                         | 4.0 kB     00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.i686 32:9.8.2-0.10.rc1.el6_3.2 will be installed
--> Processing Dependency: portreserve for package: 32:bind-9.8.2-0.10.rc1.el6_3.2.i686
--> Running transaction check
---> Package portreserve.i686 0:0.0.4-9.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package            Arch        Version                           Repository                   Size
====================================================================================================
Installing:
 bind               i686        32:9.8.2-0.10.rc1.el6_3.2         updates                     4.0 M
Installing for dependencies:
 portreserve        i686        0.0.4-9.el6                       CentOS6.3-Repository         22 k

Transaction Summary
====================================================================================================
Install       2 Package(s)

Total download size: 4.0 M
Installed size: 7.2 M
Downloading Packages:
Setting up and reading Presto delta metadata
updates/prestodelta                                                          | 104 kB     00:00
Processing delta metadata
Package(s) data still to download: 4.0 M
(1/2): bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm                                  | 4.0 MB     00:43
----------------------------------------------------------------------------------------------------
Total                                                                93 kB/s | 4.0 MB     00:43
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : portreserve-0.0.4-9.el6.i686                                                     1/2
  Installing : 32:bind-9.8.2-0.10.rc1.el6_3.2.i686                                              2/2
  Verifying  : portreserve-0.0.4-9.el6.i686                                                     1/2
  Verifying  : 32:bind-9.8.2-0.10.rc1.el6_3.2.i686                                              2/2

Installed:
  bind.i686 32:9.8.2-0.10.rc1.el6_3.2

Dependency Installed:
  portreserve.i686 0:0.0.4-9.el6

Complete!

2. Setup and configure zone with the name of example.local :

[root@centos63 ~]# vi /var/named/example.local

Add zone record as below :


;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     example.local. hostmaster.example.local. (
                               2012080701      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns.example.local.
               IN      A       192.168.1.54
               IN      MX      10 mail.example.local.

mail            IN      A       192.168.1.51
ns              IN      A       192.168.1.54
www             IN      A       192.168.1.54

3. Add example.local zone below to named.conf. This is main configuration file for bind dns server.

Modify named.conf :

[root@centos63 ~]# vi /etc/named.conf

Add the following :

zone "example.local" {
    type master;
    file "/var/named/example.local";
};

Full named.conf configuration file :

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "example.local" {
    type master;
    file "/var/named/example.local";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

4. start Named service :

[root@centos63 ~]# /etc/init.d/named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

5. If you want to restart and check the named status, execute the following :

[root@centos63 ~]# /etc/init.d/named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]
[root@centos63 ~]# /etc/init.d/named status
version: 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2
CPUs found: 1
worker threads: 1
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid  2405) is running...

6. For extra checking, verify mx record whether working or not :

[root@centos63 ~]# host -t mx example.local
example.local mail is handled by 10 mail.example.local.

How to Add SPF Record in Bind DNS Zone on Linux

SPFIn order to prevent the Hotmail.com, Gmail.com, Yahoo.com and other top internet mail provider interpret all mails originate from your server to be spam and then placed it into junkmail folder, it is recommended to add SPF (Sender Policy Framework) in your zone file. The ISPs and email providers usually will check for SPF record pass to determine whether the mail originates from your IP. It is advised to configure SPF for your corporate domain to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path), a typical nuisance in e-mail spam. The most important things is this can help to prevent spammers from abusing your domain. This steps has been tested on Bind DNS server that running on linux CentOS 6.2 server.

Steps to add SPF record in Bind DNS zone on Linux server :

1. Login to your Primary DNS server, and open a DNS zone record that contain mail exchanger record (MX record). In this case, MX record for ehowstuff.local domain is mail.ehowstuff.local. The configuration is in /var/named/chroot/var/named/ehowstuff.local.

[root@ns1 ~]# vim /var/named/chroot/var/named/ehowstuff.local
;
;       Addresses and other host information.
;
$TTL 14400
ehowstuff.local.        IN      SOA     ns1.ehowstuff.local.    admin.ehowstuff.local. (
                                        2012060201      ; Serial
                                        86400      ; Refresh
                                        7200       ; Retry
                                        3600000    ; Expire
                                        86400 )  ; Minimum

;A record for domain mapping domain to IP
ehowstuff.local.        IN      A       192.168.1.44

;Define the atleast 2 private nameservers
ehowstuff.local.        IN      NS      ns1.ehowstuff.local.
ehowstuff.local.        IN      NS      ns2.ehowstuff.local.

; Map 2 private nameservers to IP addressess using A record
ns1     IN      A       192.168.1.44
ns2     IN      A       192.168.1.54

; Specify subdomains if any using CNAME or alias.
www     IN      CNAME   ehowstuff.local.
ftp     IN      CNAME   ehowstuff.local.

; Mail exhanger and map it IP using A record.
ehowstuff.local.        IN      MX      10      mail.ehowstuff.local.

; SPF Record for MX.
ehowstuff.local.        IN      TXT     "v=spf1 a mx -all"

2. Restart named service :

[root@ns1 ~]# service named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]

3. You can manually check and test the Sender Policy Framework (SPF) record for a domain by using nslookup as follows:

  • On windows, Open Command prompt (Start -> Run -> cmd).
  • Type ‘nslookup’ and press enter.
  • Type ‘set type=txt’ and press enter (This will set the query type to TXT).
  • Type the domain that you would like to query (e.g. ehowstuff.local).
C:\>nslookup
*** Can't find server name for address 192.168.1.44: Non-existent domain
*** Default servers are not available
Default Server:  UnKnown
Address:  192.168.1.44

> set type=txt
> ehowstuff.local
Server:  UnKnown
Address:  192.168.1.44

ehowstuff.local text =

        "v=spf1 a mx -all"
ehowstuff.local nameserver = ns1.ehowstuff.local
ehowstuff.local nameserver = ns2.ehowstuff.local
ns1.ehowstuff.local     internet address = 192.168.1.44
ns2.ehowstuff.local     internet address = 192.168.1.54
>

On linux, run the following command :

[root@centos62 ~]# host -t txt ehowstuff.local
ehowstuff.local descriptive text "v=spf1 a mx -all"

How to Setup Private DNS With Bind9 Chroot on CentOS 6.2 VPS

dnsAssumed that you already buy two Virtual Private Server (VPS) but you dont want to point your nameservers on your hosting provider. To look more professional and stylish, you can run and have two private nameservers such as ns1.ehowstuff.local and ns2.ehowstuff.local. This post will show you the steps on how to setup and run your own Bind9 Chroot private nameservers on CentOS 6.2 VPS or dedicated server with atleast 2 IP addresses. To fit you requirement, please replace domain (ehowstuff.local) and ip addresses to your own domain and IPs.

ns1.ehowstuff.local : 192.168.1.44 (Master Private DNS server)
ns2.ehowstuff.local : 192.168.1.54 (Slave Private DNS server)

1. Install Bind Chroot DNS Server on both Primary and Slave server :

Master DNS Server

[root@ns1 ~]# yum install bind-chroot -y

Slave DNS server

[root@ns2 ~]# yum install bind-chroot -y


Master DNS Server



2. Login to Primary DNS server (ns1), and create a file /var/named/chroot/var/named/ehowstuff.local with the following configuration:

[root@ns1 ~]# vim /var/named/chroot/var/named/ehowstuff.local
;
;       Addresses and other host information.
;
$TTL 14400
ehowstuff.local.        IN      SOA     ns1.ehowstuff.local.    admin.ehowstuff.local. (
                                        2012060201      ; Serial
                                        86400      ; Refresh
                                        7200       ; Retry
                                        3600000    ; Expire
                                        86400 )  ; Minimum

;A record for domain mapping domain to IP
ehowstuff.local.        IN      A       192.168.1.44

;Define the atleast 2 private nameservers
ehowstuff.local.        IN      NS      ns1.ehowstuff.local.
ehowstuff.local.        IN      NS      ns2.ehowstuff.local.

; Map 2 private nameservers to IP addressess using A record
ns1     IN      A       192.168.1.44
ns2     IN      A       192.168.1.54

; Specify subdomains if any using CNAME or alias.
www     IN      CNAME   ehowstuff.local.
ftp     IN      CNAME   ehowstuff.local.

; Mail exhanger and map it IP using A record.
ehowstuff.local.        IN      MX      10      mail.ehowstuff.local.

3. Still on ns1, please generate an RNDC key :
The rndc tool is used to managed the named daemon. We need to generate a keyfile called /etc/rndc.key which is referenced both by /etc/rndc.conf and /etc/named.conf To do this we use the following command;

[root@ns1 ~]# rndc-confgen -a -c /etc/rndc.key
wrote key file "/etc/rndc.key"

View the content of the RNDC key :

[root@ns1 ~]# cat /etc/rndc.key
key "rndc-key" {
        algorithm hmac-md5;
        secret "T6tduqyMQ/YbIDXOmE0Fzg==";
};

4. on ns1, edit the /var/named/chroot/etc/named.conf file for ehowstuff.local

[root@ns1 ~]# vi /var/named/chroot/etc/named.conf
options {
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
forwarders { 8.8.8.8; };
};
include "/etc/rndc.key";
// We are the master server for ehowstuff.local

zone "ehowstuff.local" {
        type master;
        file "/var/named/ehowstuff.local";
        allow-transfer {192.168.1.54;};
        allow-update {none;};
};

5. Start the DNS service using the following command :

[root@ns1 ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]

6. Make named daemon auto start during boot :

[root@ns1 ~]# chkconfig named on


Slave DNS Server



7. Making slave DNS server can be so easy. Login to the other DNS server(ns2) and open the named.conf file. You need not create any file as the slave will automatically download the master zone information through zone transfer. After sometime, you can view the zone file. :

[root@ns2 ~]# vi /var/named/chroot/etc/named.conf
zone "ehowstuff.local" {
type slave;
file "/var/named/slaves/ehowstuff.local";
masters {192.168.1.44;};
};

Note: Bind will not allow you to run master and slave on same server, even-though you have 2 IP addresses

8. Start the DNS service using the following command :

[root@ns2 ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]

9. Make named daemon auto start during boot :

[root@ns2 ~]# chkconfig named on

10. Before testing, make sure your pc or server using the Bind Chroot DNS Server that has been set up :

[root@ns1 ~]# cat /etc/resolv.conf
nameserver 192.168.1.44
nameserver 192.168.1.54
[root@ns2 ~]# cat /etc/resolv.conf
nameserver 192.168.1.44
nameserver 192.168.1.54

11. Test your DNS service :

Test from Master DNS server (ns1)

[root@ns1 ~]# dig ehowstuff.local

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> ehowstuff.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25783
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;ehowstuff.local.               IN      A

;; ANSWER SECTION:
ehowstuff.local.        14400   IN      A       192.168.1.44

;; AUTHORITY SECTION:
ehowstuff.local.        14400   IN      NS      ns1.ehowstuff.local.
ehowstuff.local.        14400   IN      NS      ns2.ehowstuff.local.

;; ADDITIONAL SECTION:
ns1.ehowstuff.local.    14400   IN      A       192.168.1.44
ns2.ehowstuff.local.    14400   IN      A       192.168.1.54

;; Query time: 0 msec
;; SERVER: 192.168.1.44#53(192.168.1.44)
;; WHEN: Sat Jun  2 14:46:46 2012
;; MSG SIZE  rcvd: 117
[root@ns1 ~]# host -t mx ehowstuff.local
ehowstuff.local mail is handled by 10 mail.ehowstuff.local.
[root@ns1 ~]# host -t ns ehowstuff.local
ehowstuff.local name server ns2.ehowstuff.local.
ehowstuff.local name server ns1.ehowstuff.local.

Test from Slave DNS server (ns2)

[root@ns2 ~]# dig ehowstuff.local

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> ehowstuff.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11526
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;ehowstuff.local.               IN      A

;; ANSWER SECTION:
ehowstuff.local.        14400   IN      A       192.168.1.44

;; AUTHORITY SECTION:
ehowstuff.local.        14400   IN      NS      ns2.ehowstuff.local.
ehowstuff.local.        14400   IN      NS      ns1.ehowstuff.local.

;; ADDITIONAL SECTION:
ns1.ehowstuff.local.    14400   IN      A       192.168.1.44
ns2.ehowstuff.local.    14400   IN      A       192.168.1.54

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jun  2 15:26:19 2012
;; MSG SIZE  rcvd: 117
[root@ns2 ~]# host -t mx ehowstuff.local
ehowstuff.local mail is handled by 10 mail.ehowstuff.local.
[root@ns2 ~]# host -t ns ehowstuff.local
ehowstuff.local name server ns2.ehowstuff.local.
ehowstuff.local name server ns1.ehowstuff.local.

How to Install Bind Utilities on Fedora 16

Question :
When i try to test mx record using host command and other bind utility command such as nslookup, i get this error :

[root@fedora16 ~]# host -t mx fedora16.local
-bash: host: command not found

Solution :
BIND Utilities is not a separate package, it is a collection of the client side programs that are included with BIND-9. The BIND package includes the client side programs nslookup, dig and host.

Simply run the following command to install bind-utils on Fedora 16 :

[root@fedora16 ~]# yum install bind-utils -y

Examples :

[root@fedora16 ~]# yum install bind-utils -y
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-utils.i686 32:9.8.2-1.fc16 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                 Arch              Version                       Repository            Size
====================================================================================================
Installing:
 bind-utils              i686              32:9.8.2-1.fc16               updates              179 k

Transaction Summary
====================================================================================================
Install       1 Package

Total download size: 179 k
Installed size: 411 k
Downloading Packages:
bind-utils-9.8.2-1.fc16.i686.rpm                                             | 179 kB     00:01
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 32:bind-utils-9.8.2-1.fc16.i686                                                  1/1

Installed:
  bind-utils.i686 32:9.8.2-1.fc16

Complete!

Test DNS using host command example :

[root@fedora16 ~]# host -t mx fedora16.local
fedora16.local mail is handled by 10 mail.fedora16.local.

Test DNS using nslookup command example:

[root@fedora16 ~]# nslookup
> ns.fedora16.local
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   ns.fedora16.local
Address: 192.168.1.47
> mail.fedora16.local
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   mail.fedora16.local
Address: 192.168.1.51

How to Install and Configure Bind Chroot DNS Server on Fedora 16

DNS is the Domain Name System that maintains a database that can help user’s computer to translate domain names such as www.ehowstuff.com to IP addresses such as 184.173.214.97. DNS on CentOS and Fedora is based on the named daemon, which is built on the BIND package developed through the Internet Software Consortium. (More information is available from the BIND home page at www.isc.org/products/BIND.) However, these are RPM packages associated with DNS. But not all required to build Bind Chroot DNS Server. bind Includes the basic name server software, including /usr/sbin/named. bind-chroot Includes directories that isolate BIND in a so-called “chroot jail,” which limits access if DNS is compromised. In this post, i will guide you on how to install and configure Bind Chroot DNS server on linux Fedora 16 server.

1. Simply run this command to install Bind Chroot DNS Server :

[root@fedora16 ~]# yum install bind-chroot -y

Examples :

[root@fedora16 ~]# yum install bind-chroot -y
Fedora16-Repository                                                          | 3.7 kB     00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.i686 32:9.8.2-1.fc16 will be installed
--> Processing Dependency: bind = 32:9.8.2-1.fc16 for package: 32:bind-chroot-9.8.2-1.fc16.i686
--> Running transaction check
---> Package bind.i686 32:9.8.2-1.fc16 will be installed
--> Processing Dependency: bind-libs = 32:9.8.2-1.fc16 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: liblwres.so.80 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: libisccfg.so.82 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: libisccc.so.80 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: libisc.so.83 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: libdns.so.81 for package: 32:bind-9.8.2-1.fc16.i686
--> Processing Dependency: libbind9.so.80 for package: 32:bind-9.8.2-1.fc16.i686
--> Running transaction check
---> Package bind-libs.i686 32:9.8.2-1.fc16 will be installed
--> Processing Dependency: bind-license = 32:9.8.2-1.fc16 for package: 32:bind-libs-9.8.2-1.fc16.i686
--> Running transaction check
---> Package bind-license.noarch 32:9.8.1-2.fc16 will be updated
--> Processing Dependency: bind-license = 32:9.8.1-2.fc16 for package: 32:bind-libs-lite-9.8.1-2.fc16.i686
---> Package bind-license.noarch 32:9.8.2-1.fc16 will be an update
--> Running transaction check
---> Package bind-libs-lite.i686 32:9.8.1-2.fc16 will be updated
---> Package bind-libs-lite.i686 32:9.8.2-1.fc16 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                   Arch              Version                       Repository          Size
====================================================================================================
Installing:
 bind-chroot               i686              32:9.8.2-1.fc16               updates             71 k
Installing for dependencies:
 bind                      i686              32:9.8.2-1.fc16               updates            2.0 M
 bind-libs                 i686              32:9.8.2-1.fc16               updates            860 k
Updating for dependencies:
 bind-libs-lite            i686              32:9.8.2-1.fc16               updates            621 k
 bind-license              noarch            32:9.8.2-1.fc16               updates             72 k

Transaction Summary
====================================================================================================
Install       3 Packages
Upgrade       2 Packages

Total download size: 3.6 M
Downloading Packages:
(1/5): bind-9.8.2-1.fc16.i686.rpm                                            | 2.0 MB     00:18
(2/5): bind-chroot-9.8.2-1.fc16.i686.rpm                                     |  71 kB     00:00
(3/5): bind-libs-9.8.2-1.fc16.i686.rpm                                       | 860 kB     00:07
(4/5): bind-libs-lite-9.8.2-1.fc16.i686.rpm                                  | 621 kB     00:04
(5/5): bind-license-9.8.2-1.fc16.noarch.rpm                                  |  72 kB     00:00
----------------------------------------------------------------------------------------------------
Total                                                               113 kB/s | 3.6 MB     00:32
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : 32:bind-license-9.8.2-1.fc16.noarch                                              1/7
  Installing : 32:bind-libs-9.8.2-1.fc16.i686                                                   2/7
  Installing : 32:bind-9.8.2-1.fc16.i686                                                        3/7
  Installing : 32:bind-chroot-9.8.2-1.fc16.i686                                                 4/7
  Updating   : 32:bind-libs-lite-9.8.2-1.fc16.i686                                              5/7
  Cleanup    : 32:bind-libs-lite-9.8.1-2.fc16.i686                                              6/7
  Cleanup    : 32:bind-license-9.8.1-2.fc16.noarch                                              7/7

Installed:
  bind-chroot.i686 32:9.8.2-1.fc16

Dependency Installed:
  bind.i686 32:9.8.2-1.fc16                      bind-libs.i686 32:9.8.2-1.fc16

Dependency Updated:
  bind-libs-lite.i686 32:9.8.2-1.fc16              bind-license.noarch 32:9.8.2-1.fc16

Complete!

2. Create a file /var/named/chroot/var/named/fedora16.local with the following configuration:

[root@fedora16 ~]# vi /var/named/chroot/var/named/fedora16.local

Examples :

;
;       Addresses and other host information.
;
@       IN      SOA     fedora16.local. hostmaster.fedora16.local. (
                               2012051901      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns.fedora16.local.
               IN      A       192.168.1.47
               IN      MX      10 mail.fedora16.local.

mail            IN      A       192.168.1.51
ns              IN      A       192.168.1.47

3. Generate an RNDC key :
The rndc tool is used to managed the named daemon. We need to generate a keyfile called /etc/rndc.key which is referenced both by /etc/rndc.conf and /etc/named.conf To do this we use the following command :

[root@fedora16 ~]# rndc-confgen -a -c /etc/rndc.key
wrote key file "/etc/rndc.key"

View the content of the RNDC key :

[root@fedora16 ~]# cat /etc/rndc.key
key "rndc-key" {
        algorithm hmac-md5;
        secret "B2rQEFnrdcAzAt2BiUmBug==";
};

4. Edit the /var/named/chroot/etc/named.conf file for fedora16.local

[root@fedora16 ~]# vi /var/named/chroot/etc/named.conf
options {
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
forwarders { 8.8.8.8; };
};
include "/etc/rndc.key";
// We are the master server for fedora16.local

zone "fedora16.local" {
    type master;
    file "fedora16.local";
};

5. Start the DNS service using the following command :

[root@fedora16 ~]# /etc/init.d/named start
Starting named (via systemctl):                            [  OK  ]

6. Make named daemon auto start during boot :

[root@fedora16 ~]# chkconfig named on

7. Before testing, make sure your pc or server using the Bind Chroot DNS Server that has been set up :

Test DNS using host command :

[root@fedora16 ~]# host -t mx fedora16.local
fedora16.local mail is handled by 10 mail.fedora16.local.

Test DNS using nslookup command :

[root@fedora16 ~]# nslookup
> ns.fedora16.local
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   ns.fedora16.local
Address: 192.168.1.47
> mail.fedora16.local
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   mail.fedora16.local
Address: 192.168.1.51

How to Install and Configure Bind 9 DNS on CentOS 6.2 x86_64

Bind is the most popular software and the most widely used Domain Name System (DNS) software on the Internet for providing DNS services. The name BIND stands for “Berkeley Internet Name Domain” and it’s an implementation of the DNS protocols. In this post i will show the steps how to install and configure Bind 9 DNS service on linux CentOS 6.2 64 bit server.

To install Bind 9 on linux CentOS 6.2 server, run the following command :

[root@CentOS6.2 ~]# yum install bind -y

Example :

[root@CentOS6.2 ~]# yum install bind -y
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: centos.biz.net.id
 * extras: centos.biz.net.id
 * updates: centos.idrepo.or.id
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.7.3-8.P3.el6_2.2 will be installed
--> Processing Dependency: bind-libs = 32:9.7.3-8.P3.el6_2.2 for package: 32:bind-9.7.3-8.P3.el6_2.2.x86_64
--> Running transaction check
---> Package bind-libs.x86_64 32:9.7.3-8.P3.el6 will be updated
--> Processing Dependency: bind-libs = 32:9.7.3-8.P3.el6 for package: 32:bind-utils-9.7.3-8.P3.el6.x86_64
---> Package bind-libs.x86_64 32:9.7.3-8.P3.el6_2.2 will be an update
--> Running transaction check
---> Package bind-utils.x86_64 32:9.7.3-8.P3.el6 will be updated
---> Package bind-utils.x86_64 32:9.7.3-8.P3.el6_2.2 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package               Arch              Version                           Repository          Size
====================================================================================================
Installing:
 bind                  x86_64            32:9.7.3-8.P3.el6_2.2             updates            3.9 M
Updating for dependencies:
 bind-libs             x86_64            32:9.7.3-8.P3.el6_2.2             updates            840 k
 bind-utils            x86_64            32:9.7.3-8.P3.el6_2.2             updates            178 k

Transaction Summary
====================================================================================================
Install       1 Package(s)
Upgrade       2 Package(s)

Total download size: 4.9 M
Downloading Packages:
(1/3): bind-9.7.3-8.P3.el6_2.2.x86_64.rpm                                    | 3.9 MB     01:16
(2/3): bind-libs-9.7.3-8.P3.el6_2.2.x86_64.rpm                               | 840 kB     00:15
(3/3): bind-utils-9.7.3-8.P3.el6_2.2.x86_64.rpm                              | 178 kB     00:02
----------------------------------------------------------------------------------------------------
Total                                                                50 kB/s | 4.9 MB     01:39
warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID c105b9de: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Importing GPG key 0xC105B9DE:
 Userid : CentOS-6 Key (CentOS 6 Official Signing Key) 
 Package: centos-release-6-2.el6.centos.7.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : 32:bind-libs-9.7.3-8.P3.el6_2.2.x86_64                                           1/5
  Updating   : 32:bind-utils-9.7.3-8.P3.el6_2.2.x86_64                                          2/5
  Installing : 32:bind-9.7.3-8.P3.el6_2.2.x86_64                                                3/5
  Cleanup    : 32:bind-utils-9.7.3-8.P3.el6.x86_64                                              4/5
  Cleanup    : 32:bind-libs-9.7.3-8.P3.el6.x86_64                                               5/5

Installed:
  bind.x86_64 32:9.7.3-8.P3.el6_2.2

Dependency Updated:
  bind-libs.x86_64 32:9.7.3-8.P3.el6_2.2           bind-utils.x86_64 32:9.7.3-8.P3.el6_2.2

Complete!

2. Setup and configure zone with the name of example.com :

[root@CentOS6.2 ~]# vi /var/named/example.com

Create example.com zone as below. You can have different IP addresses if you have installed separate mail server and DNS server :

;
;       Addresses and other host information.
;
@       IN      SOA     example.com. hostmaster.example.com. (
                               2011030801      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns.example.com.
               IN      A       192.168.1.20
               IN      MX      10 mail.example.com.

mail            IN      A       192.168.1.20
ns              IN      A       192.168.1.20

3. Add example zone below to named.conf. named.conf is main configuration file for bind dns server.

zone "example.com" {
    type master;
    file "example.com";
};

Open named.conf :

[root@CentOS6.2 ~]# vi /etc/named.conf

Add zone “example.com” into the named.conf as below :

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "example.com" {
    type master;
    file "example.com";
};

include "/etc/named.rfc1912.zones";

4. Start named service :

[root@CentOS6.2 ~]# service named start

or

[root@CentOS6.2 ~]# /etc/init.d/named start

5. Configure /etc/resolv.conf to point to this bind dns server (192.168.1.20).

6. Test your dns configuration whether working or not :

[root@CentOS6.2 ~]# host -t mx example.com
example.com mail is handled by 10 mail.example.com.

How to Configure Bind Chroot DNS Server on Linux CentOS 5.7 Server

In this post, i will guide you on how to configure Bind Chroot DNS server on Linux CentOS 5.7 Server. DNS is the Domain Name System that maintains a database that can help user’s computer to translate domain names such as www.ehowstuff.com to IP addresses such as 184.173.214.97. DNS on CentOS is based on the named daemon, which is built on the BIND package developed through the Internet Software Consortium. (More information is available from the BIND home page at www.isc.org/products/BIND.) This steps has been tested on linux CentOS 5.7 but it may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5 and CentOS 5.6.

1. Install Bind Chroot DNS Server :

[root@CentOS57 ~]# yum install bind-chroot -y

2. Create a file /var/named/chroot/var/named/bloggerbaru.local with the following configuration :

[root@CentOS57 ~]# vi /var/named/chroot/var/named/bloggerbaru.local
;
;       Addresses and other host information.
;
@       IN      SOA     bloggerbaru.local. hostmaster.bloggerbaru.local. (
                               2011030801      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns.bloggerbaru.local.
               IN      A       192.168.1.45
               IN      MX      10 mail.bloggerbaru.local.

mail            IN      A       192.168.1.45
ns              IN      A       192.168.1.45

3. Generate an RNDC key :
The rndc tool is used to managed the named daemon. We need to generate a keyfile called /etc/rndc.key which is referenced both by /etc/rndc.conf and /etc/named.conf. Execute the following command to generate the RNDC key :

[root@CentOS57 ~]# rndc-confgen -a -c /etc/rndc.key
wrote key file "/etc/rndc.key"

4. View the content of the RNDC key :

[root@CentOS57 ~]# cat /etc/rndc.key
key "rndckey" {
        algorithm hmac-md5;
        secret "jwsFpL7OJR+x9w+YRkGrXA==";
};

5. Edit the /var/named/chroot/etc/named.conf file for bloggerbaru.local :

[root@CentOS57 ~]# vi /var/named/chroot/etc/named.conf
options {
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
forwarders { 8.8.8.8; };
};
include "/etc/rndc.key";
// We are the master server for bloggerbaru.local

zone "bloggerbaru.local" {
    type master;
    file "bloggerbaru.local";
};

6. Start the DNS service using the following command :

[root@CentOS57 ~]# /etc/init.d/named start
Starting named:                                            [  OK  ]

or

[root@CentOS57 ~]# service named start
Starting named:                                            [  OK  ]

7. To ensure the named daemon will start at boot, execute the following chkconfig :

[root@CentOS57 ~]# chkconfig named on

8. Before testing, make sure your pc or server pointing to the DNS Server that has been set up. In this case, i want to ensure that CentOS 5.7 poiting to itself :

[root@CentOS57 ~]# cat /etc/resolv.conf
nameserver 127.0.0.1

9. Test your DNS service :

[root@CentOS57 ~]# host -t mx bloggerbaru.local
bloggerbaru.local mail is handled by 10 mail.bloggerbaru.local.
[root@CentOS57 ~]# host -t mx bloggerbaru.local
bloggerbaru.local mail is handled by 10 mail.bloggerbaru.local.