Installing BIND9 DNS on CentOS

For all the time I did not encounter installing DNS on the server, but here I had to install Slave DNS on the new client server. I think that the procedure will be useful for both administrators and web developers.

Install Master DNS

We go to the server (for example, Master DNS will be installed on the server with IP, Slave DNS - IP First,
check that the system has all the latest updates.

yum update -y

If you do not specify the "-y" key, you will have to answer all questions of the installer, and with it all the answers are set automatically by default.

Install bind and bind-utils.

yum install bind bind-utils -y

Using the example of my domain, change your entries in the examples for yours. We assume that master has IP, slave Master and slave as far as I understand the division is conditional, since both the server will perform the same functions, the only difference is that slave takes all the data from the master.

Now we’ll edit the configuration file with any text editor, I use vi since it is always on any system.

vi /etc/named.conf

When installing bind, the configuration file is set automatically and we only need to edit it.

options {
	#listen-on port 53 {; };
        listen-on-v6 port 53 { ::1; };
        directory	"/var/named";
        dump-file	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query { any; };
        allow-transfer     { localhost;; };
        recursion no;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";

#listen-on port 53 {; };

We comment on the line so that the server can listen to the broadcast from all addresses and ports (you can probably just specify IP, but your hands didn’t get to experiment. From the outside, it still closes the firewall).

allow-query { any; };

Let us request the server from any address.

allow-transfer     { localhost;; };

Let us take information about slave domains to servers.
Add a domain zone, register in the same configuration file.

  zone "" IN {
                type master;
                file "";
                allow-update { none; };

Configuring domain zones

In the configuration file, we specified the file as the domain zone configuration file.
The easiest way is to take an existing one and edit it to the desired configuration. Files can be placed in a subdirectory.

vi /var/named/

Here is a simple example of what you need to register in the domain zone.

$TTL 86400
@   IN  SOA (
        2014120801  ;Serial ВАЖНО !!! серийный номер должен меняться в большую строну при каждом изменении, иначе slave сервера не обновят данные
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
; Указываем два name сервера
; Определяем IP адреса name серверов
ns1		IN	A
ns2		IN	A
; Define hostname -> IP нашего сервера для этого домена
@		IN	A
www		IN	A

Making server name server

service named restart

We determine that the name server starts when the system boots.

chkconfig named on

Now let's check how our name server works.

dig @

The response should indicate the correct IP of the requested domain. Now configure the slave server.

Server slave name configuration

Configuring the slave name server is the same as master, with the exception of two points:

  1. When editing the named.conf configuration file, you need to specify which domain zones slave
  2. No need to add domain zones, as they will be updated automatically from the master server

In the configuration file, you must specify type slave and specify the IP master of the server.

zone "" IN {
	type slave;
	masters {; };
	file "";

Do not forget to start the server and include it in the automatic start when the system starts.

service named start
chkconfig named on

Now we have two configured name servers.
It remains to open the port in the firewall.
Edit the file / etc / sysconfig / iptables:

# vi /etc/sysconfig/iptables

Add the following rules for port 53.

-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

Updating iptable

# /etc/init.d/iptables restart

Remember to update this file on both servers.
Now we have two working name servers.

Also popular now: