Network administrations

A DNS server, or name server, is used to resolve an IP address to a hostname or vice versa.
You can set up four different types of DNS servers:

  • A master DNS server for your domain(s), which stores authoritative records for your domain.
  • A slave DNS server, which relies on a master DNS server for data.
  • A caching-only DNS server, which stores recent requests like a proxy server. It otherwise refers to other DNS servers.
  • A forwarding-only DNS server, which refers all requests to other DNS servers.

Before configuring BIND to create a DNS server, you must understand some basic DNS concepts.

The entire hostname with its domain such as server.example.com is called a fully qualified domain name (FQDN). The right-most part of the FQDN such as .com or .net is called the top level domain, with the remaining parts of the FQDN, which are separated by periods, being sub-domains.

These sub-domains are used to divide FQDNs into zones, with the DNS information for each zone being maintained by at least one authoritative name server.

The authoritative server that contains the master zone file, which can be modified to update DNS information about the zone, is called the primary master server, or just master server.

The additional name servers for the zone are called secondary servers or slave servers. Secondary servers retrieve information about the zone through a zone transfer from the master server or from another secondary server. DNS information about a zone is never modified directly on the secondary server

chroot features

chroot feature is run named as user named, and it also limit the files named can see. When installed, named is fooled into thinking that the directory /var/named/chroot is actually the root or / directory. Therefore, named files normally found in the /etc directory are found in /var/named/chroot/etc directory instead, and those you would expect to find in /var/named are actually located in /var/named/chroot/var/named.

The advantage of the chroot feature is that if a hacker enters your system via a BIND exploit, the hacker's access to the rest of your system is isolated to the files under the chroot directory and nothing else. This type of security is also known as a chroot jail.

Configure dns server

In this example we will configure a dns server and will test from client side.

For this example we are using three systems one linux server one linux clients and one window clients.

bind and caching-nameserver rpm is required to configure dns. check them for install if not found install them.
rpm
set hostname to server.example.com and ip address to 192.168.0.254
set hostname and ipaddress

main configuration file for dns server is named.conf. By default this file is not created in /var/named/chroot/etc/ directory. Instead of named.conf a sample file /var/named/chroot/etc/named.caching-nameserver.conf is created. This file is use to make a caching only name server. You can also do editing in this file after changing its name to named.conf to configure master dns server or you can manually create a new named.conf file.

In our example we are creating a new named.conf file
vi named

We are using bind's chroot features so all our necessary files will be located in chroot directory. Set directory location to /var/named. Further we will set the location of forward zone and reverse lookup zone files. If you cannot create this file manually then download this file and copy to /var/named/chroot/etc/

To download do right click here and choose save link As..
named.conf

Or do editing exactly as shown here in image
named.conf
save this file with :wq and exit

Configure zone file

We have defined two zone files example.com.zone for forward zone and 0.168.192.in-addr.arpa for reverse zone. These files will be store in /var/named/chroot/var/named/ location. We will use two sample files for creating these files.

Change directory to /var/named/chroot/var/named and copy the sample files to name which we have set in named.conf
copy sample files

Now open forward zone file example.com.zone
example.com.zone
By default this file will look like this
forward look up zone file
Change this file exactly as shown in image below
forward lookup zone
If you feel difficulty to modify this file then download this configured file and copy to /var/named/chroot/var/named

To download do right click here and choose save link As..
example.com.zone

Now open reverse lookup zone file 0.168.192.in-addr.arpa
reverse lookup zone
By default this file will look like this
reverse lookup zone
Change this file exactly as shown in image below
reverse lookup zone file configured
If you feel difficulty to modify this file then download this configured file and copy to /var/named/chroot/var/named

To download do right click here and choose save link As..
0.168.192.in-addr.arpa

Now changed the ownership of these zone files to named group
chgrp

Now start the named service
service named restart

If service restart without any error means you have successfully configured master name server in our next article we will learn how to configure salve dns server and test it.