BIND DNS is open source widely using DNS in the world. DNS (domain name system) converts machine name or url to the IP addresses and IP addresses to it's machine name or url.
The Caching-only DNS server does not contain zone information or a zone database file. The Caching-only server only contains information based on the results of queries that it has already performed. In this case, the cache takes the place of the zone database file. These Caching-only DNS Servers can be set up quickly, and are an important ally in your network and Internet security design.
All DNS servers have a cache.dns file that contains the IP addresses of all Internet root servers. The Windows 2000 cache.dns file is also referred to as the root hints file. The caching only server uses this list to begin building its cache. It adds to the cache as it issues iterative queries when responding to client requests to resolve Fully Qualified Domain Names to IP addresses. After the FQDNs are resolved to IP addresses, this information is stored in the DNS Server cache.
Caching Server
All DNS servers have a cache.dns file that contains the IP addresses of all Internet root servers. The Windows 2000 cache.dns file is also referred to as the root hints file. The caching only server uses this list to begin building its cache. It adds to the cache as it issues iterative queries when responding to client requests to resolve Fully Qualified Domain Names to IP addresses. After the FQDNs are resolved to IP addresses, this information is stored in the DNS Server cache.
Prerequisites
Server should have internet connectivity.
Server - DNS01 192.168.254.133
Network configuration should be as follows
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eno16777736
UUID=fb7c4de5-2d28-4aec-8c83-f3084b1273a3
DNS1=192.168.254.133
DOMAIN=ittips.local
ONBOOT=yes
IPADDR0=192.168.254.133
PREFIX0=24
HWADDR=00:0C:29:80:A1:13
PEERDNS=yes
PEERROUTES=yes
Server has connectivity with the Internet (using NAT)
Configure BIND DNS
1. Install bind packages.
#yum -y install bind bind-utils
2. Start BIND service
#systemctl enable named
#systemctl start named
3.configure /etc/named.conf changed lines as followings (red lines)
#vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {192.168.254.133; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any;};
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ittips.local" IN {
type master;
file "dir.ittips.db";
};
zone "254.168.192.in-addr.arpa" IN {
type master;
file "254.168.192.db";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
4. Go to /etc/named and create two files named as follows by copying file "named.empty"
#cd /etc/named
#cp -p named.empty dir.ittips.db (Forward Zone)
#cp -p named.empty 254.168.192.db (Reverse Zone)
5. Configure forward zone as follows
#vim dir.ittips.db
$TTL 3H
@ IN SOA dns01.ittips.local. root.ittips.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns01.ittips.local.
@ NS www.ittips.local.
dns01 IN A 192.168.254.133
www IN A 192.168.254.133
6.Configure the reverse zone as follows
#vim 254.168.192.db
$TTL 3H
@ IN SOA dns01.ittips.local. root.ittips.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
dns01 IN A 192.168.254.133
www IN A 192.168.254.133
@ NS dns01.ittips.local.
@ NS www.ittips.local.
133 IN PTR dns01.ittips.local.
133 IN PTR www.ittips.local.
7. Allow DNS packet form server firewall.
#firewall-cmd --permanent --add-port=53/tcp
#firewall-cmd --permanent --add-port=53/udp
#firewall-cmd --reload
8.Check named.conf has configured correctly.(if there is no any output then configuration is correct)
#named-checkconf /etc/named.conf
9.Check forward/reverse zones configured correctly.
# named-checkzone ittips.local /var/named/dir.ittips.db
# named-checkzone ittips.local /var/named/254.168.192.db
10. Restart the DNS service
#systemctl restart named
11. Verify... Should resolve by configured server
[root@dns01 Desktop]# nslookup www.facebook.com
Server: 192.168.254.133
Address: 192.168.254.133#53
Non-authoritative answer:
www.facebook.com canonical name = star-mini.c10r.facebook.com.
Name: star-mini.c10r.facebook.com
Address: 173.252.90.132
[root@dns01 Desktop]# nslookup www.google.lk
Server: 192.168.254.133
Address: 192.168.254.133#53
Non-authoritative answer:
Name: www.google.lk
Address: 222.165.163.120
Name: www.google.lk
Address: 222.165.163.121
Name: www.google.lk
Address: 222.165.163.114
Name: www.google.lk
Address: 222.165.163.122
Name: www.google.lk
Address: 222.165.163.123
Name: www.google.lk
Address: 222.165.163.125
Name: www.google.lk
Address: 222.165.163.118
Name: www.google.lk
Address: 222.165.163.113
Name: www.google.lk
Address: 222.165.163.116
Name: www.google.lk
Address: 222.165.163.111
Name: www.google.lk
Address: 222.165.163.124
Name: www.google.lk
Address: 222.165.163.117
Name: www.google.lk
Address: 222.165.163.115
Name: www.google.lk
Address: 222.165.163.112
Name: www.google.lk
Address: 222.165.163.119
