Linux DNS (To test)

DNS Server configuration

Install bind-utils We are located on the mail server and we have connection to the internet.
To check server’s name command
hostname
Server’s full name (with domain)
hostname -f

Screenshot 2023-09-23 at 22 50 35

Good practise to run yum update before we install anything.
Install bind-utils package for quering DNS servers.

Screenshot 2023-09-23 at 22 53 10

Check DNS main configuration file /etc/named.conf
To check status of the service running systemсtl status name_of_service
systemctl status named

To restart service systemctl restart named
To check if DNS servise is running netstat -antp
-a : all
-t TCP protocol
-n numeric, don’t use name
-p display PID/Program name

Screenshot 2023-09-23 at 23 08 34

On screen it’s currently running on the loopback (port 53)

Screenshot 2023-09-23 at 23 08 34

Activate DNS listening on the port with ip address - edit ‘options’ in /etc/named.conf, then restart service

Screenshot 2023-09-23 at 23 22 22

Configure DNS ip on the windows client

Screenshot 2023-09-23 at 23 25 21

For now it doesn’t work, cause only localhost is allowed to query

Screenshot 2023-09-23 at 23 26 40

We should add there our ip subnet:

Screenshot 2023-09-23 at 23 28 30

And it does work

Primary or Master DNS server

DNS server is called Master when it holds a zone file for a particular domain.
Zone is a portiof DNA namespace.
It means it’s authorized to answer to this domain name records.
If we host multiple domain, then we have to create a zone file for each domain.
We have domain mailserverguru.com. We have to create a zone file for this domain.

Necessary concepts:

Primary/Master DNS - dns server, that holds zone file.
Secondary/Slave DNS - running copy of the primary dns. Primary DNS will replicate it’s zone description and dns records to slave. If the primary server goes down, slave will answer all the queries.
Zone file - file for each domain
Forward zone - name to ip maping
Reverse zone - ip to name maping
2 files: named.conf and named.localhost

TTL 1 - means this records will be cached on the server for one day @in SOA - start of authority

Hostname can be modified in a /etc/hosts file. Check with commands hostname, hostname -f, dnsdomainname

Screenshot 2023-09-24 at 00 45 39 Screenshot 2023-09-24 at 00 47 02

Add zone configurationation to the /etc/named.conf

Screenshot 2023-09-24 at 00 50 30

Interesting fact: there is default named.rfc1912.zones file

# cat named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package 
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
	type master;
	file "named.localhost";
	allow-update { none; };
};

zone "localhost" IN {
	type master;
	file "named.localhost";
	allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
	type master;
	file "named.loopback";
	allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
	type master;
	file "named.loopback";
	allow-update { none; };
};

zone "0.in-addr.arpa" IN {
	type master;
	file "named.empty";
	allow-update { none; };
};

Also the file named.localhost in the /var directory

#cd /var/
# ls
adm     arpwatch  crash  empty  gopher    lib    lock  mail   nis  ossec     run    sys_basher  var  yp
agentx  cache     db     games  kerberos  local  log   named  opt  preserve  spool  tmp         www
[root@dh-mgmt-1 var]# cd named/
[root@dh-mgmt-1 named]# ls -a
.   .git_DISABLED  dynamic  named.ca    named.empty      named.loopback  named.root.hints  rev
..  data           master   named.conf  named.localhost  named.root      named.zone        slaves
[root@dh-mgmt-1 named]# cat named.localhost 
$TTL 1D
@	IN SOA	@ rname.invalid. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	@
	A	127.0.0.1
	AAAA	::1
[root@dh-mgmt-1 named]#

Let’s copy standart name.localhost file format and edit it.

Screenshot 2023-09-24 at 01 05 56

Change the file permission: Linux chown command is used to change a file’s ownership, directory, or symbolic link for a user or group. The chown stands for change owner. In Linux, each file is associated with a corresponding owner or group.

Screenshot 2023-09-24 at 01 07 44

restart systemctl restart named check netstat -antu

Screenshot 2023-09-24 at 01 11 21

After configuring the DNS server we need to change the DNS server ip on the interface on ourself ip.
```
cd /etc/sysconfig/network-scripts/
```
For DNS query we can use d utility or host utility ``` host -a google.com Trying “google.com” ;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 39742 ;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 8

;; QUESTION SECTION: ;google.com. IN ANY

;; ANSWER SECTION: google.com. 129 IN A 142.251.1.101 google.com. 129 IN A 142.251.1.102 google.com. 129 IN A 142.251.1.139 google.com. 129 IN A 142.251.1.138 google.com. 129 IN A 142.251.1.100 google.com. 129 IN A 142.251.1.113 google.com. 52515 IN NS ns4.google.com. google.com. 52515 IN NS ns2.google.com. google.com. 52515 IN NS ns1.google.com. google.com. 52515 IN NS ns3.google.com. google.com. 35 IN SOA ns1.google.com. dns-admin.google.com. 567836080 900 900 1800 60 google.com. 121 IN AAAA 2a00:1450:400f:802::200e

;; ADDITIONAL SECTION: ns4.google.com. 84511 IN A 216.239.38.10 ns4.google.com. 31926 IN AAAA 2001:4860:4802:38::a ns2.google.com. 56997 IN A 216.239.34.10 ns2.google.com. 41364 IN AAAA 2001:4860:4802:34::a ns1.google.com. 45844 IN A 216.239.32.10 ns1.google.com. 36663 IN AAAA 2001:4860:4802:32::a ns3.google.com. 70304 IN A 216.239.36.10 ns3.google.com. 78598 IN AAAA 2001:4860:4802:36::a

Received 446 bytes from 10.254.1.110#53 in 215 ms

host -t ns google.com google.com name server ns4.google.com. google.com name server ns2.google.com. google.com name server ns1.google.com. google.com name server ns3.google.com. ``` Screenshot 2023-09-24 at 01 20 55

Slave/Secondary DNS Server

Client communicate with Master DNS server (NS1).
If Master faills, client will communicate with ns2 server. Slave server runs copy of the master.
Master and Slave communicate with each other for zone data updates. Which is called Zone transfer
Slave server doesn’t create any zone file, like the Master. It takes all the data from the Master.
Which zone can be transfered to Slave should be configured at Master server.
Master and Slave communicate with each other within periodic interval.

Screenshot 2023-09-24 at 13 49 44

Configuration:

add DNS slave server to xone configuration in /etc/named.conf, systemctl restart named

Screenshot 2023-09-24 at 13 51 50

configure Slave DNS server
yum install bind bind-utills
Edit /etc/named.conf (add ip address and network)
paste zone configuration
sytemctl restart named, /var/named/slaves/ file appeared

Copied from Master server:

Screenshot 2023-09-24 at 14 00 34

Сheck /etc/resolv.conf, this server ns2 resolving all names from the internet
We need to change it nmtui edit ens32 (nmtui - useful graphical tool for an interface configuration)
Was 8.8.8.8 , put our own ip address
systemctl restart NetworkManager.service
Check shoutdown the master server init 0 When you issue the “init 0” command on a Unix or Linux system, the system performs a clean shutdown, which means that it closes all running programs and services and unmounts any file systems that are currently mounted. This process is designed to ensure that the system shuts down safely and without losing any data.

Screenshot 2023-09-24 at 14 14 24

Caching DNS server

DNS server is called caching only when it doesn’t contain any zone declaration. Same configuration as previosly, except there is no zone config, only options are changed in /etc/named.conf On the server dig google.com Screenshot 2023-09-24 at 14 14 24

On the second query the time is 0 ms, cause we have caching.

Screenshot 2023-09-24 at 15 55 25

We can not directly see the cache, we will have to dump it.
rndc - utility in bind to control named daemom, to read more rndc rndc dumpdb -cache
rndc - remote name deamon control
dumpdb - parameter
it will be stored in /var/named/data

Screenshot 2023-09-24 at 16 01 29

To clear the cache rndc flush

DNS Forwarder

On the caching DNS server we need to config forwarder to answer on the queries from clients that is not cached. Add upper level DNS server with a forwarder on the /etc/named.conf

Screenshot 2023-09-24 at 16 47 55

systemctl restart named
rndc flush
rndc dumpdb -cache - file located in /var/named/data , (saved dump of cache)

Screenshot 2023-09-24 at 16 53 49

how to delete certain record from cache here

Forward Zone Files

There are 2 files:

forward zone file
reverse zone file

give permission systemctl restart named

check

Reverse Zone File

Screenshot 2023-09-24 at 18 29 25

Screenshot 2023-09-24 at 18 31 00
allow transfered also can be added with slave ip

Screenshot 2023-09-24 at 18 34 20

10 means host with ip 10 on declared subnet

Screenshot 2023-09-24 at 18 36 47

chown name.named 0.168.192.db systemctl restart named

On the slave server add slave zone:

change type: master -> slave
file should be saved in /slaves
enter master ip After restarting service systemctl restart slave file appears

DNS records
- A address record
- PTR pointer record
- CNAME canonical name, if you want to use one server with several names, 2 alias neme for one ip
- NS name server record
- MX mail server record
- SOA start of authority
- TXT text record

Linux Ip config

File descriptor