Thursday, September 20, 2012

Configuring BIND as Domain Name Server (DNS) on CentOS – 6x system

What is DNS?

It is a well known fact that Human brains are more capable of remebering names compared to numbers. Simply put, a DNS or Domain Name System is an internet service that works as a translator. A translator that resolves Humen Readable names called Domains into IP address. As we all know every computer or device connected to internet is identified by a series of numbers known as IP (Internet Protocol) address. Thus, as we type in (eg.) www.google.com/www.yahoo.com in the address bar of our browsers, it is the DNS (or the Domain Naming Service) which resolves the Domain Name into their corresponding IP addresses  to connect to the appropriate servers of google/yahoo. BIND ( (Berkeley Internet Name Daemon) is by far the most widely used DNS software on the Internet.

The Root (.), story begins here

What happens when you type in www.google.com in your browser?

Do you really know the URL transforms itself to www.google.com. Notice the Dot (.) following the domain name. The mysterious dot or the Root !!

The sequence of events that take place thereafter;

1. Browser asks OS if it has the IP address of www.google.com.

2. OS looks its host (in Linux, it is determined by the entries in "/etc/host.conf", assuming the order is host
    bind) and Cache to find if it has the IP of www.example.com.

3. Then, it goes to the Resolving name server as specified in the system (in the file /etc/resolv.conf)

4. Resolving name server (local to your system) has the information about the root (the dot .) name server.         Asks the Root name sever about www.google.com

5. Root Name Server (the dot .) would reply with information about the details as where to find COM (TLD     or Top Level Domain) name server.

Resolver caches all these info and goes to TLD i.e. COM name server in this case to ask the same
    question about www.google.com

6. TLD or Top Level Domain name server would serve with details about where to find the Authoritative
     Name server or ANS for www.google.com)

(TLDs are updated with the details about which Authoritative Name server needs to used at the time of         Domain registration by the domain name registrar like godady etc.)

Resolver caches all these info and goes on to ask the Authoritative Name server or ANS, to ask the    
     same question about www.google.com

7. Authoritative Name server or ANS (google.com) contains the Address record or "A" record (IP)
    of the domanin www.google.com Thus, it returns the IP address of the www.google.com to the  
    Resolving Name server query.

Therefore, Authoritative Name server or ANS in this case "google.com" would return the resolving    
    name server an IP address like xxx.xx.xx.xxx

8. Resolving name server takes all these information and gives the information to the OS. The OS in turn
     gives the information to the browser.
 
     The browser then makes the connection to the IP address xxx.xx.xx.xxx !!

      Google page is served ! ;)

How DNS works
Configuring BIND

Following are the steps to Configure BIND on CentOS-6 systems (it should work on other Linux based system as well )

Test Environment:
(I)   IPs:
Bind server IP: 172.16.20.174
Client IP: 172.16.20.175
(II) SeLinux and IPTables were turned off on both the systems.
Note: Name, IP Address are all used for test purpose only

A. On Bind server:
1. Install the following bind packages:
# yum install bind bind-libs bind-utils
# rpm -qa | grep ^bind
bind-utils-9.8.2-0.10.rc1.el6_3.2.i686
bind-9.8.2-0.10.rc1.el6_3.2.i686
bind-libs-9.8.2-0.10.rc1.el6_3.2.i686

2. Start the "named" service to check if it is working;
# service named start

3. Create the forward and reverse zone files under /var/named/ directory for the domain which
            needs to be set up:
# cd /var/named
A. Forward zone file (for test purpose eg; linuxdomain-tux.com)
# vim linuxdomain-tux.com.fwd
$ORIGIN linuxdomain-tux.com.
$TTL 3D
@       SOA     linuxdomain-tux.com.     admin.linuxdomain-tux.com. (12 4h 1h 1w 1h)
@       IN      NS          linuxdomain-tux.com.

linuxdomain-tux.com.     IN      A       172.16.20.174
www                      IN      A       172.16.20.174    ; you may exclude this. Tested to see if    domain name is resolved if preceded by "www"

B. Reverse zone file (for test purpose eg; linuxdomain-tux.com)
# vim linuxdomain-tux.com.rev
$ORIGIN 20.16.172.in-addr.arpa.
$TTL 3D
@       SOA     linuxdomain-tux.com.  admin.linuxdomain-tux.com. (12 4h 1h 1w 1h)
                @        IN      NS      linuxdomain-tux.com.

174     IN      PTR     linuxdomain-tux.com.   ;  used only the last octet of the IP

4. Change the group of zone files to "named" :
# chgrp named linuxdomain-tux.com.*

5. Now,  make changes/append the content in /etc/named.conf (defaults were commented. Keep rest of file intact);
// listen-on port 53 { 127.0.0.1; };   //You may use specific ip addresses as well
        listen-on port 53 { any; };
// allow-query     { localhost; };      //You may use specific ip addresses as well             
               allow-query     { any; };    

zone "linuxdomain-tux.com" {
type master;
file "linuxdomain-tux.com.fwd";
};
zone "20.16.172.in-addr.arpa" {
type master;
file "linuxdomain-tux.com.rev";
};

6. Restart the "named" service:
#  service named restart

7. Now, need to tell the resolver to resolve this domain "linuxdomain-tux.com". Edit
        /etc/resolve.conf and make the entry for this IP:
# vim /etc/resolv.conf
nameserver 172.16.20.174

B. Test (On Bind server; you may use any tool):
1. # host linuxdomain-tux.com
linuxdomain-tux.com has address 172.16.20.174

2. # nslookup linuxdomain-tux.com
Server: 172.16.20.174
Address: 172.16.20.174#53
Name: linuxdomain-tux.com
Address: 172.16.20.174

3. # nslookup 172.16.20.174
Server: 172.16.20.174
Address: 172.16.20.174#53
174.20.16.172.in-addr.arpa name = linuxdomain-tux.com.

4. # nslookup www.linuxdomain-tux.com       (This is since "www" entry was made in the zone file)
Server: 172.16.20.174
Address: 172.16.20.174#53
Name: www.linuxdomain-tux.com
Address: 172.16.20.174



5. # dig linuxdomain-tux.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>> linuxdomain-tux.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11793
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;linuxdomain-tux.com. IN A
;; ANSWER SECTION:
linuxdomain-tux.com. 259200 IN A 172.16.20.174
;; AUTHORITY SECTION:
linuxdomain-tux.com. 259200 IN NS linuxdomain-tux.com.
;; Query time: 0 msec
;; SERVER: 172.16.20.174#53(172.16.20.174)
;; WHEN: Wed Aug 22 16:57:17 2012
;; MSG SIZE  rcvd: 70

C. On Client:
1. Edit /etc/resolv.conf to have one entry that points to "linuxdomain-tux.com"
vim /etc/resolv.conf
nameserver 172.16.20.174

D. Test (On client; you may use any tool):
1. # host linuxdomain-tux.com
linuxdomain-tux.com has address 172.16.20.174

2. # nslookup linuxdomain-tux.com
Server: 172.16.20.174
Address: 172.16.20.174#53
Name: linuxdomain-tux.com
Address: 172.16.20.174

3. # nslookup 172.16.20.174
Server: 172.16.20.174
Address: 172.16.20.174#53
174.20.16.172.in-addr.arpa name = linuxdomain-tux.com.

4. # nslookup www.linuxdomain-tux.com
Server: 172.16.20.174
Address: 172.16.20.174#53
Name: www.linuxdomain-tux.com
Address: 172.16.20.174

No comments: