How To Install the BIND DNS Server on CentOS 6

How To Install the BIND DNS Server on CentOS 6

How To Install the BIND DNS Server on CentOS 6

Jun 12, 2013 DNS CentOS

Preamble

This article will show you how to setup and configure the BIND DNS Server. If you are looking for a guide on how to use DigitalOcean’s integrated DNS service, you may want to review the “How to Set Up a Host Name with DigitalOcean” article instead.

Before we begin, it is recommended you have at least two cloud servers to run your nameservers. Two nameservers are suggested to assure your primary and secondary servers are redundant in case of failure. You may want to consider using two different POP’s as well. For example, we’ve used San Francisco 1 and New York 1. For the purpose of this guide, it will be assumed you are configuring both a primary and secondary name server.

It is worth noting that if you are managing a large number of domains this may not be the most viable solution, as you will need to manually add domains on both the master and slave nameservers. With that said, running your own nameservers is a great way to have more direct control over your hosting infrastructure, and assert full control over your DNS records.

As with any new server, it’s always important to ensure your system is up to date. You can verify this by checking for updates using yum as follows:

yum update -y

(Note: In DigitalOcean, we call our cloud servers as “droplets”. We will use both terms throughout this tutorial)

Initial BIND Installation

To begin, we will need to install the BIND and BIND Utilities packages using yum.

yum install bind bind-utils -y

Next, we’ll open the BIND (named) configuration file and make several modifications.

nano -w /etc/named.conf

Your “options” section should appear as follows, replacing 2.2.2.2 with the IP of your second droplet.

options {
	    #listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory	"/var/named";
        dump-file	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
		allow-query { any; };
        allow-transfer     { localhost; 2.2.2.2; };
        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

Above, listen-on must be commented to listen on all available interfaces. Recursion should be turned off to prevent your server from being abused in “reflection” DDoS attacks. The allow-transfer directive whitelists transfers to your secondary droplet’s IP. Furthermore, we have changed the allow-query directive to “any” in order to allow users proper access to hosted zones.

Next, we’ll want to add a new zone for our first domain, you should add the following to your named.conf below the existing zones.

        zone "mydomain.com" IN {
                type master;
                file "mydomain.com.zone";
                allow-update { none; };
        };

After saving named.conf with the changes above, we’re ready to create our first zone file.

Configure BIND Zones

Firstly, we’ll need to open the zone file, using the name you specified in the configuration above. (Ex: mydomain.com.zone)

nano -w /var/named/mydomain.com.zone

We’ll add the following contents to our newly created file. You should replace the applicable information with your own, where 1.1.1.1 is the IP of your first droplet, 2.2.2.2 is the IP of your second droplet and 3.3.3.3 is the IP you wish to point the domain itself to, such as a droplet running a webserver. You are free to add additional entries in the same format.

$TTL 86400
@   IN  SOA     ns1.mydomain.com. root.mydomain.com. (
        2013042201  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
; Specify our two nameservers
		IN	NS		ns1.mydomain.com.
		IN	NS		ns2.mydomain.com.
; Resolve nameserver hostnames to IP, replace with your two droplet IP addresses.
ns1		IN	A		1.1.1.1
ns2		IN	A		2.2.2.2

; Define hostname -> IP pairs which you wish to resolve
@		IN	A		3.3.3.3
www		IN	A		3.3.3.3

We can now start named for the first time. This may take several minutes while named generates the rndc.key file, which only occurs on first execution.

service named restart

Once named has started successfully, we’ll want to ensure that it is enabled as a startup service, by running the following:

chkconfig named on

By now, we should have a fully operational primary nameserver. You can verify that BIND is working correctly by running the following command, replacing 1.1.1.1 with the IP of your first droplet.

dig @1.1.1.1 mydomain.com

If you recieve a response which includes an answer and authority section, your nameserver has been configured correctly.

 

SOURCE: https://www.digitalocean.com/community/tutorials/how-to-install-the-bind-dns-server-on-centos-6

Comments are closed.