shema-surge
Posted on April 10, 2023
Let's Begin with a simple question,
WHAT IS DNS?
DNS (Domain Name System) is like a phonebook for the internet. It is very difficult to remember the phone number of all your contacts but it is easy to remember their names.
To make calling people easier, a phonebook matches your contact's name or alias to their phone number so that you don't have to remember their numbers.
Same goes for the internet, it is easy to remember the domain name of a website like https://dev.to than it is to remember its IP address. But computers do not recognize each other on a network using domain names, they use IP adresses. Therefore, the primary role of the DNS is to translate a domain name to an IP address.
For a more detailed explanation of how DNS works, checkout this link https://www.cloudflare.com/learning/dns/what-is-dns/
We will be using bind, a suite of software for interacting with DNS
Step 1: Login as root
su
Step 2: Install Bind
BIND (Berkeley Internet Name Domain) is the most widely used DNS (Domain Name System) server software on the Internet. It is an open-source implementation of the DNS protocol, originally developed at the University of California, Berkeley, and now maintained by the Internet Systems Consortium.
yum install bind bind-utils -y
Step 3: Change ip address to static
After installing bind, we will change the dynamically allocated ip address to a static one, 192.168.1.2/24.
To do this, edit the ifcfg file for your network interface (enp0s3 or eth0 or ....):
Note: Network interfaces can vary in naming, my centos came with enp0s3 so i'll stick with it.
vim /etc/sysconfig/network-scripts/ifcfg-enp0s3
Now, we'll add the ip address,network mask, and a default gateway and a DNS server address:
IPADDR=192.168.1.2
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.2
Notice that the DNS i gave it matches the ip address of the server such that it can query itself.
Now edit BOOTPROTO and change it from dhcp to none,since we no longer optain an ip address from a dhcpd server.
BOOTPROTO=none
After that, we'll need to restart NetworkManager
systemctl restart NetworkManager
and bing up our network interface
ifup enp0s3
To test if it works ping yourself
ping 192.168.1.2
Step 4: DNS Configuration
First, we'll edit the named.conf file
vim /etc/named.conf
in the vim editor do :set number
to show line numbers
In the options section on line 13, add your the server ip address to the list of ip addresses bind listens to.
listen-on port 53 {127.0.0.1; 192.168.1.2; };
And add the 192.168.1.0/24 subnet to the list of ip addresses allowed to query our DNS on line 21:
allow-query {localhost; 192.168.1.0/24; };
Now all clients with an ip address in 192.168.1.0/24 subnet can query our DNS
After line 57, add the following lines,
zone "example.com" {
type master;
file "forward.example.zone";
allow-update {none;};
};
This specifies our domain to be example.com, type master signifies that the DNS Server has autority over this zone and can allow or block queries to this zone
forward.example.zone is a forward zone file for example.com, it contains information that allows the DNS to resolve example.com to 192.168.1.2
Now we'll create the forward zone file for example.com,
cp /var/named/named.localhost /var/named/forward.example.zone
change the forward zone file's group to named group
chgrp named /var/named/forward.example.zone
Now edit your forward zone file,
vim /var/named/forward.example.com
NOTE: please remember to end every domain name with a "." in the zone file, or else you'll get errors.
To check if the named.conf file does not have errors,
named-checkconf /etc/named.conf
No output means there are not errors.
To check if the zone file is correctly configured,
named-checkzone example.com /var/named/forward.example.com
When the output says zone example.com/IN: loaded serial 0, OK
, then it was configured correctly.
Note: named-checkzone takes the domain specified in the /etc/named.conf file as a parameter.
Now we'll need to restart named.service
systemctl restart named.service
Step5: testing our DNS
nslookup is a command-line tool used to query the Domain Name System (DNS) to obtain information about DNS records for a specific domain name or IP address
nslookup example.com
The output should like this,
dig command-line tool is used to query DNS servers to obtain information about domain names, IP addresses, and DNS records. "dig" is short for "domain information groper".
dig example.com
The above command should provide details about the DNS Server
I hope you learnt something, until next time.
Posted on April 10, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.