Software >> OS >> Unix >> Linux >> RHEL >> 7 >> RHCE >> Section 5 - DNS

Configure a Cacheing-only Name Server


## install the required packages

[root@rhel7server1 ~]# yum -y install bind bind-utils
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
...
================================================================================================================
 Package                  Arch                 Version                         Repository                  Size
================================================================================================================
Installing:
 bind                     x86_64               32:9.9.4-50.el7                 InstallMedia               1.8 M
 bind-utils               x86_64               32:9.9.4-50.el7                 InstallMedia               203 k

Transaction Summary
================================================================================================================
...
Installed:
  bind.x86_64 32:9.9.4-50.el7                         bind-utils.x86_64 32:9.9.4-50.el7                       

Complete!


[root@rhel7server1 etc]# cd /etc

[root@rhel7server1 etc]# vi named.conf

## modify the following, save and exit

   listen-on port 53 { any; };
...
   allow-query     { any; };
...
   dnssec-validation no;


## validate the config

[root@rhel7server1 etc]# named-checkconf

## update our firewall rules

[root@rhel7server1 etc]# firewall-cmd --permanent --add-service=dns
success

[root@rhel7server1 etc]# firewall-cmd --reload
success

[root@rhel7server1 etc]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

[root@rhel7server1 etc]# systemctl start named

[root@rhel7server1 etc]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-06-14 22:50:59 EDT; 7s ago
  Process: 3960 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 3958 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 3963 (named)
   CGroup: /system.slice/named.service
           └─3963 /usr/sbin/named -u named -c /etc/named.conf

Jun 14 22:50:59 rhel7server1 named[3963]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0....al 0
Jun 14 22:50:59 rhel7server1 named[3963]: zone localhost.localdomain/IN: loaded serial 0
Jun 14 22:50:59 rhel7server1 named[3963]: zone localhost/IN: loaded serial 0
Jun 14 22:50:59 rhel7server1 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jun 14 22:50:59 rhel7server1 named[3963]: all zones loaded
Jun 14 22:50:59 rhel7server1 named[3963]: running
Jun 14 22:50:59 rhel7server1 named[3963]: error (network unreachable) resolving './DNSKEY/IN': 2001:500:1::53#53
Jun 14 22:50:59 rhel7server1 named[3963]: error (network unreachable) resolving './NS/IN': 2001:500:1::53#53
Jun 14 22:50:59 rhel7server1 named[3963]: error (network unreachable) resolving './DNSKEY/IN': 2001:503:b...0#53
Jun 14 22:50:59 rhel7server1 named[3963]: error (network unreachable) resolving './NS/IN': 2001:503:ba3e:...0#53
Hint: Some lines were ellipsized, use -l to show in full.

## test nslookup using your network name servers

[root@rhel7server1 etc]# nslookup www.myfaqbase.com
Server:        192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
www.myfaqbase.com    canonical name = myfaqbase.com.
Name:    myfaqbase.com
Address: 13.250.9.23

## test nslookup using your locally installed name server

[root@rhel7server1 etc]# nslookup www.myfaqbase.com 127.0.0.1
Server:        127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
www.myfaqbase.com    canonical name = myfaqbase.com.
Name:    myfaqbase.com
Address: 13.250.9.23



## test from a remote client

[root@rhel7client1 ~]# nslookup www.myfaqbase.com rhel7server1
Server:        rhel7server1
Address:    192.168.0.10#53

Non-authoritative answer:
www.myfaqbase.com    canonical name = myfaqbase.com.
Name:    myfaqbase.com
Address: 54.251.77.247


## ALTERNATIVE - Using unbound package instead of bind


## enable and start the service

systemctl enable unbound
systemctl start unbound

## Edit /etc/unbound/unbound.cf:

interface: 0.0.0.0                              Accept connections from every interface.
access-control: 192.168.0.0/24 allow            Accept requests from these IP addresses.
domain-insecure: myexample.com                  Bypass internal domains which not have been configured with DNS-SEC.
forward-zone:
        name: "."
        forward-addr: 192.168.x.x               Forward all requests to your Network's DNS server

## validate the config
## validation may fail with "/etc/unbound/unbound_server.key" does not exist error if
## we have not started unbound before.   Start it first before edit the config

unbound-checkconf

## restart

systemctl restart unbound

back to Objectives

 

Troubleshoot DNS Client Issues


## Ensure same network as the DNS server or have route to the DNS server

[root@rhel7client1 ~]# ping -c 1 rhel7server1.myexample.com
PING rhel7server1 (192.168.0.10) 56(84) bytes of data.
64 bytes from rhel7server1 (192.168.0.10): icmp_seq=1 ttl=64 time=0.506 ms

[root@rhel7client1 ~]# traceroute rhel7server1.myexample.com
traceroute to rhel7server1.myexample.com (192.168.0.10), 30 hops max, 60 byte packets
 1  rhel7server1 (192.168.0.10)  0.320 ms !X  0.200 ms !X  0.232 ms !X

[root@rhel7client1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:4e:cd:a8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.20/24 brd 192.168.0.255 scope global enp0s9
       valid_lft forever preferred_lft forever
    inet6 fe80::745b:f9e9:9efb:54f1/64 scope link
       valid_lft forever preferred_lft forever


## test with nslookup

[root@rhel7client1 ~]# nslookup www.myfaqbase.com rhel7server1.myexample.com
Server:        rhel7server1.myexample.com
Address:    192.168.0.10#53

Non-authoritative answer:
www.myfaqbase.com    canonical name = myfaqbase.com.
Name:    myfaqbase.com
Address: 13.250.9.23


## test with dig

root@rhel7client1 ~]# dig @rhel7server1.myexample.com mail.myfaqbase.com

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> @rhel7server1.myexample.com mail.myfaqbase.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53558
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.myfaqbase.com.        IN    A

;; ANSWER SECTION:
mail.myfaqbase.com.    3600    IN    A    52.77.220.72

;; AUTHORITY SECTION:
myfaqbase.com.        1959    IN    NS    ns67.domaincontrol.com.
myfaqbase.com.        1959    IN    NS    ns68.domaincontrol.com.

;; ADDITIONAL SECTION:
ns68.domaincontrol.com.    171159    IN    A    173.201.71.44
ns68.domaincontrol.com.    171159    IN    AAAA    2603:5:2274::2c
ns67.domaincontrol.com.    171159    IN    A    97.74.103.44
ns67.domaincontrol.com.    171159    IN    AAAA    2603:5:2174::2c

;; Query time: 182 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Sun Jun 14 23:20:15 EDT 2020
;; MSG SIZE  rcvd: 203

## test with telnet

[root@rhel7client1 ~]# telnet rhel7server1.myexample.com 53
Trying 192.168.0.10...
Connected to rhel7server1.myexample.com.
Escape character is '^]'


## configure name servers to use with nmtui or Network Manager GUI

[root@rhel7client1 ~]# nmtui










## confirm name resolution setting

root@rhel7client1 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.10


## test the name server

[root@rhel7client1 ~]# nslookup www.myfaqbase.com
Server:        192.168.0.10
Address:    192.168.0.10#53

Non-authoritative answer:
www.myfaqbase.com    canonical name = myfaqbase.com.
Name:    myfaqbase.com
Address: 13.250.9.23


 back to Objectives