Find knowledge base article(s) by searching for keywords in the title e.g. type linux in the search box below
Find knowledge base article(s) by browsing the subject categories of articles
Technology quick references, cheatsheets, user manuals etc.
Shop Online through ShopifyLite
Tutorials on various IT applications.
Search Title    (UL:0 |SS:f)

Software >> OS >> Unix >> Linux >> RHEL >> 7 >> RHCE >> Section 5 - DNS

Configure a Cacheing-only Name Server


## install the required packages

[root@rhel7server1 ~]# yum -y install bind bind-utils
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
...
================================================================================================================
 Package                  Arch                 Version                         Repository                  Size
================================================================================================================
Installing:
 bind                     x86_64               32:9.9.4-50.el7                 InstallMedia               1.8 M
 bind-utils               x86_64               32:9.9.4-50.el7                 InstallMedia               203 k

Transaction Summary
================================================================================================================
...
Installed:
  bind.x86_64 32:9.9.4-50.el7                         bind-utils.x86_64 32:9.9.4-50.el7                       

Complete!

[root@rhel7server1 etc]# cd /etc

[root@rhel7server1 etc]# vi named.conf

## modify the following, save and exit

   listen-on port 53 { any; };
...
   allow-query     { any; };
...
   dnssec-validation no;


## validate the config

[root@rhel7server1 etc]# named-checkconf

## update our firewall rules

[root@rhel7server1 etc]# firewall-cmd --permanent --add-service=dns
success

[root@rhel7server1 etc]# firewall-cmd --reload
success

[root@rhel7server1 etc]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

[root@rhel7server1 etc]# systemctl start named

[root@rhel7server1 etc]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-06-14 22:50:59 EDT; 7s ago
  Process: 3960 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 3958 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 3963 (named)
   CGroup: /system.slice/named.service
           └─3963 /usr/sbin/named -u named -c /etc/named.conf

Jun 14 22:50:59 rhel7server1 named[3963]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0....al 0
Jun 14 22:50:59 rhel7server1 named[3963]: zone localhost.localdomain/IN: loaded serial 0
Jun 14 22:50:59 rhel7server1 named[3963]: zone localhost/IN: loaded serial 0
Jun 14 22:50:59 rhel7server1 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jun 14 22:50:59 rhel7server1 named[3963]: all zones loaded
Jun 14 22:50:59 rhel7server1 named[3963]: running
Jun 14 22:50:59 rhel7server1 named[3963]: error (network unreachable) resolving './DNSKEY/IN': 2001:500:1::53#53
Jun 14 22:50:59 rhel7server1 named[3963]: error (network unreachable) resolving './NS/IN': 2001:500:1::53#53
Jun 14 22:50:59 rhel7server1 named[3963]: error (network unreachable) resolving './DNSKEY/IN': 2001:503:b...0#53
Jun 14 22:50:59 rhel7server1 named[3963]: error (network unreachable) resolving './NS/IN': 2001:503:ba3e:...0#53
Hint: Some lines were ellipsized, use -l to show in full.

## test nslookup using your network name servers

[root@rhel7server1 etc]# nslookup www.myfaqbase.com
Server:        192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
www.myfaqbase.com    canonical name = myfaqbase.com.
Name:    myfaqbase.com
Address: 13.250.9.23

## test nslookup using your locally installed name server

[root@rhel7server1 etc]# nslookup www.myfaqbase.com 127.0.0.1
Server:        127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
www.myfaqbase.com    canonical name = myfaqbase.com.
Name:    myfaqbase.com
Address: 13.250.9.23



## test from a remote client

[root@rhel7client1 ~]# nslookup www.myfaqbase.com rhel7server1
Server:        rhel7server1
Address:    192.168.0.10#53

Non-authoritative answer:
www.myfaqbase.com    canonical name = myfaqbase.com.
Name:    myfaqbase.com
Address: 54.251.77.247


## ALTERNATIVE - Using unbound package instead of bind

## enable and start the service

systemctl enable unbound
systemctl start unbound

## Edit /etc/unbound/unbound.cf:

interface: 0.0.0.0                              Accept connections from every interface.
access-control: 192.168.0.0/24 allow            Accept requests from these IP addresses.
domain-insecure: myexample.com                  Bypass internal domains which not have been configured with DNS-SEC.
forward-zone:
        name: "."
        forward-addr: 192.168.x.x               Forward all requests to your Network's DNS server

## validate the config
## validation may fail with "/etc/unbound/unbound_server.key" does not exist error if
## we have not started unbound before.   Start it first before edit the config

unbound-checkconf

## restart

systemctl restart unbound

back to Objectives

 

Troubleshoot DNS Client Issues


## Ensure same network as the DNS server or have route to the DNS server

[root@rhel7client1 ~]# ping -c 1 rhel7server1.myexample.com
PING rhel7server1 (192.168.0.10) 56(84) bytes of data.
64 bytes from rhel7server1 (192.168.0.10): icmp_seq=1 ttl=64 time=0.506 ms

[root@rhel7client1 ~]# traceroute rhel7server1.myexample.com
traceroute to rhel7server1.myexample.com (192.168.0.10), 30 hops max, 60 byte packets
 1  rhel7server1 (192.168.0.10)  0.320 ms !X  0.200 ms !X  0.232 ms !X

[root@rhel7client1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:4e:cd:a8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.20/24 brd 192.168.0.255 scope global enp0s9
       valid_lft forever preferred_lft forever
    inet6 fe80::745b:f9e9:9efb:54f1/64 scope link
       valid_lft forever preferred_lft forever

## test with nslookup

[root@rhel7client1 ~]# nslookup www.myfaqbase.com rhel7server1.myexample.com
Server:        rhel7server1.myexample.com
Address:    192.168.0.10#53

Non-authoritative answer:
www.myfaqbase.com    canonical name = myfaqbase.com.
Name:    myfaqbase.com
Address: 13.250.9.23

## test with dig

root@rhel7client1 ~]# dig @rhel7server1.myexample.com mail.myfaqbase.com

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> @rhel7server1.myexample.com mail.myfaqbase.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53558
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.myfaqbase.com.        IN    A

;; ANSWER SECTION:
mail.myfaqbase.com.    3600    IN    A    52.77.220.72

;; AUTHORITY SECTION:
myfaqbase.com.        1959    IN    NS    ns67.domaincontrol.com.
myfaqbase.com.        1959    IN    NS    ns68.domaincontrol.com.

;; ADDITIONAL SECTION:
ns68.domaincontrol.com.    171159    IN    A    173.201.71.44
ns68.domaincontrol.com.    171159    IN    AAAA    2603:5:2274::2c
ns67.domaincontrol.com.    171159    IN    A    97.74.103.44
ns67.domaincontrol.com.    171159    IN    AAAA    2603:5:2174::2c

;; Query time: 182 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Sun Jun 14 23:20:15 EDT 2020
;; MSG SIZE  rcvd: 203

## test with telnet

[root@rhel7client1 ~]# telnet rhel7server1.myexample.com 53
Trying 192.168.0.10...
Connected to rhel7server1.myexample.com.
Escape character is '^]'

## configure name servers to use with nmtui or Network Manager GUI

[root@rhel7client1 ~]# nmtui










## confirm name resolution setting

root@rhel7client1 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.10

## test the name server

[root@rhel7client1 ~]# nslookup www.myfaqbase.com
Server:        192.168.0.10
Address:    192.168.0.10#53

Non-authoritative answer:
www.myfaqbase.com    canonical name = myfaqbase.com.
Name:    myfaqbase.com
Address: 13.250.9.23

 back to Objectives

 

 
[ © 2008-2021 myfaqbase.com - A property of WPDC Consulting ]