Configuring basic DNS service with bind
From Notes_Wiki
<yambe:breadcrumb self="Basic bind configuration">Bind DNS server configuration | Bind DNS</yambe:breadcrumb>
Configuring basic DNS service with bind
- yum -y install bind bind-utils
- Edit /etc/named.conf and append following lines:
- zone "rekallsoftware.com." IN {
- type master;
- file "rekallsoftware.com.forward";
- };
- In '/etc/named.conf' make following modifications:
- listen-on port 53 {127.0.0.1; any;};
- allow-query {localhost; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;};
- dnssec-enable no;
- dnssec-validation no;
- Go to /var/named and create rekallsoftware.com.forward with contents similar to:
- $TTL 3600
- @ SOA ns.rekallsoftware.com. root.rekallsoftware.com. (1 15m 5m 30d 1h)
- NS ns.rekallsoftware.com.
- A 10.1.2.3
- ns IN A 10.1.1.1
- www IN A 10.1.2.3
- Try "nslookup rekallsoftware.com 127.0.0.1"
- Try "nslookup www.google.co.in 127.0.0.1". This will only work if machine has direct access to Internet at least for outgoing UDP port 53.
Automated bind configuration
For automated bind configuration using ansible playbooks use:
---
- name: Configure DNS using bind
hosts: dns_servers
remote_user: root
vars:
zone_names:
- rekallsoftware.com.
allow_query_from: "10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;"
tasks:
- name: Install bind and bind-utils package
yum: name="{{item}}" state=present
with_items:
- bind
- bind-utils
- name: Create custom named.conf with desired zone
template: src=named.conf dest=/etc/named.conf owner=root group=named mode=640
notify:
- restart bind
- name: Copy zone forward files for all zones to /var/named
copy: src="{{item}}forward" dest="/var/named/" owner=root group=named mode=640
with_items: zone_names
notify:
- restart bind
- name: Disable IPv6 support
lineinfile: dest=/etc/sysconfig/named line='OPTIONS="-4"' regexp="^OPTIONS"
notify:
- restart bind
- name: Start and enable bind service
service: name=named state=started enabled=yes
handlers:
- name: restart bind
service: name=named state=restarted
The playbook requires a named.conf template with following contents:
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; {{allow_query_from}} };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
{% for item in zone_names %}
zone "{{item}}" IN {
type master;
file "{{item}}forward";
};
{% endfor %}
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
The playbook requires zones files with names "<zone>.forward" such as "rekallsoftware.com.forward" present in the same folder. Example zone file contents are:
$TTL 3600
@ SOA ns.rekallsoftware.com. root.rekallsoftware.com. (1 15m 5m 30d 1h)
IN NS ns.rekallsoftware.com.
IN A 10.1.2.3
ns IN A 10.1.1.1
www IN A 10.1.2.3
<yambe:breadcrumb self="Basic bind configuration">Bind DNS server configuration | Bind DNS</yambe:breadcrumb>
