CentOS and DNS resolver: Quickstart


DNS request shema

DNS request shema

Quick how to to install and configure DNS resolver under CentOS for users from LAN:

  1. # yum -y install bind bind-utils
  2. # chkconfig named on
  3. Edit /etc/named.conf:
    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    
    options {
    	listen-on port 53 { 127.0.0.1; [lan ip];};
    	listen-on-v6 port 53 { ::1; };
    	directory 	"/var/named";
    	dump-file 	"/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
    	allow-query     { localhost; [lan network];};
    	recursion yes;
    
    	dnssec-enable yes;
    	dnssec-validation yes;
    	dnssec-lookaside auto;
    
    	/* Path to ISC DLV key */
    	bindkeys-file "/etc/named.iscdlv.key";
    
    	managed-keys-directory "/var/named/dynamic";
    };
    
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
    
    zone "." IN {
    	type hint;
    	file "named.ca";
    };
    
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    

    replacing [lan ip] by ip of LAN interface, and [lan network] – by your local network (eg 192.168.0.0/24)

  4. If your provider’s policy prohibits recourse to port 53 on all DNS servers, except provided, then you need to add a line in the section of the options:
    forwarders { [ip dns1]; [ip dns2]; };
    

    replacing [ip dns1] and [ip dns2] by the IP address of provider’s DNS servers

  5. # service named restart
  6. Add to config /etc/sysconfig/iptables line in the chain filter:
    -A INPUT -i [lan iface] -m udp -p udp --dport 53 -j ACCEPT
    

    replacing [lan iface] by the LAN interface

  7. # service iptables restart
  8. Check locally:
    # host example.com 127.0.0.1
    Using domain server:
    Name: 127.0.0.1
    Address: 127.0.0.1#53
    Aliases: 
    
    example.com has address 93.184.216.34
    example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
    
  9. Check from LAN client:
    # host example.com 192.168.0.1
    Using domain server:
    Name: 192.168.0.1
    Address: 192.168.0.1#53
    Aliases: 
    
    example.com has address 93.184.216.34
    example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
    
  10. It`s works! 🙂

 

Check version of bind:

# named -v

with info about comile flags:

# named -V

More docs for configuring DNS server bind

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.