INSTALLATION OF DNS

INSTALLATION OF DNS ON RED HAT LINUX 8

PREREQUISITE:

• The machine must be connected to the internet
• The machine must be registered with the red hat.
• The machine must have the cockpit installed on it.
• Execute commands on the root user only.

STEP 1: CHANGING HOSTNAME

• For changing the hostname of Linux use the below command, also we are providing FQDN as our host-name (ex. primary-dns.kaushal.local)

hostnamectl set-hostname primary-dns.kaushal.local
reboot

• After reboot check hostname has been changed or not.

hostnamectl

STEP 2: INSTALLING DNS PACKAGE

• For installing the DNS package on red hate run the below commands

dnf install bind bind-utils -y

• Now enable named service

systemctl start named
systemctl enable named
systemctl status named

STEP 3: SET STATIC IP ADDRESS

• Open the browser and go to https://localhost:9090/ or https://192.168.56.200:9090/
• login with root user.

• Now go to the Networking option and scroll down to the interface section.
• it shows interfaces which are connected to your machine.

• Click on the interface in which you want to change your IP address. (ex. enp0s3 )

• Make sure you ticked on Connect automatically option.
• Now press the edit button on the IPv4 option.

• Now, Disable the Automatic DNS tick. and press plus icon.
• Provide the machine IP address which you want to assign static. (ex. 192.168.56.200 )

• Now change the Addresses section from Automatic to Manual.
• assign static IP according to your network. (ex. 192.168.56.200 )
• assign the netmask according to your subnet (ex. class c = 24 )
• assign a getaway (your router address) (ex. 192.168.56.1 )

• Press Apply
• Now open the terminal and restart the network manager.

systemctl restart NetworkManager
ifconfig

STEP 4: COLLECTING INFORMATION ABOUT THE SYSTEM

• Collect your system information and write it down on a notepad. this helps to prevent spelling mistakes.
• Get IP address:

ifconfig

• On my machine, 192.168.56.200 is my static IP address from the enp0s3 adapter.
• Get hostname:

hostname

• The gathered information was:

STEP 5: Configure bind DNS server

• Open terminal and copy named.cof file to named.bak for backup.
• Then edit named.conf file using any editor.

cp /etc/named.conf  /etc/named.bak
nano /etc/named.conf

• Under the ‘Options’ section, ensure you comment out the lines indicated below to enable the Bind DNS server to listen to all IPs.

// listen-on port 53 { 127.0.0.1; }; 
// listen-on-v6 port 53 { ::1; };

• Additionally, locate the allow-query parameter and adjust it according to your network subnet.

allow-query { localhost; 192.168.56.0/24; };

• This setting allows only the hosts in the defined network to access the DNS server and not just any other host.

• To define the reverse and forward lookup zones, copy and paste the following configuration at the end of /etc/named.conf

//forward zone
zone "kaushal.local" IN {
     type master;
     file "kaushal.local.db";
     allow-update { none; };
     allow-query { any; };
};

//backward zone
zone "56.168.192.in-addr.arpa" IN {
     type master;
     file "kaushal.local.rev";
     allow-update { none; };
     allow-query { any; };
};

• Now press ctrl + s and ctrl + x for saving and exiting from the file.
• Check for errors on named.conf file using below command.

named-checkconf

• If no error displayed on terminal, it means your named.conf file is ok.

STEP 6: Create a forward DNS zone file for the domain

• Create new file kaushal.local.db on /var/named/ directory and edit it.

nano /var/named/kaushal.local.db

• Make changes on below text and paste it on kaushal.local.db

$TTL 86400
@ IN SOA primary-dns.kaushal.local. admin.kaushal.local. (
                                                2020011800 ;Serial
                                                3600 ;Refresh
                                                1800 ;Retry
                                                604800 ;Expire
                                                86400 ;Minimum TTL
)

;Name Server Information
@ IN NS primary-dns.kaushal.local.

;IP Address for Name Server
primary-dns IN A 192.168.56.200

;A Record for the following Host name
www  IN   A   192.168.56.200
test  IN   A   192.168.56.201

;CNAME Record
ftp  IN   CNAME www.kaushal.local.

• Now press ctrl + s and ctrl + x for saving and exiting from the file.
• Check for errors on kaushal.local.db file using below command.

named-checkzone kaushal.local /var/named/kaushal.local.db

• File is OK.

STEP 7: Create a reverse DNS zone file for the domain

• Create new file kaushal.local.rev on /var/named/ directory and edit it.

nano /var/named/kaushal.local.rev

• Make changes on below text and paste it on kaushal.local.rev

$TTL 86400
@ IN SOA primary-dns.kaushal.local. admin.kaushal.local. (
                                            2020011800 ;Serial
                                            3600 ;Refresh
                                            1800 ;Retry
                                            604800 ;Expire
                                            86400 ;Minimum TTL
)
;Name Server Information
@ IN NS primary-dns.kaushal.local.
primary-dns     IN      A       192.168.56.200

;Reverse lookup for Name Server
200 IN PTR primary-dns.kaushal.local.

;PTR Record IP address to Hostname
200     IN      PTR     www.kaushal.local
201     IN      PTR     test.kaushal.local

• Now press ctrl + s and ctrl + x for saving and exiting from the file.
• Check for errors on kaushal.local.rev file using below command.

named-checkzone 192.168.56.200 /var/named/kaushal.local.rev

• File is OK.

STEP 8: assign the necessary file permissions to the two configuration files.

• For assigning permissions use below commands.

chown named:named /var/named/kaushal.local.db
chown named:named /var/named/kaushal.local.rev

• For the changes to be reflected in the system, restart the Bind DNS server

systemctl restart named

STEP 9: Add Firewall Rule

• Use below commands to assign firewall rules.

firewall-cmd --add-service=dns --zone=public --permanent
firewall-cmd --reload

STEP 10: Test the Bind DNS server from a client system

• Open client machine and change dns to 192.168.56.200.

For linux client machine:

• Open terminal and open resolv.conf file.

sudo nano /etc/resov.conf

• Add DNS IP address

nameserver 192.168.56.200

• Now press ctrl + s and ctrl + x for saving and exiting from the file.

Using the nslookup command test the Bind DNS server as shown:

nslookup primary-dns.kaushal.local
nslookup 192.168.56.200

• You can also check for other address

nslookup www.kaushal.local
nslookup test.kaushal.local

Perfect! The reverse DNS lookup is also working as we would expect. 🥳

For Windows client machine:

• Press win + R and run ncpa.cpl .

• Right click on adapter and disable it.
• Now again right click and select Properties option.

• Disable IPv6 and go to properites of IPv4.

• Select Use the following DNS server addresses.
• Put DNS server IP (ex. 192.168.56.200 )

• Press Ok, and close option.
• Now right click on adapeter and enable it.

Using the nslookup command test the Bind DNS server as shown:

nslookup primary-dns.kaushal.local
nslookup 192.168.56.200

• You can also check for other address

nslookup www.kaushal.local
nslookup test.kaushal.local

Perfect! The reverse DNS lookup is also working as we would expect. 🥳

• Now, we can also use cockpit through domain on client systems. (ex. https://www.kaushal.local:9090/ )