Master DNS Configuration in Chrooted Environment
Here is a little tutorial on how to configure bind in chrooted environment.
1. First of all you need to install all the required packages.
#yum install bind bind-chroot bind-libs bind-utils caching-nameserver
2. Configure RNDC.key file. This key file is required for secured communication between master and slave DNS Servers.
#cd /var/named/chroot/etc
Now issue the following command to generate the rndc config file rndc.key
#rndc-confgen > rndc.key
Change the ownership of the key file so that named can only read it.
#chown root:named rndc.key
Open the rndc.key file and remove sections other than key “rndc” section so that the file looks like :
key "rndckey" {
algorithm hmac-md5;
secret "SGsvsdfsdfsdfsCCkkg==";
};
> There exists a symbolic link of rndc.key in /etc which is required for authentication against rndc.key file, if it doesnot exist create the symbolic link by issuing :
#ln -s /etc/named.conf /var/named/chroot/etc/rndc.key
Now configure the named.conf file. ( /var/named/chroot/etc/named.conf
// Copy this section from the rndc.key file which was created above.
key "rndckey" {
algorithm hmac-md5;
secret "SGsvd1sdfs4ywCCkkg==";
};
//replace the ip and network with your own scenario
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
inet 192.168.1.254 allow { 192.168.1.0/24; } keys { "rndckey"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
recursion yes;
allow-recursion {
127.0.0.1;
192.168.1.0/24;
};
version "put something bogus here"; //for security reasons
allow-query {
127.0.0.1;
192.168.1.0/24;
};
};
server 192.168.254.254 {
keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
// forward zone
zone "test.be" IN {
type master;
file "nishant.com.zone";
allow-update { none; };
// if you have a slave dns server at 192.168.1.2
allow-transfer { 192.168.1.2; };
};
// reverse zone
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.rev.zone";
allow-update { none; };
allow-transfer { 192.168.254.2; };
};
Now let us configure the forward lookup zone file :
/var/named/chroot/var/named/nishant.com.zone$ttl 38400
nishant.com. IN SOA ns.nishant.com. admin.nishant.com. (
2010042300 ; Serial Number
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
nishant.com. IN NS ns.nishant.com.
nishant.com. IN MX 10 mx.nishant.com.
www.nishant.com. IN A 192.168.1.51
ns.nishant.com. IN A 192.168.1.100
mx.nishant.com. IN A 192.168.1.24
mail.nishant.com. IN CNAME mx.nishant.com.
Now we create the reverse lookup zone :
/var/named/chroot/var/named/192.168.1.rev.zone
$TTL 86400
100.168.192.in-addr.arpa. IN SOA ns.nishant.com. admin.nishant.com. (
2007032000
10800
900
604800
3600 )
1.168.192.in-addr.arpa. IN NS ns.nishant.com.
2.1.168.192.in-addr.arpa. IN PTR mx.nishant.com.
51.100.168.192.in-addr.arpa. IN PTR www.nishant.com.
Now check for any errors in the named.conf file by issuing the following command :
#named-checkconf -t /var/named/chroot /etc/named.conf
>> No output means configuration is ok. Now you can start the named service :
#service named start
Now you can login to another machine, change the dns server to the machine you just configured (assuming 192.168.1.254 )
Nslookup
nslookup> server 192.168.1.254
nslookup> www.nishant.com
it will give the answers as configured in the zone file.
Thanks