DNS Server = 192.168.122.30

Host1 Client = 192.168.122.100

  1. Install bind and bind-utils.
yum install bind bind-utils -y

2. Edit named.conf.

Edit the /etc/named.conf file.

  • listen-on add the IP address of the DNS server.
  • Comment out listen-on-v6 line.
  • allow-query add your network in this section. Mine is 192.168.122.0/24.
  • allow-query-cache add your network in this section.
  • Add the zone for the forward lookup.
zone "ayylmao.local" IN {
	type master;
	file "ayylmao.local.zone;
};
  • Add the zone for reverse lookup.
zone "122.168.192.in-addr.arpa" IN {
	type master;
	file "ayylmao.local.rev;
};

3. Create the forward and reverse lookup files.

touch ayylmao.local.zone ayylmao.local.rev

4. Open and edit the forward lookup file. ayylmao.local.zone

; Authoritative data for ayylmao.local zone
;
$TTL 1D
@   IN SOA  ns1.ayylmao.local.   root.ns1.ayylmao.local. (
                                       2017031301      ; serial
                                       1D              ; refresh
                                       1H              ; retry
                                       1W              ; expire
                                       3H )            ; minimum

$ORIGIN         ayylmao.local.
ayylmao.local.          IN      NS      ns1.ayylmao.local.
ns1.ayylmao.local.      IN      A       192.168.122.30
host1                   IN      A       192.168.122.100

; Test entries
test1                   IN      A       192.168.122.99
t1                      IN      CNAME   test1.

As you can see above I added the NS, A, and CNAME records. Quick review:

NS = Name Server

A = IP Address

CNAME = Canonical name or alias

I listed my DNS server (192.168.122.30), host1 (192.168.122.100), and test entries. The test entries are not actual hosts in my network and will not respond back to ping, but it will allow me to test if my DNS is functioning.

5. Start the named process.

systemctl start named

6. Open port 53.

firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp

7. Configure the client.

On your client host edit the /etc/resolv.conf file. Append the following to the resolv.conf file.

nameserver 192.168.122.30

8. Test Your DNS Server

dig util1.ayylmao.local
nslookup util1.ayylmao.local

Cool everything looks to be in order. If you feel comfortable here you can stop and use your newly minted DNS server!

If you like to skate on thin ice come join me below to plunge into containerizing the DNS server.

Containerizing the DNS Server

I commend you for making it this far, now I'll show you how to run your DNS server from a container. (You probably thought I forgot about how I promised to only run new services and apps from a container in previous post)

I'll be using an Ubuntu container, but you may use a CentOS container if you choose to. Make sure you have Docker-CE installed before continuing!

  1. Download the latest Ubuntu Container Image.
docker pull ubuntu:latest

2. Create the Bind configuration files.

Open an empty file in your text editor and save it with the name. named.conf.options

options {
        listen-on port 53 { 127.0.0.1; };
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
                1.1.1.1;
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        //listen-on-v6 { any; };
};

zone "ayy.local" IN {
        type master;
        file "ayy.int.zone";
};

zone "1.168.192.in-addr.arpa" IN {
        type master;
        file "ayy.int.rev";
};

3. Create a forward zone file.

Create another new file and name it ayy.int.zone. Fill it in with the same info from before but change out the domain names.

; Authoritative data for ayy.int zone
;
$TTL 1D
@   IN SOA  ns1.ayy.int.   root.ns1.ayy.int. (
                                       2017031301      ; serial
                                       1D              ; refresh
                                       1H              ; retry
                                       1W              ; expire
                                       3H )            ; minimum

$ORIGIN         ayy.int.
ayy.int.                IN      NS      ns1.ayy.int.
ns1.ayy.int.            IN      A       192.168.100.90
test1                   IN      A       192.168.100.99
t1                      IN      CNAME   test1.
test2                   IN      A       192.168.100.100
t2                      IN      CNAME   test2.

4. Just like the forward zone file, create a reverse zone file.

; Authoritative data for ayylmao.local  reverse zone
;
$TTL 1D
@               IN     SOA      ns1.ayylmao.local.   root.ns1.ayylmao.local. (
                                        2017031501      ; serial
                                        1D              ; refresh
                                        1H              ; retry
                                        1W              ; expire
                                        3H )            ; minimum

@               IN      NS      ns1.ayylmao.local.
ayylmao.local.  IN      NS      ns1.ayylmao.local.
28              IN      PTR     ns1.ayylmao.local.
1               IN      PTR     borg.ayylmao.local.
209             IN      PTR     jenky.ayylmao.local.
69              IN      PTR     salt-ms.ayylmao.local.
32              IN      PTR     util1.ayylmao.local.

5. Creating the Dockerfile.

FROM ubuntu:latest

RUN apt update 
RUN apt install -y \
    bind9 \
    bind9utils

COPY ./named.conf.options /etc/bind/
COPY ./ayy.int.zone /etc/bind/
COPY ./ayy.int.rev /etc/bind/

EXPOSE 53/tcp
EXPOSE 53/udp

CMD [ "service", "bind9", "start" ]

This will create a docker image using the latest Ubuntu container image and then install the bind9 and bind9utils package. Next it will copy the named.conf.options, ayy.int.zone, and ayy.int.rev files into /etc/bind on the container.

6. Build the container image.

docker build -t DNS-pafable-01 .

7. Create the new DNS container.

docker run -d -p 53:53 <container_name/image_ID>

Finally I'm done! Now I don't have to remember a ton of IP addresses in my head (more space for Terraform).