DNS Server = 192.168.122.30
Host1 Client = 192.168.122.100
- Install bind and bind-utils.
yum install bind bind-utils -y
2. Edit named.conf.
Edit the /etc/named.conf
file.
listen-on
add the IP address of the DNS server.- Comment out
listen-on-v6
line. allow-query
add your network in this section. Mine is 192.168.122.0/24.allow-query-cache
add your network in this section.- Add the zone for the forward lookup.
zone "ayylmao.local" IN {
type master;
file "ayylmao.local.zone;
};
- Add the zone for reverse lookup.
zone "122.168.192.in-addr.arpa" IN {
type master;
file "ayylmao.local.rev;
};

3. Create the forward and reverse lookup files.
touch ayylmao.local.zone ayylmao.local.rev
4. Open and edit the forward lookup file. ayylmao.local.zone
; Authoritative data for ayylmao.local zone
;
$TTL 1D
@ IN SOA ns1.ayylmao.local. root.ns1.ayylmao.local. (
2017031301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
$ORIGIN ayylmao.local.
ayylmao.local. IN NS ns1.ayylmao.local.
ns1.ayylmao.local. IN A 192.168.122.30
host1 IN A 192.168.122.100
; Test entries
test1 IN A 192.168.122.99
t1 IN CNAME test1.
As you can see above I added the NS, A, and CNAME records. Quick review:
NS = Name Server
A = IP Address
CNAME = Canonical name or alias
I listed my DNS server (192.168.122.30), host1 (192.168.122.100), and test entries. The test entries are not actual hosts in my network and will not respond back to ping, but it will allow me to test if my DNS is functioning.
5. Start the named process.
systemctl start named
6. Open port 53.
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
7. Configure the client.
On your client host edit the /etc/resolv.conf
file. Append the following to the resolv.conf file.
nameserver 192.168.122.30
8. Test Your DNS Server
dig util1.ayylmao.local
nslookup util1.ayylmao.local
Cool everything looks to be in order. If you feel comfortable here you can stop and use your newly minted DNS server!
If you like to skate on thin ice come join me below to plunge into containerizing the DNS server.
Containerizing the DNS Server
I commend you for making it this far, now I'll show you how to run your DNS server from a container. (You probably thought I forgot about how I promised to only run new services and apps from a container in previous post)
I'll be using an Ubuntu container, but you may use a CentOS container if you choose to. Make sure you have Docker-CE installed before continuing!
- Download the latest Ubuntu Container Image.
docker pull ubuntu:latest
2. Create the Bind configuration files.
Open an empty file in your text editor and save it with the name. named.conf.options
options {
listen-on port 53 { 127.0.0.1; };
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.1.1.1;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
//listen-on-v6 { any; };
};
zone "ayy.local" IN {
type master;
file "ayy.int.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "ayy.int.rev";
};
3. Create a forward zone file.
Create another new file and name it ayy.int.zone
. Fill it in with the same info from before but change out the domain names.
; Authoritative data for ayy.int zone
;
$TTL 1D
@ IN SOA ns1.ayy.int. root.ns1.ayy.int. (
2017031301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
$ORIGIN ayy.int.
ayy.int. IN NS ns1.ayy.int.
ns1.ayy.int. IN A 192.168.100.90
test1 IN A 192.168.100.99
t1 IN CNAME test1.
test2 IN A 192.168.100.100
t2 IN CNAME test2.
4. Just like the forward zone file, create a reverse zone file.
; Authoritative data for ayylmao.local reverse zone
;
$TTL 1D
@ IN SOA ns1.ayylmao.local. root.ns1.ayylmao.local. (
2017031501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.ayylmao.local.
ayylmao.local. IN NS ns1.ayylmao.local.
28 IN PTR ns1.ayylmao.local.
1 IN PTR borg.ayylmao.local.
209 IN PTR jenky.ayylmao.local.
69 IN PTR salt-ms.ayylmao.local.
32 IN PTR util1.ayylmao.local.
5. Creating the Dockerfile.
FROM ubuntu:latest
RUN apt update
RUN apt install -y \
bind9 \
bind9utils
COPY ./named.conf.options /etc/bind/
COPY ./ayy.int.zone /etc/bind/
COPY ./ayy.int.rev /etc/bind/
EXPOSE 53/tcp
EXPOSE 53/udp
CMD [ "service", "bind9", "start" ]
This will create a docker image using the latest Ubuntu container image and then install the bind9 and bind9utils package. Next it will copy the named.conf.options
, ayy.int.zone
, and ayy.int.rev
files into /etc/bind on the container.
6. Build the container image.
docker build -t DNS-pafable-01 .
7. Create the new DNS container.
docker run -d -p 53:53 <container_name/image_ID>
Finally I'm done! Now I don't have to remember a ton of IP addresses in my head (more space for Terraform).