Knowledgebase

Configure your DNS Server (CentOS/Fedora) Print

  • 1

If the DNS daemon is not installed on your server, installing it is very simple. Using the built in package manager "YUM" (YellowDog Updater Modified) you can install the DNS daemon with "yum install bind". The resulting screen will appear something like the below image, type "y" to continue the installation.


Configuration Files

There are very few files for the BIND daemon configuration that the user will need to modify. First is the main configuration file which is referred to as named.conf and is found in the /etc directory. The other file you will need to address is the zone file for your specific domain. These files are normally located in /var/named and have filenames like domain.com.hosts.

Let's start with the named.conf file. Using your favorite editor (if you do not have one I recommend nano as a simple text editor) open the file for editing. An example of this command using nano would be "nano /etc/named.conf". This file can contain hundreds of options and settings, but we're only going to concern ourselves with a select few for this configuration.

For security we will disable recursion. This is important due to spoofed DNS queries to DNS servers which allow recursion used to attack/overload a remote DNS host. So find the line that contains "recursion" and change the "yes" to "no". This line will be in the options section, but if you cannot locate the line, use the "CTRL+W" key command to locate where the line is.

In this same section we also want to change the "listen-on" line. By default the server only listens on its local loopback port. The IP address "127.0.0.1" for IPv4 and "::1" for IPv6 is already entered into this line, remove these loopback addresses and enter your IP address or "0.0.0.0" for IPv4 and "::" for IPv6. These changes will allow your publically accessible IP addresses to respond to DNS queries. The last line in this section that must be changed is the "allow-query" line. The default setting is to not allow other hosts to query your DNS server. Change the word "localhost" in this line to "0.0.0.0" to allow anyone to query your server for the DNS information regarding the domains you host on the server.

You're not finished with this file yet. You need to add an entry to tell the DNS server to load the zone file for the domain you want to host. Use the down arrow to move to the last line of the file and hit enter once or twice.

You are going to enter these lines, replacing "yourdomain.tld" with your domain name. For example replace "yourdomain.tld" with "serverpronto.com". Do not put a www or mail or any other text in front of the domain name, those are hostnames or subdomains are not configured in this file.

zone "yourdomain.tld" {
type master;
file "/var/named/yourdomain.tld.db";
notify yes;
allow-transfer { Slave-DNS-Server; };
};

The line that begins with "notify" and the line that follows only apply if you are using a slave DNS server and should be omitted if you are hosting your DNS on a single server. However, I must mention that a single server DNS configuration is not recommended.

Save this file with "CTRL+O" and exit the file with CTRL+X".

Create DNS Zone File for Your Domain

Now you need to create the file that the configuration in /etc/named.conf pointed to. This file also has a very specific structure and syntax. The file you want to create will be in the /var/named directory. To create the file and edit it all at once type "/var/named/yourdomain.tld.db" replacing the "yourdomain.tld" as you did when entering the data in the named.conf file.

After you open the new file it will be empty. The contents of the file will be grouped by purpose, the first section is information for the DNS server to manage the DNS zone's status, configuration and updates.

$TTL 86400 ; Time To Live before remote DNS server removes stale records from cache
@ IN SOA ns1.yourdomain.tld. useremail.yourdomain.tld. ( ; Responsible name server and responsible email address without the "@" symbol.

1123161063 ; serial number
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)

The above text is the first section of the file. The text in red can be left out or copied into the file, that text is descriptive as to what the items is. Some further explanation is:

TTL - This is the time a remote DNS server will hold a record in its cache before refreshing the cache for a new record when requested again. Shorten this number to make frequent changes or a week before a major change to propagate changes quickly. Increase this number to reduce overall load on the server and allow remote DNS servers to provide data from cache and not query the server as frequently.

SOA - "Start of Authority" record. This is a specific record type used to provide responsible server and persons data.

Serial Number - This number tacks zone file versions among multiple primary/secondary DNS servers.

The remaining numbers tell the DNS servers when to refresh or expire records, and can safely be left at the default setting.

The next records that must be added to the zone file are the NS records to provide the name server data to querying clients. The NS records will look like this:

IN NS ns1.yourdomain.tld.
IN NS ns2.yourdomain.tld.

Please make note of the "." (dot) behind records that contain hostnames. This is an important item throughout the files. These nameserver (NS) records generally match the nameserver records you create with your registrar and must contain valid hostnames that are valid "A" records within the domain they refer to. Additionally these nameservers referred to in these lines must host your domain.

The next record you should insert into the file is the MX record which identifies the Mail Exchanger (MX) host for your domain. This record should appear like this:

IN MX 10 mail.yourdomain.tld.

The hostname you use for this record must be a valid "A" record or "CNAME" record in the domain and should respond to email transfers for your domain.

Now we begin the main record portion of the file. The records you will now enter refer to hosts within the domain. Here is an example of some of the records you may enter:

IN A 127.0.0.1
mail IN A 127.0.0.1
www IN CNAME yourdomain.tld.
ns1 IN A 127.0.0.1
ns2 IN A 127.0.0.2

After you look over these lines I want to point out a few items.

  • The "A" records for the "NS" records above are created here.
  • The "A" record for the "MX" record above is created here.
  • The "A" record for requests which contain no hostname is the first in the list.
  • The other "A" records are miscellaneous records for hostname that are common.

Once the records are entered, save this file with "CTRL+O" and exit the file with CTRL+X".

Applying The New Configuration

Now that all of the data is entered for your domain simply applying these changes should activate the DNS zone on your server. To apply the changes restarting the DNS daemon is required. Use this command to restart the daemon:

"service named restart"

The textual output on the server should indicate success or failure. If success is indicated there is only one last item to check and that is the firewall rules to ensure the client queries will be allowed. Use this command to query the firewall rules for UDP port 53 access:

"iptables -vnL | grep 53"

The server should respond with a line similar to this:

" 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53"

If this response is not received please review our IPtables instructions to make changes to allow the queries.




Was this answer helpful?
Back