Network Services

My name is DNS & Time Check with NTP, Part 1

Aside from a DHCP Server – Two other important Network Services are DNS and NTP.  In my previous Blog; DHCP to the Rescue, I show how to build and configure one based on Linux CentOS.  Within the configurations, I showed how to add the DNS and NTP servers for the subnet to which an IP address will be assigned to end devices. The problem, now, is when the device get this information from the DHCP Server… Those two entities are not active on the network – bummer.

Well in this Blog posting – we’ll go ahead and configure DNS and NTP on two separate Centos devices [VMs].  I could use a single CentOS VM, which will save time and VM space on my server… but for the sake of recommended best practice – it’s better to keep separate. I mean if I used one VM and that VM gets corrupted, I lost both services, not cool.  And, besides, in production environments, DNS and NTP are separate appliances anyway (in most cases).

If you’re familiar with DNS and NTP – this part may be a bit boring, or a refresher on your perspective.

Let’s start with DNS:
DNS stands for Domain Name System.  It’s a hierarchical naming system for devices (system or services) that are located in or on your network; whether that network be the organization you work for, your home lab, or even on the Internet. Now the DNS Server, well this service/appliance, maps [resolves] the hostname of your device to the appropriate IP address.

For example: if you type in www.ahaliblogger.tech in your browser, this entry reside on a DNS server (on the Internet) by which it’s attached to an IP.  To show this, open a command prompt and type in the following:

1C:\Users\ahaliblogger>ping www.ahaliblogger.tech

What you’ll get back is something similar, if not the same:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
C:\Users\ahaliblogger>ping www.ahaliblogger.tech  


Pinging ahaliblogger.tech [173.201.141.128] with 32 bytes of data: 

Reply from 173.201.141.128: bytes=32 time=69ms TTL=54 

Reply from 173.201.141.128: bytes=32 time=74ms TTL=54 

Reply from 173.201.141.128: bytes=32 time=70ms TTL=54 

Reply from 173.201.141.128: bytes=32 time=69ms TTL=54 
 
Ping statistics for 173.201.141.128: 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 

Approximate round trip times in milli-seconds: 

Minimum = 69ms, Maximum = 74ms, Average = 70ms  

C:\Users\ahaliblogger>

Do you see the IP address?  That’s the IP assigned to this service.  Typically you can go onto a web browser and type the IP address and it will take you the respected website just as you would with the URL – in my case that IP is not static to me, so you won’t be able to get to this blog site using that method 🙁

But what really occurred – is DNS name resolution… (Ah, haa-ahhh)

So the name www.ahaliblogger.tech is a hostname; which is made up of characters separate by periods (.).

For me, ‘.tech’ represents the Top-Level Domain, which is under the control of IANA and lives in what is called the Root Zone Database as explained by IANA.

Now, ‘.ahaliblogger’ is my domain [name] that I purchased (from www.remanserv.com) and it’s called the second-level domain. And the ‘www’ is considered the third level domain or a sub-domain. Take a read from www.domainsherpa.com on ‘Anatomy of a Domain Name and URL’ and Wiki on Domain Name for more information.

So how does DNS really work?
Dyn.com has a great blog on this [How Does DNS Work?] and Tech Republic, too [Understanding how DNS works, part 1]

The gist of it all – is shown in the diagram below. We’ll use www.ahaliblogger.tech as the example and we’ll also assume no caching has taken place either:

Overall a DNS Server, essentially, is a database of hostname to IP address mappings.

If you think about it for a spell – what would you rather remember when visiting a website? An IP address or a familiar name? Ahaliblogger.tech is much cooler than remembering 173.201.141.128!

Ok let go ahead and build out a DNS Server for our network.  We’ll be using a CentOS VM.

Task 1: Download and install CentOS 7
You can find the CentOS image here: https://www.centos.org/download/

Once installed.  It’s best to perform an update and install net-tools

1
2
[root@dns ~]# yum -y update
[root@dns ~]# yum –y install net-tools

Task 2: Install DNS service

Use the following syntax to install the DNS services

1[root@dns ~]# yum -y install bind bind-utils

Task 3: Edit named.conf file

Open editor to the named.conf file

1[root@dns ~]# vi /etc/named.conf

Modify the entries within

1
2
3
4
5
6
7
8
9
10
11
12
#Edit the following:
options {
listen-on port 53 { 127.0.0.1; <dns#1 IP>; <dns#2 IP>;

<dns#n IP>; };

#      listen-on-v6 port 53 { ::1; }; 
allow-query { any; }; 

#At the end of the file, add the following line: 
include "/etc/named/named.conf.local"; 
:wq!

Mine looks like this, where 172.16.5.20 is the IP for my DNS Server

1
2
3
4
5
6
7
8
9
10
options { 

listen-on port 53 { 127.0.0.1; 172.16.5.20; };

#      listen-on-v6 port 53 { ::1; }; 

allow-query  { any; }; 
include "/etc/named/named.conf.local"; 

:wq!

You can modify for trusted clients using the ‘acl’ option.  But for now, we’ll keep it like this. Also, notice the space “ “ at the beginning and at the end on the line for the DNS server entry?  Don’t forget it! And save using ‘:wq!’, just a habit for me…

Task 4: Edit named.conf.local file

Open the editor for named.conf.local file

1[root@dns ~]# vi /etc/named/named.conf.local

Keeping in mind that this file should be empty.  However, the following template is what I use when creating my DNS zones

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#add the following zones substituting the
zone with your own: zone "<yourname.com>" {
type master;
file "/etc/named/zones/db.<yourname.com>"; # zone file path
}; #
#add reverse lookup for zone
zone "1.16.172.in-addr.arpa" {
type master;
file "/etc/named/zones/db.172.16.1"; # 172.16.1.0/24 subnet};
#
#add reverse lookup for zone#
zone "11.172.in-addr.arpa" {
#    type master;
#    file "/etc/named/zones/db.172.11"; # 172.11.0.0/16 subnet#    };

#
#add reverse lookup for zone#
zone "10.in-addr.arpa" {
#    type master;
#    file "/etc/named/zones/db.10"; # 10.0.0.0/8 subnet#   
}; 
:wq!

Be careful on how you input your entries.  You can get crossed eyed on how your reverse entries look. 🙂

Task 5: Create the directory where your zone files will reside

Create a directory named ‘zones’ and applying the appropriate permissions if you’re not using root user

1
2
[root@dns ~]#chmod 755 /etc/named
[root@dns ~]# mkdir /etc/named/zones

Task 6: Edit the forward zone file

Next add/edit the forward zone file (db.yourname.com).  Remember – this file is referenced in Task 5.

1
2
3
[root@dns ~]# cd /etc/named/zones/
[root@dns ~]# touch db.yourname.com
[root@dns ~]# vi db.yourname.com

Edit the SOA entries

1
2
3
4
5
6
7
8
$TTL    604800 
@       IN      SOA     dns.<yourname.com>. admin.<yourname.com>. (
3     ; Serial
604800     ; Refresh
86400     ; Retry
2419200     ; Expire
604800 )   ; Negative Cache TTL

Next – add your nameserver records with the following lines. The second column specifies that these are NS records. Notice the ‘period’ at the end of your NS entry!

1
2
; name servers - NS records
IN      NS      dns.yourname.com.

After you’ll need to add the A records for your hosts that belong to the zone.

1
2
3
4
5
6
7
; name servers - A records
dns.lab.aha.local.            IN    A     172.16.1.16 
; 172.16.1.0/24 - A records
host-01.lab.aha.local.        IN    A     172.16.1.31
host-02.lab.aha.local.        IN    A     172.16.1.32
host-03.lab.aha.local.        IN    A     172.16.1.33

When it’s all said and done – this is what it should look like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
$TTL    604800
@       IN      SOA     dns.lab.aha.local. admin.lab.aha.local. (
3     ; Serial
604800     ; Refresh
86400     ; Retry
2419200     ; Expire
604800 )   ; Negative Cache TTL 
;
; name servers - NS records
IN    NS    dns.lab.aha.local. 
; name servers - A records
dns.lab.aha.local.             IN    A     172.16.1.16 
; 172.16.1.0/24 - A records
host-01.lab.aha.local.         IN    A     172.16.1.31
host-02.lab.aha.local.         IN    A     172.16.1.32
host-03.lab.aha.local.         IN    A     172.16.1.33
ntp.lab.aha.local.             IN    A     172.16.1.15

Task 7: Edit the reverse zone file(s) (db.172.16.1)

Next add/edit the reverse zone file specified in your named.conf.local file:

1
2
3
[root@dns ~]# cd /etc/named/zones/
[root@dns ~]# touch db.172.16.1
[root@dns ~]# vi db.172.16.1

Edit the SOA entries

1
2
3
4
5
6
7
8
$TTL    604800
@       IN      SOA     dns.<yourname.com>. admin.<yourname.com>. (
3     ; Serial
604800     ; Refresh
86400     ; Retry
2419200     ; Expire
604800 )   ; Negative Cache TTL;

Add your nameserver records as you did with the forwarding file:

1
2
; name servers - NS records
IN      NS      dns.yourname.com.

Then add PTR records for all of your servers/applications whose IP addresses are on the subnet of the zone file that you are editing. For me – these are the hosts in my 172.16.1.0/24 subnet. Note that the first column consists of the last two octets of your servers’ IP addresses in reversed order. Be sure to substitute names and private IP addresses to match your servers:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
$TTL    604800
@       IN      SOA     lab.aha.local. admin.<yourname.com>. (
3     ; Serial
604800     ; Refresh
86400     ; Retry
2419200     ; Expire604800 )   ; Negative Cache TTL 
;
; name servers - NS records
IN      NS      dns.lab.aha.local. 
; PTR Records
16.1    IN  PTR   dns.lab.aha.local.     ; 172.16.1.16
15.1    IN  PTR   ntp.lab.aha.local.     ; 172.16.1.15
31.1    IN  PTR   host-01.lab.aha.local. ; 172.16.1.31
32.1    IN  PTR   host-02.lab.aha.local. ; 172.16.1.32
33.1    IN  PTR   host-03.lab.aha.local. ; 172.16.1.33

Task 8: Check for errors:
You may want to check for errors.  To do so input the following:

1[root@dns ~]# named-checkconf

If your named configuration files have no syntax errors, you will return to your shell prompt and see no error messages. If there are problems with your configuration files, review the error message and go back to Task 3 then try named-checkconf again.

Check your forward and reverse zones for errors.  For me it will be:

1

2
[root@dns ~]# named-checkzone lab.aha.local /etc/named/zones/db.lab.aha.local
[root@dns ~]# named-checkzone 1.16.172.in-addr.arpa /etc/named/zones/db.172.16.1

Task 9: Start DNS service and check status:
Use the following to: Start DNS services, check its status, and enable the service when server is rebooted

1
2
3
[root@dns ~]# systemctl start named
[root@dns ~]# systemctl status named
[root@dns ~]# systemctl start named

Alright – now that your DNS server is up.  Try pinging the IP and then the FQDN and see if you get the same resultsOk that enough for DNS, at least for now.  Let’s move on to Part 2 – NTP

Happy Configuring!

Leave a Reply

Your email address will not be published. Required fields are marked *