Aside from a DHCP Server – Two other important Network Services are DNS and NTP. In my previous Blog; DHCP to the Rescue, I show how to build and configure one based on Linux CentOS. Within the configurations, I showed how to add the DNS and NTP servers for the subnet to which an IP address will be assigned to end devices. The problem, now, is when the device get this information from the DHCP Server… Those two entities are not active on the network – bummer.
Well in this Blog posting – we’ll go ahead and configure DNS and NTP on two separate Centos devices [VMs]. I could use a single CentOS VM, which will save time and VM space on my server… but for the sake of recommended best practice – it’s better to keep separate. I mean if I used one VM and that VM gets corrupted, I lost both services, not cool. And, besides, in production environments, DNS and NTP are separate appliances anyway (in most cases).
If you’re familiar with DNS and NTP – this part may be a bit boring, or a refresher on your perspective.
Let’s start with DNS:
DNS stands for Domain Name System. It’s a hierarchical naming system for devices (system or services) that are located in or on your network; whether that network be the organization you work for, your home lab, or even on the Internet. Now the DNS Server, well this service/appliance, maps [resolves] the hostname of your device to the appropriate IP address.
For example: if you type in www.ahaliblogger.tech in your browser, this entry reside on a DNS server (on the Internet) by which it’s attached to an IP. To show this, open a command prompt and type in the following:
| 1 | C:\Users\ahaliblogger>ping www.ahaliblogger.tech |
What you’ll get back is something similar, if not the same:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | C:\Users\ahaliblogger>ping www.ahaliblogger.tech Pinging ahaliblogger.tech [173.201.141.128] with 32 bytes of data: Reply from 173.201.141.128: bytes=32 time=69ms TTL=54 Reply from 173.201.141.128: bytes=32 time=74ms TTL=54 Reply from 173.201.141.128: bytes=32 time=70ms TTL=54 Reply from 173.201.141.128: bytes=32 time=69ms TTL=54 Ping statistics for 173.201.141.128: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 69ms, Maximum = 74ms, Average = 70ms C:\Users\ahaliblogger> |
Do you see the IP address? That’s the IP assigned to this service. Typically you can go onto a web browser and type the IP address and it will take you the respected website just as you would with the URL – in my case that IP is not static to me, so you won’t be able to get to this blog site using that method 🙁
But what really occurred – is DNS name resolution… (Ah, haa-ahhh)
So the name www.ahaliblogger.tech is a hostname; which is made up of characters separate by periods (.).
For me, ‘.tech’ represents the Top-Level Domain, which is under the control of IANA and lives in what is called the Root Zone Database as explained by IANA.
Now, ‘.ahaliblogger’ is my domain [name] that I purchased (from www.remanserv.com) and it’s called the second-level domain. And the ‘www’ is considered the third level domain or a sub-domain. Take a read from www.domainsherpa.com on ‘Anatomy of a Domain Name and URL’ and Wiki on Domain Name for more information.
So how does DNS really work?
Dyn.com has a great blog on this [How Does DNS Work?] and Tech Republic, too [Understanding how DNS works, part 1]
The gist of it all – is shown in the diagram below. We’ll use www.ahaliblogger.tech as the example and we’ll also assume no caching has taken place either:
Overall a DNS Server, essentially, is a database of hostname to IP address mappings.
If you think about it for a spell – what would you rather remember when visiting a website? An IP address or a familiar name? Ahaliblogger.tech is much cooler than remembering 173.201.141.128!
Ok let go ahead and build out a DNS Server for our network. We’ll be using a CentOS VM.
Task 1: Download and install CentOS 7
You can find the CentOS image here: https://www.centos.org/download/
Once installed. It’s best to perform an update and install net-tools
| 1 2 | [root@dns ~]# yum -y update[root@dns ~]# yum –y install net-tools |
Task 2: Install DNS service
Use the following syntax to install the DNS services
| 1 | [root@dns ~]# yum -y install bind bind-utils |
Task 3: Edit named.conf file
Open editor to the named.conf file
| 1 | [root@dns ~]# vi /etc/named.conf |
Modify the entries within
| 1 2 3 4 5 6 7 8 9 10 11 12 | #Edit the following:options {listen-on port 53 { 127.0.0.1; <dns#1 IP>; <dns#2 IP>; <dns#n IP>; };# listen-on-v6 port 53 { ::1; }; allow-query { any; }; #At the end of the file, add the following line: include "/etc/named/named.conf.local"; :wq! |
Mine looks like this, where 172.16.5.20 is the IP for my DNS Server
| 1 2 3 4 5 6 7 8 9 10 | options { listen-on port 53 { 127.0.0.1; 172.16.5.20; };# listen-on-v6 port 53 { ::1; }; allow-query { any; }; include "/etc/named/named.conf.local"; :wq! |
You can modify for trusted clients using the ‘acl’ option. But for now, we’ll keep it like this. Also, notice the space “ “ at the beginning and at the end on the line for the DNS server entry? Don’t forget it! And save using ‘:wq!’, just a habit for me…
Task 4: Edit named.conf.local file
Open the editor for named.conf.local file
| 1 | [root@dns ~]# vi /etc/named/named.conf.local |
Keeping in mind that this file should be empty. However, the following template is what I use when creating my DNS zones
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | #add the following zones substituting the zone with your own: zone "<yourname.com>" {type master;file "/etc/named/zones/db.<yourname.com>"; # zone file path}; ##add reverse lookup for zonezone "1.16.172.in-addr.arpa" {type master;f ile "/etc/named/zones/db.172.16.1"; # 172.16.1.0/24 subnet};##add reverse lookup for zone#zone "11.172.in-addr.arpa" {# type master;# file "/etc/named/zones/db.172.11"; # 172.11.0.0/16 subnet# };##add reverse lookup for zone#zone "10.in-addr.arpa" {# type master;# file "/etc/named/zones/db.10"; # 10.0.0.0/8 subnet# }; :wq! |
Be careful on how you input your entries. You can get crossed eyed on how your reverse entries look. 🙂
Task 5: Create the directory where your zone files will reside
Create a directory named ‘zones’ and applying the appropriate permissions if you’re not using root user
| 1 2 | [root@dns ~]#chmod 755 /etc/named[root@dns ~]# mkdir /etc/named/zones |
Task 6: Edit the forward zone file
Next add/edit the forward zone file (db.yourname.com). Remember – this file is referenced in Task 5.
| 1 2 3 | [root@dns ~]# cd /etc/named/zones/[root@dns ~]# touch db.yourname.com[root@dns ~]# vi db.yourname.com |
Edit the SOA entries
| 1 2 3 4 5 6 7 8 | $TTL 604800 @ IN SOA dns.<yourname.com>. admin.<yourname.com>. (3 ; Serial604800 ; Refresh86400 ; Retry2419200 ; Expire604800 ) ; Negative Cache TTL |
Next – add your nameserver records with the following lines. The second column specifies that these are NS records. Notice the ‘period’ at the end of your NS entry!
| 1 2 | ; name servers - NS recordsIN NS dns.yourname.com. |
After you’ll need to add the A records for your hosts that belong to the zone.
| 1 2 3 4 5 6 7 | ; name servers - A recordsdns.lab.aha.local. IN A 172.16.1.16 ; 172.16.1.0/24 - A recordshost-01.lab.aha.local. IN A 172.16.1.31host-02.lab.aha.local. IN A 172.16.1.32host-03.lab.aha.local. IN A 172.16.1.33 |
When it’s all said and done – this is what it should look like:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | $TTL 604800@ IN SOA dns.lab.aha.local. admin.lab.aha.local. (3 ; Serial604800 ; Refresh86400 ; Retry2419200 ; Expire604800 ) ; Negative Cache TTL ;; name servers - NS recordsIN NS dns.lab.aha.local. ; name servers - A recordsdns.lab.aha.local. IN A 172.16.1.16 ; 172.16.1.0/24 - A recordshost-01.lab.aha.local. IN A 172.16.1.31host-02.lab.aha.local. IN A 172.16.1.32host-03.lab.aha.local. IN A 172.16.1.33ntp.lab.aha.local. IN A 172.16.1.15 |
Task 7: Edit the reverse zone file(s) (db.172.16.1)
Next add/edit the reverse zone file specified in your named.conf.local file:
| 1 2 3 | [root@dns ~]# cd /etc/named/zones/[root@dns ~]# touch db.172.16.1[root@dns ~]# vi db.172.16.1 |
Edit the SOA entries
| 1 2 3 4 5 6 7 8 | $TTL 604800@ IN SOA dns.<yourname.com>. admin.<yourname.com>. (3 ; Serial604800 ; Refresh86400 ; Retry2419200 ; Expire604800 ) ; Negative Cache TTL; |
Add your nameserver records as you did with the forwarding file:
| 1 2 | ; name servers - NS recordsIN NS dns.yourname.com. |
Then add PTR records for all of your servers/applications whose IP addresses are on the subnet of the zone file that you are editing. For me – these are the hosts in my 172.16.1.0/24 subnet. Note that the first column consists of the last two octets of your servers’ IP addresses in reversed order. Be sure to substitute names and private IP addresses to match your servers:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | $TTL 604800@ IN SOA lab.aha.local. admin.<yourname.com>. (3 ; Serial604800 ; Refresh86400 ; Retry2419200 ; Expire604800 ) ; Negative Cache TTL ;; name servers - NS recordsIN NS dns.lab.aha.local. ; PTR Records16.1 IN PTR dns.lab.aha.local. ; 172.16.1.1615.1 IN PTR ntp.lab.aha.local. ; 172.16.1.1531.1 IN PTR host-01.lab.aha.local. ; 172.16.1.3132.1 IN PTR host-02.lab.aha.local. ; 172.16.1.3233.1 IN PTR host-03.lab.aha.local. ; 172.16.1.33 |
Task 8: Check for errors:
You may want to check for errors. To do so input the following:
| 1 | [root@dns ~]# named-checkconf |
If your named configuration files have no syntax errors, you will return to your shell prompt and see no error messages. If there are problems with your configuration files, review the error message and go back to Task 3 then try named-checkconf again.
Check your forward and reverse zones for errors. For me it will be:
| 1 2 | [root@dns ~]# named-checkzone lab.aha.local /etc/named/zones/db.lab.aha.local[root@dns ~]# named-checkzone 1.16.172.in-addr.arpa /etc/named/zones/db.172.16.1 |
Task 9: Start DNS service and check status:
Use the following to: Start DNS services, check its status, and enable the service when server is rebooted
| 1 2 3 | [root@dns ~]# systemctl start named[root@dns ~]# systemctl status named[root@dns ~]# systemctl start named |
Alright – now that your DNS server is up. Try pinging the IP and then the FQDN and see if you get the same resultsOk that enough for DNS, at least for now. Let’s move on to Part 2 – NTP
Happy Configuring!
