Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Creating Name Servers

In this learning activity, you are tasked with setting up two DNS hosts, a master and a slave, as well as configuring a client. ***NOTE:*** This is not a secure implementation and should not be implemented in a production environment. The lab now uses ens5 instead of eth0.

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Advanced
Duration
Clock icon 2h 0m
Published
Clock icon Nov 14, 2018

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Install BIND on the Primary DNS Host

    You will need to install BIND prior to configuring it:

    # yum install bind bind-utils

    You should then enable the service, but not start it until configuration is complete:

    # systemctl enable named

  2. Challenge

    Configure BIND on the Primary DNS Host

    You will need to edit the primary configuration file: /etc/named.conf

    You can find sample configurations under: /usr/share/doc/bind-$VERSION

    Add the local IP to the listen-on line:

    listen-on port 53 { 127.0.0.1; 10.0.1.10;};

    Limit queries to localhost and Secondary DNS host, and permit transfers to the Secondary DNS host:

    allow-query     { localhost; 10.0.1.11; };
allow-transfer  { localhost; 10.0.1.11; };

    Disable recursion:

    recursion no;

    Add forward and reverse zones above the includes at the bottom:

    zone "example.com" IN {
type master;
file "forward.example.com";
allow-update { none; };
};
zone "1.0.10.in-addr.arpa" IN {
type master;
file "reverse.example.com";
allow-update { none; };
};

  3. Challenge

    Create Zone Files on the Primary DNS Host

    Sample config files may be found in /usr/share/doc/bind-$VERSION

    The files should be located in /var/named/ and must match the files referenced in /etc/named.conf: forward.example.com, and reverse.example.com.

    Use the following if you don't want to construct the files from scratch:

    forward.example.com:

    $TTL 86400
@   IN  SOA     ns1.example.com. server1.example.com. (
        2018091201  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@           IN  NS  ns1.example.com.
@           IN  NS  ns2.example.com.
server1     IN  A   10.0.1.10
ns1         IN  A   10.0.1.10
server2     IN  A   10.0.1.11
ns2         IN  A   10.0.1.11
client1     IN  A   10.0.1.12

    reverse.example.com:

    $TTL 86400
@   IN  SOA     ns1.example.com. server1.example.com. (
        2018091201  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@           IN  NS  ns1.example.com.
@           IN  NS  ns2.example.com.
server1     IN  A   10.0.1.10
ns1         IN  A   10.0.1.10
server2     IN  A   10.0.1.11
ns2         IN  A   10.0.1.11
client1     IN  A   10.0.1.12
10          IN PTR server1.example.com.
10          IN PTR ns1.example.com.
11          IN PTR server2.example.com.
11          IN PTR ns2.example.com.
12          IN PTR client1.example.com.

  4. Challenge

    Verify the Configuration of the Primary DNS Host (10.0.1.10)

    You should verify the syntax of the files prior to starting the service:

    # named-checkconf /etc/named.conf

    # named-checkzone example.com /var/named/FORWARD ZONE FILE

    # named-checkzone example.com /var/named/REVERSE ZONE FILE

  5. Challenge

    Start BIND on the Primary Host

    # systemctl start named

    Be sure to watch for any errors. You can look in /var/log/messages for more details. If your configuration is sane, BIND should be running, and can be verified with:

    # dig @localhost server1.example.com

    Modify the firewall to the Secondary DNS Host:

    # firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.11" destination address=10.0.1.10 port port=53 protocol=tcp accept'

    # firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.11" destination address=10.0.1.10 port port=53 protocol=udp accept'

    # firewall-cmd --reload

  6. Challenge

    Configure the Secondary Host

    On Server2, install BIND and enable it:

    # yum install bind bind-utils

    # systemctl enable named

    Edit /etc/named.conf like on Server1:

    Add the local IP to the listen-on line:

    listen-on port 53 { 127.0.0.1; 10.0.1.11;};

    Limit queries to the local subnet:

    allow-query     { localhost; 10.0.1.0/24; };

    Disable recursion:

    recursion no;

    Add forward and reverse (slave) zones above the includes at the bottom:

    zone "example.com" IN {
type slave;
file "/slaves/example.com.fwd";
masters { 10.0.1.10; };
};
zone "1.0.10.in-addr.arpa" IN {
type slave;
file "/slaves/example.com.rev";
masters { 10.0.1.10; };
};

  7. Challenge

    Start BIND on the Secondary Host

    Verify the configuration:

    # named-checkconf /etc/named.conf

    And start BIND:

    # systemctl start named

    Be sure to watch for any errors. You can look in /var/log/messages for more details. If your configuration is sane, BIND should be running and can be verified with:

    # dig @localhost server1.example.com

    Enable DNS traffic through the firewall

    # firewall-cmd --permanent --add-service=dns && firewall-cmd --reload

  8. Challenge

    Configure the Client to Use the Secondary DNS Host (10.0.1.11) for DNS

    Install NetworkManager and start the service:

    # yum install NetworkManager

    # systemctl enable NetworkManager && systemctl start NetworkManager

    Configure the interface to be static, then assign the secondary host IP as the DNS, and the DNS search to be example.com:

    # nmcli con mod System\ ens5 ipv4.method manual ipv4.addresses 10.0.1.12/24 ipv4.gateway 10.0.1.1 ipv4.dns 10.0.1.11 ipv4.dns-search example.com

    Remove the ec2.internal search domain from /etc/resolv.conf:

    # sed -i '/ec2.internal/d' /etc/resolv.conf

    Restart networking to pickup the configuration change:

    # systemctl restart network

    Verify that it works with dig:

    # dig server1.example.com

A Cloud Guru - Labs - Creating Name Servers
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans