Tips for DNS server setup in Red Hat Enterprise Linux shops

Tip

Tips for DNS server setup in Red Hat Enterprise Linux shops

Names are normally used for accurate communication between hosts. These names are then resolved into IP addresses. In a small network environment, it is feasible to do this on a per-host basis, but on bigger networks, you'll need DNS to take care of this task. Here is an overview of what you need to do for DNS server setup in Red Hat Enterprise Linux.

Understanding the requirements

A

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

domain name system (DNS) can be used either for internal servers or as a service that is offered by the Internet provider. There is nothing wrong with Internet-hosted DNS, especially if the amount of servers that has to be managed by DNS is small. If you have to put a larger amount of servers in DNS, or if you need dynamic DNS that allows client computers to register the IP address they have obtained from the DHCP server with DNS, you'll need your own DNS server setup.

Preparing for DNS setup

Before starting the actual installation, there are a few things to consider. First, you might need to register a DNS domain name. If you want your host names to be resolved by clients anywhere in the world, you need a registered name. If it's for internal use only, you can also use a private name that hasn't been registered. In that case, it still is a good idea not to use a name that is used by anyone else, but to use one that is clearly recognizable as a local-only DNS name, such as example.local.

Even if the domain name you want to use is available only internally, you still can connect the DNS server to the worldwide DNS hierarchy. That means that your internal DNS server can go out and resolve Internet names. By default, a DNS server that isn't capable of resolving a name by itself will contact a name server of the DNS root domain or use a forwarder to get the name-resolving information externally. Following that, the DNS server will cache the information it has found to quickly deliver the required information at a later stage.

Following the decision about the domain name, you need to think about the kind of DNS services you want to offer. In the simplest approach, you can install a cache-only DNS name server. This is a DNS server that doesn't have a database with resource records by itself but will fetch everything from external name servers. The benefit of implementing a cache-only name server is speed; everything that is cached locally doesn't need to be fetched from the Internet.

Alternatively, you can run a master and optionally one or more slave DNS name servers. Every domain needs at least one master name server, which coordinates changes of resource records. For redundancy and availability purposes, a master can be supported by one or more slaves so that in case the master goes down, the slaves are still available to serve resource records from the DNS database.

Next, you need to decide if you want to use dynamic DNS also. In dynamic DNS, the DHCP server synchronizes its information with DNS. By doing this, you can ensure a host that has gotten a new IP address will have its information updated in DNS as well.

The last decision to make is about security. If a master DNS name server updates the database on a slave name server, it is good to be sure that it is indeed the master that is pushing the changes. To guarantee the authenticity of the other host in DNS updates, transaction signature keys can be used. As an administrator, you need to make sure these keys are configured and available on all hosts involved in the DNS communication.

Setting up a cache-only name server

Once you've decided how you want to set up your DNS environment, you can start the installation. On Red Hat, you do this by installing the bind package. From this package you'll get the named server and its configuration file named.conf. Building a cache-only name server based on this configuration is easy and consists of just two tasks:

  • Tell the named process to listen on all network interfaces; and
  • Configure a forwarder.

To add these options, open the named.conf file with your favorite text editor and first find the line that reads listen-on-port 53. The line will show up between braces to define which IP addresses your DNS server will listen to and makes sure it can read the right port. After that, find the line that reads forwarders and use the IP address of the DNS server of your Internet provider -- or any other DNS server you want -- to forward the DNS requests. The listing below shows what the contents of the named.conf should look like. Save the changes and use the command service named restart to restart the DNS server. At this point you have a cache-only DNS server. In a follow-up to this article, you'll learn how to configure your DNS server as a master name server for your domain.

Example: Contents of the /etc/named.conf file

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { any; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

forwarders { 8.8.8.8; };

recursion yes;

dnssec-enable yes;

dnssec-validation no;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

ABOUT THE AUTHOR: Sander van Vugt is an independent trainer and consultant based in the Netherlands. He is an expert in Linux high availability, virtualization and performance, and has completed several projects that implement all three. He is also the writer of various Linux-related books, such as Beginning the Linux Command Line, Beginning Ubuntu Server Administration and Pro Ubuntu Server Administration.

This was first published in October 2012

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.