DNS Server using BIND on CentOS 6.4
Part I
Essential DNS Functions 1
Chapter 1 DNS
Service
Chapter 2 DNS
Server Software
Chapter 3
Terms (Resource Records)
Chapter 4
Bind Installation and startup
Part II
Essential DNS Functions 2
Chapter 5
Creating zones- Forward & Reverse
Chapter 6
Adding More zone
Chapter 7 DNS
Load Sharing
Chapter 8
Master/Slave name server
Part III
Advanced DNS Functions
Chapter 9
BIND ACL
Chapter 10
Spilt DNS: VIEW
Chapter 11
Dynamic DNS Update (DDNS)
Chapter 12
How to use Client tools - nslookup,
dig, host
Part IV DNS
Security
Chapter 13
TSIG and DNSSEC
Chapter 14
RNDC service
Chapter 15
Some DNS Security Issues
Chapter 16
DNS Cache Poisoning
Part V DNS
Bind GUI Tools
Chapter 1
DNS Service
1.
Domain Name System (DNS)
•
Resolves
hostnames into IP addresses (forward lookup)
Name (Human being friendly) -> IP address (Computer friendly)
•
Resolves IP
addresses into hostnames (reverse lookup)
IP address -> Name
•
Allows machines
to be logically grouped by name domains
•
Provides email
routing information
2. Zones, Domains and Delegation
•
A domain
is a complete sub-tree of the hierarchical namespace
•
A zone
is the part of the domain managed by a particular server
•
Subdomains
may be delegated into additional zones
•
A zone may
directly manage some subdomains
3. Name
Server Types
a.
Master name server (Primary)
Contains the master copy of data for a zone
b.
Slave name server (Secondary)
§ Provides a backup to the master name server
§ All slave servers maintain synchronization
with their master name server
c.
Caching–only Name Server
§ forwards queries and caches results.
§ provides Internet root server 'hints' or
references via named.ca
§ /etc/resolv.conf should include nameserver
127.0.0.1
4. DNS Hierarchy
5. DNS Name Resolution Process
Chapter 3 DNS
Server Terms
Authoritative server
A DNS server that hosts a primary or secondary copy of zone data
Non-authoritative server
do not contain copies of any domains but have a
cache file that is constructed from all the DNS lookups performed in the past
for which it has gotten an authoritative response
FQDN
A DNS name that uniquely identifies a node in a DNS namespace. Fully qualified domain name
A DNS name that uniquely identifies a node in a DNS namespace. Fully qualified domain name
Iterative query
A query made by a client to a DNS server for an
authoritative answer that can be provided by the server without generating
additional server-side queries to other DNS servers
Recursive query
A query made by either a client or a DNS server on
behalf of a client, the response to which can be an authoritative answer or a
referral to another server
CNAME
Canonical Name record is used to create aliases that
point to other names
Address (A) record
associates a domain name with an IP address
Pointer (PTR) record
provides data for reverse DNS, which is used for
logging the domain name and verification purposes
Name Servers (NS)
identifies the authoritative DNS servers for a
domain
Mail Servers (MX):
identifies the server to which e-mail is directed
Text Record (TXT)
can be used for any kind of documentation
First Record (SOA)
the first record in the zone file to contains the
name of the primary DNS server, which must correspond to an NS record in the
file
Serial :
Number to
increment when any resource record in the zone file is updated. A slave
(Secondary) server will read the master DNS SOA record periodically
Refresh :
Indicates the time when the slave will try to refresh
the zone from the master
Retry:
Defines the time between retries if the slave
(secondary) fails to contact the master when refresh (above) has expired
Expire :
Indicates when the zone data is no longer
authoritative. Used by Slave or (Secondary) servers only
Minimum:
redefined this value to be the negative caching time
- the time a NAME ERROR = NXDOMAIN result may be cached by any resolver
TTL (Time to Live) :
defines the duration in seconds that the record may
be cached
Chapter
4 Bind Installation & Startup
1. Package Installation
# rpm –qa | grep bind
• bind-utils-9.8.2-0.17.rc1.el6.i686 - Utilities for querying DNS
• bind-libs-9.8.2-0.17.rc1.el6.i686 - Libraries
• bind-9.8.2-0.17.rc1.el6.i686 - The Berkeley Internet Name Domain (BIND)
• bind-chroot-9.8.2-0.17.rc1.el6.i686 - Chroot runtime environment
• bind-devel-9.8.2-0.17.rc1.el6.i686 - Header files and libraries
# yum install bind-utils bind-libs bind-chroot bind-devel bind -y
2. Service Startup
# service named start
# ps –ef | grep named
# netstat –nat | grep 53
# tail –f /var/log/messages
3. Service Registration
# chkconfig –add named
# chkconfig named on
# chkconfig –list named
