DNS Server Config CentOS 8
1. Configure the firewall
firewall-cmd --permanent --zone=public --add-service=dns
firewall-cmd --reload
2. Domain name: knowhere
3. change to bootproto=static in ifcfg file
3. change hostname
hostnamectl set-hostname srvcent01.knowhere
4. Make sure /etc/resolv.conf contains
search knowhere
nameserver 10.0.0.63
5. add dns=none in /etc/NetworkManager/NetworkManager.conf
6. Configure Single DNS Server (authoritative)
vi /etc/named.conf (chmod 644 named.conf)
#### The text below is the content of named.conf file
listen-on port 53 { localhost; 192.168.56.4; };
#listen-on-v6 port 53 { ::1; };
allow-query { 127.0.0.1; 192.168.56.0/24; };
recursion no;
7.
vi named.rfc1912.zones
#### The text below is the content of named.rfc1912.zones file
zone “knowhere” IN {
type master;
file “forward.zone”;
allow-update { none; };
};
zone “4.56.168.192.in-addr.arpa” IN {
type master;
file “reverse.zone”;
allow-update { none; };
};
The option allow-update refers to DNS dynamic updates, that means an application in a host can add a DNS record; for security reasons this is disabled by default and therefore only the system administrator can add records manually.
8. Add forward and reverse lookup files.?/var/named/forward.zone?and?/var/named/reverse.zone
forward.zone — add?these lines (VERY IMPORTANT: every IN should have one whitespace before it. All other lines should start with NO whitespace. Whitespace has a special meaning in bind zone files.)
$TTL 1D
@ IN SOA srvcent01.knowhere. root.knowhere. (
2019022400 ; serial
3h ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
IN NS srvcent01.knowhere.
srvcent01 IN A 192.168.56.4
reverse.zone — add these lines: (VERY IMPORTANT: every IN should have one whitespace before it. All other lines should start with NO whitespace. Whitespace has a special meaning in bind zone files.)
领英推荐
?$TTL 1D
@ IN SOA srvcent01.knowhere. root.knowhere. (
2019022400 ; serial
3h ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
IN NS srvcent01.knowhere.
4 IN PTR srvcent01.knowhere
Results
If done correctly, the following command looks like this:
[root@srvcent01 named]# named-checkzone knowhere forward.zone
zone knowhere/IN: loaded serial 2019022400
OK
Now, lets take a look at the client side configuration.
CLIENT SIDE CONFIGURATION
The following configuration is done on any server that will use the above server as DNS server to talk to other servers in the environment.
[root@srvcent03 network-scripts]# cat /etc/resolv.conf
# Generated by NetworkManager
search knowhere
nameserver 10.0.2.3
3. add dns=none in networkmanager.conf
[root@srvcent03 network-scripts]# cat /etc/NetworkManager/NetworkManager.conf | tail -3
#level=TRACE
#domains=ALL
dns=none
[root@srvcent03 network-scripts]# hostname
srvcent03.knowhere
[root@srvcent03 network-scripts]#
4. add DNS=192.168.56.4 (DNS Server) in ifcfg file and restart NetworkManager
[root@srvcent03 network-scripts]# cat ifcfg-vbox
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=192.168.56.5
PREFIX=24
GATEWAY=255.255.255.0
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6_DISABLED=yes
IPV6INIT=no
NAME=vbox
UUID=d4664dd4–0e11–477c-bb0b-9d208e64130d
DEVICE=vbox
ONBOOT=yes
DNS=192.168.56.4
[root@srvcent03 network-scripts]# systemctl restart NetworkManager
5. Verify
[root@srvcent03 network-scripts]# nslookup srvcent03
Server: 10.0.2.3
Address: 10.0.2.3#53
Non-authoritative answer:
Name: srvcent03
Address: 192.168.100.8
Name: srvcent03
Address: 192.168.56.5
[root@srvcent03 network-scripts]# nslookup srvcent05
Server: 10.0.2.3
Address: 10.0.2.3#53
Non-authoritative answer:
Name: srvcent05
Address: 192.168.100.9
[root@srvcent03 network-scripts]#
?
?
?
Senior Lead Test Engineer, CEH chez HID Global
1 年Nice
Principal Consultant at Dell Technologies
3 年Nice
Senior Principal Site Reliability/Solutions Architect (IIM-B Tech Edge, isc2 CC, TOGAF, EMCTA, EMCIEe-9x, Azure6x, Aws3x, GCP1x, ACE, MCSE/P, CSFPC, VCP, ITIL_SO)
3 年Keep it up.