MD. Nazmul Alam

Deploy simple private DNS for office network

MD. Nazmul Alam's photo
MD. Nazmul Alam
·

2 min read

  1. Install CentOS-7 minimal version.
         CPU: 2
     RAM: 4
     HDD: 20G
  2. Set static IP vi /etc/sysconfig/network-scripts/ifcfg-eth0
         TYPE=Ethernet
     PROXY_METHOD=none
     BROWSER_ONLY=no
     BOOTPROTO=static
     DEFROUTE=yes
     IPV4_FAILURE_FATAL=no
     IPV6INIT=yes
     IPV6_AUTOCONF=yes
     IPV6_DEFROUTE=yes
     IPV6_FAILURE_FATAL=no
     IPV6_ADDR_GEN_MODE=stable-privacy
     NAME=eth0
     UUID=91b90bfb-09b6-4dc4-a3c8-0ffde252796e
     DEVICE=eth0
     ONBOOT=yes
     IPADDR=172.16.7.63
     NETMASK=255.255.252.0
     GATEWAY=172.16.4.1
     DNS1=172.16.7.63
     DNS2=8.8.8.8
  3. Set hostname
         hostnamectl set-hostname ns1.cellosope.com
  4. update and upgrade packages
         yum -y update && yum -y upgrade
  5. Restart the network service.
         systemctl enable network && systemctl restart network

  6. Disable the SELinux for unwanted file security and permission

    vim /etc/selinux/config

         SELINUX=disabled
     SELINUXTYPE=targeted
  7. Reboot the VM
         reboot
  8. Packages install and onboard services
         yum install vim bind bind-utils -y
     systemctl enable named && systemctl restart named
  9. Firewall configuration
         systemctl enable firewalld && systemctl restart firewalld && systemctl status firewalld
     firewall-cmd --list-all
     firewall-cmd --zone=public --add-service=dns --per
     firewall-cmd --per --add-port=53/tcp
     firewall-cmd --per --add-port=53/udp
     firewall-cmd --reload

  10. DNS listen IP and forward, reverse path’s file location

    cp /etc/named.conf /etc/named.conf.bk
vim /etc/named.conf
    options {
    listen-on port 53 { 127.0.0.1;172.16.7.63; };
    allow-query     { localhost;any; };

    # A entry for “uradhura.com” domain #
    zone "uradhura.com" IN {
    type master;
    file "fwd.zone";
    allow-update { none; };
    };

    # A entry for “example.com” domain #
    zone "example.com" IN {
    type master;
    file "fwd.zone";
    allow-update { none; };
    };

    # A entry for “celloscope.com” domain #
    zone "celloscope.com" IN {
    type master;
    file "fwd.zone";
    allow-update { none; };
    };

    # PTR entry for ALL domain #
    zone "7.16.172.in-addr.arpa" IN {
    type master;
    file "rev.zone";
    allow-update { none; };
    };

  11. Forward zone’s entry:

    vim /var/named/fwd.zone

    $TTL 1D
    @       IN SOA  ns1.cellosope.com.    root.cellosope.com. (
    0       ; serial
    1D      ; refresh
    1H      ; retry
    1W      ; expire
    3H )    ; minimum
    @       IN      NS      ns1.cellosope.com.
    @       IN      A       172.16.7.63
    ns1  IN      A       172.16.7.63
    maly    IN      A       172.16.5.96
    test    IN      A       172.16.7.68
    minion  IN      A       172.16.5.7
    replication-server2     IN      A       172.16.6.63
  12. Ownership change on “A” and “PTR” entry file 
        chown root:named fwd.zone
    chown root:named rev.zone
  13. Check syntax error for configuration files
        named-checkconf -z /etc/named.conf
    named-checkzone forward /var/named/fwd.zone
    named-checkzone reverse /var/named/rev.zone
  14. If all files okay then restart the DNS service
        systemctl restart named
  15. For clear PC cache,
        “resolvectl flush-caches”
dnscentos