Domain Name System

1 AIM

Setting a Domain Name System (DNS)

DNS Server: cyber8, a ThinkPad X230 set up with CentOS 8.1
DNS software: BIND9 (Berkeley Internet Name Domain)
Forward and Reverse DNS resolution of
- cyber8
- cyber7: another ThinkPad X230, set up with CentOS 7.8

Both Internet Protocol versions 4 and 6 supported

2 LAN Setup

All hosts connected to ISP-provided Modem/Router

DHCP-configured LAN 192.168.0.0
Router IPv4 address: 192.168.0.1
cyber7 IP addresses (fixed by the Modem/Router)
- IPv4: 192.168.0.210
- IPv6: 2001:8003:22bc:1700:7787:2b17:cc6f:5b46
cyber8 IP addresses (fixed by the Modem/Router)
- IPv4: 192.168.0.53
- IPv6: 2001:8003:22bc:1700:66be:1375:b866:a57b

Host fully qualified names (set by command hostnamectl set-hostname ...)

cyber7.rshome.lan
cyber8.rshome.lan

3 cyber8 Server Setup

3.1 RPMs

dnf install bind bind-utils

3.2 /etc/named.conf

Modify /etc/named.conf as follows

1. Change the option section as follows

1. Listen on all interfaces by commentting out the following lines

//RS	listen-on port 53 { 127.0.0.1; };
//RS	listen-on-v6 port 53 { ::1; };

2. Allow requests from any hosts on the LAN

//RS	allow-query     { localhost; };
allow-query     { any; };

3. Forward requests that couldn't be resolved to the ISP-provided Modem/Router by adding the following instruction

forwarders { 192.168.0.1; };

2. Add the following instructions at the end of the named.conf file

include "/etc/named/rshome.lan.zones";

Create the file /etc/named/rshome.lan.zones (forward/reverse DNS)

zone "rshome.lan" IN {
	type master;
	file "named.rshome.lan";
};

zone "0.168.192.in-addr.arpa" IN {
	type master;
	file "named.0.168.192.in-addr.arpa";
};

zone "0.0.7.1.c.b.2.2.3.0.0.8.1.0.0.2.ip6.arpa" IN {
	type master;
	file "named.1700_22bc_8003_2001.ip6.arpa";
};

rshome.lan will be the domain name

3.3 DNS Zone Files

3.3.1 /var/named/named.rshome.lan

Create the forward DNS zone file /var/named/named.rshome.lan for both IPv4 and IPv6 as follows

$TTL 1d
$ORIGIN rshome.lan.
@    IN   SOA  cyber8   root (
	2020061301	; Serial
	1h	; Refresh
	15m	; Retry
	3w	; Expire
	2h	; Minimum TTL
)
	IN	NS	cyber8
cyber8	IN	A	192.168.0.53
cyber8	IN	AAAA	2001:8003:22bc:1700:66be:1375:b866:a57b
cyber7	IN	A	192.168.0.210
cyber7	IN	AAAA	2001:8003:22bc:1700:7787:2b17:cc6f:5b46

3.3.2 /var/named/named.0.168.192.in-addr.arpa

Create the reverse IPv4 DNS zone file /var/named/named.0.168.192.in-addr.arpa as follows

$TTL 1d
$ORIGIN 0.168.192.in-addr.arpa.
@    IN   SOA  cyber8.rshome.lan   root (
	2020061301	; Serial
	1h	; Refresh
	15m	; Retry
	3w	; Expire
	2h	; Minimum TTL
)
	IN	NS	cyber8.rshome.lan.
cyber8.rshome.lan	IN	A	192.168.0.53
53	IN	PTR	cyber8.rshome.lan.
210	IN	PTR	cyber7.rshome.lan.

3.3.3 /var/named/named.1700_22bc_8003_2001.ip6.arpa

Create the reverse IPv6 DNS zone file /var/named/named.1700_22bc_8003_2001.ip6.arpa as follows

$TTL 1d
$ORIGIN 0.0.7.1.c.b.2.2.3.0.0.8.1.0.0.2.ip6.arpa.
@    IN   SOA  cyber8.rshome.lan   root (
	2020061301	; Serial
	1h	; Refresh
	15m	; Retry
	3w	; Expire
	2h	; Minimum TTL
)
	IN	NS	cyber8.rshome.lan.
cyber8.rshome.lan	IN	AAAA	2001:8003:22bc:1700:66be:1375:b866:a57b
b.7.5.a.6.6.8.b.5.7.3.1.e.b.6.6	IN	PTR	cyber8.rshome.lan.
6.4.b.5.f.6.c.c.7.1.b.2.7.8.7.7	IN	PTR	cyber7.rshome.lan.

3.3.4 Zone File Explanation

$TTL sets the default Time to Live (TTL) value for the zone. This is the number, in seconds, given to nameservers that tells how long the zone's resource records should continue to be valid. A resource record can contains its own TTL value, which would override this directive.
$ORIGIN sets the domain name to be appended to any unqualified records, such as those that only specify the host and nothing more.
At this point, any names that are used in resource records and do not end in a trailing dot (.) will have this domain name added to them.

@	IN	SOA	<primary-name-server>	<hostmaster-email> (
			<serial-number>
			<time-to-refresh>
			<time-to-retry>
			<time-to-expire>
			<minimum-TTL> )

The @ symbol places the $ORIGIN directive (or the zone's name, if the $ORIGIN directive is not set) as the namespace being defined by this SOA resource record. The primary nameserver that is authoritative for this domain is used for the <primary-name-server>, and the email of the person to contact about this namespace is substituted for the <hostmaster-email>.
The <serial-number> is incremented every time you change the zone file so that named will know that it should reload this zone.
The <time-to-refresh> tells any slave servers how long to wait before asking the master nameserver if any changes have been made to the zone. The <serial-number> value is used by the slave to determine if it is using outdated zone data and should refresh it.
The <time-to-retry> tells the slave nameserver the interval to wait before issuing another refresh request, if the master nameserver is not answering. If the master has not replied to a refresh request before the <time-to-expire> elapses, the slave stops responding as an authority for requests concerning that namespace.
The <minimum-TTL> requests that other nameservers cache the zone's information for at least this amount of time (in seconds).
A (resp. AAAA) Address record, which specifies an IPv4 (resp. IPv6) address to assign to a name
- <host> IN A <IP-address>
- If the <host> value is omitted, then an A record points to a default IP address for the top of the namespace. This system will be the target of all non-FQDN requests (Fully Qualified Domain Name).

3.3.5 Syntax Check

named-checkconf /etc/named.conf
named-checkzone rshome.lan /var/named/named.rshome.lan
named-checkzone 0.168.192.in-addr.arpa /var/named/named.0.168.192.in-addr.arpa
named-checkzone 0.0.7.1.c.b.2.2.3.0.0.8.1.0.0.2.ip6.arpa /var/named/named.1700_22bc_8003_2001.ip6.arpa

3.4 /etc/resolv.conf

/etc/resolv.conf is auto generated by Red Hat NetworkManager. Any manual changes in there will be lost when the system is rebooted.

To be permanent, changes need to be done in the relevant /etc/sysconfig/network-scripts, which is ifcfg-enp0s25.

For doing so, launch nm-connection-editor (or nmtui) and set the enp0s25 as follows

Tab IPv4 Settings
- Method: Automatic (DHCP) addresses only
- DNS servers: 192.168.0.53, 192.168.0.1 (cyber8 must appear before Modem/Router in /etc/resolv.conf)
- Search domains: rshome.lan, modem (the domain name modem is set by the Modem/Router)
Tab IPv6 Settings
- Method: Automatic, addresses only
- DNS servers: 2001:8003:22bc:1700:66be:1375:b866:a57b (cyber8)
- Search domains: rshome.lan, modem

3.5 DNS Activation

firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
ifdown enp0s25 ; ifup enp0s25 # regenerate /etc/resolv.conf
systemctl [re]start named
systemctl enable named # make it start automatically at boot time

Check it works

Forward DNS
- dig +short cyber7.rshome.lan
- dig +short cyber8.rshome.lan
- ping -4 cyber7.rshome.lan
- ping -6 cyber7.rshome.lan
Reverse DNS
- host 192.168.0.210
- host 192.168.0.53
- host 2001:8003:22bc:1700:7787:2b17:cc6f:5b46
- host 2001:8003:22bc:1700:66be:1375:b866:a57b

4 cyber7 Client Setup

4.1 /etc/resolv.conf