8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | 21c | 23c | Misc | PL/SQL | SQL | RAC | WebLogic | Linux

Home » Articles » Linux » Here

Linux DNS Configuration

This article provides a very brief introduction to Domain Name System (DNS) (BIND) configuration on Linux, with specific reference to the information needed for the RHCE EX300 certification exam.

Remember, the exams are hands-on, so it doesn't matter which method you use to achieve the result, so long as the end product is correct.

Related articles.

Installation

The BIND DNS service is installed from a Yum repository using the following command.

# yum install bind

Depending on your plans for the DNS, you might also find it useful to install the following two packages.

# yum install bind-libs bind-utils

In RHEL5 and Fedora distributions there is a GUI tool called system-config-bind, but this has been removed from RHEL6. In my opinion this is no major loss as I found it more confusing to use than adjusting the configuration files directly.

Turn on the DNS (named) server and make sure it starts automatically on reboot.

# service named start
# chkconfig named on

DNS is configured by altering the contents of the "/etc/named.conf" file and the contents of the "/var/named" directory. Configuration changes have to be followed by a reload or a restart of the DNS service.

# service named restart
# # or
# service named reload
# /etc/init.d/named reload

Firewall

If you are using the Linux firewall, you need to open port 53 specifically. Assuming you are using a firewall setup file, as described here, you can include the following additions to the INPUT chain.

# Open ports for DNS.
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

SELinux

If you are using SELinux, you will need to consider the following points.

The SELinux booleans associated with the DNS service are displayed using the getsebool command.

# getsebool -a | grep named
named_write_master_zones --> off
#

The setsebool command is used to set a specific boolean value.

# setsebool named_write_master_zones on
# setsebool named_write_master_zones off

More information on SELinux can be found here.

Configure a caching-only name server

By default the contents of the "/etc/named.conf" file configure a caching-only name server that is restricted to the local machine. This is indicated by the following entries in the "options" section of the configuration file.

allow-query  { localhost; };
recursion yes;

To extend this amend the "allow-query" entry, adding a ";" separated list of IP addresses or wildcards to signify which machines can query the DNS server. Alternatively, use the "any" value.

# Everything. The default if the allow-query entry is missing.
allow-query  { any; };

# Specific
allow-query  { localhost; 192.168.0.1; 192.168.0.2; };

# Wildcards
allow-query  { localhost; 192.168.0.0/24; };

Remember to reload the configuration before testing the change.

# service named reload

Configure a caching-only name server to forward DNS queries

Adding the "forwarders" parameter to the "options" section of the "/etc/named.conf" file allows the DNS to forward any unresolved names to alternative DNS servers. This is commonly used when a company DNS resolves all internal company names, but forwards external names to the DNS provided by an internet service provider.

allow-query  { any; };
forwarders { 194.168.4.100; 194.168.8.100; };
recursion yes;

If the DNS is only used as a forwarder, the "forward only" setting should be used.

allow-query  { any; };
forward only;
forwarders { 194.168.4.100; 194.168.8.100; };
recursion yes;

Remember to reload the configuration before testing the change.

# service named reload

/etc/resolv.conf

The "/etc/resolv.conf" file tells a Linux machine which DNS server to use when attempting to resolve machine names.

# Generated by NetworkManager
search localdomain
nameserver 192.168.0.4

Multiple entries are allowed if you have multiple DNS servers.

# Generated by NetworkManager
search localdomain
nameserver 192.168.0.4
nameserver 192.168.0.5
nameserver 192.168.0.6

What's next?

The requirements for the RHCE EX300 certification exam are extremely limited, so you've already covered what you need to know.

If you actually want to use BIND for something more interesting than a caching DNS server, you should probably check out this article on DNS Configuration for the SCAN used with Oracle RAC Database 11g Release 2. That introduces the entries necessary to resolve names on your local network.

For more information see:

Hope this helps. Regards Tim...

Back to the Top.