Installing a Simplistic DNS Server Using BIND

1. Install the required packages (please ignore the warning of a missing named.conf as this one is expected)

• bind, bind-utils, bind-chroot, caching-nameserver

[root@greg ~]# yum -y install bind bind-utils bind-chroot caching-nameserver
... output omitted ...
2. Turn the iptables
[root@greg ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
3. Enforcing the selinux
[root@greg ~]# vim /etc/selinux/config
Make sure the following line appears in your configuration
SELINUX=enforcing
4. Inspect what ports are usually used for domain name servers:
[root@greg ~]# grep domain /etc/services
domain 53/tcp # name-domain server
domain 53/udp
domaintime 9909/tcp # domaintime
domaintime 9909/udp # domaintime
5. Inspect if named affected by libwrapped. The result is supposed to be no result.
[root@greg ~]# ldd $(which named) | grep libwrap
6. Review the configuration at /etc/named.caching-nameserver.conf to see the default access control options. Pay attention to the listen on and allow-query directives. And if you forget a directive such as "allow", please go find in man 5 named.conf.
7. Prepare for a minimal configuration to meet the access requirements. First run the following commands to track the system messages when restarting a service after you change a configuration.
[root@greg ~]# tail -f /var/log/messages
... output omitted ...
[root@greg ~]# tail -f /var/log/audit/audit.log
... output omitted ...
8. Determine what directory is installed as the chroot:
[root@greg ~]# cat /etc/sysconfig/named
Look for the following output for the location of the chroot directory
ROOTDIR=/var/named/chroot
9. Use the named.caching-nameserver.conf as a starting configuration:
[root@greg ~]# cd /var/named/chroot/etc/
[root@greg etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@greg etc]# cp named.caching-nameserver.conf named.conf
10. Test the current configuration, check for the errors in the configuration in /var/log/messages:
[root@greg etc]# service named configtest
zone localdomain/IN: loaded serial 42
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
zone 255.in-addr.arpa/IN: loaded serial 42
zone 0.in-addr.arpa/IN: loaded serial 42
The above output means our initial config is OK.
11. Start the named service and make it automatically start
[root@greg etc]# service named start ; chkconfig named on
Starting named: [FAILED]
If you had the above output as mine, use tail -f /var/log/messages to see the message ERROR. Here is what I got from my screen:
Jul 18 06:50:20 greg named[3874]: loading configuration from '/etc/named.conf'
Jul 18 06:50:20 greg named[3874]: none:0: open: /etc/named.conf: permission denied
Jul 18 06:50:20 greg named[3874]: loading configuration: permission denied
Jul 18 06:50:20 greg named[3874]: exiting (due to fatal error)
19. It means the named service does not have a permission to load the configuration.
[root@greg etc]# ls -l /var/named/chroot/etc/named.conf
-rw-r----- 1 root root 1100 Jul 18 06:46 /var/named/chroot/etc/named.conf
20. Run this command
[root@greg etc]# chgrp named /var/named/chroot/etc/named.conf
[root@greg etc]# ls -l /var/named/chroot/etc/named.conf
-rw-r----- 1 root named 1100 Jul 18 06:46 /var/named/chroot/etc/named.conf
21. There you go the nameserver is running.
[root@greg etc]# service named start ; chkconfig named on
Starting named: [ OK ]
Check the log as well, supposed to be no error.
22. Try to use dig or nslookup for querying site like www.google.com, but remember to edit /etc/resolv.conf so for name server resolution it points to localhost.
[root@greg etc]# nslookup www.google.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 209.85.175.99
Name: www.l.google.com
Address: 209.85.175.104
Name: www.l.google.com
Address: 209.85.175.147