[root@primary-dns ~]# yum -y install bind bind-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.cs.nctu.edu.tw
* extras: centos.cs.nctu.edu.tw
* updates: centos.cs.nctu.edu.tw
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-18.el7_1.3 will be installed
--> Processing Dependency: bind-libs = 32:9.9.4-18.el7_1.3 for package: 32:bind-9.9.4-18.el7_1.3.x86_64
--> Processing Dependency: liblwres.so.90()(64bit) for package: 32:bind-9.9.4-18.el7_1.3.x86_64
--> Processing Dependency: libisccfg.so.90()(64bit) for package: 32:bind-9.9.4-18.el7_1.3.x86_64
--> Processing Dependency: libisccc.so.90()(64bit) for package: 32:bind-9.9.4-18.el7_1.3.x86_64
--> Processing Dependency: libisc.so.95()(64bit) for package: 32:bind-9.9.4-18.el7_1.3.x86_64
--> Processing Dependency: libdns.so.100()(64bit) for package: 32:bind-9.9.4-18.el7_1.3.x86_64
--> Processing Dependency: libbind9.so.90()(64bit) for package: 32:bind-9.9.4-18.el7_1.3.x86_64
---> Package bind-utils.x86_64 32:9.9.4-18.el7_1.3 will be installed
--> Running transaction check
---> Package bind-libs.x86_64 32:9.9.4-18.el7_1.3 will be installed
--> Processing Dependency: bind-license = 32:9.9.4-18.el7_1.3 for package: 32:bind-libs-9.9.4-18.el7_1.3.x86_64
--> Running transaction check
---> Package bind-license.noarch 32:9.9.4-18.el7 will be updated
--> Processing Dependency: bind-license = 32:9.9.4-18.el7 for package: 32:bind-libs-lite-9.9.4-18.el7.x86_64
---> Package bind-license.noarch 32:9.9.4-18.el7_1.3 will be an update
--> Running transaction check
---> Package bind-libs-lite.x86_64 32:9.9.4-18.el7 will be updated
---> Package bind-libs-lite.x86_64 32:9.9.4-18.el7_1.3 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
bind x86_64 32:9.9.4-18.el7_1.3 updates 1.8 M
bind-utils x86_64 32:9.9.4-18.el7_1.3 updates 199 k
Installing for dependencies:
bind-libs x86_64 32:9.9.4-18.el7_1.3 updates 1.0 M
Updating for dependencies:
bind-libs-lite x86_64 32:9.9.4-18.el7_1.3 updates 712 k
bind-license noarch 32:9.9.4-18.el7_1.3 updates 80 k
Transaction Summary
================================================================================
Install 2 Packages (+1 Dependent package)
Upgrade ( 2 Dependent packages)
Total download size: 3.7 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/updates/packages/bind-license-9.9.4-18.el7_1.3.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for bind-license-9.9.4-18.el7_1.3.noarch.rpm is not installed
(1/5): bind-license-9.9.4-18.el7_1.3.noarch.rpm | 80 kB 00:03
(2/5): bind-utils-9.9.4-18.el7_1.3.x86_64.rpm | 199 kB 00:06
(3/5): bind-libs-9.9.4-18.el7_1.3.x86_64.rpm | 1.0 MB 00:09
(4/5): bind-libs-lite-9.9.4-18.el7_1.3.x86_64.rpm | 712 kB 00:09
(5/5): bind-9.9.4-18.el7_1.3.x86_64.rpm | 1.8 MB 00:10
--------------------------------------------------------------------------------
Total 370 kB/s | 3.7 MB 00:10
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-1.1503.el7.centos.2.8.x86_64 (@anaconda)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 32:bind-license-9.9.4-18.el7_1.3.noarch 1/7
Installing : 32:bind-libs-9.9.4-18.el7_1.3.x86_64 2/7
Installing : 32:bind-utils-9.9.4-18.el7_1.3.x86_64 3/7
Installing : 32:bind-9.9.4-18.el7_1.3.x86_64 4/7
Updating : 32:bind-libs-lite-9.9.4-18.el7_1.3.x86_64 5/7
Cleanup : 32:bind-libs-lite-9.9.4-18.el7.x86_64 6/7
Cleanup : 32:bind-license-9.9.4-18.el7.noarch 7/7
Verifying : 32:bind-libs-lite-9.9.4-18.el7_1.3.x86_64 1/7
Verifying : 32:bind-utils-9.9.4-18.el7_1.3.x86_64 2/7
Verifying : 32:bind-license-9.9.4-18.el7_1.3.noarch 3/7
Verifying : 32:bind-9.9.4-18.el7_1.3.x86_64 4/7
Verifying : 32:bind-libs-9.9.4-18.el7_1.3.x86_64 5/7
Verifying : 32:bind-license-9.9.4-18.el7.noarch 6/7
Verifying : 32:bind-libs-lite-9.9.4-18.el7.x86_64 7/7
Installed:
bind.x86_64 32:9.9.4-18.el7_1.3 bind-utils.x86_64 32:9.9.4-18.el7_1.3
Dependency Installed:
bind-libs.x86_64 32:9.9.4-18.el7_1.3
Dependency Updated:
bind-libs-lite.x86_64 32:9.9.4-18.el7_1.3
bind-license.noarch 32:9.9.4-18.el7_1.3
Complete!
Let's see what we have installed.
[root@primary-dns ~]# rpm -qa | grep bind
bind-libs-9.9.4-18.el7_1.3.x86_64
bind-9.9.4-18.el7_1.3.x86_64
bind-license-9.9.4-18.el7_1.3.noarch
bind-utils-9.9.4-18.el7_1.3.x86_64
bind-libs-lite-9.9.4-18.el7_1.3.x86_64
Configure named service by adding two zone blocks.
[root@primary-dns ~]# vi /etc/named.conf
...
listen-on port 53 { 127.0.0.1; 192.168.0.0/16;};
...
forwarders {
8.8.8.8;
168.95.1.1;
};
allow-query { localhost; 192.168.0.0/16;};
...
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};
zone "168.192.in-addr.arpa" IN {
type master;
file "168.192.zone";
allow-update { none; };
};
...
Let's validate the configuration file.
[root@primary-dns named]# named-checkconf /etc/named.conf
The configuration is correctly set.
Edit the first zone "example.com" as the following.
[root@primary-dns ~]# vi /var/named/example.com.zone
$ORIGIN example.com.
$TTL 86400 ; time-to-live - (1 day)
primary-dns IN A 192.168.15.199
@ IN SOA primary-dns.example.com. hostmaster.example.com. (
201508061 ; serial number - (yyyymmdd+s)
7200 ; refresh - (2 hours)
300 ; retry - (5 minutes)
604800 ; expire - (1 week)
60 ; minimum - (1 minute)
)
IN NS primary-dns.example.com.
; Oracle RAC Nodes
primary01 IN A 192.168.15.11
primary02 IN A 192.168.15.12
primary01-priv IN A 192.168.24.11
primary02-priv IN A 192.168.24.12
primary01-vip IN A 192.168.15.111
primary02-vip IN A 192.168.15.112
; Network Storage Server
primary-nas IN A 192.168.15.101
; Single Client Access Name (SCAN) virtual IP
primary-cluster-scan IN A 192.168.15.81
primary-cluster-scan IN A 192.168.15.82
primary-cluster-scan IN A 192.168.15.83
Validate the first zone "example.com".
[root@primary-dns ~]# named-checkzone example.com /var/named/example.com.zone
zone example.com/IN: loaded serial 201508061
OK
The hostname zone file is correctly set.
Edit the second zone "168.192.in-addr.arpa".
[root@primary-dns ~]# vi /var/named/168.192.zone
$TTL 86400 ; time-to-live - (1 day)
@ IN SOA primary-dns.example.com. hostmaster.example.com. (
201508061 ; serial number - (yyyymmdd+s)
7200 ; refresh - (2 hours)
300 ; retry - (5 minutes)
604800 ; expire - (1 week)
60 ; minimum - (1 minute)
)
@ IN NS primary-dns.example.com.
; Oracle RAC Nodes
11.15 IN PTR primary01.example.com.
12.15 IN PTR primary02.example.com.
11.24 IN PTR primary01-priv.example.com.
12.24 IN PTR primary02-priv.example.com.
111.15 IN PTR primary01-vip.example.com.
112.15 IN PTR primary02-vip.example.com.
; Network Storage Server
101.15 IN PTR primary-nas.example.com.
; Single Client Access Name (SCAN) virtual IP
81.15 IN PTR primary-cluster-scan.example.com.
82.15 IN PTR primary-cluster-scan.example.com.
83.15 IN PTR primary-cluster-scan.example.com.
Validate the second zone "168.192.in-addr.arpa".
[root@primary-dns ~]# named-checkzone 168.192.in-addr.arpa /var/named/168.192.zone
zone 168.192.in-addr.arpa/IN: loaded serial 201508061
OK
The arpa zone file is correctly set.
Open port 53 for public persistently.
[root@primary-dns ~]# firewall-cmd --permanent --zone=public --add-port=53/tcp
success
[root@primary-dns ~]# firewall-cmd --permanent --zone=public --add-port=53/udp
success
[root@primary-dns ~]# firewall-cmd --reload
success
If you're running on Enterprise Linux 6, you may refer to the post:
How to Open Ports on IPTables and Survives Through Reboots on Enterprise Linux 6 and 7
Enable named.service
[root@primary-dns ~]# systemctl enable named
ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service'
Start named.service right away.
[root@primary-dns ~]# systemctl start named
Let's see the status in normal situations.
[root@primary-dns ~]# systemctl status named -l
named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
Active: active (running) since Thu 2015-08-06 19:48:59 CST; 2min 38s ago
Process: 10238 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 10250 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 10248 ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf (code=exited, status=0/SUCCESS)
Main PID: 10252 (named)
CGroup: /system.slice/named.service
└─10252 /usr/sbin/named -u named
Aug 06 19:48:59 primary-dns.example.com named[10252]: zone 0.in-addr.arpa/IN: loaded serial 0
Aug 06 19:48:59 primary-dns.example.com named[10252]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Aug 06 19:48:59 primary-dns.example.com named[10252]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Aug 06 19:48:59 primary-dns.example.com named[10252]: zone localhost/IN: loaded serial 0
Aug 06 19:48:59 primary-dns.example.com named[10252]: zone example.com/IN: loaded serial 201508061
Aug 06 19:48:59 primary-dns.example.com named[10252]: zone localhost.localdomain/IN: loaded serial 0
Aug 06 19:48:59 primary-dns.example.com named[10252]: zone 168.192.in-addr.arpa/IN: loaded serial 201508061
Aug 06 19:48:59 primary-dns.example.com named[10252]: all zones loaded
Aug 06 19:48:59 primary-dns.example.com named[10252]: running
Aug 06 19:48:59 primary-dns.example.com systemd[1]: Started Berkeley Internet Name Domain (DNS).
Test the service by nslookup specific domain name, e.g. primary01-priv.example.com from clients.
[root@primary01 ~]# nslookup primary-cluster-scan.example.com
Server: 192.168.15.199
Address: 192.168.15.199#53
Name: primary-cluster-scan.example.com
Address: 192.168.15.83
Name: primary-cluster-scan.example.com
Address: 192.168.15.81
Name: primary-cluster-scan.example.com
Address: 192.168.15.82
Three possible IP addresses are returned in this case. We're done.