My Linux Guide

Master DNS Configuration in Chrooted Environment

Nishant -

Here is a little tutorial on how to configure bind in chrooted environment.

1. First of all you need to install all the required packages.

#yum install bind bind-chroot bind-libs bind-utils caching-nameserver

2. Configure RNDC.key file. This key file is required for secured communication between master and slave DNS Servers.

#cd /var/named/chroot/etc

Now issue the following command to generate the rndc config file rndc.key

#rndc-confgen > rndc.key

Change the ownership of the key file so that named can only read it.

#chown root:named rndc.key

Open the rndc.key file and remove sections other than key “rndc” section so that the file looks like :

key "rndckey" {
algorithm hmac-md5;
secret "SGsvsdfsdfsdfsCCkkg==";
};

> There exists a symbolic link of rndc.key in /etc which is required for authentication against rndc.key file, if it doesnot exist create the  symbolic link by issuing :

#ln -s /etc/named.conf /var/named/chroot/etc/rndc.key

Now configure the named.conf file. ( /var/named/chroot/etc/named.conf

// Copy this section from the rndc.key file which was created above.
key "rndckey" {
      algorithm hmac-md5;
      secret "SGsvd1sdfs4ywCCkkg==";
};

//replace the ip and network with your own scenario
controls {
        inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
        inet 192.168.1.254 allow { 192.168.1.0/24; } keys { "rndckey"; };
};

options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";
        recursion yes;
        allow-recursion {
                127.0.0.1;
                192.168.1.0/24;
                };
        
        version "put something bogus here"; //for security reasons

        allow-query {
                127.0.0.1;
                192.168.1.0/24;
                };
        };

server 192.168.254.254 {
        keys { rndckey; };
        };

zone "." IN {
        type hint;
        file "named.ca";
        };

// forward zone
zone "test.be" IN {
        type master;
        file "nishant.com.zone";
        allow-update { none; };
        // if you have a slave dns server at 192.168.1.2
        allow-transfer { 192.168.1.2; };
        };

// reverse zone
zone "1.168.192.in-addr.arpa" IN {
	type master;
	file "192.168.1.rev.zone";
	allow-update { none; };
        allow-transfer { 192.168.254.2; };
	};

Now let us configure the forward lookup zone file : 
/var/named/chroot/var/named/nishant.com.zone

$ttl 38400
nishant.com.       IN      SOA     ns.nishant.com. admin.nishant.com. (
2010042300   ; Serial Number
10800           ; Refresh after 3 hours
3600            ; Retry after 1 hour
604800          ; Expire after 1 week
86400 )         ; Minimum TTL of 1 day

nishant.com.                     IN      NS                    ns.nishant.com.
nishant.com.                     IN      MX      10       mx.nishant.com.
www.nishant.com.          IN      A                     192.168.1.51
ns.nishant.com.               IN      A                     192.168.1.100
mx.nishant.com.             IN      A                     192.168.1.24
mail.nishant.com.           IN      CNAME        mx.nishant.com.

Now we create the reverse lookup zone :

/var/named/chroot/var/named/192.168.1.rev.zone

$TTL 86400
100.168.192.in-addr.arpa.    IN    SOA    ns.nishant.com. admin.nishant.com. (
2007032000
10800
900
604800
3600 )

1.168.192.in-addr.arpa.        IN    NS    ns.nishant.com.

2.1.168.192.in-addr.arpa.     IN     PTR     mx.nishant.com.
51.100.168.192.in-addr.arpa.     IN     PTR     www.nishant.com.

Now check for any errors in the named.conf file by issuing the following command :

#named-checkconf -t /var/named/chroot /etc/named.conf

>> No output means configuration is ok. Now you can start the named service :

#service named start

Now you can login to another machine, change the dns server to the machine you just configured (assuming 192.168.1.254 )

Nslookup

nslookup> server 192.168.1.254

nslookup> www.nishant.com

it will give the answers as configured in the zone file.

Thanks