DNS servers comes in several types such as master, slave, forwarding and cache, to name a few examples, with cache-only DNS being the one that is easier to setup. Since DNS uses the UDP protocol, it improves the query time because it does not require an acknowledgement.
The cache-only DNS server is also known as resolver, which will query DNS records and fetch all the DNS details from other servers, and keep each query request in its cache for later use so that when we perform the same request in the future, it will serve from its cache, thus reducing the response time even more.
DNS server : dns.hackthesec.co.in (Red Hat Enterprise Linux 7.1) Server IP Address : 192.168.1.17 Client : node1.hackthesec.co.in (CentOS 7.1) Client IP Address : 192.168.1.35
# yum search bind
# yum install bind bind-utils -y
/etc/named.conf
using your preferred text editor. Make the changes suggested below (or you can use your settings as per your requirements).listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
root:named
and also ifSELinux is enabled, after editing the configuration file we need to make sure that its context is set tonamed_conf_t
as shown in Fig. 4 (same thing for the auxiliary file /etc/named.rfc1912.zones
):# ls -lZ /etc/named.conf
# ls -lZ /etc/named.rfc1912.zones
# semanage fcontext -a -t named_conf_t /etc/named.conf
# semanage fcontext -a -t named_conf_t /etc/named.rfc1912.zones
# named-checkconf /etc/named.conf
# systemctl restart named
# systemctl enable named
# systemctl status named
# firewall-cmd --add-port=53/udp
# firewall-cmd --add-port=53/udp --permanent
# yum install bind-chroot -y
# systemctl restart named
/etc/named.conf
) inside /var/named/chroot/etc/
:# ln -s /etc/named.conf /var/named/chroot/etc/named.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
as shown in the following figure:DNS=192.168.1.17
HWADDR=00:1A:4D:9A:F7:CE
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.1.35
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
NM_CONTROLLED=no
DEFROUTE=yes
PEERDNS=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEEROUTER=yes
IPV6_FAILURE_FATAL=no
NAME=eth0
DNS=192.168.1.17
ONBOOT=yes
nameserver 192.168.1.17
root@hackthesec:/home/hackthesec# dig facebook.com ; <<>> DiG 9.9.5-9-Ubuntu <<>> facebook.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50459 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;facebook.com. IN A ;; ANSWER SECTION: facebook.com. 285 IN A 66.220.158.68 ;; Query time: 65 msec ;; SERVER:192.168.1.17#53(192.168.1.17) ;; WHEN: Mon Jan 25 16:59:32 IST 2016 ;; MSG SIZE rcvd: 57
[root@node1 ~]# nslookup facebook.com
Server: 192.168.1.17
Address: 192.168.1.17#53
Non-authoritative answer:
Name: facebook.com
Address: 66.220.158.68
http://www.hackthesec.co.in
http://www.twitter.com/hackthesecurity
https://www.facebook.com/htsecu