@JS's Notes

Site with notes from my work.

Private internal DNS server on Fedora 30

2019-10-08 System @JS

Requirements: user with root privileges or non-root user with sudo privileges.

My testing environment:

  • Domain: lnx.lan
  • DNS server IP and hostname: 192.168.1.187, master.lnx.lan
Bind - installation and configuration

Update your operating system packages and install Bind server:

$ sudo dnf update -y
$ dnf install bind bind-utils -y
$ sudo systemctl start named.service
$ systemctl status named.service
$ sudo systemctl enable named.service

Backup the original configuration file /etc/named.conf:

$ sudo cp /etc/named.conf /etc/named.conf.orig

Edit /etc/named.conf configuration file and comment out the following lines:

[...]
options {
#       listen-on port 53 { 127.0.0.1; };
#       listen-on-v6 port 53 { ::1; };
[...]

Set the allow-query parameter to the address of your local network:

[...]
        allow-query     { localhost; 192.168.1.0/24; };
[...]
Creating the Forward and Reverse DNS Zones

To define the forward and reverse zone, add the following lines at the end of the /etc/named.conf file:

[...]
//forward zone
zone "lnx.lan" IN {
     type master;
     file "lnx.lan.db";
     allow-update { none; };
    allow-query {any; };
};
//backward zone
zone "1.168.192.in-addr.arpa" IN {
     type master;
     file "lnx.lan.rev";
     allow-update { none; };
    allow-query { any; };
};
[...]
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Create a forward zone file under the /var/named directory and add the following configuration in it:

$TTL 86400
@ IN SOA master.lnx.lan. admin.lnx.lan. (
    2019062000 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL
)

;Name Server Information
@ IN NS master.lnx.lan.

;IP for Name Server
master      IN A    192.168.1.187

;A Record for IP address to Hostname
www         IN A    192.168.1.100
ftp         IN A    192.168.1.113
gateway     IN A    192.168.1.254

Create a reverse zone file under the /var/named directory and add the following configuration in it:

$TTL 86400
@ IN SOA master.lnx.lan. admin.lnx.lan. (
    2019062000 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL
)
;Name Server Information
@ IN NS master.lnx.lan.

;Reverse lookup for Name Server
187     IN PTR      master.lnx.lan.

;PTR Record IP address to HostName
100     IN PTR      www.lnx.lan.
113     IN PTR      ftp.lnx.lan.
254     IN PTR      gateway.lnx.lan.

Set the correct ownership permissions on the zone files:

$ sudo chown :named /var/named/lnx.lan.db
$ sudo chown :named /var/named/lnx.lan.rev

Check the DNS configuration:

$ sudo named-checkconf
# no out means no error
$ sudo named-checkzone lnx.lan /var/named/lnx.lan.db
zone lnx.lan/IN: loaded serial 2019062000
OK
$ sudo named-checkzone 192.168.1.187 /var/named/lnx.lan.rev
zone 192.168.1.187/IN: loaded serial 2019062000
OK

Once you have performed all the necessary configuration, you need to restart the DNS service for the recent changes to take effect.

$ sudo systemctl restart named.service
$ systemctl status named.service

NOTE: Add the DNS service in the system firewall config and reload the firewall settings:

$ sudo firewall-cmd --permanent --zone=public --add-service=dns 
$ sudo firewall-cmd --reload
Fedora 30
© 2019 - 2020 Created by @JS
Powered by Hugo