Bind, the Berkeley Internet Name Domain DNS server has a variety of uses on your Centos 6/RHEL system and one of them is caching only DNS. A caching-only DNS server supplies information related to queries based on the data it contains in its DNS cache and is authoritative only for the localhost.
The concept of
caching only DNS servers has been around for a while so I decided to set
it up on a Centos 6 box. For this we used the bind available in the
updates repo, which should be enabled. Then we do a DNS query both locally and remotely, so you will need bind setting up on the remote host also.
You also need OpenSSH installed and set up with a static IP and port 22 forwarded from the router.
After setting up OpenSSH we install Bind.
$ sudo yum -y install bind bind-utils
$ named -v
BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4
Once that is done, the first thing we need to do is edit named.conf
$ sudo vi /etc/named.conf
Change the following values
listen-on port 53 {any;};
listen-on-v6 port 53 {none;};
(due to limited IPv6 support, set to any otherwise)
allow-transfer{none;};
allow-query {any;}
Now list the forwarders we have permission to query and determine that they should be checked first. Do this by substituting the relevant IP address values and type:
forwarders {XXX.XXX.XXX.XXX;XXX.XXX.XXX.XXX;};
forward first;
Now scroll down and find the following line to make sure that the server will always provide a recursive query behavior:
recursion yes;
Then enhance this by adding the following lines
recursion yes;
allow-recursion { any ; };
allow-query-on {any;};
allow-query-cache { any; };
Finalize the configuration process by ensuring that IPv6 is no longer required. To do this, type
echo 'OPTIONS="-4"' >> /etc/sysconfig/named
(Skip this step if still using IPv6)
Close and save the file.
Enable the service
$ sudo chkconfig named on
$ sudo service named start
$ sudo service named status
version: 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4
CPUs found: 2
worker threads: 2
number of zones: 19
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 2928) is running...
Now run the netstat tool to view the ports.
$ netstat -ntul
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat e
tcp 0 0 192.168.0.100:53 0.0.0.0:* LIST EN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LIST EN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LIST EN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LIST EN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LIST EN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LIST EN
tcp 0 0 0.0.0.0:17500 0.0.0.0:* LIST EN
tcp 0 0 ::1:53 :::* LIST EN
tcp 0 0 :::22 :::* LIST EN
tcp 0 0 ::1:631 :::* LIST EN
tcp 0 0 ::1:953 :::* LIST EN
tcp 0 0 ::1:25 :::* LIST EN
udp 0 0 192.168.0.100:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:17500 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 192.168.0.100:123 0.0.0.0:*
udp 0 0 127.0.0.1:123 0.0.0.0:*
udp 0 0 ::1:53 :::*
Now test DNS queries against the caching only DNS server using dig (domain information groper)
$ dig @localhost www.duckduckgo.com
|
dig @localhost |
So if it is all working, now we can connect to a remote host to run DNS queries.
$ ssh anton2@192.168.0.101
anton2@192.168.0.101's password:
Last login: Thu Jul 11 06:46:48 2013 from 192.168.0.100
[anton2@Dell ~]$ hostname
Dell
$ dig anton2@192.168.0.101 www.duckduckgo.com
|
dig @remote |
There is plenty more to Bind and we have barely scratched the surface here, the Administrators Reference Manual shows more.
Labels: caching only DNS server, Centos 6, install Bind, OpenSSH, RHEL