Tag: linux

Setup DNS-Server on centOS-7 (Master-Slave mode)

Setup Primary (Master) DNS Server

Install bind9 packages on your server. Run the following command:

“yum install bind bind-utils -y”

1. Configure DNS Server

Edit ‘/etc/named.conf’ file.

vi /etc/named.conf

Add the lines as shown in bold:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; [Master-dns ip];}; ### Master DNS IP ###
#    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 192.168.1.0/24;}; ### IP Range ###
    allow-transfer{ localhost; [slave-dns ip]; };   ### Slave DNS IP ###

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "learnwithak.local" IN { 
type master; 
file "forward.learnwithak"; 
allow-update { none; }; 
}; 
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2 Create Forward Zone

Create forward.learnwithak file in the ‘/var/named’ directory.

vi /var/named/forward.learnwithak

Add the following lines:

$TTL 86400
@ IN SOA ehs-dns-master.learnwithak.local. root.learnwithak.local. (
 2011071001 ;Serial
 3600 ;Refresh
 1800 ;Retry
 604800 ;Expire
 86400 ;Minimum TTL
)
@ IN NS ehs-dns-master.lernwithak.local.
@ IN NS ehs-dns-slave.learnwithak.local.
@ IN A 172.16.4.10
@ IN A 172.16.4.11
@ IN A 172.16.4.9
@ IN A 172.16.4.8
@ IN A 172.16.4.7
@ IN A 172.16.4.6
@ IN A 172.16.4.5
@ IN A 172.16.4.4
@ IN A 172.16.5.2
@ IN A 172.16.5.3
@ IN A 172.16.5.4
ehs-dns-master  IN A 172.16.4.10
ehs-dns-standby IN A 172.16.4.11
ehs-api-2       IN A 172.16.4.9
ehs-api-1       IN A 172.16.4.8
ehs-api-lb      IN A 172.16.4.7
ehs-api-orchestration IN A 172.16.4.6
rabbit-standby  IN A 172.16.4.5
rabbit-master   IN A 172.16.4.4
db-slave        IN A 172.16.5.2
db-master       IN A 172.16.5.3
ehs-ldap        IN A 172.16.5.4

3. Start the DNS service

Enable and start DNS service:

systemctl enable named
systemctl start named

4. Firewall Configuration

We must allow the DNS service default port 53 through firewall.

Add the following lines in /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT

5. Restart Firewall

Run the following command

sudo systemctl restart iptables

6. Configuring Permissions, Ownership, and SELinux

Run the following commands one by one:

chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

7. Test DNS configuration and zone files for any syntax errors

Check DNS default configuration file:

named-checkconf /etc/named.conf

If it returns nothing, your configuration file is valid.

Check Forward zone:

named-checkzone learnwithak.local /var/named/forward.learnwithak
Sample output:
zone learnwithak.local/IN: loaded serial 2011071001
OK

Add the DNS Server details in your network interface config file.

vi /etc/sysconfig/network-scripts/ifcfg-ens160
HWADDR=00:50:56:01:04:20
NAME=ens160
GATEWAY=172.16.4.1
DNS=172.16.4.10
DEVICE=ens160
ONBOOT=yes
USERCTL=no
BOOTPROTO=static
NETMASK=255.255.255.0
IPADDR=172.16.4.10
PEERDNS=yes
check_link_down() {
 return 1;
}

Edit file /etc/resolv.conf,

vi /etc/resolv.conf

Add the name server ip address:

nameserver    172.16.4.10

Save and close the file.

Restart network service:

systemctl restart network

8. Test DNS Server

dig ehs-dns-master.learnwithak.local

Sample Output:

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.1 <<>> ehs-dns-master.learnwithak.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ehs-dns-master.learnwithak.local. IN A
;; ANSWER SECTION:
ehs-dns-master.learnwithak.local. 86400 IN A 172.16.4.10
;; AUTHORITY SECTION:
learnwithak.local. 86400 IN NS ehs-dns-master.learnwithak.local.
learnwithak.local. 86400 IN NS ehs-dns-standby.learnwithak.local.
;; ADDITIONAL SECTION:
ehs-dns-standby.learnwithak.local. 86400 IN A 172.16.4.11
;; Query time: 0 msec
;; SERVER: 172.16.4.10#53(172.16.4.10)
;; WHEN: Wed Feb 22 13:15:23 UTC 2017
;; MSG SIZE rcvd: 138

Server: 172.16.4.10
Address: 172.16.4.10#53

nslookup learnwithak.local

Sample Output:

Name: learnwithak.local
Address: 172.16.4.11
Name: learnwithak.local
Address: 172.16.5.4
Name: learnwithak.local
Address: 172.16.4.9
Name: learnwithak.local
Address: 172.16.5.2
Name: learnwithak.local
Address: 172.16.4.7
Name: learnwithak.local
Address: 172.16.4.4
Name: learnwithak.local
Address: 172.16.5.3
Name: learnwithak.local
Address: 172.16.4.8
Name: learnwithak.local
Address: 172.16.4.5
Name: learnwithak.local
Address: 172.16.4.6
Name: learnwithak.local
Address: 172.16.4.10

Now the Primary DNS server is ready to use.

It is time to configure our Secondary DNS server.

Setup Secondary(Slave) DNS Server

Install bind packages using the following command:

yum install bind bind-utils -y

1. Configure Slave DNS Server

Edit file ‘/etc/named.conf’:

vi /etc/named.conf

Make the changes as shown in bold.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 172.16.4.11; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 172.16.4.0/24; };
.
.
.
.
zone "." IN {
type hint;
file "named.ca";
};
zone "learnwithak.local" IN { 
type slave; 
file "slaves/learnwithak.fwd"; 
masters { 172.16.4.10; }; 
}; 
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


 


2. Start the DNS Service


systemctl enable named
systemctl start named


Now the forward  zone is automatically replicated from Master DNS server to ‘/var/named/slaves/’ in Secondary DNS server.


ls /var/named/slaves/


Sample Output:


learnwithak.fwd

	


	
	






	
	

		
Installation of DNS server on Centos 7
	


	

		
Run the following command on both the machines


yum install bind bind-utils -y


vi /etc/named.conf


acl “trusted” {


172.16.120.179;    # nameserver1 – can be set to localhost


172.16.120.154;  # host1


};


listen-on port 53 { 127.0.0.1; 172.16.120.179; };


allow-query     { trusted; };


zone “atos.local” IN {


type master;


file “forward.learnwithak”;


allow-update { none; };


};


zone “120.16.172.learnwithak.local” IN {


type master;


file “reverse.learnwithak”;


allow-update { none; };


};


 


sudo vi /var/named/forward.learnwithak


$TTL 86400


@   IN  SOA     masterdns.learnwithak.local. root.learnwithak.local. (


2011071001  ;Serial


3600        ;Refresh


1800        ;Retry


604800      ;Expire


86400       ;Minimum TTL


)


@       IN  NS          masterdns.learnwithak.local.


@       IN  A           172.16.120.179


@       IN  A           172.16.120.154


@       IN  A           172.16.120.69


masterdns       IN  A   172.16.120.179


vault          IN  A   172.16.120.154


vault-2          IN  A   172.16.120.69


 


vi /var/named/reverse.learnwithak


$TTL 86400


@   IN  SOA     masterdns.learnwithak.local. root.learnwithak.local. (


2011071001  ;Serial


3600        ;Refresh


1800        ;Retry


604800      ;Expire


86400       ;Minimum TTL


)


@       IN  NS          masterdns.learnwithak.local.


@       IN  PTR         learnwithak.local.


masterdns       IN  A   172.16.120.179


vault          IN  A   172.16.120.154


vault-2          IN  A   172.16.120.69


179     IN  PTR         masterdns.learnwithak.local.


154     IN  PTR         vault.learnwithak.local.


69      IN  PTR         vault-2.learnwithak.local.


 


systemctl enable named


systemctl start named


 


add 53 port in tcp and udp


 


chgrp named -R /var/named


chown -v root:named /etc/named.conf


restorecon -rv /var/named


restorecon /etc/named.conf


 


 


named-checkconf /etc/named.conf


 


named-checkzone learnwithak.local /var/named/forward.learnwithak


 


named-checkzone learnwithak.local /var/named/reverse.learnwithak


In the client machines:


Add the DNS Server details in your network interface config file.


vi /etc/sysconfig/network-scripts/ifcfg-enp0s3


 


Edit file /etc/resolv.conf,


vi /etc/resolv.conf


 


dig masterdns.learnwithak.local


 



		
	
	


	
	






	
	

		
Linux commands
	


	

		
sudo!! : Forgot to run a command with sudo? You need not re-write the whole command, just type “sudo!!” and the last command will run with sudo.


2. Python -m SimpleHTTPServer : Creates a simple web page for the current working directory over port 8000.


3. mtr : A command which is a combination of ‘ping’ and ‘traceroute’ command.


4. Ctrl+x+e : This key combination fires up, an editor in the terminal, instantaneously.


5. nl : Outputs the content of text file with lines Numbered.


6. shuf : Randomly selects line/file/folder from a file/folder.


7. ss : Outputs Socket Statistics.


8. Last: Want to know history of last logged in users? This command comes to rescue here.


9. curl ifconfig.me : Shows machine’s external IP Address.


10. tree : Prints files and folders in tree like fashion, recursively.


11. Pstree : Prints running processes with child processes, recursively.


13. stat : Shows the status information of a file as well as of a file system.


15. Pv : outputs simulating text, similar to hollywood movies.


16. Mount | column -t : Lists mounted file system, in nice formatting with specification.


17. Ctrl + l: clear shell prompt, instantaneously.


18. curl -u gmail_id –silent “https://mail.google.com/mail/feed/atom” | perl -ne ‘print “\t” if //; print “$2\n” if /(.*)/;’. This simple scripts, opens up, unread mail of an user, in the terminal itself.


19. screen : Detach and Reattach, long running process from a session.


20. file : Outputs information, regarding types of file.


21. id : Print User and Group Id.

22. ^foo^bar : Run last command with modification, without the need of rewriting the whole command again.


24. at : Run a particular command, time based.


25. du -h –max-depth=1 Command : Outputs the size of all the files and folders within current folder, in human readable format.


26. expr : Solve simple mathematical calculations from the terminal.


27. look: Check for an English word, from the dictionary, in case of confusion, right from the shell.


28. yes : continues to print a sting, till interrupt instruction is given.


29. factor: Gives all the possible factors of a decimal number.


30. ping -i 60 -a IP_address : Pings the provided IP_address, and gives audible sound when host comes alive.


31. tac : Prints content of a file, in reverse order.


32. strace : A debugging tool.


33. disown -a && exit Command : Run a command in background, even after terminal session is closed.


34. getconf LONG_BIT Command : Output Machine Architecture, very clearly.


35. while sleep 1;do tput sc;tput cup 0 $(($(tput cols)-29));date;tput rc;done & : The script outputs date and time on the top right corner of shell/ terminal.


36. convert : converts the output of a command in picture, automatically.


37. watch -t -n1 “date +%T|figlet” : Show animated digital clock at the prompt.


38. host and dig : DNS lookup utility.


39. dstat : Generates statistics regarding system resource.


40. bind -p : Shows all the shortcuts available in Bash.


41. Touch /forcefsck : Force file-system check on next boot.


42. lsb_release : Prints distribution specification information.


43. nc -ZV localhost port_number : Check if a specific port is open or not.


44. curl ipinfo.io : Outputs Geographical Information, regarding an ip_address.


45. find .-user xyz : Lists all file owned by user ‘xyz’


46. apt-get build-dep package_name: Build all the dependency, automatically while installing any specific package.


47. lsof -iTCP:80 -sTCP:LISTEN. The script, outputs all the service/process using port 80.


48. find -size +100M : This command combination, Lists all the files/folders the size of which is 100M or more.


49. pdftk : A nice way to concatenate a lot of pdf files, into one.


50. ps -LF -u user_name : Outputs Processes and Threads of a user.


51. Startx — :1 (This command creates another new X session).


top 6 files that eat up your space:


du -hsx * | sort -rh | head -6


    

  • Alt+Backspace: Deletes the previous word.
    • 

  • Alt+F: Skips ahead to the next space.
    • 

  • Alt+B: Skips back to the previous space.
    • 

  • Ctrl+U: Cuts all text up to the cursor.
    • 

  • Ctrl+K: Cuts all text after the cursor until end of line.
    • 

  • Ctrl+A: Moves the cursor to the start of line.
    • 

  • Ctrl+E: Moves the cursor to the end of line.
    •