Setup additional local DNS - to add scan addresses


In this document I demonstrate how to add local DNS server to be added additionally to an existing DNS, I had this need for creating some additional IP addresses in the DNS for Real Application Cluster (VIP and SCAN)

My Testing Environment

My Private DNS Server

IP Address: 10.20.2.100
Host Name: localdns
OS: Oracle Linux Server release 7.5

Client Machine to use DNS

IP Address: 10.33.1.120
Host Name: dbhost
OS: Oracle Linux Server release 7.4

Current Domain DNS

Primary: 192.168.1.10
Secondary: 192.168.1.1 1

DNS entry to add

IP Address: 10.33.1.123
Host Name: dbhost-scan

Verify that the above IP address is not being used via ping command
$ ping 10.33.1.123 -c1 -w 1 >/dev/null 2>&1 ; if [ $? -eq 1 ]; then echo "This IP is Not used"; else echo "This IP is used"; fi
This IP is Not used

Install required packages

$ sudo yum install bind* -y

Define zone files in master configuration ‘named.conf‘ file

$ sudo vim /etc/named.conf
Change 127.0.01 to any and at the end zone sections.

Add the zone section at the end, pay attention for the prefix of in-addr.arpa (it is the reverse of the first 3 numbers of the DNS entry we want to add - important for reverse lookup)
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
   recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
   control to limit queries to your legitimate users. Failing to do so will
   cause your server to become part of large scale DNS amplification
   attacks. Implementing BCP38 within your network would greatly
   reduce such attack surface
*/
recursion no;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "mydomain.local" IN {
type master;
file "named.mydomain.fwd";
        allow-update { none; };
};
zone"1.33.10.in-addr.arpa" IN {
        type master;
        file "named.mydomain.rev";
        allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Create Zone Files

$ sudo cp /var/named/named.localhost /var/named/named.mydomain.fwd
$ sudo cp /var/named/named.loopback /var/named/named.mydomain.rev

Edit these zones files

Forward zone configuration

$ sudo vi /var/named/named.mydomain.fwd
Make changes as per your need.
@ IN SOA localdns.mydomain.local. root.mydomain.local. (
2014090401 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
; Name server's
@ IN NS localdns.mydomain.local.
; Name server hostname to IP resolve.
@ IN A 10.20.2.100
; Hosts in this Domain
@ IN A 10.33.1.123
dbhost-scan IN A 10.33.1.123
localdns IN A 10.20.2.100

Reverse zone configuration

$ sudo vi /var/named/named.mydomain.rev
Make changes as per your need.
$TTL 86400
@ IN SOA localdns.mydomain.local. root.mydomain.local. (
2014090402 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
; Name server's
@ IN NS localdns
@ IN PTR mydomain.local.
; Name server hostname to IP resolve.
localdns IN A 10.20.2.100
;Hosts in Domain
dbhost-scan IN A 10.33.1.123
123 IN PTR dbhost-scan.mydomain.local.
100 IN PTR localdns.mydomain.local.
Change the group to named
$ sudo chgrp named /var/named/named.mydomain.fwd
$ sudo chgrp named /var/named/named.mydomain.rev
check for the errors in zone files
$ sudo named-checkconf /etc/named.conf
$ sudo named-checkzone localdns.mydomain.local /var/named/named.mydomain.fwd
$ sudo named-checkzone localdns.mydomain.local /var/named/named.mydomain.rev
run,enable and check named service
$ sudo chkconfig named on
$ sudo service named start
$ sudo service named status
Add new dns to be resolved on client machine (dbhost)
$ sudo vi /etc/resolv.conf
Add the red entry to the file
# Generated by NetworkManager
search mydomain.local
nameserver 192.168.1.10
nameserver 192.168.1.11
nameserver 10.20.2.100
options timeout:1
options attempts:2

Check our new DNS
$ nslookup 10.33.1.123
Server: 10.20.2.100
Address: 10.20.2.100#53

123.1.33.10.in-addr.arpa name = dbhost-scan.mydomain.local.

$ nslookup dbhost-scan
Server: 10.20.2.100
Address: 10.20.2.100#53

Name: dbhost-scan.mydomain.local
Address: 10.33.1.123

$ nslookup dbhost-scan.mydomain.local
Server: 10.20.2.100
Address: 10.20.2.100#53

Name: dbhost-scan.mydomain.local
Address: 10.33.1.123

Yossi

Comments

Popular posts from this blog

Silent Installation

Data Guard - Changing IP Addresses

Fixing & Registering ORACLE_HOMES in Central Inventory