Setup DNS Server On openSUSE 13.1

What is DNS Server?

As you might know, DNS, Domain Name System, is a system that resolves Domain names into IP Addresses and vice-versa. For example if you type www.unixmen.com in your browser, the computer doesn’t know where it is actually. So in-order to find www.unixmen.com site, your computer will contact the current DNS server. The DNS servers simply reply to your computer with the associated IP address of unixmen.com domain. Since IP address of every domain is hard to remember, DNS Server makes it easy to remember domain names instead of their IP addresses. You can get the DNS server details from your Internet Service Providers.

Types of DNS Server

There are two types of DNS Servers, Primary and Secondary DNS server. These two DNS servers are computers where the domain names with their respective IP addresses are stored and the information available on both DNS servers is identical. The values for these two DNS’s are configured by the Internet Service Provider (ISP). The secondary DNS acts as backup for the Primary DNS if Primary DNS server is down.

Scenario

In this tutorial i am going to setup local Primary and secondary DNS servers. I am using two systems running with openSUSE 13.1 for primary and secondary DNS servers and one system running with Ubuntu 13.04 Desktop for Client.

Primary DNS server details:

Operating System: openSUSE 13.1
Hostname: master.unixmen.local
IP Address: 192.168.1.101/24

Secondary DNS Server Details:

Operating System: openSUSE 13.1
Hostname: slave.unixmen.local
IP Address: 192.168.1.102/24

Client Details:

Operating System: Ubuntu 13.04 Desktop
Hostname: client.unixmen.local
IP Address: 192.168.1.100/24

Note: I tested this how-to twice on local area network (LAN). It is worked perfectly for me as i expected. If you want to setup external DNS server, use your public ip in zone files and dns configuration files.

1. Setup Primary DNS Server

Install bind9

BIND (Berkely Internet Name Domain) is a software for translating domain names into IP addresses.

Install it using command:

# zypper in bind

The DNS configuration files are stored in the /etc/ directory. The primary configuration file is /etc/named.conf.

Configure Bind9

Open up the file /etc/named.conf in any editor.

# nano /etc/named.conf

Add the following lines to define forward and reverse zone files.

[...]
## Uncomment and add your local area network ip series
allow-query { 127.0.0.1; 192.168.1.0/24;};
[...]
zone    "unixmen.local"   {
        type master;
        file    "for.unixmen.local";
 };

zone   "1.168.192.in-addr.arpa"        {
       type master;
       file    "rev.unixmen.local";
 };

Save and close the file.

Create Zone Files

Now create the forward and reverse zone files which we defined in the above step.

1. Forward Zone file

Copy the existing zone file template /var/lib/named/localhost.zone to create a new forward zone file.

# cp /var/lib/named/localhost.zone /var/lib/named/for.unixmen.local

Now edit the file /var/lib/named/for.unixmen.local,

# nano /var/lib/named/for.unixmen.local

Change the contents as shown below and replace the domain name and ip address with your own.

;
; BIND data file for forward.unixmen.local zone
;
$TTL    604800
@       IN      SOA     master.unixmen.local. root.unixmen.local. (
2         ; Serial
604800         ; Refresh
86400         ; Retry
2419200         ; Expire
604800 )       ; Negative Cache TTL
         IN      A       192.168.1.101
;
@       IN      NS      master.unixmen.local.
@       IN      NS      slave.unixmen.local.
@       IN      A       192.168.1.101
@       IN      A       192.168.1.102
@       IN      A       192.168.1.100
@       IN      AAAA    ::1
master  IN      A       192.168.1.101
slave   IN      A       192.168.1.102
client  IN      A       192.168.1.100

2. Reverse Zone file

Copy the existing zone file template /var/lib/named/127.0.0.zone to create a new reverse zone file.

# cp /var/lib/named/127.0.0.zone /var/lib/named/rev.unixmen.local

Now edit the file /etc/bind/rev.unixmen.local,

# nano /var/lib/named/rev.unixmen.local

Change the contents as shown below and replace the domain name and ip address with your own.

;
; BIND reverse data file for rev.unixmen.local
;
$TTL    604800
@       IN      SOA     master.unixmen.local. root.unixmen.local. (
3         ; Serial
604800         ; Refresh
86400         ; Retry
2419200         ; Expire
604800 )       ; Negative Cache TTL
;
@       IN      NS      master.
@       IN      NS      slave.
@       IN      A       192.168.1.101
@       IN      A       192.168.1.102
@       IN      A       192.168.1.100
101     IN      PTR     master.unixmen.local.
102     IN      PTR     slave.unixmen.local.
100     IN      PTR     client.unixmen.local.

Save and close the file.

As you see in the above configuration, i increased the serial number for reverse zone file. For each change you should increase the reverse zone serial number as well.

Now start bind9 service.

# /etc/init.d/named start
# chkconfig named on

Test DNS Configuration and Zone Files

You can check the DNS configuration and zone files configuration for any syntax errors.

Check DNS configuration file using command:

# named-checkconf /etc/named.conf

If it returns nothing, your configuration file doesn’t have any syntax errors.

Check Forward Zone:

# named-checkzone unixmen.local /var/lib/named/for.unixmen.local

Sample Output:

zone unixmen.local/IN: loaded serial 2
OK

Check Reverse Zone:

# named-checkzone unixmen.local /var/lib/named/rev.unixmen.local

Sample output:

zone unixmen.local/IN: loaded serial 3
OK

First make sure that BIND9 is running on default port 53.

# netstat -tulpn | grep :53

Sample output:

tcp        0      0 192.168.1.101:53        0.0.0.0:*               LISTEN      2803/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2803/named          
tcp        0      0 :::53                   :::*                    LISTEN      2803/named          
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           479/avahi-daemon: r 
udp        0      0 192.168.1.101:53        0.0.0.0:*                           2803/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2803/named          
udp        0      0 :::5353                 :::*                                479/avahi-daemon: r 
udp        0      0 :::53                   :::*                                2803/namedhi-daemon:

Adjust openSUSE firewall

open YaST control center. Go to Network Services -> Firewall -> Allowed Services. Select bind DNS server from Service to Allow drop down box. Click Next and Ok to apply the settings.

openSUSE 13.1 [Running] - Oracle VM VirtualBox_001Test Master DNS Server

Edit file /etc/resolv.conf,

# nano /etc/resolv.conf

And add your Master DNS server details,

search unixmen.local
nameserver 192.168.1.101

Reboot the system or restart the networking service.

# /etc/init.d/network restart

Now let us check Master DNS server is working or not using the following commands:

Method 1:

# dig master.unixmen.local

Sample output:

; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> master.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42189
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;master.unixmen.local.		IN	A

;; ANSWER SECTION:
master.unixmen.local.	604800	IN	A	192.168.1.101

;; AUTHORITY SECTION:
unixmen.local.		604800	IN	NS	slave.unixmen.local.
unixmen.local.		604800	IN	NS	master.unixmen.local.

;; ADDITIONAL SECTION:
slave.unixmen.local.	604800	IN	A	192.168.1.102

;; Query time: 5 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Sat Dec 07 17:14:17 IST 2013
;; MSG SIZE  rcvd: 115

Method 2:

# dig -x master.unixmen.local

Sample Output:

; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> -x master.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29989
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;local.unixmen.master.in-addr.arpa. IN	PTR

;; AUTHORITY SECTION:
in-addr.arpa.		3600	IN	SOA	b.in-addr-servers.arpa. nstld.iana.org. 2011030040 1800 900 604800 3600

;; Query time: 1491 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Sat Dec 07 17:15:09 IST 2013
;; MSG SIZE  rcvd: 130

Method 3:

# dig unixmen.local

Sample output:

; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50957
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;unixmen.local.			IN	A

;; ANSWER SECTION:
unixmen.local.		604800	IN	A	192.168.1.101
unixmen.local.		604800	IN	A	192.168.1.102
unixmen.local.		604800	IN	A	192.168.1.100

;; AUTHORITY SECTION:
unixmen.local.		604800	IN	NS	master.unixmen.local.
unixmen.local.		604800	IN	NS	slave.unixmen.local.

;; ADDITIONAL SECTION:
slave.unixmen.local.	604800	IN	A	192.168.1.102
master.unixmen.local.	604800	IN	A	192.168.1.101

;; Query time: 16 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Sat Dec 07 17:15:52 IST 2013
;; MSG SIZE  rcvd: 163

Method 4:

# dig -x unixmen.local

Sample output:

; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> -x unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34278
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;local.unixmen.in-addr.arpa.	IN	PTR

;; AUTHORITY SECTION:
in-addr.arpa.		3600	IN	SOA	b.in-addr-servers.arpa. nstld.iana.org. 2011030040 1800 900 604800 3600

;; Query time: 218 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Sat Dec 07 17:16:23 IST 2013
;; MSG SIZE  rcvd: 123

Method 5:

# nslookup unixmen.local

Sample output:

Server:		192.168.1.101
Address:	192.168.1.101#53

Name:	unixmen.local
Address: 192.168.1.101
Name:	unixmen.local
Address: 192.168.1.100
Name:	unixmen.local
Address: 192.168.1.102

Method 6:

# host unixmen.local

Sample output:

unixmen.local has address 192.168.1.102
unixmen.local has address 192.168.1.101
unixmen.local has address 192.168.1.100
unixmen.local has IPv6 address ::1

Method 7:

# host master.unixmen.local

Sample Output:

master.unixmen.local has address 192.168.1.101

That’s it. Primary DNS server is ready and working.

2. Setup Secondary DNS Server

Install bind9 package with following command:

# zypper in bind

Configure DNS Server

Before proceeding to configure Secondary DNS server, first you should allow the zone transfer from your Primary DNS server.

To do so, go to Primary DNS server, edit the DNS main configuration file /etc/named.conf,

# nano /etc/named.conf

Add the lines allow-transfer { 192.168.1.102; }; and also-notify { 192.168.1.102; }; in the zone section.

[...]
zone    "unixmen.local" {
        type master;
        file    "for.unixmen.local";
        allow-transfer  { 192.168.1.102; };
        also-notify { 192.168.1.102; };
};

zone    "1.168.192.in-addr.arpa"        {
        type master;
        notify no;
        file    "rev.unixmen.local";
        allow-transfer  { 192.168.1.102; };
        also-notify { 192.168.1.102; };
};

Here 192.168.1.102 is Secondary DNS server IP address. allow-transfer { 192.168.1.102; }; line will transfer the zone files automatically from master dns to secondary dns server. also-notify { 192.168.1.102; }; line will notify the secondary dns server if any changes in primary dns server zone files.

Save and close the file. Restart bind9 service.

# /etc/init.d/named restart

Now go to Secondary DNS server, edit file /etc/named.conf,

# nano /etc/named.conf

Add the lines as shown below.

[...]
## Uncomment and add the local area network IP series
allow-query { 127.0.0.1; 192.168.1.0/24;};

zone    "unixmen.local" {
        type slave;
        file    "slave/for.unixmen.local";
        masters  { 192.168.1.101; };
};

zone    "1.168.192.in-addr.arpa"        {
        type slave;
        file    "slave/rev.unixmen.local";
        masters  { 192.168.1.101; };
};

Here 192.168.1.101 is my Primary DNS server IP address. Save and close the file.

Start bind9 service with following command.

# /etc/init.d/named start
# chkconfig named on

First make sure that BIND9 is running on default port 53.

# netstat -tulpn | grep :53

Sample output:

tcp        0      0 192.168.1.102:53        0.0.0.0:*               LISTEN      2201/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2201/named          
tcp        0      0 :::53                   :::*                    LISTEN      2201/named          
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           389/avahi-daemon: r 
udp        0      0 192.168.1.102:53        0.0.0.0:*                           2201/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2201/named          
udp        0      0 :::5353                 :::*                                389/avahi-daemon: r 
udp        0      0 :::53                   :::*                                2201/named

Adjust openSUSE firewall

open YaST control center. Go to Network Services -> Firewall -> Allowed Services. Select bind DNS server from Service to Allow drop down box. Click Next and Ok to apply the settings.

openSUSE 13.1 [Running] - Oracle VM VirtualBox_001

Check Zone files

Now the zone files from master server will be replicated to secondary server automatically. The zones files will be created in /var/lib/named folder of secondary server.

# ls /var/lib/named/slave/

Sample output:

for.unixmen.local  rev.unixmen.local

Check Forward zone file:

# cat /var/lib/named/slave/for.unixmen.local

Sample output:

$ORIGIN .
$TTL 604800    ; 1 week
unixmen.local        IN SOA    master.unixmen.local. root.unixmen.local. (
2          ; serial
604800     ; refresh (1 week)
86400      ; retry (1 day)
2419200    ; expire (4 weeks)
604800     ; minimum (1 week)
)
NS    slave.unixmen.local.
NS    master.unixmen.local.
A    192.168.1.100
A    192.168.1.101
A    192.168.1.102
AAAA    ::1
$ORIGIN unixmen.local.
client            A    192.168.1.100
master            A    192.168.1.101
slave            A    192.168.1.102

Check Reverse Zone file:

# cat /var/lib/named/slave/rev.unixmen.local

Sample output:

$ORIGIN .
$TTL 604800    ; 1 week
1.168.192.in-addr.arpa    IN SOA    master.unixmen.local. root.unixmen.local. (
3          ; serial
604800     ; refresh (1 week)
86400      ; retry (1 day)
2419200    ; expire (4 weeks)
604800     ; minimum (1 week)
)
NS    slave.
NS    master.
$ORIGIN 1.168.192.in-addr.arpa.
100            PTR    client.unixmen.local.
101            PTR    master.unixmen.local.
102            PTR    slave.unixmen.local.

Test Secondary DNS Server

Edit file /etc/resolv.conf,

# nano /etc/resolv.conf

And add your Master DNS server details,

search unixmen.local
nameserver 192.168.1.101
nameserver 192.168.1.102

Reboot the system or restart the networking service.

# /etc/init.d/network restart

Now let us check Master DNS server is working or not using the following commands:

Method 1:

# dig slave.unixmen.local

Sample output:

; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> slave.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37775
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;slave.unixmen.local.        IN    A

;; ANSWER SECTION:
slave.unixmen.local.    604800    IN    A    192.168.1.102

;; AUTHORITY SECTION:
unixmen.local.        604800    IN    NS    master.unixmen.local.
unixmen.local.        604800    IN    NS    slave.unixmen.local.

;; ADDITIONAL SECTION:
master.unixmen.local.    604800    IN    A    192.168.1.101

;; Query time: 31 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Sat Dec 07 23:53:36 IST 2013
;; MSG SIZE  rcvd: 115

Method 2:

# dig -x slave.unixmen.local

Sample output:

; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> -x slave.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59558
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;local.unixmen.slave.in-addr.arpa. IN    PTR

;; AUTHORITY SECTION:
in-addr.arpa.        3600    IN    SOA    b.in-addr-servers.arpa. nstld.iana.org. 2011030042 1800 900 604800 3600

;; Query time: 757 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Sat Dec 07 23:54:32 IST 2013
;; MSG SIZE  rcvd: 129

Method 3:

# dig unixmen.local

Sample Output:

; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2144
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;unixmen.local.            IN    A

;; ANSWER SECTION:
unixmen.local.        604800    IN    A    192.168.1.101
unixmen.local.        604800    IN    A    192.168.1.102
unixmen.local.        604800    IN    A    192.168.1.100

;; AUTHORITY SECTION:
unixmen.local.        604800    IN    NS    master.unixmen.local.
unixmen.local.        604800    IN    NS    slave.unixmen.local.

;; ADDITIONAL SECTION:
slave.unixmen.local.    604800    IN    A    192.168.1.102
master.unixmen.local.    604800    IN    A    192.168.1.101

;; Query time: 36 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Sat Dec 07 23:55:03 IST 2013
;; MSG SIZE  rcvd: 163

Method 4:

# dig -x unixmen.local

Sample output:

; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> -x unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23721
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;local.unixmen.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
in-addr.arpa.        3600    IN    SOA    b.in-addr-servers.arpa. nstld.iana.org. 2011030042 1800 900 604800 3600

;; Query time: 415 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Sat Dec 07 23:55:31 IST 2013
;; MSG SIZE  rcvd: 123

Method 5:

# nslookup unixmen.local

Sample output:

Server:        192.168.1.101
Address:    192.168.1.101#53

Name:    unixmen.local
Address: 192.168.1.101
Name:    unixmen.local
Address: 192.168.1.100
Name:    unixmen.local
Address: 192.168.1.102

Method 6:

# host unixmen.local

Sample output:

unixmen.local has address 192.168.1.100
unixmen.local has address 192.168.1.101
unixmen.local has address 192.168.1.102
unixmen.local has IPv6 address ::1

Method 7:

# host slave.unixmen.local

Sample output:

slave.unixmen.local has address 192.168.1.102

Method 8:

# host master.unixmen.local

Sample output:

master.unixmen.local has address 192.168.1.101

That’s it. Secondary DNS server is ready and up now.

Client Side Configuration

In your client system, edit file /etc/resolv.conf,

$ sudo nano /etc/resolv.conf

Comment out all existing DNS servers and add the your Primary and Secondary DNS servers IP addresses.

search unixmen.local
nameserver 192.168.1.101
nameserver 192.168.1.102

Test DNS Server

Run the following command to test Primary DNS server.

$ sudo dig master.unixmen.local

Sample output:

; <<>> DiG 9.9.2-P1 <<>> master.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47844
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;master.unixmen.local.        IN    A

;; ANSWER SECTION:
master.unixmen.local.    604800    IN    A    192.168.1.101

;; AUTHORITY SECTION:
unixmen.local.        604800    IN    NS    master.unixmen.local.
unixmen.local.        604800    IN    NS    slave.unixmen.local.

;; ADDITIONAL SECTION:
slave.unixmen.local.    604800    IN    A    192.168.1.102

;; Query time: 5 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Sat Dec  7 17:50:52 2013
;; MSG SIZE  rcvd: 115

Check Secondary server using command:

$ sudo dig slave.unixmen.local

Sample output:

; <<>> DiG 9.9.2-P1 <<>> slave.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16506
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;slave.unixmen.local.        IN    A

;; ANSWER SECTION:
slave.unixmen.local.    604800    IN    A    192.168.1.102

;; AUTHORITY SECTION:
unixmen.local.        604800    IN    NS    slave.unixmen.local.
unixmen.local.        604800    IN    NS    master.unixmen.local.

;; ADDITIONAL SECTION:
master.unixmen.local.    604800    IN    A    192.168.1.101

;; Query time: 3 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Sat Nov  7 17:55:25 2013
;; MSG SIZE  rcvd: 115

That’s it. Now you’ve successfully installed Primary and Secondary DNS servers.

Cheers!