RHEL 8 Lab – Part 1 -Configure Bind (DNS Server) on RHEL 8 / AlmaLinux 8.3

This Article has not been finished yet.
Might contain errors and I might change it completely before finalizing it.

Developed in the 80’s by students at Berkeley University, BIND (Berkeley Internet Name Domain) is an open source DNS server that provides DNS services on Linux distributions.

DNS server is a service that helps to resolve a fully qualified domain name (FQDN) such as google.com into an IP address like 142.250.185.14 and additionally, perform a reverse translationtranslation of an IP address to a user-friendly domain name (FQDN).

Lab Setup:

You can use RHEL 8 through the Free Developer Subscription and register your virtual machine with subscription manager to get updates and access the repositories for installing software in this lab exercise or You can use AlmaLinux 8.3 which is a binary 1:1 RHEL 8 alternative for free no strings attached.

Server: AlmaLinux 8.3 – fqdn: masterdns.fruitgarden.local
Client: AlmaLinux 8.3 – fqdn: client01.fruitgarden.local
IP address Server: 172.18.1.2/24 (static ip) GW: 172.28.1.1
IP address Client: 172.18.1.55/24 ( static ip) GW: 172.28.1.1
Domain: fruitgarden.local

Simple diagram of the lab

Our Client01 VM will use MasterDNS VM as its primary DNS resolver for DNS queries like whats the IP of google.com or which FQDN belongs to the IP address 72.163.4.185

The MasterDNS VM will also be the authoritative domain name server for the domain: fruitgarden.local.

A great article explaining authoritative vs recursive dns servers can be found on this link from cisco blog.

Step 0 – Prepare the Virtual Machines

This step will slightly be different for everyone.

To Sum it up You have to pick a virtualization platform of your choice ( can use a cloud provider like AWS or Azure or Google Cloud Platform if You prefer) and prepare the two virtual machines to match the below configuration:

I used VMWare Workstation 16.1 Professional on Fedora 33 with a Host-only network ( vmnet15) configured as below to provide the basic networking functionality (way-in way-out from the chosen subnet 172.18.1.0/24 to the outside world and it also provides DHCP services although We will set our MasterDNS and Client01 vms to use static IP in this lab exercises.

The DHCP server provided by VMWare Workstation will help to have network connectivity out of the box while we update and configure our static ip addresses and install our packages the very first time.

vmnet15 folder will hold the two virtual machines ( trying to be organized here)
1 vcpu , 2 GB Ram, 20 GB HDD and 1 NIC -in the correct network and an install iso is all You need to start. I used AlmaLinux-8.3-x86_64-minimal.iso



The same can be achieved with Virtualbox or KVM or any other virtualization platform of your choice.

During the initial installation for both MasterDNS and Client01 I have only set the correct hostname for each and left networking on DHCP for the moment. We will change this later to our requirements.
Also created an additional user called gardener with admin privileges on both machines.
Used Manual Partitioning of the 20GB Hard Disk with LVM and xfs filesystem

Extra Troubleshooting Step for Me to make Networking working as a result that I have used Minimal ISO to install Almalinux 8.3 and It was a very Minimal installation indeed


( I guess its the same for RHEL 8 Minimal ISO installer as well )

Scenario:

I used the AlmaLinux-8.3-x86_64-minimal.iso to set up my two VMs MasterDNS.fruitgarden.local and Client01.fruitgarden.local

The out of the box installation landed me in the below situation:

+ I was able to ping my default gateway: 172.18.1.1 but nothing beyond that means no ping for 1.1.1.1 or google.com

After checking the basic config files and some troubleshooting I did I have realized I was missing the default route on the machine including the base package net-tools which provides the route command as well to add and modify routing table entries 🙂

Solution for this problem is perfectly outlined in the following article for RHEL 7.x which I had to modify only slightly for this to work for AlmaLinux 8.3

( # is the prompt designation for the root account)

1. Mount the Minimal ISO file of AlmaLinux I used for installing the system to a directory

# mkdir -p /mnt/disc
# mount /dev/sr0 /mnt/disc

2. Copy the media.repo file from the root of the mounted directory to /etc/yum.repos.d/ and set the permissions to 0644 or another similar permissions set:

# cp /mnt/disc/media.repo /etc/yum.repos.d/almalinux8.3minimal.repo
# chmod 644 /etc/yum.repos.d/almalinux8.3minimal.repo


3. Edit the new repo file as below

vi /etc/yum.repos.d/almalinux8.3minimal.repo
[InstallMedia]
enabled=1
baseurl=file:///mnt/disc/BaseOS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
name=AlmaLinux 8.3 Minimal ISO Local Repo
mediaid=None
metadata_expire=-1
gpgcheck=1
cost=500

4. Clear the cache and check whether you can get the packages list from the Local repo

The Local Repository InstallMedia is ready

5. Install net-tools from the configured Local Repository

net-tools installs without any issue from the Local Repository configured from the AlmaLinux 8.3 Minimal ISO

6. Add Default route with the route add default gw X.X.X.X command

# route add default gw 172.18.1.1

7. Confirm default route with the route command

Confirming the default gateway has been added through interface ens160

8. Confirming it all together

ip a > IP address is correct and the interface is UP (DHCP IP for now)
route > confirming default route exists
cat /etc/resolv.conf > confirming the nameserver (DNS Server) of Google’s added for name resolution
ping 1.1.1.1 > confirm network connectivity towards WAN *to external address on the internet*
ping google.com > confirms not just the network connectivity to the external world but also DNS name resolution ( through the set Google’s DNS 8.8.8.8 for no )

Result:

Ping beyond my Default Gateway 172.18.1.1 working for the Host
( MasterDNS and Client01 both fixed the same way for now)

+ Also DNS name resolution did not work Out of the box as the the AlmaLinux 8.3 Minimal ISO installer set my nameserver to 172.18.1.1 which is my default GW for the subnet I configured however that IP is not configured to provide DNS Services.

Further looking into this issue there were two solutions to the DNS resolution problem:

  • I could add as a temporary measure Google’s DNS resolver for example to my /etc/resolv.conf file until I get to the steps to setup DNS resolution on MasterDNS.fruitgarden.local to handle DNS name resolution for Client01.fruitgarden.local and also for itself (MasterDNS VM) —> I chose this option for now

Added Google’s DNS Resolver temporarily to /etc/resolv.conf – This change is not permanent it will be removed upon next reboot but that is perfectly fine for this lab until the DNS Resolution is handled by MasterDNS.fruitgarden.local

Result:

DNS Resolution working temporarily for the Host
( MasterDNS and Client01 both fixed the same way for now)

  • On Windows Hosts there is a possibility to change the DHCP Server parameters offered by VMWare Workstation Pro to Your Configured Subnet meaning You can add for Example Google’s resolver 8.8.8.8 to be handed out with the IP addresses instead of the Default GW: 172.18.1.1 in my case

    I found that while under Linux there is no GUI way to tune these parameters It looks like You can edit the dhcp.conf file respective to Your VMNET You have created found at the location:

    For any of the host-only networks: /etc/vmware/vmnetXX/dhcp/dhcp.conf

dhcp.conf file under Linux Host regarding my VMNET15 Network where You can see the default name server is set to the Default Gateway of the Subnet which does not provide DNS Resolution itself. I could change this here to 8.8.8.8 for example and It should distribute a working DNS Server address together with the Client IP addresses until MasterDNS.fruitgarden.local are configured to handle DNS Name resolutions for itself and its client/s Client01.fruitgarden.local

For the NAT network: /etc/vmware/vmnet8/dhcp/dhcp.conf

How to Set Up DNS Server (BIND) Under AlmaLinux 8.3 / RHEL

Step 1. Installation of the bind and bind-utils package. These packages constitutes dns server and its utilities responsible for querying name servers or DNS servers
running yum install bind bind-utils from root prompt
Step 2. Configure Bind DNS Server
Open the /etc/named.conf configuration file
Make sure the listen-on lines are uncommented as on this screenshot if You want the DNS server to listen for queries received on IPv4 and IPv6 interfaces

Also amend the allow-query line and include the network/s from which You allow queries to come from. In my case as both MasterDNS and Client01 will be in the 172.28.1.0/24 network I have added that after the localhost entry.
On the bottom of the file named.conf adjust it as on the next screenshot to configure Forward and Reverse Lookup Zone files
Forward and Reverse Lookup Zones configured for domain: fruitgarden.local and Network: 172.28.1.0/24
Step 3. Create a Forward DNS zone file for the domain

Create a forward DNS zone file for domain fruitgarden.local as shown below at /var/named/fruitgarden.local.db and add the following content

(( In Part II. We will add a Secondary (Slave) DNS Server with IP 172.18.1.3 as well to this setup which will replicate everything from the MasterDNS Server ))

$TTL 86400
@   IN  SOA     masterdns.fruitgarden.local. root.fruitgarden.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.fruitgarden.local.
@       IN  NS          secondarydns.fruitgarden.local.
masterdns       IN  A   172.18.1.2
secondarydns    IN  A   172.18.1.3
client01        IN  A   172.18.1.55
Step 4. Create a Reverse DNS zone file for the domain

Create a reverse DNS zone file for the domain fruitgarden.local as shown below at /var/named/fruitgarden.local.rev and add the following content

(( In Part II. We will add a Secondary (Slave) DNS Server with IP 172.18.1.3 as well to this setup which will replicate everything from the MasterDNS Server ))

$TTL 86400
@   IN  SOA     masterdns.fruitgarden.local. root.fruitgarden.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.fruitgarden.local.
@       IN  NS          secondarydns.fruitgarden.local.
@       IN  PTR         fruitgarden.local.
masterdns       IN  A   172.18.1.2
secondarydns    IN  A   172.18.1.3
client01        IN  A   172.18.1.55
2     IN  PTR         masterdns.fruitgarden.local.
3     IN  PTR         secondarydns.fruitgarden.local.
55    IN  PTR         client01.fruitgarden.local.

Step 5. Assign the necessary ownership to the forward and reverse DNS files created FIX SCREENSHOT AND FILENAMES
# chown named:named /var/named/forward.fruitgarden
# chown named:named /var/named/reverse.fruitgarden
Using chown named:named /var/named/forward.fruitgarden and chown named:named /var/reverse.fruitgarden to assign correct ownership and using ll to confirm the changes happened according to our plans

Step 6. Check named configuration file and the forward and reverse DNS zone files for syntax errors FIX SCREENSHOT AND FILENAMES
# named-checkconf
# named-checkzone fruitgarden.local /var/named/forward.fruitgarden
# named-checkzone fruitgarden.local /var/named/reverse.fruitgarden
Confirming there is no syntax errors in our configuration files of named.conf and the forward and reverse DNS zone files. In case of no errors the output should look similar to this one.
Step 7. Set Static IP address for MasterDNS.fruitgarden.local and Client01.fruitgarden.local

Confirm our Network Interface Card’s name and its actual configuration

# ip a
# cat /etc/sysconfig/network-scripts/ifcfg-%INTERFACENAME%
My Network Interface Card is ens160 and to see its actual configuration one way to do so is to look at the configuration file for the interface at /etc/sysconfig/network-scripts/ifcfg-ens160 in my example

It is set to DHCP right now therefore I need to change that and set a static IP address which I have previously preselected 172.18.1.2/24 with Gateway:172.18.1.1 and for DNS: 172.18.1.2

Change the content of Your Network Interface card configuration to match the below (highlighted the changes)

# vi /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME="ens160"
UUID=530995f8-f347-437e-a8a1-7df07f14eb01
DEVICE=ens160
ONBOOT=yes
IPADDR=172.18.1.2
PREFIX=24
GATEWAY=172.18.1.1
DNS1=172.18.1.2

To apply the new IP address and the changes made in the network configuration file for the interface the quickest way for me is:

Deactivate and Activate the Interface from nmtui from terminal

( interacting with the Virtual Machine via VMware Workstation Pro for this step therefore Deactivating/Activating the interface will not affect the connectivity. If you were to connect via ssh when you deactivate the network interface You will loose network connectivity)

( if you are connected over ssh then perhaps its easier just to issue reboot command and let the server be brought back up with the new IP address )

  • nmtui main menu after running nmtui from terminal
    Choose Activate a connection menu
  • If we had various network interfaces they’d all show up here ( except loopback)
    the * marks activated/active connection
    Choose Deactivate and Activate again on your corresponding network interface to apply the settings modified in the interface’s network configuration file
  • You can use the ip a command to confirm that the network interface indeed using the new statically assigned IP address
  • It is useful to confirm that the DNS server address configured in the network interface’s configuration file has been correctly modified/applied in /etc/resolv.conf

Repeat the steps above to change the settings for Client01.fruitgarden.local ::

IP: 172.18.1.55/24
Gateway: 172.18.1.1
DNS1: 172.18.1.2

Step 8. Enable and Start Bind DNS Service on MasterDNS.fruitgarden.local

Tests from client end

This Article has not been finished yet.
Might contain errors and I might change it completely before finalizing it.

Leave a comment

Your email address will not be published. Required fields are marked *