DNS Definition

The Domain Name System (DNS) turns domain

names into IP addresses, which browsers use to
load internet pages. Every device connected to the
internet has its own IP address, which is used by
other devices to locate the device. DNS servers
make it possible for people to input normal words
into their browsers, such as Fortinet.com, without
having to keep track of the IP address for every
website.
What is a DNS Server?

A DNS server is a computer with a database

containing the public IP addresses associated with
the names of the websites an IP address brings a
user to. DNS acts like a phonebook for the internet.
Whenever people type domain names, like
Fortinet.com or Yahoo.com, into the address bar of
web browsers, the DNS finds the right IP address.
The site’s IP address is what directs the device to
go to the correct place to access the site’s data.

Once the DNS server finds the correct IP address,

browsers take the address and use it to send data
to content delivery network (CDN) edge servers or
origin servers. Once this is done, the information
on the website can be accessed by the user. The
DNS server starts the process by finding the
corresponding IP address for a website’s uniform
resource locator (URL).
How Does DNS Work?

In a usual DNS query, the URL typed in by the user

has to go through four servers for the IP address to
be provided. The four servers work with each other
to get the correct IP address to the client, and they
include:

1. DNS recursor: The DNS recursor, which is also

referred to as a DNS resolver, receives the
query from the DNS client. Then it
communicates with other DNS servers to find
the right IP address. After the resolver
retrieves the request from the client, the
resolver acts like a client itself. As it does this,
it makes queries that get sent to the other
three DNS servers: root nameservers, top-level
domain (TLD) nameservers, and authoritative
nameservers.
2. Root nameservers: The root nameserver is
designated for the internet's DNS root zone. Its
job is to answer requests sent to it for records
in the root zone. It answers requests by
sending back a list of the authoritative
nameservers that go with the correct TLD.
3. TLD nameservers: A TLD nameserver keeps
the IP address of the second-level domain
contained within the TLD name. It then
releases the website’s IP address and sends
the query to the domain’s nameserver.
 4. Authoritative nameservers: An authoritative
nameserver is what gives you the real answer
to your DNS query. There are two types of
authoritative nameservers: a master server or
primary nameserver and a slave server or
secondary nameserver. The master server
keeps the original copies of the zone records,
while the slave server is an exact copy of the
master server. It shares the DNS server load
and acts as a backup if the master server fails.

1. Network Information
In this expose, we are going to setup a local DNS
server for the network shown in the below
diagram.

We’ll use “zidane.local” domain as an example for

this DNS installation. “mail”, “web”, “ns” are the
hosts that resides within this domain.

It is possible to configure a single system to act as

a caching name server, primary/master and
secondary/slave. We will configure this DNS as a
Primay/Master as well as Caching DNS server.

We’ll be installing DNS server on “172.16.0.15”.

2. Install Bind
Install the bind9 package using the appropriate
package management utilities for your Linux
distributions.

On Debian/Ubuntu flavors, do the following:

$ sudo apt-get install bind9

On Redhat/CentOS/Fedora flavors, do the following:

# yum install bind9

All the DNS configurations are stored under
/etc/bind directory. The primary configuration is
/etc/bind/named.conf which will include other
needed files. The file named /etc/bind/db.root
describes the root nameservers in the world.

3. Configure Cache NameServer

The job of a DNS caching server is to query other
DNS servers and cache the response. Next time
when the same query is given, it will provide the
response from the cache. The cache will be
updated periodically.

Please note that even though you can configure

bind to work as a Primary and as a Caching server,
it is not advised to do so for security reasons.
Having a separate caching server is advisable.

All we have to do to configure a Cache

NameServer is to add your ISP (Internet Service
Provider)’s DNS server or any OpenDNS server to
the file /etc/bind/named.conf.options. For Example,
we will use google’s public DNS servers, 8.8.8.8
and 8.8.4.4.

Uncomment and edit the following line as shown

below in /etc/bind/named.conf.options file.

forwarders {
 8.8.8.8;

8.8.4.4;

};

After the above change, restart the DNS server.

$ sudo service bind9 restart

4. Test the Cache NameServer

You can use the dig command to test DNS
services. DIG command examples explains more
about how to perform DNS lookups.

$ dig ubuntu.com

;; Query time: 1323 msec

Now when the second time you execute the dig,

there should be an improvement in the Query time.
As you see below, it took only 3 msec the second
time, as it is getting the info from our caching DNS
server.

$ dig ubuntu.com
;; Query time: 3 msec

5. Configure Primary/Master Nameserver

Next, we will configure bind9 to be the
Primary/Master for the domain/zone “Zidane.local”.

As a first step in configuring our Primary/Master

Nameserver, we should add Forward and Reverse
resolution to bind9.

To add a DNS Forward and Reverse resolution to

bind9, edit /etc/bind9/named.conf.local.

zone "Zidane.local" {

type master;

file "/etc/bind/db.zidane.local";

};

zone "0.16.172.in-addr.arpa" {

type master;

notify no;

file "/etc/bind/db.10";
};

Now the file /etc/bind/db.thegeekstuff.net will have

the details for resolving hostname to IP address for
this domain/zone, and the file /etc/bind/db.10 will
have the details for resolving IP address to
hostname.

6. Build the Forward Resolution for Primary/Master

NameServer
Now we will add the details which is necessary for
forward resolution into /etc/bind/db.zidane.local.

First, copy /etc/bind/db.local to

/etc/bind/db.zidane.local

$ sudo cp /etc/bind/db.local
/etc/bind/db.zidane.local

Next, edit the /etc/bind/db.thegeekstuff.net and

replace the following.

1. In the line which has SOA: localhost. – This

is the FQDN of the server in charge for this
domain. I’ve installed bind9 in 172.16.0.15,
whose hostname is “ns”. So replace the
“localhost.” with “ns.zidane.local.”. Make
sure it end’s with a dot(.).
 2. In the line which has SOA: root.localhost. –
This is the E-Mail address of the person who
is responsible for this server. Use dot(.)
instead of @. I’ve replaced with lak.localhost.
3. In the line which has NS: localhost. – This is
defining the Name server for the domain
(NS). We have to change this to the fully
qualified domain name of the name server.
Change it to “ns.thegeekstuff.net.”. Make
sure you have a “.” at the end.
Next, define the A record and MX record for the
domain. A record is the one which maps hostname
to IP address, and MX record will tell the
mailserver to use for this domain.

Once the changes are done, the

/etc/bind/db.zidane.local file will look like the
following:

$TTL 604800

@ IN SOA ns.zidane.local. lak.localhost. (

1024 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire
 604800 ) ; Negative Cache TTL

@ IN NS ns.zidane.local.

Zidane.local. IN MX 10
mail.zidane.local.

ns IN A 10.42.0.83

web IN A 10.42.0.80

mail IN A 10.42.0.70

6. Build the Reverse Resolution for Primary/Master

NameServer
We will add the details which are necessary for
reverse resolution to the file /etc/bind/db.10. Copy
the file /etc/bind/db.127 to /etc/bind/db.10

$ sudo cp /etc/bind/db.127 /etc/bind/db.10

Next, edit the /etc/bind/db.10 file, and basically

changing the same options as
/etc/bind/db.zidane.local

$TTL 604800
@ IN SOA ns.zidane.local. root.localhost. (

20 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire

604800 ) ; Negative Cache TTL

@ IN NS ns.

Next, for each A record in /etc/bind/db.zidane.local,

add a PTR record.

$TTL 604800

@ IN SOA ns.zidane.local. root.thegeekstuff.net. (

20 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire
 604800 ) ; Negative Cache TTL

@ IN NS ns.

83 IN PTR ns.zidane.local.

70 IN PTR mail.zidane.local.net.

80 IN PTR web.zidane.local.net.

Whenever you are modifying the file

db.zidane.local.net and db.10, you need to
increment the “Serial” number as well. Typically
admin uses DDMMYYSS for serial numbers and
when they modify, the change the serial number
appropriately.

Finally, restart the bind9 service:

$ sudo service bind9 restart

7. Test the DNS server

Now we have configured the DNS server for our
domain. We will test our DNS server by pinging
mail.thegeekstuff.net from web.thegeekstuff.net.
If the ping is success, then we have configured the
DNS successfully.

You can also use nslookup and dig to test DNS

servers.
On web.thegeekstuff.net server, add the following
to /etc/resolv.conf

nameserver 172.16.0.15

Now ping, mail.thegeekstuff.net, which should

resolve the address appropriately from the DNS
server that we just configured.

$ ping mail.zidane.local

PING mail.zidane.local (172.16.0.15) 56(84) bytes

of data.

64 bytes from mail.zidane.local (172.16.0.15):

icmp_req=1 ttl=64 time=0.482 ms

64 bytes from mail.zidane.local (172.16.0.15):

icmp_req=2 ttl=64 time=0.532 ms