Tricks and Tips about Systems/Network

October 27, 2010

How do I setup nameserver using Centos

Filed under: admins,CentOS,DNS — Liju Mathew @ 6:31 pm

Here are the stpes to configure local nameservers which would help you to resolve DNS for local resource installed on the LAN and Faster nslookup queery which will help to resolve the name very fast for intranet users.

1. Install packages :
#yum install bind bind-chroot bind-libs bind-utils caching-nameserver

2. Configure RNDC :
#cd /var/named/chroot/etc
#rndc-confgen > rndc.key
# chown root:named rndc.key

3. Edit rndc.key so it looks like this, You may need to comment some lines on it.

[root@rc-025 ~]# cat /var/named/chroot/etc/rndc.key | sed '/ *#/d; /^ *$/d'
key "rndckey" {
algorithm hmac-md5;
secret "f5wyuMBPnEZBbO/333L4ig==";

4. Configure /var/named/chroot/etc/named.conf

// we include the rndckey (copy-paste from rndc.key created earlier)
key "rndckey" {
algorithm hmac-md5;
secret "f5wyuMBPnEZBbO/333L4ig==";

// we assume our server has the IP serving the subnet
controls {
inet allow {; } keys { "rndckey"; };
inet allow {; } keys { "rndckey"; };

options {
directory "/var/named";
pid-file "/var/run/named/";

recursion yes;

allow-recursion {;;

// these are the opendns servers (optional)
forwarders {;;

listen-on {;;;

* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
query-source address * port 53;

// so people can't try to guess what version you're running
version "REFUSED";

allow-query {;;

server {
keys { rndckey; };

zone "." IN {
type hint;
file "";

// forward zone
zone "rain-concert.intra" IN {
type master;
file "data/";
allow-update { none; };
# // we assume we have a slave dns server with the IP
# allow-transfer {; };

#// reverse zone
zone "" IN {
type master;
file "data/";
allow-update { none; };
# // we assume we have a slave dns server with the IP
#allow-transfer {; };


1. I added rndckey which is created before in the config. file.
key “rndckey” {
algorithm hmac-md5;
secret “f5wyuMBPnEZBbO/333L4ig==”;
2. Dns server ip is and network is
3. DNS forwarder name servers ip address are, ( using diff. ISP’s)
4. listen-on : My name server is listing on 2 Nic cards ( failover) 192.168.01 and
5. forward zone : My forwarder zone name is “mydomain.local
6: reverse zone : My reverse zone name is ”

Now you need to create your first Forward DNS Zone,

#vi /var/named/chroot/var/named/data/
$ttl 38400
mydomain.local. IN SOA ns.mydomain.local. admin.mydomain.local. (
2007020400 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
mydomain.local. IN NS ns.mydomain.local.
mydomain.local. IN MX 1 mx.mydomain.local.
mydomain.local. IN MX 5 mx2.mydomain.local.
http://www.mydomain.local. IN A
ns.mydomain.local. IN A
ns1.mydomain.local. IN A
ns2.mydomain.local. IN A
mx.mydomain.local. IN A
mx2.mydomain.local. IN A
mail.mydomain.local. IN CNAME mx.mydomain.local.
intranet.mydomain.local. IN A
Admin-PC.mydomain.local. IN A
secured_share.mydomain.local. IN A
news.mydomain.local. IN A
dev_sites.mydomain.local. IN A

Now you need to create your first Reverse DNS Zone,
# vi /var/named/chroot/var/named/data/

$TTL 24h IN SOA mydomain.local. root.mydomain.local (
2007062800 ; serial number
3h ; refresh time
30m ; retry time
7d ; expire time
3h ; negative caching ttl
; Nameservers IN NS ns.mydomain.local.
; Hosts IN PTR rc-026.mydomain.local. IN PTR rc-025.mydomain.local. IN PTR rc-014.mydomain.local. IN PTR rc-001.mydomain.local. IN PTR mx.mydomain.local. IN PTR mx2.mydomain.local.

5. Start the service and make sure it’ll start at boot
#service named start
#chkconfig named on

6. Now you need to configure your resolv.conf file
[root@rc-025 ~]# cat /etc/resolv.conf
search mydomain.local
nameserver // using local DNS
nameserver // ISP name server

7. Make sure it’s running,
[root@rc-025 ~]# rndc status
number of zones: 2
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

8. Verifying DNS is working and local names are resolved.
Execute the command after login theDNS server
[root@rc-025 ~]# nslookup rc-001
Name: rc-001.mydomain.local

9. Verifying the external domain nslookup query is resolved,
[root@rc-025 ~]# nslookup
Non-authoritative answer:

10. Verifying Reverse DNS working : we can test it by using this nameserver’s ip Eg. host Which should returns a valid message like this,

[root@rc-025 ~]# host domain name pointer rc-001.mydomain.local

Verifying my mail server has RDNS set
[root@rc-025 ~]# host domain name pointer rc-026.mydomain.local.
[root@rc-025 ~]#

Now All are set and ready to go !!

Pls note that Window Desktops will not accept any name server ip which has not RDNS set. This will lead to slowness of internet access.



Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

%d bloggers like this: