Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Configuring Forward and Reverse DNS Zones Using BIND on Linux

Tech 1

Environment Preparation

Disable SELinux enforcement and stop the firewall service to prevent interference with DNS port 53. Install the BIND packages and assign static IP addresses to both the DNS server and client workstations.

# Disable security modules and firewall
setenforce 0
systemctl stop firewalld

# Install DNS server packages
yum install -y bind bind-utils

# Assign static IP to the server interface
nmcli connection modify eth0 \
  ipv4.method manual \
  ipv4.addresses 10.10.50.10/24 \
  ipv4.gateway 10.10.50.1 \
  ipv4.dns 8.8.8.8
nmcli connection up eth0

# Assign static IP to the client interface and point DNS to the server
nmcli connection modify eth0 \
  ipv4.method manual \
  ipv4.addresses 10.10.50.20/24 \
  ipv4.gateway 10.10.50.1 \
  ipv4.dns 10.10.50.10
nmcli connection up eth0

Forward Resolution Setup

Modify the primary BIND configuration to accept queries from any network interface and source.

vim /etc/named.conf

Adjust the options block:

options {
    listen-on port 53 { any; };
    allow-query     { any; };
    dnssec-validation auto;
};

Define the authoritative forward zone in the zone configuration registry.

vim /etc/named.rfc1912.zones

Insert the master zone declaration:

zone "corpnet.internal" {
    type master;
    file "corpnet.internal.zone";
    allow-update { none; };
};

Create the zone data file by copying the default localhost template to retain proper ownership, then populate it with DNS records.

cp -a /var/named/named.localhost /var/named/corpnet.internal.zone
vim /var/named/corpnet.internal.zone

Replace the default content with the appropriate SOA and host records:

$TTL 86400
@   IN  SOA ns1.corpnet.internal. admin.corpnet.internal. (
        2024010101 ; Serial
        3H         ; Refresh
        1H         ; Retry
        1W         ; Expire
        1D )       ; Minimum TTL

@           IN  NS      ns1.corpnet.internal.
ns1         IN  A       10.10.50.10
web         IN  A       10.10.50.10
storage     IN  A       10.10.50.10
portal      IN  CNAME   web.corpnet.internal.

Restart the BIND service and validate name-to-IP translation from the client machine.

systemctl restart named
nslookup web.corpnet.internal

Reverse Resolution Setup

Configure a reverse lookup zone to translate IP addresses back to hostnames. The zone name must follow the .in-addr.arpa format with network octets reversed.

vim /etc/named.rfc1912.zones

Add the reverse zone definition:

zone "50.10.10.in-addr.arpa" {
    type master;
    file "reverse.50.10.10.zone";
    allow-update { none; };
};

Generate the reverse mapping file from the loopback template and define PTR records.

cp -a /var/named/named.loopback /var/named/reverse.50.10.10.zone
vim /var/named/reverse.50.10.10.zone

Popualte the file with reverse mapping directives:

$TTL 86400
@   IN  SOA ns1.corpnet.internal. admin.corpnet.internal. (
        2024010102 ; Serial
        3H         ; Refresh
        1H         ; Retry
        1W         ; Expire
        1D )       ; Minimum TTL

@       IN  NS      ns1.corpnet.internal.
ns1     IN  A       10.10.50.10
10      IN  PTR     ns1.corpnet.internal.
10      IN  PTR     web.corpnet.internal.
10      IN  PTR     storage.corpnet.internal.

Reload the DNS daemon and verify the IP-to-hostname resolution.

systemctl restart named
nslookup 10.10.50.10
Tags: DNSBIND
Back to List

Prev: Understanding Condition Variables for Thread Synchronization in Linux

Next: Django ORM Querying Techniques and Optimization

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top