Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Implementing DNS Forward and Reverse Lookup Zones with BIND on Linux

Tech May 8 3

1. Setting Up DNS Forward Resolution

This section outlines the process for configuring a BIND DNS server to perform forward lookups, translating domain names into IP addresses. The environment consists of a DNS server and a client machine.

Component IP Address Hostname Example
DNS Server 192.168.182.128 dns-primary.example.com
Client Machine 192.168.182.130 client-node.example.com
Domain N/A example.com

Initial System Preparation

Begin by disabling security features that might interfere with DNS operations on both the server and client systems.

# On both DNS server and client
root@host ~]# setenforce 0
root@host ~]# systemctl stop firewalld

DNS Server Software Installation

Install the BIND DNS server package on the designated DNS server.

# On the DNS server
root@dns-primary ~]# yum install bind -y

Network Configuration

Configure static IP addresses and DNS resolvers for both the server and client.

DNS Server Network Setup

Set a static IP address and a public DNS resolver (like 114.114.114.114) for the DNS server.

# On the DNS server (192.168.182.128)
root@dns-primary ~]# nmcli connection modify ens33 ipv4.method manual ipv4.addresses 192.168.182.128/24 ipv4.gateway 192.168.182.2 ipv4.dns 114.114.114.114
root@dns-primary ~]# nmcli connection reload
root@dns-primary ~]# nmcli connection up ens33

Client Network Setup

Configure the client machine with a static IP and point its DNS resolver to the newly configured DNS server (192.168.182.128).

# On the client machine (192.168.182.130)
root@client-node ~]# nmcli connection modify ens33 ipv4.method manual ipv4.addresses 192.168.182.130/24 ipv4.gateway 192.168.182.2 ipv4.dns 192.168.182.128
root@client-node ~]# nmcli connection reload
root@client-node ~]# nmcli connection up ens33

BIND Server Configuration

1. Modify the BIND Main Configuration File

Edit /etc/named.conf to allow the DNS server to listen on all interfaces and accept queries from any client. This is crucial for network accessibility.

# On the DNS server
root@dns-primary ~]# vim /etc/named.conf

// Locate the 'options' block and modify or add these lines:
options {
    listen-on port 53 { any; }; // Allow BIND to listen on all available network interfaces
    allow-query     { any; };   // Permit DNS queries from any client IP address
    // ... other options ...
};

2. Define the Forward Zone

Add a new zone definition to /etc/named.rfc1912.zones for your domain (e.g., example.com). This declares example.com as a master zone and specifies the data file that contains its records.

# On the DNS server
root@dns-primary ~]# vim /etc/named.rfc1912.zones

// Add the following block to define the forward lookup zone
zone "example.com" IN {
        type master;
        file "db.example.com"; // Specifies the zone data file (relative to /var/named)
        allow-update { none; }; // Disables dynamic DNS updates
};

3. Create the Zone Data File

Create the db.example.com zone data file in /var/named/ by copying an existing template (named.localhost) and then editing it. The -a option ensures permissions and ownership are preserved.

# On the DNS server
root@dns-primary ~]# cd /var/named
root@dns-primary named]# cp -a named.localhost db.example.com
root@dns-primary named]# vim db.example.com

// Modify the contents as shown below:
$TTL 1D
@       IN SOA  ns1.example.com. hostmaster.example.com. (
                                        2023102701 ; Serial (YYYYMMDDNN format is recommended)
                                        1H         ; Refresh after 1 hour
                                        15M        ; Retry after 15 minutes
                                        1W         ; Expire after 1 week
                                        1H )       ; Minimum TTL for negative responses

@       IN      NS      ns1.example.com.
ns1     IN      A       192.168.182.128
www     IN      A       192.168.182.128
blog    IN      A       192.168.182.128
api     IN      A       192.168.182.128
webmail IN      CNAME   www

Activate the DNS Configuration

Restart the named service to apply the new configuration.

# On the DNS server
root@dns-primary named]# systemctl restart named

Client-Side Validation (Forward Lookup)

From the client machine, use nslookup to verify that the DNS server can correctly resolve www.example.com.

# On the client machine
root@client-node ~]# nslookup www.example.com
Server:		192.168.182.128
Address:	192.168.182.128#53

Name:	www.example.com
Address: 192.168.182.128

2. Setting Up DNS Reverse Resolution

This section builds upon the previous setup to enable reverse lookups, translating IP addresses back into domain names. This is essential for services like logging, mail servers, and certain security protocols.

1. Define the Reverse Zone

Add a new zone definition for reverse lookups to /etc/named.rfc1912.zones. The zone name must be the network portion of the IP address in reverse order, followed by .in-addr.arpa.

# On the DNS server
root@dns-primary ~]# vim /etc/named.rfc1912.zones

// Add the following block for the reverse lookup zone for 192.168.182.0/24
zone "182.168.192.in-addr.arpa" IN {
        type master;
        file "db.192.168.182";   // Specifies the reverse zone data file
        allow-update { none; };
};

2. Create the Reverse Zone Data File

Create the db.192.168.182 file in /var/named/ by copying named.loopback and editing it. This file will contain Pointer (PTR) records.

# On the DNS server
root@dns-primary ~]# cd /var/named
root@dns-primary named]# cp -a named.loopback db.192.168.182
root@dns-primary named]# vim db.192.168.182

// Modify the contents as shown below, defining PTR records for your IPs:
$TTL 1D
@       IN SOA  ns1.example.com. hostmaster.example.com. (
                                        2023102702 ; Serial (Increment for changes)
                                        1H         ; Refresh
                                        15M        ; Retry
                                        1W         ; Expire
                                        1H )       ; Minimum TTL

@       IN      NS      ns1.example.com.
ns1     IN      A       192.168.182.128
128     IN      PTR     ns1.example.com.
128     IN      PTR     www.example.com.
130     IN      PTR     client-node.example.com.

3. Apply Reverse Lookup Configuraton

Restart the named service to load the new reveerse lookup zone.

# On the DNS server
root@dns-primary named]# systemctl restart named

Client-Side Validation (Reverse Lookup)

From the client machine, use nslookup with an IP address to confirm the reverse resolution.

# On the client machine
root@client-node ~]# nslookup 192.168.182.130
130.182.168.192.in-addr.arpa	name = client-node.example.com.

root@client-node ~]# nslookup 192.168.182.128
128.182.168.192.in-addr.arpa	name = ns1.example.com.
128.182.168.192.in-addr.arpa	name = www.example.com.
Tags: DNSBIND
Back to List

Prev: Deep Dive: Design Patterns Within Mybatis Source Code

Next: Bootstrapping a Spring Boot Project with MyBatis in IntelliJ IDEA

Related Articles

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

SBUS Signal Analysis and Communication Implementation Using STM32 with Fus Remote Controller

Overview In a recent project, I utilized the SBUS protocol with the Fus remote controller to control a vehicle's basic operations, including movement, lights, and mode switching. This article is aimed...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top