Setup or Migrate Bind Name Server Role on CentOS 6.8

Scenario:

You have a External Name Server configured on older and physical Linux box which you would like to migrate to CentOS host in a virtualized environment. The older Linux box running on Ubuntu 6.06 + BIND 9.3.2-P2.1.  You want to migrate it to a virtual machine running CentOS 6.8 + BIND 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6.

OS and Postfix Version details of existing server:

root@NSHost1:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 6.06.2 LTS
Release:        6.06
Codename:       dapper
root@NSHost1:~#

root@NSHost1:~# named -v
BIND 9.3.2-P2.1
root@NSHost1:~#

OS and Postfix Version details of new server:
[root@DNSVM01 ~]# cat /etc/centos-release
CentOS release 6.8 (Final)
[root@DNSVM01 ~]#

[root@DNSVM01 ~]# named -v
BIND 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6
[root@DNSVM01 ~]# rpm -q bind
bind-9.8.2-0.47.rc1.el6.x86_64
[root@DNSVM01 ~]#

Solution Implementation:

This essentially involves setting up Bind service afresh on the new VM host and then applying the setting from existing Bind Name Server. Followed by updating few other involved configuration files.  Below are the steps to follow to implementation:

  • You may want to have your CentOS and its packages updated to the latest version.  To have your CentOS and packages updated run below command:
  • [root@DNSVM01 ~]# yum update –y

    [root@DNSVM01 ~]#
  • Install the Bind Server Role along with its utilities
    • [root@DNSVM01 ~]# yum install bind bind-utils -y
      Loaded plugins: fastestmirror
      Setting up Install Process
      Determining fastest mirrors
      * base: mirror.umd.edu
      * extras: mirror.fusioncloud.co
      * updates: mirror.umd.edu
      Resolving Dependencies
      –> Running transaction check
      —> Package bind.x86_64 32:9.8.2-0.47.rc1.el6 will be installed
      –> Processing Dependency: bind-libs = 32:9.8.2-0.47.rc1.el6 for package: 32:bind-9.8.2-0.47.rc1.el6.x86_64
      –> Processing Dependency: portreserve for package: 32:bind-9.8.2-0.47.rc1.el6.x86_64
      –> Processing Dependency: liblwres.so.80()(64bit) for package: 32:bind-9.8.2-0.47.rc1.el6.x86_64
      –> Processing Dependency: libisccfg.so.82()(64bit) for package: 32:bind-9.8.2-0.47.rc1.el6.x86_64
      –> Processing Dependency: libisccc.so.80()(64bit) for package: 32:bind-9.8.2-0.47.rc1.el6.x86_64
      –> Processing Dependency: libisc.so.83()(64bit) for package: 32:bind-9.8.2-0.47.rc1.el6.x86_64
      –> Processing Dependency: libdns.so.81()(64bit) for package: 32:bind-9.8.2-0.47.rc1.el6.x86_64
      –> Processing Dependency: libbind9.so.80()(64bit) for package: 32:bind-9.8.2-0.47.rc1.el6.x86_64
      —> Package bind-utils.x86_64 32:9.8.2-0.47.rc1.el6 will be installed
      –> Running transaction check
      —> Package bind-libs.x86_64 32:9.8.2-0.47.rc1.el6 will be installed
      —> Package portreserve.x86_64 0:0.0.4-11.el6 will be installed
      –> Finished Dependency Resolution
    • Dependencies Resolved

      ========================================================================================================================================================================
      Package                                 Arch                               Version                                              Repository                        Size
      ========================================================================================================================================================================
      Installing:
      bind                                    x86_64                             32:9.8.2-0.47.rc1.el6                                base                             4.0 M
      bind-utils                              x86_64                             32:9.8.2-0.47.rc1.el6                                base                             187 k
      Installing for dependencies:
      bind-libs                               x86_64                             32:9.8.2-0.47.rc1.el6                                base                             889 k
      portreserve                             x86_64                             0.0.4-11.el6                                         base                              23 k

      Transaction Summary
      ========================================================================================================================================================================
      Install       4 Package(s)

      Total download size: 5.1 M
      Installed size: 10 M
      Downloading Packages:
      (1/4): bind-9.8.2-0.47.rc1.el6.x86_64.rpm                                                                                                        | 4.0 MB     00:01
      (2/4): bind-libs-9.8.2-0.47.rc1.el6.x86_64.rpm                                                                                                   | 889 kB     00:00
      (3/4): bind-utils-9.8.2-0.47.rc1.el6.x86_64.rpm                                                                                                  | 187 kB     00:00
      (4/4): portreserve-0.0.4-11.el6.x86_64.rpm                                                                                                       |  23 kB     00:00
      ————————————————————————————————————————————————————————
      Total                                                                                                                                   3.7 MB/s | 5.1 MB     00:01
      Running rpm_check_debug
      Running Transaction Test
      Transaction Test Succeeded
      Running Transaction
        Installing : 32:bind-libs-9.8.2-0.47.rc1.el6.x86_64                                                                                                               1/4
        Installing : portreserve-0.0.4-11.el6.x86_64                                                                                                                      2/4
        Installing : 32:bind-9.8.2-0.47.rc1.el6.x86_64                                                                                                                    3/4
        Installing : 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64                                                                                                              4/4
        Verifying  : 32:bind-libs-9.8.2-0.47.rc1.el6.x86_64                                                                                                               1/4
        Verifying  : portreserve-0.0.4-11.el6.x86_64                                                                                                                      2/4
        Verifying  : 32:bind-9.8.2-0.47.rc1.el6.x86_64                                                                                                                    3/4
        Verifying  : 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64                                                                                                              4/4

      Installed:
        bind.x86_64 32:9.8.2-0.47.rc1.el6                                               bind-utils.x86_64 32:9.8.2-0.47.rc1.el6

      Dependency Installed:
        bind-libs.x86_64 32:9.8.2-0.47.rc1.el6                                                portreserve.x86_64 0:0.0.4-11.el6

      Complete!
      [root@DNSVM01 ~]#

  • Upon install you notice that Bind named service fails to start with below error messages.
    • [root@DNSVM01 ~]# rndc status
      rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
      [root@DNSVM01 ~]# service named status
      rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
      named is stopped
      [root@DNSVM01 ~]#
  • To fix rndc related errors, you simply require to start the Named service. This will creates the required /etc/rndc.key file for you and then your Named service will start fine.
    • [root@DNSVM01 ~]# service named start
      Generating /etc/rndc.key:                                  [  OK  ]
      Starting named:                                            [  OK  ]
      [root@DNSVM01 ~]#
  • Verify the service status using either of the below commands:
    • [root@DNSVM01 ~]# service named status
      version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6
      CPUs found: 2
      worker threads: 2
      number of zones: 19
      debug level: 0
      xfers running: 0
      xfers deferred: 0
      soa queries in progress: 0
      query logging is OFF
      recursive clients: 0/0/1000
      tcp clients: 0/100
      server is up and running
      named (pid  14211) is running…
      [root@DNSVM01 ~]# rndc status
      version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6
      CPUs found: 2
      worker threads: 2
      number of zones: 19
      debug level: 0
      xfers running: 0
      xfers deferred: 0
      soa queries in progress: 0
      query logging is OFF
      recursive clients: 0/0/1000
      tcp clients: 0/100
      server is up and running
      [root@DNSVM01 ~]#
  • Perform Bind Named Service restarts and rndc reload.  Then verify that the service is coming up fine.
    • [root@DNSVM01 ~]# service named restart
      Stopping named: .                                          [  OK  ]
      Starting named:                                            [  OK  ]
      [root@DNSVM01 ~]# service named status
      version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6
      CPUs found: 2
      worker threads: 2
      number of zones: 19
      debug level: 0
      xfers running: 0
      xfers deferred: 0
      soa queries in progress: 0
      query logging is OFF
      recursive clients: 0/0/1000
      tcp clients: 0/100
      server is up and running
      named (pid  14404) is running…
      [root@DNSVM01 ~]# rndc reload
      server reload successful
      [root@DNSVM01 ~]# rndc status
      version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6
      CPUs found: 2
      worker threads: 2
      number of zones: 19
      debug level: 0
      xfers running: 0
      xfers deferred: 0
      soa queries in progress: 0
      query logging is OFF
      recursive clients: 0/0/1000
      tcp clients: 0/100
      server is up and running
      [root@DNSVM01 ~]#
  • Apply below major changes to the /etc/named.conf file
    • Change “listen-on port 53 { localhost; };” to listen-on port 53 { IP-address-value; };
    • Disable/comment: //    listen-on-v6 port 53 { ::1; };
    • Disable/comment: //    allow-query     { localhost; };
    • Setup: allow-transfer { your subnets list,  }
    • Setup: allow-notify { your subnets list,  }
    • Disable/comment: //    dnssec-enable yes;
    • Disable/comment: //    dnssec-validation yes;
    • Leave as is section: zone “.” IN
    • Then copy over all other Zones from your existing named.conf file
  • Copy over all the zone files from older server /var/named/slaves to new server /var/named/slaves path. If your named.conf is set to look in different path copy them to the path accordingly.
  • Copy over all the zone files from older server /var/named/dynamic to new server /var/named/dynamic path.
  • Copy over all the zone files from older server /var/named to new server /var/named path.  You may ignore other .old and .bak files but you need to copy over all files that are referred in named.conf file.
  • Copy over all the .soa files from older server /var/named to new server /var/named path. 
  • Setup make and MakeFile environment to auto increment the DNS Zone File serial numbers and restart the DNS services
    • Copy over the /var/named/bin folder which contains the update and update.c files, ensure you retrain the permissions to execute these files
    • Copy over the /var/named/.depend and /var/named/MakeFile files
    • Update the /var/named/MakeFile and /var/named/.depend file to contain all of the zone file entries and their associated .soa and the zone file.
    • Make sure MakeFile and .depend files exist in the path where zone files are located. If you named.conf is located in other location, then have it removed from the MakeFile file.
  • Test Name Lookup and as well as Zone file updates
    • Query the DNS lookup for a particular host against the new NS server as shown below:
    • [root@DNSVM01 named]# host devuat.mylab.com 172.18.24.106
      Using domain server:
      Name: 172.18.24.106
      Address: 172.18.24.106#53
      devuat.mylab.com has address 230.17.118.132
      [root@DNSVM01 named]#
  • Now change the ip address of devuat.mylab.com A record in mylab.com zone file.  Let’s say you changed to 230.17.118.211.
  • To bring your zone files changes into effect you need to run through below commands
    • [root@DNSVM01 named]# make
      mylab
      [root@DNSVM01 named]# rndc reload
      server reload successful
      [root@DNSVM01 named]#
  • Now verify that the IP address value for devuat.mylab.com changed to 230.17.118.211, as shown below:
    • [root@DNSVM01 named]# host devuat.mylab.com 172.18.24.106
      Using domain server:
      Name: 172.18.24.106
      Address: 172.18.24.106#53
      devuat.mylab.com has address 230.17.118.211
      [root@DNSVM01 named]#
  • You now have your NS server working fine.
  • That’s all you now have all of your zones from older NS server restored on new virtual NS server. Yay!
  •  

    References:

    Leave a Reply

    Your email address will not be published. Required fields are marked *