Global Open Versity, ICT Labs Using Webmin and Bind9 to Setup Enterprise DNS Server v1.9
Global Open Versity
IT Systems Integration Hands-on Labs Training Manual
Using Webmin and Bind9 to Setup Enterprise DNS Severs on Linux
Kefa Rabah
Global Open Versity, Vancouver Canada
krabah@globalopenversity.org
www.globalopenversity.org
Table of Contents Page No.
USING WEBMIN AND BIND9 TO SETUP ENTERPRISE DNS SERVERS ON LINUX 3
Introduction 3
Part 1: Installing and Configuring Webmin 4
Part 2: Installing & Configuring Bind9 DNS server 7
Step 1: Creating the Master Domain 8
Step 2: Edit Master Zone 9
Step 3: Add Name Server records (NS) 9
Step 4: Add Name Alias Record (CNAME) 10
Step 5: Mail Exchange Record (MX record) 10
Step 6: Adding the Reverse Zone 11
Step 7: Create Pointer/Reverse Address Record 11
Step 8: Add Name Server (NS) 12
Step 9: Add Name Alias Record (CN) 12
Step 10: Querying the DNS Server 15
Part 3: Deploying your DNS Server on your Network 17
Step 1: Deploying client to query DNS server 17
Step 2: Final Testing 19
Part 4: ISP Providers 19
Contact the Domain Registrar 19
Part 5: Virtual Hosting 19
Step 1: Adding Configuring a Virtual Domain to the DNS Server 19
Step 1: Creating the Master Virtual Domain 19
Step 2: Edit Master Zone 20
Step 3: Add Name Server records (NS) 21
Step 4: Add Name Alias Record (CNAME) 21
Step 5: Mail Exchange Record (MX record) 22
Step 6: Adding the Reverse Zone for our Virtual Zone 22
Step 7: Create Pointer/Reverse Address Record 23
Step 8: Add Name Server (NS) 23
Step 9: Add Name Alias Record (CN) 23
Part 6: Adding a Virtual IP and Virtual Domain (Virtual Host) 25
Step 1: Binding a additional Virtual IP to your NIC 25
Step 2: Deploying Virtual Web Hosting in the Apache Server 28
1
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada
www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma
Global Open Versity, ICT Labs Using Webmin and Bind9 to Setup Enterprise DNS Server v1.9
Part 7: Creating a Slave or Stub Zones 31
Step 1: Add the server to DNS master zone 31
Step 2: Installing and Configuring Slave DNS Server on Linux CentOS5 32
Step 3 Creating a Forward Zone on the Slave DNS Server 33
Step 4: Creating a Reverse Zone on the Slave DNS Server 34
Step 5: Add Other DNS servers on the Slave DNS Server 36
Step 6: Configure Zone Transfers on the Slave DNS Server 36
Step 7: Test for DNS Redundancy Kick-in 39
Part 8: Improve your DNS Server Redundancy Capability 40
Hands-on Labs Home Assignment 41
Part 9: Need More Training on Linux/UNIX 41
Linux Administration Training 42
Part 10: Hands-on Labs Assignments 42
A GOV Open Knowledge Access Technical Academic Publications
Enhancing education & empowering people worldwide through eLearning in the 21st Century
2
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada
www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma
Global Open Versity, ICT Labs Using Webmin and Bind9 to Setup Enterprise DNS Server v1.9
Global Open Versity
IT Systems Integration Hands-on Labs Training Manual
Using Webmin and Bind9 to Setup Enterprise DNS Servers on Linux
By Kefa Rabah, krabah@globalopenversity.org Aug 10, 2010 GTS Institute
Introduction
The Domain Name System, or DNS, is one of the Internet's fundamental building blocks. It is the
global, hierarchical, and distributed host information database that's responsible for translating
names into addresses and vice versa, routing mail to its proper destination, and many other
services.
BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and provides
an openly redistributable reference implementation of the major components of the Domain
Name System, including: Domain Name System server; Domain Name System resolver library;
Tools for managing and verifying the proper operation of the DNS server. The BIND DNS Server
is used on the vast majority of name serving machines on the Internet, providing a robust and
stable architecture on top of which an organization's naming architecture can be built. One also
needs to setup a slave DNS server to handle redundancy in case the primary DNS server goes
down.
A slave DNS is simply a name server that copies zones files from a master. For network
infrastructure planning, designing and implementation and web deploying best practices, it’s
always recommended that additional DNS servers for redundancy purposes. This is very
important to maintaining a 24/7 and 999.9 uptime availability of your web servers to your
customers.
Once you have planned, designed, implemented and deployed a robust DNS server, and its up
and running – you can go ahead and push the boundaries of your network infrastructure to
enterprise level e.g., building large data center or large multinational corporation. For those
who’re interested in moving into ISP biz, or those with large enterprise network infrastructure –
you can also use the DNS server to do virtual hosting and become an Internet Service Provider
(ISP), or those with an eye to start running a data center.
In this guide, we present a step-by-step installation and configuration of DNS server (Bind9)
using Webmin on Linux CentOS5. We’ll also show you how to add a virtual domain (virtual
hosting) to extend your network infrastructure capability. Also to be shown is how to install & set
up a slave DNS to handle your DNS redundancy. You’ll also learn how to test if your DNS
redundancy can survive a catastrophic failure of one the DNS server, and still be in business. All
the lab-work on this install guide was done using Linux CentOS5 on VMware.
Solution:
In this Hands-on Lab session, you’ll learn how to setup two virtual machines using VMware
(you may also use any other virtual machines like MS VirtualPC, Linux Xen, or Sun
VirtualBox) or a physical server if you have one in place. Next, you will learn how to install
and configure Webmin, which we’ll use to configure the DNS Master Server, Virtual Hosting
site and Slave DNS Server for redundancy. The first Virtual machine will be used to host
DNS Master Server on Linux CentOS5. You’ll also learn how to install & configure a second
virtual machine with Linux CentOS5 for hosting the Slave DNS Server. Finally you’ll have an
opportunity to do the Hands-on Labs assignments to test what you have learned in this
lesson. Once you’re done with this labs session you should have gained an experience, skills
and capability to enable you to plan design implement and deploy a complete enterprise
3
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada
www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma
Global Open Versity, ICT Labs Using Webmin and Bind9 to Setup Enterprise DNS Server v1.9
DNS infrastructure, which will allow you to install enterprise business solutions that require
DNS in place like Messaging server (e.g., Sendmail), LDAP, and Identity Management and
SSO.
Assumptions:
It’s assumed that you have a good understanding of Linux operating system and its working
environment. It’s also assumed that you know how to install and configure Linux CentOS5, if
not go ahead and pop over to scribd.com and check out a good HowTo entitled “Install
Configure and Upgrade Linux CentOS5 Server v1.1” to get you started.
Part 1: Installing and Configuring Webmin
1. Administering Linux and Unix-based servers does not need to be the scourge of your work
day. With a handy tool called Webmin as part of your arsenal, you can regain full control of
your servers’ setup and configuration via the Web browser.
2. To Install Webmin and get started, drop by www.webmin.com and download the latest
release. You can use RPMs for RHE/CentOS and related systems that support binary
installations or you can build Webmin from source. Webmin supports a large number of UNIX
variants, including Mac OS X. To install the rpm, simply open a terminal session, and type in:
# rpm –ivh webmin*
• As root user in the directory in which Webmin was downloaded
3. Webmin is the most powerful administration tool in its nature. We will use it to set up our
DNS, but I will not go over it in detail because we already know how to use other
administrative tools. It is not difficult to use because it is web based, in any event, you should
know that you can use it remotely to administrate the system. In this HowTo we’re going to
use Webmin to setup DNS Server and mail, www and ftp servers on Linux CentOS5.
4. While here also note our hostname and IP address:
cos52.linuxauth.com 192.168.83.15
Other servers are:
mail.linuxauth.com
www.linuxauth.com
ftp.linuxauth.com
5. I assumed that you know how to install CentOS5 using static IP address, very important for
DNS server. Once you’re done with the installation then verify that your hosts file is set
correctly.
6. Check out /etc/hosts to ensure that you have a correct setup, in our case, it’s as follows:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 cos52.linuxauth.com cos52 localhost.localdomain localhost
192.168.83.15 cos52.linuxauth.com cos52 www ftp mail
::1 localhost6.localdomain6 localhost6
Note: for testing over the Internet, use public IP Address.
7. Make sure that all the required services are running including Webmin.
4
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada
www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma
Global Open Versity, ICT Labs Using Webmin and Bind9 to Setup Enterprise DNS Server v1.9
• Ok here we go…
8. Open the web browser and type:
http://localhost:100000 or http://127.0.0.1:10000 or http://yourdomain:10000
in our case: http://cos52.linuxauth.com:10000
Fig. 1: Adding Webmin as trusted service
9. When you open the web browser and execute the 10000 port you will see an error, describing
that the web server is running in SSL mode and gives you a link to try instead. Click on the
link, you may see another error describing that the server certificate failed; click on Continue.
Another warning pops up.
Fig 2: Accepting the certificate
• Click on "Or you can add an exception" link.
10. Next enter the user name and password to authenticate.
5
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada
www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma
Global Open Versity, ICT Labs Using Webmin and Bind9 to Setup Enterprise DNS Server v1.9
Fig. 3: Login to Webmin
• Note: For security best practices, never use "Remember login" password.
• Also note that this is run by root, but you can still give permission to other users with
limited privilege to run it.
• I suggest never give this power to any other user except to you, the administrator.
• Click on Login to enter Webmin and get started.
Fig 4: Webmin interface.
6
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada
www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma
Global Open Versity, ICT Labs Using Webmin and Bind9 to Setup Enterprise DNS Server v1.9
Part 2: Installing & Configuring Bind9 DNS server
1. Figure 4 above shows Webmin's home page a generic most wanted administrative tool. But of
course with all the tools, you probably won't rely on Webmin for all admin purposes.
Although, Webmin is useful for automating tasks, for teaching purpose, it’s always preferable
to do things manually via command line so that apprentices can have a better understanding
of what actually happens in the background.
• Feel free to explore and actually try to use the available modules in Webmin. Once you
learn to use it, it will become your favorite remote administrative tool.
2. From Fig. 4 clicking on Servers brings you to Fig. 5, while there note all other servers that
are available in this panel, and which are installed on this machine.
3. In case Bin9 is not installed, then issue yum command to install BIND DNS Server (BIND9),
as follows:
#yum install bind* -y
4. Now, from Fig. 5; scroll down and from the left column click on link.
.
5. Again, from Fig. 5; click on Bind DNS Server to start with our DNS configuration. For this
article we used Bind9, however, do make a point to download the latest Bind server package
and ensure that you update your system before proceeding with setup. The network address
used here is for LAN, but you can easily replace it with a public IP address if you have a legal
domain name and have an IP address issued to you by your ISP or domain hosting company.
Fig 5: Starting Bind DNS configuration
6. From 5, choose the option best suited for your setup. In our case we opted for the second
option. Checking the second option and clicking Create Primary Configuration and Start
Nameserver brings you to the Bind DNS Server panel.
7
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada
www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma
Global Open Versity, ICT Labs Using Webmin and Bind9 to Setup Enterprise DNS Server v1.9
7. Note that Bind DNS Server panel is divided into three different sections:
• Global server options
• Existing DNS zones (which will be our working section, see Fig. 6)
• Client's view designed on the server
Fig 6: Our working section, Existing DNS Zone: Click Create master zone.
Step 1: Creating the Master Domain
Our Domain: linuxauth.com
Note the period (.) at the end of the domain name, it has to be there – it’s no