CentOS 6.4 Install & Configure Basic BIND DNS

If you followed my recent article on creating a CentOS 6.4 Email Gateway, you may encounter an issue with the with the Spam Report section with Spamassassin. The error is:

ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.

After researching the error it turns out that because we use a public DNS server to resolve DNS queries, our request gets blocked because of too many requests from the public DNS server to the Spamassassin service. The work around is to create your own in house DNS to circumvent the issue.

We'll install and configure BIND to resolve all DNS queries internally. Here is how it's done:

Firstly we'll install BIND. Open up Putty and connect to your server and do the following:

yum install bind bind-chroot

Now we'll set BIND to start automatically when the machine is rebooted:

chkconfig named on

We'll now edit the /etc/named.conf file. Below is the contents of my named.conf file. I have highlighted in RED the items you need to change to suit your network. 192.168.0.0/24 is our internal network so change it suit your needs:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
	listen-on port 53 { 127.0.0.1; 192.168.0.0/24; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; 192.168.0.0/24; };
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Save and close the /etc/named.conf file.

Now we'll start the named service.

service named start

You should get the message:

Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

This can take a while depending on your machine, so be patient.

Now we'll edit /etc/resolv.conf to use the DNS server we just created.

Find:

nameserver

Change to:

nameserver 192.168.0.150

Where the IP address is the IP of your server.

You are ready to go. Good luck!

 

No Comments Yet.

Leave a comment