KVM DNS OEL 6.5

This post details how to build a simple DNS server to support a group of KVM guests on an internal non-routable IP address range in an internal network. In this case, in order to minimize the number of virtual machines, it is being installed in the SCST OEL 6.5 KVM guest. The reasoning is that the oracle651 KVM guest must start before the other KVM guests to provide storage, so this is a reasonable choice for providing DNS services as well.

[root@oracle651 scripts]# yum install bind* -y

Loaded plugins: refresh-packagekit, security

public_ol6_UEKR3_latest | 1.2 kB 00:00

public_ol6_latest | 1.4 kB 00:00

public_ol6_latest/primary | 41 MB 00:15

public_ol6_latest 25896/25896

Setting up Install Process

Package 32:bind-libs-9.8.2-0.23.rc1.el6_5.1.x86_64 already installed and latest version

Package 32:bind-utils-9.8.2-0.23.rc1.el6_5.1.x86_64 already installed and latest version

Resolving Dependencies

--> Running transaction check

---> Package bind.x86_64 32:9.8.2-0.23.rc1.el6_5.1 will be installed

---> Package bind-chroot.x86_64 32:9.8.2-0.23.rc1.el6_5.1 will be installed

---> Package bind-devel.x86_64 32:9.8.2-0.23.rc1.el6_5.1 will be installed

---> Package bind-dyndb-ldap.x86_64 0:2.3-5.el6 will be installed

---> Package bind-sdb.x86_64 32:9.8.2-0.23.rc1.el6_5.1 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================================================

Package Arch Version Repository Size

==========================================================================================================================================================================

Installing:

bind x86_64 32:9.8.2-0.23.rc1.el6_5.1 public_ol6_latest 4.0 M

bind-chroot x86_64 32:9.8.2-0.23.rc1.el6_5.1 public_ol6_latest 70 k

bind-devel x86_64 32:9.8.2-0.23.rc1.el6_5.1 public_ol6_latest 378 k

bind-dyndb-ldap x86_64 2.3-5.el6 public_ol6_latest 68 k

bind-sdb x86_64 32:9.8.2-0.23.rc1.el6_5.1 public_ol6_latest 306 k

Transaction Summary

==========================================================================================================================================================================

Install 5 Package(s)

Total download size: 4.8 M

Installed size: 9.4 M

Downloading Packages:

(1/5): bind-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm | 4.0 MB 00:01

(2/5): bind-chroot-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm | 70 kB 00:00

(3/5): bind-devel-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm | 378 kB 00:00

(4/5): bind-dyndb-ldap-2.3-5.el6.x86_64.rpm | 68 kB 00:00

(5/5): bind-sdb-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm | 306 kB 00:00

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Total 1.5 MB/s | 4.8 MB 00:03

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : 32:bind-9.8.2-0.23.rc1.el6_5.1.x86_64 1/5

Installing : bind-dyndb-ldap-2.3-5.el6.x86_64 2/5

Installing : 32:bind-chroot-9.8.2-0.23.rc1.el6_5.1.x86_64 3/5

Installing : 32:bind-sdb-9.8.2-0.23.rc1.el6_5.1.x86_64 4/5

Installing : 32:bind-devel-9.8.2-0.23.rc1.el6_5.1.x86_64 5/5

Verifying : 32:bind-devel-9.8.2-0.23.rc1.el6_5.1.x86_64 1/5

Verifying : bind-dyndb-ldap-2.3-5.el6.x86_64 2/5

Verifying : 32:bind-9.8.2-0.23.rc1.el6_5.1.x86_64 3/5

Verifying : 32:bind-sdb-9.8.2-0.23.rc1.el6_5.1.x86_64 4/5

Verifying : 32:bind-chroot-9.8.2-0.23.rc1.el6_5.1.x86_64 5/5

Installed:

bind.x86_64 32:9.8.2-0.23.rc1.el6_5.1 bind-chroot.x86_64 32:9.8.2-0.23.rc1.el6_5.1 bind-devel.x86_64 32:9.8.2-0.23.rc1.el6_5.1 bind-dyndb-ldap.x86_64 0:2.3-5.el6

bind-sdb.x86_64 32:9.8.2-0.23.rc1.el6_5.1

Complete!

[root@oracle651 scripts]#

Next edit the /var/named.conf file (substitute the relevant network information which will in general differ from the bolded entries) as shown below.

[root@oracle651 ~]# cat /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

listen-on port 53 { 127.0.0.1; 10.207.39.74; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; 10.207.39.0/24; };

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

zone "vmem.org" IN {

type master;

file "fwd.vmem.org";

allow-update { none; };

};

zone "39.207.10.in-addr.arpa" IN {

type master;

file "rev.vmem.org";

allow-update {none; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

[root@oracle651 ~]#

Create the zone files for forward lookups as shown below and change the information as necessary.

[root@oracle651 named]# cat fwd.vmem.org

$TTL 86400

@ IN SOA oracle651.vmem.org. postmaster.vmem.org. (

2011071001 ;Serial

3600 ;Refresh

1800 ;Retry

604800 ;Expire

86400 ;Minimum TTL

)

vmem.org. IN NS oracle651.vmem.org. ; Primary DNS Server

oracle651 IN A 10.207.39.74 ; SCST iSCSI Linux SAN

oracle631 IN A 10.207.39.72 ; Oracle Dataguard Primary (512e)

oracle632 IN A 10.207.39.76 ; Oracle Dataguard Standby (4K )

[root@oracle651 named]#

Create the zone file for reverse lookups as shown below and change the information as necessary

[root@oracle651 named]# cat rev.vmem.org

$TTL 86400

@ IN SOA oracle651.vmem.org. postmaster.vmem.org. (

2011071001 ;Serial

3600 ;Refresh

1800 ;Retry

604800 ;Expire

86400 ;Minimum TTL

)

oracle651 IN A 10.207.39.74

@ IN NS oracle651.vmem.org.

72 IN PTR oracle631.vmem.org.

74 IN PTR oracle651.vmem.org.

76 IN PTR oracle632.vmem.org.

[root@oracle651 named]#

Start the named service as shown below and set it to start on reboot.

[root@oracle651 named]# chkconfig --level 35 named on

[root@oracle651 named]# service named [ start | restart ]

Using the GUI console "Preferences --> Network Connections" set the DNS namerserver to put the IP address of the primary DNS nameserver (in this case 10.207.39.74) as the first listed nameserver, and the search domain as "vmem.org". The result should be an /etc/sysconfig/network-scripts file that has the following entries (order of entries does not matter). Bolded entries are necessary for correct resolution of domains.

root@oracle651 named]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

TYPE=Ethernet

UUID=824a1d97-1dc7-410b-89a5-49b353be826a

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=none

DNS1=10.207.39.74

DOMAIN=vmem.org

DEFROUTE=yes

IPV4_FAILURE_FATAL=yes

IPV6INIT=no

NAME="System eth0"

DNS2=192.168.1.1

IPADDR=10.207.39.74

PREFIX=24

GATEWAY=10.207.39.1

HWADDR=52:54:00:66:26:A0

DNS3=127.0.0.1

LAST_CONNECT=1408419613

[root@oracle651 named]#

Reboot the server or restart networking to have the new DNS and DOMAIN settings take effect, or manually edit the /etc/resolv.conf file to test them out manually as shown below.

[root@oracle651 named]# nslookup oracle631

Server: 10.207.39.74

Address: 10.207.39.74#53

Name: oracle631.vmem.org

Address: 10.207.39.72

[root@oracle651 named]# nslookup 10.207.39.72

Server: 10.207.39.74

Address: 10.207.39.74#53

72.39.207.10.in-addr.arpa name = oracle631.vmem.org.

[root@oracle651 named]#

Structure of the required /etc/resolv.conf is shown below. This will be dynamically generated at boot typically.

[root@oracle651 named]# cat /etc/resolv.conf

# Generated by NetworkManager

search vmem.org

nameserver 10.207.39.74

nameserver 192.168.1.1

nameserver 127.0.0.1

[root@oracle651 named]#

Done.