Domain Name System in Linux

DNS

DNS purpose is to translate a hostname to IP address, IP to Hostname and Hostname to Hostname.

The translation from hostname to IP address creates a record. The translation from IP address to hostname creates a PTR record. The translation from hostname to hostname creates a CNAME record.

Files involved in DNS configuration are:

  • /etc/named.conf
  • /var/named

For starting named the services, the command is:

systemctl restart named

DNS Download, Install, and Configuration

For the download, installation, and configuration of DNS follow the steps :

  • Create a snapshot of the virtual machine.
  • Make a set up such that we have a Master DNS server, a secondary or Slave DNS server, and a client.
  • Have system information - Domain name as lab.local. The IP address is the local IP address.
  • Become a root with the command:
    su -​
  • Install the DNS package with the command:
    yum install bind bind-utils –y​
  • Configure DNS server, with the command:
    vi /etc/named.conf​
  • As the editor opens, edit the line which contains:
    listen-on port 53 { 127.0.0.1;};​

    with the IP address

    listen-on port 53 { 127.0.0.1; 192.168.1.29; };

linux-dns

  • Go to the bottom of the file before the lines:
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";​
  • Add the lines:
    zone "lab.local" IN {
               type master;
              file "forward.lab";
              allow-update { none; };
    };
    
    zone "1.168.192.in-addr.arpa" IN {
               type master;
               file "reverse.lab";
               allow-update { none; };
    };​

linux-dnszoneupdate

  • Save and quit.
    :wq!​
  • Create the zone files inside /var/named directory, with the commands:
    cd /var/named
    touch forward.lab
    touch reverse.lab
  • Open the newly created forward.lab zone file, with the command:
    vi forward.lab​
  • Add the lines:
    $TTL 86400
    @   IN  SOA     masterdns.lab.local. root.lab.local. (
            2011071001  ;Serial
            3600        ;Refresh
            1800        ;Retry
            604800      ;Expire
            86400       ;Minimum TTL
    )
    @       IN  NS          masterdns.lab.local.
    @       IN  A           192.168.1.29
    masterdns IN  A   192.168.1.29
    clienta       IN  A   192.168.1.240
    clientb       IN  A   192.168.1.241​
  • Save and quit.
    :wq!​
  • Open the newly created reverse.lab zone file, with the command:
    vi reverse.lab​
  • Add the lines:
    $TTL 86400
    @   IN  SOA     masterdns.lab.local. root.lab.local. (
                2011071001   ;Serial
                3600               ;Refresh
                1800               ;Retry
                604800           ;Expire
                86400             ;Minimum TTL
    )
    @        IN  NS          masterdns.lab.local.
    @        IN  PTR         lab.local.
    masterdns       IN  A   192.168.1.29
    158      IN  PTR         masterdns.lab.local.
    240      IN  PTR         clienta.lab.local.
    241      IN  PTR         clientb.lab.local.​
  • Save and quit.
    :wq!​
  • Start the DNS server with the command;
    systemctl start named​
  • Enable the DNS server with the command;
    systemctl enable named​
  • Stop the firewalld with the command:
    systemctl stop firewalld​
  • Disable the firewalld with the command:
    systemctl disable firewalld​
  • Configure permissions, ownership of named.conf run the commands in sequence:
    chgrp named -R /var/named
    chown -v root:named /etc/named.conf
    restorecon -rv /var/named
    restorecon /etc/named.conf
  • Test the DNS named.conf configuration file for syntax errors with the command:
    named -checkconf /etc/named.conf​
  • Test the zone file forward.lab for syntax errors with the command:
    named -checkzone lab.local /var/named/forward.lab​
  • Test the zone file reverse.lab for syntax errors with the command:
    named -checkzone lab.local /var/named/reverse.lab​​
  • Get the IP address information with the command:
    ifconfig​

linux-dnsip

Note the server information, enp0s3 and 192.168.1.29.

  • Add DNS server information to the network file ifcfg-enp0s3 in the location /etc/sysconfig/network-scripts with the command:
    vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
  • Add the DNS information:
    DNS=192.168.1.29​
  • Save and quit.
    :wq!​
  • Restart the network service with the command:
    systemctl restart network​
  • Modify file resolv.conf in the location /etc with the command:
    vi /etc/resolv.conf​
  • Modify the information:
    nameserver 192.168.1.29​
  • Save and quit.
    :wq!​
  • Test the DNS server, running the commands one by one:
    dig masterdns.lab.local
    nslookup masterdns.lab.local
    nslookup clienta.lab.local
    nslookup clientb.lab.local
    nslookup 192.168.1.240
    nslookup 192.168.1.241​
  • Revert back to the snapshot of the virtual box.

Hostname or IP Lookup

Commands used for DNS lookup are nslookup and dig.

To get the IP address of google.com, the command is:

dig www.google.com

or

nslookup www.google.com

Securing Linux System

OS Hardening

The operating system hardening can be done in the following ways :

  • User Account

The user account names should not be common and difficult to guess. To get all the user accounts, run the command:

cat /etc/passwd

To get information about the password changes, run the command:

chage -l user

linux-passwd

The password parameters are stored within the /etc/shadow and /etc/login.defs files, to get that information run the commands from root:

cat /etc/shadow
cat /etc/login.defs

The file /etc/pam.d/system-auth manages user accounts, security, deletes old passwords, and so on.

  • Remove un-wanted packages

To get a list of all the packages, run the command:

rpm -qa

To count the total number of packages, run the command:

rpm -qa | wc -l

To remove an unwanted package for example bind, run the command:

rpm -e bind
  • Stop un-used Services

To get a list of all the packages running in the system, run the command:

systemctl -a

To stop an unwanted service for example ntpd, run the command:

systemctl stop ntpd
  • Check on Listening Ports

To get a list of all the ports, run the command:

netstat -tunlp
  • Secure SSH Configuration

The file /etc/ssh/sshd_config contains information of SSH configuration. To modify configurations, run the commands:

cd /etc/ssh
more sshd_config

Then to change the default SSH port of 22, edit the line which contains 'Port' and change the Port number.

linux-secure

Also, we can change the parameter PermitRootLogin to no.
linux-sshsecure

  • Enable Firewall

A firewall is a watchdog or a defender that regulates traffic coming in and out.

To change the Firewall configurations, run the command:

firewall -config

Firewall Configuration window opens, with Services, Port, Protocols, Source Ports tabs.
linux-firewall

To add, edit, or remove a Port, we have the Add, Edit, and Remove buttons. linux-firewallport

  • Enable SELinux

SELinux is instrumental in controlling the access and permission access to the process and application.

To get the status of the SELinux, run the command:

sestatus

To disable SELinux within the /etc/sysconfig/selinum file, run the command:

vi /etc/sysconfig/selinux

Edit the line which contains SELINUX and set its value to disabled.

  • Change Listening Services Port Numbers

To make the system more secure, we can change the default port of the services in the same process we have changed the default port of ssh.

  • Keep your OS up to date (security patching).
About Author :

Myself Debomita Bhattacharjee, an IT employee with 6+ years of experience in Software industry. My area of interest is Automation testing and Front End Development.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions