Table of Contents
Introduction
Setting up a Bind DNS server for a single-node OKD cluster involves configuring DNS to ensure proper resolution of cluster services and resources. Begin by installing Bind on your server and creating a primary zone file for your OKD domain. Define the necessary DNS records, including A records for the OKD master node and other services. Update the Bind configuration to include your zone file and restart the Bind service to apply changes. This setup ensures that your single-node OKD cluster has reliable DNS resolution, which is crucial for internal communication and service discovery within the cluster.
Server IP configuration
The name using for DNS server is ns1
Hostname: ns1.okd.linuxsysadmins.lan
IP Address: 192.168.11.100
Installing Packages
Install the required packages to setup the bind DNS server.
$ dnf install bind bind-utils -yConfiguring Bind DNS Server
Make a copy of original configuration before making any changes.
$ cp /etc/named.conf /etc/named.conf-originalConfigure the Bind DNS server and define the zone information in the main DNS configuration file.
Here the IP used for forwarders is my VLAN gateway IP
# vim /etc/named.conf
// named.conf
//
options {
listen-on port 53 { 127.0.0.1; 192.168.11.100; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; 192.168.11.0/24; };
allow-recursion { localhost; 192.168.11.0/24; };
forwarders { 192.168.11.1; };
recursion yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
category notify { zone_transfer_log; };
category xfer-in { zone_transfer_log; };
category xfer-out { zone_transfer_log; };
channel zone_transfer_log {
file "/var/named/log/transfer.log" versions 10 size 50m;
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
};
zone "okd.linuxsysadmins.lan" {
type master;
file "/var/named/okd.linuxsysadmins.lan.zone";
allow-query { localhost; 192.168.11.0/24; };
allow-transfer { none; };
};
zone "11.168.192.in-addr.arpa" {
type master;
file "/var/named/11.168.192.in-addr.arpa.zone";
allow-query { localhost; 192.168.11.0/24; };
allow-transfer { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
It’s a good practice to run a configuration check to ensure that there are no syntax errors in the main configuration file.
$ named-checkconfThe named logs are configured to be saved under /var/named/log. Create the directory with the appropriate ownership and permissions, and finally, restore the SELinux labels on those directories.
$ mkdir /var/named/log/
$ chown named:named /var/named/log/
$ chmod 700 /var/named/log/
$ restorecon -RFv /var/named/log/Start the Bind DNS service by running below command.
$ systemctl start namedCreate the required forward zone entries by creating the zone file under /var/named/
# vim /var/named/okd.linuxsysadmins.lan.zone
$TTL 8h
@ IN SOA ns1.okd.linuxsysadmins.lan. root (
2024080101 ; serial
3H ; refresh (3 hours)
30M ; retry (30 minutes)
2W ; expiry (2 weeks)
1W ) ; minimum (1 week)
IN NS ns1.okd.linuxsysadmins.lan.
IN MX 10 smtp.okd.linuxsysadmins.lan.
ns1.okd.linuxsysadmins.lan. IN A 192.168.11.100
smtp.okd.linuxsysadmins.lan. IN A 192.168.11.100
helper.linuxsysadmins.lan IN A 192.168.11.100
helper.okd.linuxsysadmins.lan. IN A 192.168.11.100
api.okd.linuxsysadmins.lan. IN A 192.168.11.101
api-int.okd.linuxsysadmins.lan. IN A 192.168.11.101
*.apps.okd.linuxsysadmins.lan. IN A 192.168.11.101
control-plane.okd.linuxsysadmins.lan. IN A 192.168.11.101
bastion.okd.linuxsysadmins.lan. IN A 192.168.11.11
Create the required reverse zone entries by creating the zone file under /var/named/
# vim /var/named/11.168.192.in-addr.arpa.zone
$TTL 8h
@ IN SOA ns1.okd.linuxsysadmins.lan. root (
2024080101 ; serial
3H ; refresh (3 hours)
30M ; retry (30 minutes)
2W ; expiry (2 weeks)
1W ) ; minimum (1 week)
IN NS ns1.okd.linuxsysadmins.lan.
100.11.168.192.in-addr.arpa. IN PTR ns1.okd.linuxsysadmins.lan.
101.11.168.192.in-addr.arpa. IN PTR api.okd.linuxsysadmins.lan.
101.11.168.192.in-addr.arpa. IN PTR api-int.okd.linuxsysadmins.lan.
101.11.168.192.in-addr.arpa. IN PTR control-plane.okd.linuxsysadmins.lan.
11.11.168.192.in-addr.arpa. IN PTR bastion.okd.linuxsysadmins.lan.
107.11.168.192.in-addr.arpa. IN PTR bootstrap.okd.linuxsysadmins.lan.
Change the ownership and set the appropriate permission on created zone files and make sure to restore the SELinux labels
$ chown root:named /var/named/okd.linuxsysadmins.lan.zone
$ chown root:named /var/named/11.168.192.in-addr.arpa.zone
$ chmod 640 /var/named/okd.linuxsysadmins.lan.zone
$ chmod 640 /var/named/11.168.192.in-addr.arpa.zone
$ restorecon -RFv /var/named/*.zone Do a zone conf check by running named-checkzone command.
$ named-checkzone okd.linuxsysadmins.lan /var/named/okd.linuxsysadmins.lan.zone
$ named-checkzone 11.168.192.in-addr.arpa /var/named/11.168.192.in-addr.arpa.zoneVerify the setup
Test the Bind DNS resolution locally on the same DNS server.
$ dig +short @localhost A ns1.okd.linuxsysadmins.lan
$ dig +short @localhost A api.okd.linuxsysadmins.lan
$ dig @localhost A api.okd.linuxsysadmins.lan
$ dig +short @localhost -x 192.168.11.10Allow Inbound traffic from clients
Add a firewalld rule to allow the DNS port to be accessible to all other clients.
$ firewall-cmd --permanent --add-service=dns
$ firewall-cmd --reload
$ firewall-cmd --list-allPersistent Service Start
Enable the service persistently and check the status.
$ systemctl enable --now named
$ systemctl status named.service On the client side, use the IP address of the NS1 server as the DNS server so that clients will receive name resolution from the ns1.okd.linuxsysadmins.lan server.
That’s it.