# yum -y install bind
Server side resolv.conf:
[root@ansiblehost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
Client Side resolv.conf:
[root@stuart ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 192.168.126.182
# named.conf file - Example.
[root@ansiblehost ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" {
type master;
file "example.com.zone";
allow-update { none; };
};
zone "126.168.192.in-addr.arpa" {
type master;
file "example.com.revzone";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
=================================
Forward Zone lookup file:
[root@ansiblehost ~]# cat /var/named/example.com.zone
$TTL 604800
@ IN SOA ansiblehost.example.com. root.ansiblehost.example.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ansiblehost.texample.com.
; name servers - A records
ansiblehost.example.com. IN A 192.168.126.182
; 192.168.126/24 - A records
stuart.example.com IN A 192.168.126.132
===================================
Reverse Zone lookup file:
[root@ansiblehost ~]# cat /var/named/example.com.revzone
$TTL 604800
@ IN SOA ansiblehost.example.com. root.ansiblehost.example.com. (
3 ; Serial
604801 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers
IN NS ansiblehost.example.com.
; PTR Records
182 IN PTR ansiblehost.example.com.
132 IN PTR stuart.example.com.
====================================
Server side query:
[root@ansiblehost ~]# host 192.168.126.132
132.126.168.192.in-addr.arpa domain name pointer stuart.example.com.
[root@ansiblehost ~]# host 192.168.126.132
132.126.168.192.in-addr.arpa domain name pointer stuart.example.com.
Client Side query:
[root@stuart ~]# host ansiblehost.example.com
ansiblehost.example.com has address 192.168.126.182
[root@stuart ~]# host 192.168.126.182
182.126.168.192.in-addr.arpa domain name pointer ansiblehost.example.com.
====================================
Happy Linux!
Disclaimer; This is for my reference only. Please Use at your own discretion.
No comments:
Post a Comment