Professional Documents
Culture Documents
Escenario
-
named.conf
Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
server as a caching only nameserver (as a localhost DNS resolver only).
See /usr/share/doc/bind*/sample/ for example named configuration files.
options {
listen-on port 53 { 127.0.0.1; 192.168.10.1; };# IP Servidor Master
#
listen-on-v6 port 53 { ::1; };
# Se comenta esta linea
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query{ localhost; 192.168.10.0/24; };
# Dominio de broadcast
allow-transfer{ localhost; 192.168.10.2; };
# IP del servidor
# secundario
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable
recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to
enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable
access
@
IN A
@
IN A
@
IN A
@
IN A
masterdns
secondarydns
client1
client2
IN
IN
IN
IN
A
A
A
A
192.168.10.1
192.168.10.2
192.168.10.3
192.168.10.4
192.168.10.1
192.168.10.2
192.168.10.3
192.168.10.4
Success
[root@localhost bxav]# firewall-cmd --permanent --add-port=53/udp
Success
11. Reiniciamos
el firewall
[root@localhost
[root@localhost
[root@localhost
[root@localhost
bxav]#
bxav]#
bxav]#
bxav]#
192.168.10.1
192.168.10.1#53
Name: informatica.local
Address: 192.168.10.3
Name: informatica.local
Address: 192.168.10.2
Name: informatica.local
Address: 192.168.10.4
Name: informatica.local
Address: 192.168.10.1
named.conf
Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
server as a caching only nameserver (as a localhost DNS resolver only).
See /usr/share/doc/bind*/sample/ for example named configuration files.
recursion.
- If your recursive DNS server has a public IP address, you MUST enable
access
control to limit queries to your legitimate users. Failing to do so
will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "informatica.local" IN {
type slave;
file "slaves/informatica.fwd";
masters { 192.168.10.1; };
};
zone "10.168.192.in-addr.arpa" IN {
type slave;
file "slaves/informatica.rev";
masters { 192.168.10.1; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
7.
el firewall
bxav]#
bxav]#
bxav]#
bxav]#
192.168.10.1
192.168.10.1#53
Name: informatica.local
Address: 192.168.10.2
Name: informatica.local
Address: 192.168.10.4
Name: informatica.local
Address: 192.168.10.3
Name: informatica.local
Address: 192.168.10.1
Cliente 1 (Client)
1. Agregamos los detalles de los servidores DNS en resolv.conf
[root@localhost bxav]# nano /etc/resolv.conf
# Generated by NetworkManager
search informtica.local
nameserver 192.168.10.1
nameserver 192.168.10.2
;; AUTHORITY SECTION:
informatica.local.
informatica.local.
secondarydns.informatica.local.
masterdns.informatica.local.
86400 IN
86400 IN
;; ADDITIONAL SECTION:
secondarydns.informatica.local.
;;
;;
;;
;;
NS
NS
86400 IN A
192.168.10.1
192.168.10.2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;secondarydns.informatica.local.
IN
;; ANSWER SECTION:
secondarydns.informatica.local.
86400 IN A
;; AUTHORITY SECTION:
informatica.local.
informatica.local.
NS
NS
86400 IN
86400 IN
;; ADDITIONAL SECTION:
masterdns.informatica.local. 86400 IN
;;
;;
;;
;;
192.168.10.2
masterdns.informatica.local.
secondarydns.informatica.local.
A
192.168.10.1
192.168.10.3
;; AUTHORITY SECTION:
informatica.local.
informatica.local.
masterdns.informatica.local.
secondarydns.informatica.local.
86400 IN
86400 IN
NS
NS
;; ADDITIONAL SECTION:
masterdns.informatica.local. 86400 IN
A
secondarydns.informatica.local.
86400 IN A
;;
;;
;;
;;
192.168.10.1
192.168.10.1#53
informatica.local
192.168.10.3
informatica.local
192.168.10.1
informatica.local
192.168.10.2
informatica.local
192.168.10.4
Cliente 2 (Client)
192.168.10.1
192.168.10.2
Bibliografa:
-
https://www.unixmen.com/setting-dns-server-centos-7/
https://www.digitalocean.com/community/tutorials/how-toconfigure-bind-as-a-private-network-dns-server-on-centos-7