DNS Service on Linux. Supawit Wannapila CCNA, RHCE supawit.w@cmu.ac.th

Similar documents
Creating a master/slave DNS server combination for your Grid Infrastructure

Domain Name Server. Training Division National Informatics Centre New Delhi

DNS : Domain Name System

Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files

Zimbra :: The Leader in Open Source Collaboration. Administrator's PowerTip #3: June 21, 2007 Zimbra Forums - Zimbra wiki - Zimbra Blog

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

Domain Name System (DNS) Fundamentals

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

DNS zone transfers from FreeIPA to non-freeipa slave servers

The Domain Name System

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley

Domain Name System Security

Services: DNS domain name system

DNS. Computer Networks. Seminar 12

Enabling DNS for IPv6 CSD Fall 2011

Securing an Internet Name Server

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

How-to: DNS Enumeration

Red Hat system-config-bind BIND (Berkeley Internet Name Domain) DNS ( Domain Name System)

CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS)

DNS and BIND. David White

Networking Domain Name System

- Domain Name System -

what s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference

Building a Linux IPv6 DNS Server

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10

The role of JANET CSIRT

Lab 4 Domain Name System - DNS CMPE 150

DNS Domain Name System

Domain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin

Forouzan: Chapter 17. Domain Name System (DNS)

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Deploying & Configuring a DNS Server on OpenServer 6 or UnixWare 7. Kirk Farquhar

Copyright

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

Using Webmin and Bind9 to Setup DNS Sever on Linux

DNS using BIND 9. TELE301 Laboratory Manual. 1 Using Dig Basic Configuration The Master Bind Configuration File...

Networking Domain Name System

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS

How to Add Domains and DNS Records

DNS + DHCP. Michael Tsai 2015/04/27

DNS Pharming Attack Lab

How to Enable Internet for Guest Virtual Machine using Wi-Fi wireless Internet Connection.

The Domain Name System: An Integral Part of the Internet. By Keiko Ishioka

THE DOMAIN NAME SYSTEM DNS

Introduction to DNS and Application Issues related to DNS. Kirk Farquhar

BIND versus DJBDNS: A Comparison of Performance, Ease of Configuration, and Security

DNS. Some advanced topics. Karst Koymans. (with Niels Sijm) Informatics Institute University of Amsterdam. (version 2.6, 2013/09/19 10:55:30)

Internet-Praktikum I Lab 3: DNS

Domain Name System. Overview. Domain Name System. Domain Name System

ECE 4321 Computer Networks. Network Programming

DNS - Domain Name System

Networking Domain Name System

Introduction to DNS CHAPTER 5. In This Chapter

The Use of DNS Resource Records

Configuring DNS on Cisco Routers

Module 2. Configuring and Troubleshooting DNS. Contents:

Unbound a caching, validating DNSSEC resolver. Do you trust your name server? Configuration. Unbound as a DNS cache (SEC-less)

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

netkit lab load balancer dns 1.2 Massimo Rimondini Version Author(s)

Application Protocols in the TCP/IP Reference Model

Table of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names.

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

DNS at NLnet Labs. Matthijs Mekking

Tunnel Client FAQ. Table of Contents. Version 0v5, November 2014 Revised: Kate Lance Author: Karl Auer

BIND 9 Administrator Reference Manual

DNS SECURITY TROUBLESHOOTING GUIDE

DNS/DHCP Administration Guide for Linux

DNS Resolving using nslookup

Windows 2008 Server. Domain Name System Administración SSII

Understanding DNS (the Domain Name System)

DNS. DNS Fundamentals. Goals of this lab: Prerequisites: LXB, NET

DNS and BIND Primer. Pete Nesbitt linux1.ca. April 2012

17 Administrative Services: DNS, FTP, and Logging

How to Configure the Windows DNS Server

The Domain Name System

The Domain Name System (DNS)

Basic DNS Course. Module 1. DNS Theory. Ron Aitchison ZYTRAX, Inc. Page 1 of 24

Configuring DNS. Finding Feature Information

How To Guide Edge Network Appliance How To Guide:

Set up and run your own Cesidian Root DNS server

DNS Conformance Test Specification For Client

CS3250 Distributed Systems

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Teldat Router. DNS Client

Module 6: Managing and Monitoring Domain Name System

Solaris Networking Guide. Stewart Watkiss. Volume. New User To Technical Expert Solaris Bookshelf. This document is currently under construction

IPv6 support in the DNS

Domain Name System. Heng Sovannarith

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

Transcription:

DNS Service on Linux Supawit Wannapila CCNA, RHCE supawit.w@cmu.ac.th

Host Name Resolution Common Host Name Service Files (/etc/hosts and /etc/networks) DNS (/etc/resolv.conf) Multiple client-side resolvers: nslookup dig 2

The Stub Resolver Read /etc/nsswitch.conf to determine the order in which to query name services, as shown here for the default configuration hosts: files dns 3

DNS-Specific Resolver dig Never reads /etc/nsswitch.conf By default, looks only at the nameserver line in /etc/resolv.conf Output is in RFC-standard zone file format, the format used by DNS servers, which makes dig particularly useful for exploring DNS resolution 4

Trace a DNS Query with dig dig +trace cmu.ac.th Reads /etc/resolv.conf to determine nameserver Queries for root name servers Chases referals to find name records(answer) This is known as an iterative query Initial Observations: Name are organized in an inverted tree with root (.) at top The name hierarchy allows DNS to cross organizational boundaries Name in records end with a dot when fully-qualified 5

Other Observation Answer in the previous trace are in the form of resource records Each resource record has five fields: domain the domain or subdomain being queried ttl how long the record should be cache in second class record classification (usually IN) type record type, such as A or NS rdata resource data to which the domain maps 6

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> +trace cmu.ac.th ;; global options: printcmd. 3600 IN NS d.root-servers.net.. 3600 IN NS e.root-servers.net.. 3600 IN NS f.root-servers.net.. 3600 IN NS g.root-servers.net.. 3600 IN NS h.root-servers.net.. 3600 IN NS i.root-servers.net.. 3600 IN NS j.root-servers.net.. 3600 IN NS k.root-servers.net.. 3600 IN NS l.root-servers.net.. 3600 IN NS m.root-servers.net.. 3600 IN NS a.root-servers.net.. 3600 IN NS b.root-servers.net.. 3600 IN NS c.root-servers.net. ;; Received 449 bytes from 202.28.249.74#53(202.28.249.74) in 47 ms th. 172800 IN NS dns1.thnic.co.th. th. 172800 IN NS ns-th.ripe.net. th. 172800 IN NS ns.thnic.net. th. 172800 IN NS ams.sns-pb.isc.org. th. 172800 IN NS ns-a.thnic.co.th. th. 172800 IN NS sfba.sns-pb.isc.org. ;; Received 328 bytes from 128.8.10.90#53(d.root-servers.net) in 104 ms cmu.ac.th. 7200 IN NS teal.cat.net.th. cmu.ac.th. 7200 IN NS ns.cmu.ac.th. ;; Received 87 bytes from 202.28.1.22#53(dns1.thnic.co.th) in 20 ms cmu.ac.th. 3600 IN SOA ns.cmu.ac.th. postmaster.ns.cmu.ac.th. 2010090201 3600 1800 604800 3600 ;; Received 77 bytes from 202.129.27.134#53(teal.cat.net.th) in 7 ms 7

Other Observation(cont) Conceptually, one queries against the domain(name), which is mapped to the rdata for an answer In the trace example, The NS(name server) records are referrals The A(address) record in the final answer and is the default query type for dig 8

Summary of common record type domain Class Record Type rdata canonical name IN A IPv4 canonical name IN AAAA IPv6 alias IN CNAME canonical name origin IN MX canonical name for mail exchanger origin IN NS canonical name for nameserver reserved IP address IN PTR canonical name origin IN SOA authoritative info origin refers to the name of a domain or subdomain as it is managed by a particular server canonical means the usual or real name of the host 9

Forward Lookups dig www.cmu.ac.th ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> www.cmu.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30764 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.cmu.ac.th. IN A ;; ANSWER SECTION: www.cmu.ac.th. 2485 IN A 202.28.249.7 ;; Query time: 7 msec ;; SERVER: 202.28.249.74#53(202.28.249.74) ;; WHEN: Wed Sep 8 12:23:42 2010 ;; MSG SIZE rcvd: 47 10

Reverse Lookups dig -x 209.132.177.50 ; <<>> DiG 9.7.0-P1 <<>> -x 209.132.177.50 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16089 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;50.177.132.209.in-addr.arpa. IN PTR ;; ANSWER SECTION: 50.177.132.209.in-addr.arpa. 600 IN PTR host-50-177-132-209.redhat.com. ;; AUTHORITY SECTION: 177.132.209.in-addr.arpa. 600 IN 177.132.209.in-addr.arpa. 600 IN 177.132.209.in-addr.arpa. 600 IN NS ns1.redhat.com. NS ns2.redhat.com. NS ns3.redhat.com. ;; Query time: 530 msec ;; SERVER: 202.28.249.74#53(202.28.249.74) ;; WHEN: Sun Sep 12 17:55:35 2010 ;; MSG SIZE rcvd: 143 11

Mail Exchanger Lookups dig -t mx cmu.ac.th ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> -t mx cmu.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56530 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;cmu.ac.th. IN MX ;; ANSWER SECTION: cmu.ac.th. 3600 IN MX 20 mx.cmu.ac.th. ;; ADDITIONAL SECTION: mx.cmu.ac.th. 3600 IN A 202.28.249.12 ;; Query time: 12 msec ;; SERVER: 202.28.249.74#53(202.28.249.74) ;; WHEN: Wed Sep 8 12:31:40 2010 ;; MSG SIZE rcvd: 62 12

SOA Lookups dig -t soa cmu.ac.th ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> -t soa cmu.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62724 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;cmu.ac.th. IN SOA ;; ANSWER SECTION: cmu.ac.th. 3599 IN SOA ns.cmu.ac.th. postmaster.ns.cmu.ac.th. 2010090201 3600 1800 604800 3600 ;; ADDITIONAL SECTION: ns.cmu.ac.th. 3500 IN A 202.28.249.30 ;; Query time: 9 msec ;; SERVER: 202.28.249.74#53(202.28.249.74) ;; WHEN: Wed Sep 8 12:32:46 2010 ;; MSG SIZE rcvd: 93 13

SOA rdata Master nameserver's FQDN Contact email Serial number Refresh delay before checking serial number Retry interval for slave servers Expiration for records when the slave cannot contact its master(s) Minimum TTL for negative answers ( no such host ) 14

SOA rdata (cont) serial number in common practice based on ISO dates all time are in seconds by default. However, may be used: W=weeks D=days H=Hours M=Minutes Must use capital letters, no space between the number and the unit is allowed 15

Being Authoritative The SOA record merely indicates the master server for the origin(domain) A server is authoritative if it has: Delegation from the parent domain: NS record plus A record A local copy of the domain data, including the SOA record 16

The Everything Lookups dig -t axfr example.com @192.168.0.254 Observations All records for the zone are transferred Records reveal much inside knowledge of the network Response is too big for UDP, so transfers use TCP Most servers restrict zone transfers to a select few hosts(usually the slave nameservers) Use this command from a slave to test permissions on the master 17

Service Profile: DNS Packages: bind, bind-utils, bind-chroot Daemons: /usr/sbin/named Script: /etc/init.d/named Ports: 53 (udp & tcp) Configuration: (Under /var/named/chroot/) /etc/named.conf, /var/named/* Related: caching-nameserver 18

Getting Started with BIND Install packages bind for core binaries bind-chroot for security caching-nameserver for an initial configuration Configure startup service named configtest service named start chkconfig named on Proceed with essential named configuration 19

Essential named Configuration Configure the stub resolver Define access control in /etc/named.conf Declare client match lists Server interfaces: listen-on and listen-on-v6 What queries should be allowed? Iterative: allow-query { match-list; }; Recursive: allow-recursion { match-list; }; Transfers: allow-transfer { match-list; }; Add data via zone files Test! 20

Configure the Stub Resolver On the nameserver: Edit /etc/resolv.conf to specify nameserver 127.0.0.1 Edit /etc/sysconfig/network-scripts/ifcfg-* to specify PEERDNS=no Advantages: Ensure consistent lookups for all applications Simplifies access controls and troubleshooting 21

bind-chroot Package Install a chroot environment under /var/named/chroot Move existing config files into the chroot environment, replacing the original files with symlinks Updates /etc/sysconfig/named with a named option: ROOTDIR=/var/named/chroot Tips Insprct /etc/sysconfig/named after installing bindchroot Run ps -ef grep named after starting named to verify startup options 22

caching-nameserver Package Provides Tips named.caching-nameserver.conf named.ca containing root server 'hints' Forward and reverse lookup zone files for machinelocal name and IP addresses(e.g., localhost.localdomain) copy named.caching-nameserver.conf to named.conf change ownership to root:named Edit named.conf 23

Address Match List A semicolon-seperated list of IP address or subnets used with security directives for host-based access control Format IP address: 192.168.0.1 Trailing dot: 192.168.0. CIDR: 192.168.0.0/24 Use a bang (!) to denote inversion A match list is checked in order, stopping on first match Example: { 192.168.0.1; 192.168.0.;!192.168.1.0/24; }; 24

Access Control List(ACL) In its simplest form, an ACL assigns a name to an address match list Can generally be used in place of a match list (nesting is allowed!) Best practice is to define ACL's at the top of /etc/named.conf Example declarations acl trusted { 192.168.1.21; }; acl classroom { 192.168.0.0/24; trusted; }; acl cracker { 192.168.1.0/24; }; acl mymasters { 192.168.0.254; }; acl myaddress { 127.0.0.1; 192.168.0.1; }; 25

Built-In ACL's BIND pre-defines four ACL's none any localhost localnets - No IP address matches - All IP address matches - Any IP address of the name server matches - Directly-connected networks matches 26

Server Interfaces Option: listen-on port 53 { match-list; }; Binds named to specific interfaces Example listen-on port 53 { myaddress; }; listen-on-v6 port 53 { ::1; }; Restart an verify: netstat -tulpn grep named Default: if listen-on is missing, named listens on all interfaces 27

Allowing Queries Option: allow-query { match-list; }; Server provide both authoritative and cached answers to clients in match-list Example: allow-query { classroom; cracker; }; Default: if allow-query is missing, named allows all 28

Allowing Recursion Option: allow-recursion { match-list; }; Server chases referrals on behalf of clients in the match-list Example: allow-recursion { classroom;!cracker; }; Default: if allow-recursion is missing, named allows all 29

Allowing Transfer Option: allow-transfer { match-list; }; Client in the match-list are allowed to act as slave servers Example: allow-transfer {!cracker; classroom; }; Default: if allow-transfer is missing, named allows all 30

Modifying BIND Behavior Option: forwarders { match-list; }; Modifier: forward first only; Direct named to recursively query specified servers before or instead of chasing referrals Example: forwarders { mymaster; }; forward only; If the forward modifier is missing, named assumes first 31

Access Controls: Putting it Together Sample /etc/named.conf with essential access control options: // acl's make security directive easier to read acl ''myaddress'' { 127.0.0.1; 192.168.0.1; }; acl ''trusted'' { 192.168.1.21; }; acl ''classroom'' { 192.168.0.0/24; trusted; }; acl ''cracker'' { 192.168.1.0/24; }; options { #bind to specific interfaces listen-on port 53 { myaddress; }; listen-on-v6 port 53 { ::1; }; # make sure I can always query myself for troubleshooting allow-query { localhost; classroom;!cracker; }; allow-recursion { localhost; classroom;!cracker; }; /* don't let cracker (even trusted) do zone transfers */ allow-transfer { localhost; clasroom;!cracker; }; }; # use a recursive, upstream nameserver forwarders { 192.168.0.254; }; forward only; 32

Slave Zone Declaration zone ''example.com'' IN { }; type slave; masters { mymasters; }; file ''slaves/example.com.zone'' Sample zone declaration directs the server to: Act as an authoritative nameserver for example.com, where example.com is the origin as specified in the SOA record's domain field Be a slave for this zone Perform zone transfer (AXFR and IXFR) against the hosts in the masters option Store the transferred data in /var/named/chroot/var/named/slaves/example.com.zone Reload named to automatically create the file 33

Master Zone Declaration zone ''example.com'' IN { }; type master; file ''example.com.zone''; Sample zone declaration directs the server to: Act as an authoritative nameserver for example.com, where example.com is the origin as specified in rg SOA record's domain field Be a master of this zone Read the master data from /var/named/chroot/var/named/example.com.zone Manually create the master file before reloading named 34

Zone File Creation Content of a zone file: A collection of record, beginning with the SOA record The @ symbol is a variable representing the zone's origin as specified in the zone declaration from /etc/named.conf Comments are assembly-style (;) Precautions: BIND append the domain's origin to any name that is not properly dot-terminated If the domain field is missing from a record, BIND uses the value from the previous record Remember to increment the serial number and reload named after modifying a zone file 35

Tips for Zone Files Shortcuts: Do not start from scratch copy an exiting zone file installed by the caching-nameserver package To save typing, put $TTL 86400 as the first line of a zone file, then omit the TTL from individual records BIND allows you to split multi-valued rdata across lines when enclosed within parentheses () Choose a filename for your zone file that reflects the origin in some way 36

Example of multi-line rdata @ IN SOA server1.example.com. root ( 46 ; serial 3H ; refresh 15M ; retry 1W ; expire authority 1D) ; minimum for negative answers 37

Testing Operation Select one of dig or nslookup, and use it expertly to verify the operation of your DNS server Run tail -f /var/log/messages in a separate shell when restarting services Configuration BIND will fail to start for syntax error, so always run service named configtest after editing config file configtest runs two syntax utilities against files specified in your configuration, but the syntax utilities may be run separately against files outside your configuration 38

BIND Syntax utilities named-checkconf -t ROOTDIR /path/to/named.conf Inspects /etc/named.conf by default (which will be the wrong file if the -t options is missing) Example: named-checkconf -t /var/named/chroot named-checkzone origin /path/to/zonefile Inspects a specific zone configuration Example: named-checkzone cmu.ac.th /var/named/chroot/var/named/cmu.ac.th.zone 39

Delegating Subdomains Steps On the child, create a zone file to hold the subdomain's data On the parent, add an NS record On the parent, add an A record to complete the delegation Glue Records If the child's canonical name is in the subdomain it manages, the A record is called a glue record 40

View and Split DNS Answering queries differently based on who is asking match-clients and match-destinations Option and zones defined within a view Any view statement means that all zone definitions must be inside a view Any view statement means that all zone definitions must be inside a view 41

View Example view ''internal'' { match-clients { 192.168.0.0/24; }; recursion yes; zone ''example.com'' { type master; file "example-internal.zone"; }; }; view ''external'' { match-clients { any; }; recursion no; zone ''example.com'' { type master; file "example-external.zone"; }; }; 42

Demo 1:Implement a Minimal DNS Server Install package bind bind-utils bind-chroot caching-nameserver yum install bind bind-utils bind-chroot cahcing-nameserver 43

Demo 1:Implement a Minimal DNS Server Verify chroot grep ROOTDIR /etc/sysconfig/named ROOTDIR=/var/named/chroot Copy a convenient starting configuration Test cd /var/named/chroot/etc cp named.caching-nameserver.conf named.conf chgrp named named.conf service named configtest Start named at boot time chkconfig named on 44

Demo 1:Implement a Minimal DNS Server Modify iptables insert this following line after ESTABLISHED, RELATED line in /etc/sysconfig/iptables -A RH-Firewall-1-INPUT -p tcp --dport 53 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 53 -j ACCEPT Reload iptables service iptables restart 45

Demo 1:Implement a Minimal DNS Server Edit named.conf to modify and/or add the following app-specific controls in the global options section listen-on port 53 { localhost; }; allow-query { localhost; 192.168.56.0/24; }; allow-query-cache { localhost; 192.168.56.0/24; }; allow-transfer { localhost; 192.168.56.102; }; forwarders { 202.28.249.75; }; forward first; Edit named.conf again, modify the default view's match-clients match-clients { localhost; 192.168.56.0/24; }; 46

Demo 1:Implement a Minimal DNS Server Test configuration and reload named service named configtest service named restart Change DND name solver point to localhost, edit file /etc/resolv.conf search example.com nameserver 127.0.0.1 Test resolve dig www.cmu.ac.th dig www.facebook.com 47

Demo2: Add Data to the Name Server Declare a forward lookup zone: Edit named.conf put the following line above include statement in view section zone ''example.com'' IN { }; type master; file ''example.com.zone''; allow-update { none; }; forwarders { }; Test but have a error ''file not found'' service named configtest 48

Demo2: Add Data to the Name Server Create a zone file: Copy an exiting zone file with original permission cd /var/named/chroot/var/named cp -a localdomain.zone example.com.zone Edit SOA record @ IN SOA ns root ( or @ IN SOA ns.example.com. noc.example.com. ( Increment the serial number 49

Demo2: Add Data to the Name Server Edit NS record @ IN NS ns Add some record @ IN MX 10 mx ns IN A 192.168.56.101 server IN A 192.168.56.102 mx IN CNAME server station IN A 192.168.56.103 station1 IN A 202.28.249.14 50

Demo2: Add Data to the Name Server Test configuration and reload service named configtest service named restart Test resolve on localhost and other dig -t axfr example.com ping station1 ping server ping mx 51

Demo2: Add Data to the Name Server Declare a inverse lookup zone: Edit named.conf put the following line above include statement in view section zone ''56.168.192.in-addr.arpa'' IN { type master; file ''192.168.56.zone''; allow-update { none; }; forwarders { }; }; Test but have a error ''file not found'' service named configtest 52

Demo2: Add Data to the Name Server Create a zone file: Copy an exiting zone file with original permission cd /var/named/chroot/var/named cp -a named.local 192.168.56.zone Edit SOA record @ IN SOA ns.example.com. root.example.com. ( Increment the serial number 53

Demo2: Add Data to the Name Server Edit NS record @ IN NS ns.example.com. Add some record 101 IN PTR ns.example.com. 102 IN PTR server.example.com. 103 IN PTR station.example.com. 54

Demo2: Add Data to the Name Server Test configuration and reload service named configtest service named restart Test resolve on localhost and other dig -x 192.168.56.101 dig -x 192.168.56.102 dig -x 192.168.56.103 dig -t axfr 56.168.192.in-addr.arpa 55

Demo3: Add slave DNS Repeat step on Demo1 to implement a minimal DNS on the slave server Declare a slave zone: Edit named.conf put the following line above include statement in view section zone ''example.com'' IN { type slave; masters { 192.168.56.101; }; file ''slaves/example.com.zone''; forwarders { }; }; Test and reload named service named configtest service named restart 56

Demo3: Add slave DNS Inspect file what transferred ls -l /var/named/chroot/var/named/slaves/ Test local resolver dig -t axfr example.com dig station.example.com 57

Thank you and have a great day 58

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information