Configuración Servidor DNS

Configuración Servidor DNS
Configuramos la tarjeta de red con los datos del DNS:
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.44"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS="192.168.1.44"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
Reiniciamos el servicio de red:
#systemctl restart network.service
Instalar BIND 9.
yum install bind bind-utils -y
Configurar archivo de configuración, ‘/etc/named.conf’ .
#vi /etc/named.conf
Agregar o editar las partes resaltadas:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.44;}; ### IP DNS Primario ###
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24;}; ### Rango IP ###
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "sisope.local" IN {
type master;
file "forward.sisope";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.sisope";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Crear los archivos de ZONA:
Tenemos que crear los archivos de Zona Directa (Forward) y Zona Inversa (Reverse) que
indicamos en ‘/etc/named.conf’ .
Para crear Forward Zone
Crear forward.sisope en la carpeta ‘/var/named’
vi /var/named/forward.sisope
Agregamos la parte resaltada:
$TTL 86400
@ IN SOA primario.sisope.local. root.sisope.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
@ IN NS primario.sisope.local.
@ IN A 192.168.1.44
@ IN A 192.168.1.103
primario IN A 192.168.1.44
cliente IN A 192.168.1.103
Creamos la ZONA Inversa
Crear reverse.sisope en la carpeta ‘/var/named’
vi /var/named/reverse.sisope
Agregamos la parte resaltada:
$TTL 86400
@ IN SOA primario.sisope.local. root.sisope.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
@ IN NS primario.sisope.local.
@ IN PTR sisope.local.
primario IN A 192.168.1.44
cliente IN A 192.168.1.103
44 IN PTR primario.sisope.local.
103 IN PTR cliente.sisope.local.
Arrancamos el servicio DNS:
systemctl enable named
systemctl start named
Configuramos el Firewall
Permitimos el puerto 53 (DNS) a través del Firewall
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --reload
Configuramos Permisos
# chmod 777 /var/named/forward.sisope
# chmod 777 /var/named/reverse.sisope
# systemctl restart named.service
Probamos la configuración de DNS y los archivos de zona:
Ejecutamos el siguiente comando para revisar NAMED:
#named-checkconf /etc/named.conf
Si no retorna nada, tu archivo de configuración es válido.
Revisamos el archivo de Zona Directa:

#named-checkzone sisope.local /var/named/forward.sisope
……………
zone sisope.local/IN: loaded serial 2011071001
OK
Revisamos el archivo de Zona Inversa:
#named-checkzone sisope.local /var/named/reverse.sisope
……………
zone sisope.local/IN: loaded serial 2011071001
OK
Probamos el servidor DNS:
#dig primario.sisope.local
………………
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> primario.sisope.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;primario.unixmen.local. IN A
;; ANSWER SECTION:
primario.unixmen.local. 86400 IN A 192.168.1.101
;; AUTHORITY SECTION:
sisope.local. 86400 IN NS primario.sisope.local.
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; SERVER: 192.168.1.44#53(192.168.1.44)
;; WHEN: Wed Aug 20 16:20:46 IST 2014
;; MSG SIZE rcvd: 125
#nslookup sisope.local
…………….
Server: 192.168.1.44
Address: 192.168.1.44#53

Configuración Servidor DNS

Uploaded by

Copyright:

Available Formats

Configuración Servidor DNS

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Configuración Servidor DNS

Uploaded by

Copyright:

Available Formats

Configuración Servidor DNS

Configuramos la tarjeta de red con los datos del DNS:

Reiniciamos el servicio de red:

#systemctl restart network.service

yum install bind bind-utils -y

Configurar archivo de configuración, ‘/etc/named.conf’ .

Agregar o editar las partes resaltadas:

// server as a caching only nameserver (as a localhost DNS resolver only).

// See /usr/share/doc/bind*/sample/ for example named configuration files.

listen-on port 53 { 127.0.0.1; 192.168.1.44;}; ### IP DNS Primario ###

# listen-on-v6 port 53 { ::1; };

allow-query { localhost; 192.168.1.0/24;}; ### Rango IP ###

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

/* Path to ISC DLV key */

Para crear Forward Zone

Crear forward.sisope en la carpeta ‘/var/named’

Agregamos la parte resaltada:

@ IN SOA primario.sisope.local. root.sisope.local. (

86400 ;Minimum TTL

Creamos la ZONA Inversa

Crear reverse.sisope en la carpeta ‘/var/named’

Agregamos la parte resaltada:

@ IN SOA primario.sisope.local. root.sisope.local. (

86400 ;Minimum TTL

103 IN PTR cliente.sisope.local.

Arrancamos el servicio DNS:

systemctl enable named

systemctl start named

Permitimos el puerto 53 (DNS) a través del Firewall

firewall-cmd --permanent --add-port=53/tcp

firewall-cmd --permanent --add-port=53/udp

# chmod 777 /var/named/forward.sisope

# chmod 777 /var/named/reverse.sisope

# systemctl restart named.service

Probamos la configuración de DNS y los archivos de zona:

Ejecutamos el siguiente comando para revisar NAMED:

Si no retorna nada, tu archivo de configuración es válido.

Revisamos el archivo de Zona Directa:

zone sisope.local/IN: loaded serial 2011071001

Revisamos el archivo de Zona Inversa:

#named-checkzone sisope.local /var/named/reverse.sisope

zone sisope.local/IN: loaded serial 2011071001

Probamos el servidor DNS:

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> primario.sisope.local

;; global options: +cmd

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

; EDNS: version: 0, flags:; udp: 4096

primario.unixmen.local. 86400 IN A 192.168.1.101

sisope.local. 86400 IN NS primario.sisope.local.

;; Query time: 0 msec

;; MSG SIZE rcvd: 125

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.