User Tools

Site Tools


bdnog11:netsec:bind-reverse

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
bdnog11:netsec:bind-reverse [2020/01/14 11:30]
Muhammad Moinur Rahman [Steps]
bdnog11:netsec:bind-reverse [2020/01/14 11:36]
Muhammad Moinur Rahman
Line 25: Line 25:
 zone "​1XX.168.192.in-addr.arpa."​ { zone "​1XX.168.192.in-addr.arpa."​ {
  type slave;  type slave;
- file "​db.192.168.1XX.bak";+ file "​db.192.168.1XX";​
  allow-transfer { none; };  allow-transfer { none; };
- masters { 192.168.1XX.1; };+ masters { 192.168.30.XX; };
 };</​code>​ };</​code>​
     - Configure the /24 reverse zone (`db.192.168.1XX`) file in master name server. No need to create this in the slave since it will load the zone file from the master.\\ <​code>​     - Configure the /24 reverse zone (`db.192.168.1XX`) file in master name server. No need to create this in the slave since it will load the zone file from the master.\\ <​code>​
- $ORIGIN 130.168.192.in-addr.arpa. +$ORIGIN 130.168.192.in-addr.arpa. 
- $TTL 1d +$TTL 1d 
- @     ​SOA ​  ​ns.group30.net. email.group30.net. (+@     ​SOA ​  ​ns.group30.net. email.group30.net. (
                 2016010101                 2016010101
                 1h                 1h
Line 38: Line 38:
                 1w                 1w
                 24h                 24h
- +
- NS    ns.groupXX.net. +@ NS    ns.groupXX.net. 
- 1 PTR   ​ns.groupXX.net.</​code>​ +1 PTR   ​ns.groupXX.net.</​code>​ 
-  - Reload the `named` service and check the reverse DNS entry\\ <​code>​ +  - Reload the `named` service and check the reverse DNS entry\\ <​code>​dig -x 192.168.1XX.1</​code>​
- dig -x 192.168.1XX.1</​code>​+
   - Configure your master name server for classless reverse delegation. Let's assume you're assigning 2 * /26 from your IP block 192.168.1XX.0/​24,​ thus\\ 192.168.1XX.0/​26 ​ (192.168.1XX.0 - 192.168.1XX.63) -  you're currently using this so no need to delegate\\ 192.168.1XX.64/​26 (192.168.1XX.64- 192.168.1XX.127)- ​ delegate to customer 1   - Configure your master name server for classless reverse delegation. Let's assume you're assigning 2 * /26 from your IP block 192.168.1XX.0/​24,​ thus\\ 192.168.1XX.0/​26 ​ (192.168.1XX.0 - 192.168.1XX.63) -  you're currently using this so no need to delegate\\ 192.168.1XX.64/​26 (192.168.1XX.64- 192.168.1XX.127)- ​ delegate to customer 1
   - Update your existing 192.168.1XX.0/​24 reverse zone to include delegation of /26 subdomain for your customer. The server on your right will act as your customer so they will configure /26 zone. This should be done in the master name server. You should use the CNAME and glue records to accomplish the classless delegation.\\<​code>​   - Update your existing 192.168.1XX.0/​24 reverse zone to include delegation of /26 subdomain for your customer. The server on your right will act as your customer so they will configure /26 zone. This should be done in the master name server. You should use the CNAME and glue records to accomplish the classless delegation.\\<​code>​
- ;Existing /24 zone file +;Existing /24 zone file 
- $ORIGIN 1XX.168.192.in-addr.arpa. +$ORIGIN 1XX.168.192.in-addr.arpa. 
- $TTL 1d +$TTL 1d 
- @ SOA ns.groupXX.net. email.groupXX.net. ​  (+@ SOA ns.groupXX.net. email.groupXX.net. ​  (
  2016010101  2016010101
  1h  1h
  30m  30m
  1w  1w
- 24h )+ 24h ​ 
 +)
  
- NS ns.groupXX.net.+@ NS ns.groupXX.net.
  
- 1 PTR ns.groupXX.net.+1 PTR ns.groupXX.net.
  
- ;Inserting the /26 delegation +;Inserting the /26 delegation 
- 64-127 NS ns.groupYY.net. ; This is the customer name server.+64-127 NS ns.groupYY.net. ; This is the customer name server.
                               ​                               ​
- 65 CNAME 65.64-127 +65 CNAME 65.64-127 
- 66 CNAME 66.64-127 +66 CNAME 66.64-127 
- 67 CNAME 67.64-127 ​    ; it goes up to 126, use $GENERATE to automate</​code>​\\ Note that the "​."​ was intentionally omitted for the origin (1XX.168.192.in-addr.arpa) to be appended to it.+67 CNAME 67.64-127 ​    ; it goes up to 126, use $GENERATE to automate</​code>​\\ Note that the "​."​ was intentionally omitted for the origin (1XX.168.192.in-addr.arpa) to be appended to it.
   - In your customer’s name server, (`/​etc/​bind/​master`) create the /26 subdomain. Update your customer’s `named.conf.local` to load this /26 subdomain thus acting as primary for this /26 subdomain.   - In your customer’s name server, (`/​etc/​bind/​master`) create the /26 subdomain. Update your customer’s `named.conf.local` to load this /26 subdomain thus acting as primary for this /26 subdomain.
     - Updating customer’s named.conf.local to reflect the /26 subdomain.\\ <​code>​     - Updating customer’s named.conf.local to reflect the /26 subdomain.\\ <​code>​
bdnog11/netsec/bind-reverse.txt · Last modified: 2020/01/14 11:40 by Muhammad Moinur Rahman