User Tools
bdnog11:netsec:bind-reverse
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
bdnog11:netsec:bind-reverse [2020/01/14 11:30] Muhammad Moinur Rahman [Steps] |
bdnog11:netsec:bind-reverse [2020/01/14 11:40] Muhammad Moinur Rahman |
||
|---|---|---|---|
| Line 25: | Line 25: | ||
| zone "1XX.168.192.in-addr.arpa." { | zone "1XX.168.192.in-addr.arpa." { | ||
| type slave; | type slave; | ||
| - | file "db.192.168.1XX.bak"; | + | file "db.192.168.1XX"; |
| allow-transfer { none; }; | allow-transfer { none; }; | ||
| - | masters { 192.168.1XX.1; }; | + | masters { 192.168.30.XX; }; |
| };</code> | };</code> | ||
| - Configure the /24 reverse zone (`db.192.168.1XX`) file in master name server. No need to create this in the slave since it will load the zone file from the master.\\ <code> | - Configure the /24 reverse zone (`db.192.168.1XX`) file in master name server. No need to create this in the slave since it will load the zone file from the master.\\ <code> | ||
| - | $ORIGIN 130.168.192.in-addr.arpa. | + | $ORIGIN 130.168.192.in-addr.arpa. |
| - | $TTL 1d | + | $TTL 1d |
| - | @ SOA ns.group30.net. email.group30.net. ( | + | @ SOA ns.group30.net. email.group30.net. ( |
| 2016010101 | 2016010101 | ||
| 1h | 1h | ||
| Line 38: | Line 38: | ||
| 1w | 1w | ||
| 24h | 24h | ||
| - | ) | + | ) |
| - | NS ns.groupXX.net. | + | @ NS ns.groupXX.net. |
| - | 1 PTR ns.groupXX.net.</code> | + | 1 PTR ns.groupXX.net.</code> |
| - | - Reload the `named` service and check the reverse DNS entry\\ <code> | + | - Reload the `named` service and check the reverse DNS entry\\ <code>dig -x 192.168.1XX.1</code> |
| - | dig -x 192.168.1XX.1</code> | + | |
| - Configure your master name server for classless reverse delegation. Let's assume you're assigning 2 * /26 from your IP block 192.168.1XX.0/24, thus\\ 192.168.1XX.0/26 (192.168.1XX.0 - 192.168.1XX.63) - you're currently using this so no need to delegate\\ 192.168.1XX.64/26 (192.168.1XX.64- 192.168.1XX.127)- delegate to customer 1 | - Configure your master name server for classless reverse delegation. Let's assume you're assigning 2 * /26 from your IP block 192.168.1XX.0/24, thus\\ 192.168.1XX.0/26 (192.168.1XX.0 - 192.168.1XX.63) - you're currently using this so no need to delegate\\ 192.168.1XX.64/26 (192.168.1XX.64- 192.168.1XX.127)- delegate to customer 1 | ||
| - Update your existing 192.168.1XX.0/24 reverse zone to include delegation of /26 subdomain for your customer. The server on your right will act as your customer so they will configure /26 zone. This should be done in the master name server. You should use the CNAME and glue records to accomplish the classless delegation.\\<code> | - Update your existing 192.168.1XX.0/24 reverse zone to include delegation of /26 subdomain for your customer. The server on your right will act as your customer so they will configure /26 zone. This should be done in the master name server. You should use the CNAME and glue records to accomplish the classless delegation.\\<code> | ||
| - | ;Existing /24 zone file | + | ;Existing /24 zone file |
| - | $ORIGIN 1XX.168.192.in-addr.arpa. | + | $ORIGIN 1XX.168.192.in-addr.arpa. |
| - | $TTL 1d | + | $TTL 1d |
| - | @ SOA ns.groupXX.net. email.groupXX.net. ( | + | @ SOA ns.groupXX.net. email.groupXX.net. ( |
| 2016010101 | 2016010101 | ||
| 1h | 1h | ||
| 30m | 30m | ||
| 1w | 1w | ||
| - | 24h ) | + | 24h |
| + | ) | ||
| - | NS ns.groupXX.net. | + | @ NS ns.groupXX.net. |
| - | 1 PTR ns.groupXX.net. | + | 1 PTR ns.groupXX.net. |
| - | ;Inserting the /26 delegation | + | ;Inserting the /26 delegation |
| - | 64-127 NS ns.groupYY.net. ; This is the customer name server. | + | 64-127 NS ns.groupYY.net. ; This is the customer name server. |
| | | ||
| - | 65 CNAME 65.64-127 | + | 65 CNAME 65.64-127 |
| - | 66 CNAME 66.64-127 | + | 66 CNAME 66.64-127 |
| - | 67 CNAME 67.64-127 ; it goes up to 126, use $GENERATE to automate</code>\\ Note that the "." was intentionally omitted for the origin (1XX.168.192.in-addr.arpa) to be appended to it. | + | 67 CNAME 67.64-127 ; it goes up to 126, use $GENERATE to automate</code>\\ Note that the "." was intentionally omitted for the origin (1XX.168.192.in-addr.arpa) to be appended to it. |
| - In your customer’s name server, (`/etc/bind/master`) create the /26 subdomain. Update your customer’s `named.conf.local` to load this /26 subdomain thus acting as primary for this /26 subdomain. | - In your customer’s name server, (`/etc/bind/master`) create the /26 subdomain. Update your customer’s `named.conf.local` to load this /26 subdomain thus acting as primary for this /26 subdomain. | ||
| - Updating customer’s named.conf.local to reflect the /26 subdomain.\\ <code> | - Updating customer’s named.conf.local to reflect the /26 subdomain.\\ <code> | ||
| - | //customer’s name server named.conf | + | //customer’s name server named.conf |
| - | zone "1XX.168.192.in-addr.arpa." { | + | zone "1XX.168.192.in-addr.arpa." { |
| - | type slave; | + | type slave; |
| - | file "db.192.168.1XX.bak"; | + | file "db.192.168.1XX.bak"; |
| - | allow-transfer { none; }; | + | allow-transfer { none; }; |
| - | masters { 192.168.1XX.1; }; | + | masters { 192.168.1XX.1; }; |
| - | }; | + | }; |
| - | zone "64-127.1XX.168.192.in-addr.arpa." { | + | zone "64-127.1XX.168.192.in-addr.arpa." { |
| - | type master; | + | type master; |
| - | file "db.192.168.1XX.64"; | + | file "db.192.168.1XX.64"; |
| - | };</code> | + | };</code> |
| - Create the /26 zone (`db.192.168.1XX.64`) file in the customer name server\\ <code> | - Create the /26 zone (`db.192.168.1XX.64`) file in the customer name server\\ <code> | ||
| - | $ORIGIN 64-127.1XX.168.192.in-addr.arpa. | + | $ORIGIN 64-127.1XX.168.192.in-addr.arpa. |
| - | @ SOA ns.groupYY.net. root.groupYY.net. ( | + | @ SOA ns.groupYY.net. root.groupYY.net. ( |
| - | 20121026 | + | 20121026 |
| - | 1h | + | 1h |
| - | 30m | + | 30m |
| - | 1w | + | 1w |
| - | 24h | + | 24h |
| - | ) | + | ) |
| - | NS ns.groupYY.net. | + | @ NS ns.groupYY.net. |
| - | 65 PTR www.groupYY.net. | + | 65 PTR www.groupYY.net. |
| - | 66 PTR ftp.groupYY.net. | + | 66 PTR ftp.groupYY.net. |
| - | 67 PTR mail.groupYY.net.</code> | + | 67 PTR mail.groupYY.net.</code> |
| - Use dig to check if delegation works. This command will use dig to look for a PTR record.\\ <code> | - Use dig to check if delegation works. This command will use dig to look for a PTR record.\\ <code> | ||
| - | dig @192.168.30.XX -x 192.168.1XX.66</code>\\ This command uses dig to look for an A record.\\ <code>dig @server hostname.domain-name.net</code> | + | dig @192.168.30.XX -x 192.168.1XX.66</code>\\ This command uses dig to look for an A record.\\ <code>dig @server hostname.domain-name.net</code> |
bdnog11/netsec/bind-reverse.txt · Last modified: 2020/01/14 11:40 by Muhammad Moinur Rahman
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
