User Tools

Site Tools


bdnog11:netsec:bind-reverse

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
bdnog11:netsec:bind-reverse [2020/01/14 11:30]
Muhammad Moinur Rahman [Steps]
bdnog11:netsec:bind-reverse [2020/01/14 11:40] (current)
Muhammad Moinur Rahman
Line 25: Line 25:
 zone "​1XX.168.192.in-addr.arpa."​ { zone "​1XX.168.192.in-addr.arpa."​ {
  type slave;  type slave;
- file "​db.192.168.1XX.bak";+ file "​db.192.168.1XX";​
  allow-transfer { none; };  allow-transfer { none; };
- masters { 192.168.1XX.1; };+ masters { 192.168.30.XX; };
 };</​code>​ };</​code>​
     - Configure the /24 reverse zone (`db.192.168.1XX`) file in master name server. No need to create this in the slave since it will load the zone file from the master.\\ <​code>​     - Configure the /24 reverse zone (`db.192.168.1XX`) file in master name server. No need to create this in the slave since it will load the zone file from the master.\\ <​code>​
- $ORIGIN 130.168.192.in-addr.arpa. +$ORIGIN 130.168.192.in-addr.arpa. 
- $TTL 1d +$TTL 1d 
- @     ​SOA ​  ​ns.group30.net. email.group30.net. (+@     ​SOA ​  ​ns.group30.net. email.group30.net. (
                 2016010101                 2016010101
                 1h                 1h
Line 38: Line 38:
                 1w                 1w
                 24h                 24h
- +
- NS    ns.groupXX.net. +@ NS    ns.groupXX.net. 
- 1 PTR   ​ns.groupXX.net.</​code>​ +1 PTR   ​ns.groupXX.net.</​code>​ 
-  - Reload the `named` service and check the reverse DNS entry\\ <​code>​ +  - Reload the `named` service and check the reverse DNS entry\\ <​code>​dig -x 192.168.1XX.1</​code>​
- dig -x 192.168.1XX.1</​code>​+
   - Configure your master name server for classless reverse delegation. Let's assume you're assigning 2 * /26 from your IP block 192.168.1XX.0/​24,​ thus\\ 192.168.1XX.0/​26 ​ (192.168.1XX.0 - 192.168.1XX.63) -  you're currently using this so no need to delegate\\ 192.168.1XX.64/​26 (192.168.1XX.64- 192.168.1XX.127)- ​ delegate to customer 1   - Configure your master name server for classless reverse delegation. Let's assume you're assigning 2 * /26 from your IP block 192.168.1XX.0/​24,​ thus\\ 192.168.1XX.0/​26 ​ (192.168.1XX.0 - 192.168.1XX.63) -  you're currently using this so no need to delegate\\ 192.168.1XX.64/​26 (192.168.1XX.64- 192.168.1XX.127)- ​ delegate to customer 1
   - Update your existing 192.168.1XX.0/​24 reverse zone to include delegation of /26 subdomain for your customer. The server on your right will act as your customer so they will configure /26 zone. This should be done in the master name server. You should use the CNAME and glue records to accomplish the classless delegation.\\<​code>​   - Update your existing 192.168.1XX.0/​24 reverse zone to include delegation of /26 subdomain for your customer. The server on your right will act as your customer so they will configure /26 zone. This should be done in the master name server. You should use the CNAME and glue records to accomplish the classless delegation.\\<​code>​
- ;Existing /24 zone file +;Existing /24 zone file 
- $ORIGIN 1XX.168.192.in-addr.arpa. +$ORIGIN 1XX.168.192.in-addr.arpa. 
- $TTL 1d +$TTL 1d 
- @ SOA ns.groupXX.net. email.groupXX.net. ​  (+@ SOA ns.groupXX.net. email.groupXX.net. ​  (
  2016010101  2016010101
  1h  1h
  30m  30m
  1w  1w
- 24h )+ 24h ​ 
 +)
  
- NS ns.groupXX.net.+@ NS ns.groupXX.net.
  
- 1 PTR ns.groupXX.net.+1 PTR ns.groupXX.net.
  
- ;Inserting the /26 delegation +;Inserting the /26 delegation 
- 64-127 NS ns.groupYY.net. ; This is the customer name server.+64-127 NS ns.groupYY.net. ; This is the customer name server.
                               ​                               ​
- 65 CNAME 65.64-127 +65 CNAME 65.64-127 
- 66 CNAME 66.64-127 +66 CNAME 66.64-127 
- 67 CNAME 67.64-127 ​    ; it goes up to 126, use $GENERATE to automate</​code>​\\ Note that the "​."​ was intentionally omitted for the origin (1XX.168.192.in-addr.arpa) to be appended to it.+67 CNAME 67.64-127 ​    ; it goes up to 126, use $GENERATE to automate</​code>​\\ Note that the "​."​ was intentionally omitted for the origin (1XX.168.192.in-addr.arpa) to be appended to it.
   - In your customer’s name server, (`/​etc/​bind/​master`) create the /26 subdomain. Update your customer’s `named.conf.local` to load this /26 subdomain thus acting as primary for this /26 subdomain.   - In your customer’s name server, (`/​etc/​bind/​master`) create the /26 subdomain. Update your customer’s `named.conf.local` to load this /26 subdomain thus acting as primary for this /26 subdomain.
     - Updating customer’s named.conf.local to reflect the /26 subdomain.\\ <​code>​     - Updating customer’s named.conf.local to reflect the /26 subdomain.\\ <​code>​
- //​customer’s name server named.conf +//​customer’s name server named.conf 
- zone "​1XX.168.192.in-addr.arpa."​ { +zone "​1XX.168.192.in-addr.arpa."​ { 
- type slave; + type slave; 
- file "​db.192.168.1XX.bak";​ + file "​db.192.168.1XX.bak";​ 
- allow-transfer { none; }; + allow-transfer { none; }; 
- masters { 192.168.1XX.1;​ }; + masters { 192.168.1XX.1;​ }; 
- };+};
  
- zone "​64-127.1XX.168.192.in-addr.arpa."​ { +zone "​64-127.1XX.168.192.in-addr.arpa."​ { 
- type master; + type master; 
- file "​db.192.168.1XX.64";​ + file "​db.192.168.1XX.64";​ 
- };</​code>​+};</​code>​
     - Create the /26 zone (`db.192.168.1XX.64`) file in the customer name server\\ <​code>​     - Create the /26 zone (`db.192.168.1XX.64`) file in the customer name server\\ <​code>​
- $ORIGIN 64-127.1XX.168.192.in-addr.arpa. +$ORIGIN 64-127.1XX.168.192.in-addr.arpa. 
- @ SOA ns.groupYY.net. ​ root.groupYY.net. ( +@ SOA ns.groupYY.net. ​ root.groupYY.net. ( 
- 20121026 + 20121026 
- 1h + 1h 
- 30m + 30m 
- 1w + 1w 
- 24h + 24h 
- )+)
  
- NS ns.groupYY.net.+@ NS ns.groupYY.net.
   
- 65 PTR ​  ​www.groupYY.net. +65 PTR ​  ​www.groupYY.net. 
- 66 PTR ​  ​ftp.groupYY.net. +66 PTR ​  ​ftp.groupYY.net. 
- 67 PTR ​  ​mail.groupYY.net.</​code>​+67 PTR ​  ​mail.groupYY.net.</​code>​
   - Use dig to check if delegation works. This command will use dig to look for a PTR record.\\ <​code>​   - Use dig to check if delegation works. This command will use dig to look for a PTR record.\\ <​code>​
- dig @192.168.30.XX -x 192.168.1XX.66</​code>​\\ This command uses dig to look for an A record.\\ <​code>​dig @server hostname.domain-name.net</​code>​+dig @192.168.30.XX -x 192.168.1XX.66</​code>​\\ This command uses dig to look for an A record.\\ <​code>​dig @server hostname.domain-name.net</​code>​
bdnog11/netsec/bind-reverse.1578979830.txt.gz · Last modified: 2020/01/14 11:30 by Muhammad Moinur Rahman