Differences

This shows you the differences between two versions of the page.

--- bdnog11:netsec:bind-authoritative [2020/01/12 14:56]
Muhammad Moinur Rahman
+++ bdnog11:netsec:bind-authoritative [2020/01/12 15:39]
Muhammad Moinur Rahman
@@ Line 20: / Line 20: @@
 )
-@ .     IN	NS .    ns.groupXX.net.
+@       IN	NS      ns.groupXX.net.
 ns	IN	A	192.168.30.X
@@ Line 45: / Line 45: @@
 zone "groupYY.net" {
  type slave;
- file "/var/named/slave/db.groupYY.net";
+ file "/etc/bind/slave/db.groupYY.net";
- masters { 192.168.30.YY;
+ masters { 192.168.30.YY;};
- };
 };</code>
   - Secure your zones by restricting who can get the zone file. You can test this by trying zone transfer from another nameserver in the lab.\\ <code>dig @localhost groupYY.net AXFR</code>\\ If successful, you will see all the resource records as an output.
-  - Now, add the following line in your ''named.conf.local'' for the zones where you are primary:\\ <code>
+  - Now, add the ''allow-transfer'' line in your ''named.conf.local'' for the zones where you are primary so that your zone block looks like following:\\ <code>
 zone "groupXX.net" {
  type master;
- file "/etc/named/master/db.groupXX.net";
+ file "/etc/bind/master/db.groupXX.net";
- allow-transfer { 192.168.30.YY;
+ allow-transfer { 192.168.30.YY; };
- };
 };</code>\\ Execute the same dig command again. If successful, the status in the dig output should say Transfer Failed.
   - You can make `groupYY.net` (the secondary/slave server) as authorative server. For that add another NS record in the `db.groupXX.net` file:\\ <code>
@@ Line 64: / Line 62: @@
  <config sniff...........>
-IN	NS   ns.groupXX.net.
+@       IN	NS   ns.groupXX.net.
-IN	NS   ns.groupYY.net.
+@       IN	NS   ns.groupYY.net.
  <config sniff..........></code>

Bangladesh Network Operators Group (bdNOG)

User Tools

Site Tools

Differences

Page Tools