This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
bdnog11:netsec:bind-authoritative [2020/01/12 14:56] Muhammad Moinur Rahman |
bdnog11:netsec:bind-authoritative [2020/01/12 15:39] Muhammad Moinur Rahman |
||
---|---|---|---|
Line 20: | Line 20: | ||
) | ) | ||
- | @ . IN NS . ns.groupXX.net. | + | @ IN NS ns.groupXX.net. |
ns IN A 192.168.30.X | ns IN A 192.168.30.X | ||
Line 45: | Line 45: | ||
zone "groupYY.net" { | zone "groupYY.net" { | ||
type slave; | type slave; | ||
- | file "/var/named/slave/db.groupYY.net"; | + | file "/etc/bind/slave/db.groupYY.net"; |
- | masters { 192.168.30.YY; | + | masters { 192.168.30.YY;}; |
- | }; | + | |
};</code> | };</code> | ||
- Secure your zones by restricting who can get the zone file. You can test this by trying zone transfer from another nameserver in the lab.\\ <code>dig @localhost groupYY.net AXFR</code>\\ If successful, you will see all the resource records as an output. | - Secure your zones by restricting who can get the zone file. You can test this by trying zone transfer from another nameserver in the lab.\\ <code>dig @localhost groupYY.net AXFR</code>\\ If successful, you will see all the resource records as an output. | ||
- | - Now, add the following line in your ''named.conf.local'' for the zones where you are primary:\\ <code> | + | - Now, add the ''allow-transfer'' line in your ''named.conf.local'' for the zones where you are primary so that your zone block looks like following:\\ <code> |
zone "groupXX.net" { | zone "groupXX.net" { | ||
type master; | type master; | ||
- | file "/etc/named/master/db.groupXX.net"; | + | file "/etc/bind/master/db.groupXX.net"; |
- | allow-transfer { 192.168.30.YY; | + | allow-transfer { 192.168.30.YY; }; |
- | }; | + | |
};</code>\\ Execute the same dig command again. If successful, the status in the dig output should say Transfer Failed. | };</code>\\ Execute the same dig command again. If successful, the status in the dig output should say Transfer Failed. | ||
- You can make `groupYY.net` (the secondary/slave server) as authorative server. For that add another NS record in the `db.groupXX.net` file:\\ <code> | - You can make `groupYY.net` (the secondary/slave server) as authorative server. For that add another NS record in the `db.groupXX.net` file:\\ <code> | ||
Line 64: | Line 62: | ||
<config sniff...........> | <config sniff...........> | ||
- | IN NS ns.groupXX.net. | + | @ IN NS ns.groupXX.net. |
- | IN NS ns.groupYY.net. | + | @ IN NS ns.groupYY.net. |
<config sniff..........></code> | <config sniff..........></code> |