This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
bdnog11:netsec:bind-authoritative [2020/01/12 15:13] Muhammad Moinur Rahman |
bdnog11:netsec:bind-authoritative [2020/01/12 16:00] Muhammad Moinur Rahman |
||
---|---|---|---|
Line 41: | Line 41: | ||
systemctl status named</code> | systemctl status named</code> | ||
- Once BIND is running, you can do some basic test using DNS tools like ''dig''. To test your name server to display the SOA records for your domain. <code>dig @192.168.30.XX groupXX.net SOA</code>\\ To test your name server to display NS records \\ <code>dig @192.168.30.XX groupXX.net NS</code> \\ To test your name server to display other resource records (A, MX, or TXT). You can also use the ''-t'' option to set the query type.\\ <code>dig @192.168.30.XX ns.groupXX.net A</code>\\ <code>dig -t MX @192.168.30.XX groupXX.net</code> | - Once BIND is running, you can do some basic test using DNS tools like ''dig''. To test your name server to display the SOA records for your domain. <code>dig @192.168.30.XX groupXX.net SOA</code>\\ To test your name server to display NS records \\ <code>dig @192.168.30.XX groupXX.net NS</code> \\ To test your name server to display other resource records (A, MX, or TXT). You can also use the ''-t'' option to set the query type.\\ <code>dig @192.168.30.XX ns.groupXX.net A</code>\\ <code>dig -t MX @192.168.30.XX groupXX.net</code> | ||
- | - Setup your server as the secondary server for your neighbour. Create a folder called slave. Your primary server’s zonefile will be copied to this folder.\\ <code>mkdir -p /etc/bind/slave</code> | + | - Setup your server as the secondary server for your neighbour. Create a folder called slave. Your primary server’s zonefile will be copied to this folder.\\ <code>mkdir -p /etc/bind/slave |
+ | chown :bind /etc/bind/slave | ||
+ | chmod 775 /etc/bind/slave</code> | ||
- In your ''named.conf.local'' add the following (group98.net is the neighbour zone):\\<code> | - In your ''named.conf.local'' add the following (group98.net is the neighbour zone):\\<code> | ||
zone "groupYY.net" { | zone "groupYY.net" { | ||
type slave; | type slave; | ||
- | file "/etc/named/slave/db.groupYY.net"; | + | file "/etc/bind/slave/db.groupYY.net"; |
- | masters { 192.168.30.YY; | + | masters { 192.168.30.YY;}; |
- | }; | + | |
};</code> | };</code> | ||
- Secure your zones by restricting who can get the zone file. You can test this by trying zone transfer from another nameserver in the lab.\\ <code>dig @localhost groupYY.net AXFR</code>\\ If successful, you will see all the resource records as an output. | - Secure your zones by restricting who can get the zone file. You can test this by trying zone transfer from another nameserver in the lab.\\ <code>dig @localhost groupYY.net AXFR</code>\\ If successful, you will see all the resource records as an output. | ||
- | - Now, add the following line in your ''named.conf.local'' for the zones where you are primary:\\ <code> | + | - Now, add the ''allow-transfer'' line in your ''named.conf.local'' for the zones where you are primary so that your zone block looks like following:\\ <code> |
zone "groupXX.net" { | zone "groupXX.net" { | ||
type master; | type master; | ||
- | file "/etc/named/master/db.groupXX.net"; | + | file "/etc/bind/master/db.groupXX.net"; |
- | allow-transfer { 192.168.30.YY; | + | allow-transfer { 192.168.30.YY; }; |
- | }; | + | |
};</code>\\ Execute the same dig command again. If successful, the status in the dig output should say Transfer Failed. | };</code>\\ Execute the same dig command again. If successful, the status in the dig output should say Transfer Failed. | ||
- You can make `groupYY.net` (the secondary/slave server) as authorative server. For that add another NS record in the `db.groupXX.net` file:\\ <code> | - You can make `groupYY.net` (the secondary/slave server) as authorative server. For that add another NS record in the `db.groupXX.net` file:\\ <code> | ||
Line 64: | Line 64: | ||
<config sniff...........> | <config sniff...........> | ||
- | IN NS ns.groupXX.net. | + | @ IN NS ns.groupXX.net. |
- | IN NS ns.groupYY.net. | + | @ IN NS ns.groupYY.net. |
<config sniff..........></code> | <config sniff..........></code> |