User Tools
bdnog11:netsec:bind-authoritative
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
bdnog11:netsec:bind-authoritative [2020/01/12 15:13] Muhammad Moinur Rahman |
bdnog11:netsec:bind-authoritative [2020/01/12 16:00] Muhammad Moinur Rahman |
||
|---|---|---|---|
| Line 41: | Line 41: | ||
| systemctl status named</code> | systemctl status named</code> | ||
| - Once BIND is running, you can do some basic test using DNS tools like ''dig''. To test your name server to display the SOA records for your domain. <code>dig @192.168.30.XX groupXX.net SOA</code>\\ To test your name server to display NS records \\ <code>dig @192.168.30.XX groupXX.net NS</code> \\ To test your name server to display other resource records (A, MX, or TXT). You can also use the ''-t'' option to set the query type.\\ <code>dig @192.168.30.XX ns.groupXX.net A</code>\\ <code>dig -t MX @192.168.30.XX groupXX.net</code> | - Once BIND is running, you can do some basic test using DNS tools like ''dig''. To test your name server to display the SOA records for your domain. <code>dig @192.168.30.XX groupXX.net SOA</code>\\ To test your name server to display NS records \\ <code>dig @192.168.30.XX groupXX.net NS</code> \\ To test your name server to display other resource records (A, MX, or TXT). You can also use the ''-t'' option to set the query type.\\ <code>dig @192.168.30.XX ns.groupXX.net A</code>\\ <code>dig -t MX @192.168.30.XX groupXX.net</code> | ||
| - | - Setup your server as the secondary server for your neighbour. Create a folder called slave. Your primary server’s zonefile will be copied to this folder.\\ <code>mkdir -p /etc/bind/slave</code> | + | - Setup your server as the secondary server for your neighbour. Create a folder called slave. Your primary server’s zonefile will be copied to this folder.\\ <code>mkdir -p /etc/bind/slave |
| + | chown :bind /etc/bind/slave | ||
| + | chmod 775 /etc/bind/slave</code> | ||
| - In your ''named.conf.local'' add the following (group98.net is the neighbour zone):\\<code> | - In your ''named.conf.local'' add the following (group98.net is the neighbour zone):\\<code> | ||
| zone "groupYY.net" { | zone "groupYY.net" { | ||
| type slave; | type slave; | ||
| - | file "/etc/named/slave/db.groupYY.net"; | + | file "/etc/bind/slave/db.groupYY.net"; |
| - | masters { 192.168.30.YY; | + | masters { 192.168.30.YY;}; |
| - | }; | + | |
| };</code> | };</code> | ||
| - Secure your zones by restricting who can get the zone file. You can test this by trying zone transfer from another nameserver in the lab.\\ <code>dig @localhost groupYY.net AXFR</code>\\ If successful, you will see all the resource records as an output. | - Secure your zones by restricting who can get the zone file. You can test this by trying zone transfer from another nameserver in the lab.\\ <code>dig @localhost groupYY.net AXFR</code>\\ If successful, you will see all the resource records as an output. | ||
| - | - Now, add the following line in your ''named.conf.local'' for the zones where you are primary:\\ <code> | + | - Now, add the ''allow-transfer'' line in your ''named.conf.local'' for the zones where you are primary so that your zone block looks like following:\\ <code> |
| zone "groupXX.net" { | zone "groupXX.net" { | ||
| type master; | type master; | ||
| - | file "/etc/named/master/db.groupXX.net"; | + | file "/etc/bind/master/db.groupXX.net"; |
| - | allow-transfer { 192.168.30.YY; | + | allow-transfer { 192.168.30.YY; }; |
| - | }; | + | |
| };</code>\\ Execute the same dig command again. If successful, the status in the dig output should say Transfer Failed. | };</code>\\ Execute the same dig command again. If successful, the status in the dig output should say Transfer Failed. | ||
| - You can make `groupYY.net` (the secondary/slave server) as authorative server. For that add another NS record in the `db.groupXX.net` file:\\ <code> | - You can make `groupYY.net` (the secondary/slave server) as authorative server. For that add another NS record in the `db.groupXX.net` file:\\ <code> | ||
| Line 64: | Line 64: | ||
| <config sniff...........> | <config sniff...........> | ||
| - | IN NS ns.groupXX.net. | + | @ IN NS ns.groupXX.net. |
| - | IN NS ns.groupYY.net. | + | @ IN NS ns.groupYY.net. |
| <config sniff..........></code> | <config sniff..........></code> | ||
bdnog11/netsec/bind-authoritative.txt · Last modified: 2020/01/12 16:00 by Muhammad Moinur Rahman
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
