User Tools

Site Tools


bdnog11:netsec:bind-authoritative

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
bdnog11:netsec:bind-authoritative [2020/01/12 15:13]
Muhammad Moinur Rahman
bdnog11:netsec:bind-authoritative [2020/01/12 16:00] (current)
Muhammad Moinur Rahman
Line 41: Line 41:
 systemctl status named</​code>​ systemctl status named</​code>​
   - Once BIND is running, you can do some basic test using DNS tools like ''​dig''​. To test your name server to display the SOA  records for your domain. <​code>​dig @192.168.30.XX groupXX.net SOA</​code>​\\ To test your name server to display NS records \\ <​code>​dig @192.168.30.XX groupXX.net NS</​code>​ \\ To test your name server to display other resource records (A, MX, or TXT). You can also use the ''​-t''​ option to set the query type.\\ <​code>​dig @192.168.30.XX ns.groupXX.net A</​code>​\\ <​code>​dig -t MX @192.168.30.XX groupXX.net</​code>​   - Once BIND is running, you can do some basic test using DNS tools like ''​dig''​. To test your name server to display the SOA  records for your domain. <​code>​dig @192.168.30.XX groupXX.net SOA</​code>​\\ To test your name server to display NS records \\ <​code>​dig @192.168.30.XX groupXX.net NS</​code>​ \\ To test your name server to display other resource records (A, MX, or TXT). You can also use the ''​-t''​ option to set the query type.\\ <​code>​dig @192.168.30.XX ns.groupXX.net A</​code>​\\ <​code>​dig -t MX @192.168.30.XX groupXX.net</​code>​
-  - Setup your server as the secondary server for your neighbour. Create a folder called slave. Your primary server’s zonefile will be copied to this folder.\\ <​code>​mkdir -p /​etc/​bind/​slave</​code>​+  - Setup your server as the secondary server for your neighbour. Create a folder called slave. Your primary server’s zonefile will be copied to this folder.\\ <​code>​mkdir -p /​etc/​bind/​slave 
 +chown :bind /​etc/​bind/​slave 
 +chmod 775 /​etc/​bind/​slave</​code>​
   - In your ''​named.conf.local''​ add the following (group98.net is the neighbour zone):​\\<​code>​   - In your ''​named.conf.local''​ add the following (group98.net is the neighbour zone):​\\<​code>​
 zone "​groupYY.net"​ { zone "​groupYY.net"​ {
  type slave;  type slave;
- file "/etc/named/​slave/​db.groupYY.net";​ + file "/etc/bind/​slave/​db.groupYY.net";​ 
- masters { 192.168.30.YY;​ + masters { 192.168.30.YY;​};​
- };+
 };</​code>​ };</​code>​
   - Secure your zones by restricting who can get the zone file. You can test this by trying zone transfer from another nameserver in the lab.\\ <​code>​dig @localhost groupYY.net AXFR</​code>​\\ If successful, you will see all the resource records as an output.   - Secure your zones by restricting who can get the zone file. You can test this by trying zone transfer from another nameserver in the lab.\\ <​code>​dig @localhost groupYY.net AXFR</​code>​\\ If successful, you will see all the resource records as an output.
-  - Now, add the following ​line in your ''​named.conf.local''​ for the zones where you are primary:\\ <​code>​+  - Now, add the ''​allow-transfer'' ​line in your ''​named.conf.local''​ for the zones where you are primary ​so that your zone block looks like following:\\ <​code>​
 zone "​groupXX.net"​ { zone "​groupXX.net"​ {
  type master;  type master;
- file "/etc/named/​master/​db.groupXX.net";​ + file "/etc/bind/​master/​db.groupXX.net";​ 
- allow-transfer { 192.168.30.YY; ​ + allow-transfer { 192.168.30.YY;​ };
- };+
 };</​code>​\\ Execute the same dig command again. If successful, the status in the dig output should say Transfer Failed. };</​code>​\\ Execute the same dig command again. If successful, the status in the dig output should say Transfer Failed.
   - You can make `groupYY.net` (the secondary/​slave server) as authorative server. For that add another NS record in the `db.groupXX.net` file:\\ <​code>​   - You can make `groupYY.net` (the secondary/​slave server) as authorative server. For that add another NS record in the `db.groupXX.net` file:\\ <​code>​
Line 64: Line 64:
  <​config sniff...........>​  <​config sniff...........>​
      
-IN NS   ​ns.groupXX.net. +@       IN NS   ​ns.groupXX.net. 
-IN NS   ​ns.groupYY.net.+@       IN NS   ​ns.groupYY.net.
   
  <​config sniff..........></​code>​  <​config sniff..........></​code>​
bdnog11/netsec/bind-authoritative.1578820408.txt.gz · Last modified: 2020/01/12 15:13 by Muhammad Moinur Rahman