To creating Master DNS for example.com zone we will add one new zone. as below to host and configure domain, two steps to be needed
1. Edit domain entry in /etc/named.conf
2. Population zone file with RR
Zone definition / creation of zone in /etc/named.conf
create entry in /etc/named.conf
following configuration is for “example.com” and the Resource Record will be stored at “/var/named/example.com.zone” file
zone "example.com" IN {
type master;
file "example.com.zone";
};
# Edit zmailtech.com domain entry in /etc/named.conf file.
[root@master ~]# vim /etc/named.conf
[root@master ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; 192.168.10.2; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.10.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "zmailtech.com" IN {
type master;
file "zmailtech.com.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@master ~]#
Population / creating entry RR (Resource Record) in zone file
To populate resource record named.localhost can be used as template.
[root@master ~]# cat /var/named/named.localhost
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
[root@master ~]#
For Create Zone file copy /var/named/named.localhost in /var/named/zmailtech.com.zone
[root@master ~]# cat /var/named/named.localhost > /var/named/zmailtech.com.zone
[root@master ~]# ls -l /var/named
total 20
drwxrwx---. 2 named named 23 Dec 5 12:56 data
drwxrwx---. 2 named named 60 Dec 12 21:15 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Aug 4 13:43 slaves
-rw-r--r--. 1 root root 152 Dec 12 21:24 zmailtech.com.zone
[root@master ~]#
Assigning proper permission and owenership on zmailtech.com.zone file.
[root@master ~]# chgrp named /var/named/zmailtech.com.zone
[root@master ~]# ls -l /var/named/
total 20
drwxrwx---. 2 named named 23 Dec 5 12:56 data
drwxrwx---. 2 named named 60 Dec 12 21:15 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Aug 4 13:43 slaves
-rw-r--r--. 1 root named 152 Dec 12 21:32 zmailtech.com.zone
[root@master ~]#
Edit zone file as like below
[root@master ~]# vim /var/named/zmailtech.com.zone
[root@master ~]# cat /var/named/zmailtech.com.zone
$TTL 1D
@ IN SOA ns1.zmailtech.com. admin.zmailtech.com. (
2017121501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.zmailtech.com.
ns1 IN A 192.168.10.2
master IN A 192.168.10.2
[root@master ~]#
need to restart bind (named) service after change in DNS Records
[root@master ~]# systemctl restart named
Testing DNS A Record with dig command.
[root@master ~]# dig @127.0.0.1 master.zmailtech.com
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> @127.0.0.1 master.zmailtech.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62530
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;master.zmailtech.com. IN A
;; ANSWER SECTION:
master.zmailtech.com. 86400 IN A 192.168.10.2
;; AUTHORITY SECTION:
zmailtech.com. 86400 IN NS ns1.zmailtech.com.
;; ADDITIONAL SECTION:
ns1.zmailtech.com. 86400 IN A 192.168.10.2
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 12 21:37:43 IST 2017
;; MSG SIZE rcvd: 99
[root@master ~]#
No comments:
Post a Comment