Langkau ke kandungan utama

Asas install Server DNS pada Centos 5


CentOS 5 : chroot DNS with bind

Posted by Sébastien Wains on December 13th 2007 to BIND, CentOS, Howto, Linux
Howto for CentOS 4 here : http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/
1. Install packages :
yum install bind bind-chroot bind-libs bind-utils caching-nameserver
2. Configure RNDC :
cd /var/named/chroot/etc
rndc-confgen > rndc.key
chown root:named rndc.key
Edit rndc.key so it looks like this :
key "rndckey" {
algorithm hmac-md5;
secret "SGsvd1dF+mv+yU4ywCCkkg==";
};
You DON’T NEED anything else in the file (you must remove some option lines !)
A symlink in /etc exists and points to the rndc.key file we’ve just created, named expects that file there in order to be able to authenticate against rndc.
3. Configure /var/named/chroot/etc/named.conf
// we include the rndckey (copy-paste from rndc.key created earlier)
key "rndckey" {
      algorithm hmac-md5;
      secret "SGsvd1dF+mv+yU4ywCCkkg==";
};
 
// we assume our server has the IP 192.168.254.207 serving the 192.168.254.0/24 subnet
controls {
        inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
        inet 192.168.254.207 allow { 192.168.254.0/24; } keys { "rndckey"; };
};
 
options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";
 
        recursion yes;
 
        allow-recursion {
                127.0.0.1;
                192.168.254.0/24;
                };
 
        // these are the opendns servers (optional)
        forwarders {
                208.67.222.222;
                208.67.220.220;
        };
 
        listen-on {
                127.0.0.1;
                192.168.254.207;
                };
 
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        query-source address * port 53;
 
        // so people can't try to guess what version you're running
        version "REFUSED";
 
        allow-query {
                127.0.0.1;
                192.168.254.0/24;
                };
        };
 
server 192.168.254.207 {
        keys { rndckey; };
        };
 
zone "." IN {
        type hint;
        file "named.ca";
        };
 
// we assume we have a slave dns server with the IP 192.168.254.101
zone "test.be" IN {
        type master;
        file "data/test.be.zone";
        allow-update { none; };
        allow-transfer { 192.168.254.101; };
        };
4. Our first zone
Let’s say I own the domain test.be
We create our first zone under /var/named/chroot/var/named/data/test.be.zone
Here’s an example :
$ttl 38400
test.be.       IN      SOA     ns.test.be. admin.test.be. (
                       2007020400   ; Serial
                       10800           ; Refresh after 3 hours
                       3600            ; Retry after 1 hour
                       604800          ; Expire after 1 week
                       86400 )         ; Minimum TTL of 1 day
test.be.       IN      NS      ns.test.be.
 
test.be.               IN      MX      1       mx.test.be.
test.be.               IN      MX      5       mx2.test.be.
 
www.test.be.           IN      A       192.168.100.5
ns.test.be.           IN      A       192.168.100.10
mx.test.be.          IN      A       192.168.100.20
mx2.test.be.         IN      A       192.168.100.21
mail.test.be.          IN      CNAME   mx.test.be.
5. Start the service and make sure it’ll start at boot
service named start
chkconfig named on
Make sure it’s running :
# rndc status
number of zones: 1
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
6. Query
# nslookup mx.test.be. 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53
 
Name:   mx.test.be
Address: 192.168.100.20
 
# nslookup www.google.com. 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53
 
Non-authoritative answer:
www.google.com  canonical name = www.l.google.com.
Name:   www.l.google.com
Address: 216.239.59.99
Name:   www.l.google.com
Address: 216.239.59.103
Name:   www.l.google.com
Address: 216.239.59.104
Name:   www.l.google.com
Address: 216.239.59.147
7. /etc/resolv.conf
If the query made on the previous point is working, you can set up /etc/resolv.conf on the server.
It should look like this :
search test.be
nameserver 127.0.0.1

 Cth Setting lain

[root@durian ~]# vi /var/named/chroot/etc/named.conf
                };

        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        query-source address * port 53;

        // so people can't try to guess what version you're running
        version "REFUSED";

        allow-query {
                127.0.0.1;
                219.93.##.###;
                };
        };

server 219.93.##.### {
        keys { rndckey; };
        };

zone "." IN {
        type hint;
        file "named.ca";
        };

zone "svcbagus.com" IN {
       type master;
        file "data/svcbagus.com.zone";
        allow-update { none; };
        allow-transfer { 219.93.#.###; };
       };

zone "pusatppat.gov.my" IN {
       type master;
        file "data/pusatppat.gov.my.zone";
        allow-update { none; };
        allow-transfer { none; };
       };






[root@durian ~]# vi /var/named/chroot/var/named/data/svcbagus.com.zone
$ttl 38400
svcbagus.com.        IN      SOA     plsn.svcbagus.com. root.plsn.svcbagus.com. (
                        2009021100
                        10800
                        3600
                        432000
                        38400 )
svcbagus.com.                IN      NS      drn.svcbagus.com.
drn.svcbagus.com.         IN      A       219.93.##.###
svcbagus.com.                IN      A       219.93.##.###
rmbtn.svcbagus.com.       IN      A       219.93.##.###
svcbagus.com.                IN      MX      2 rmbtn.svcbagus.com.
gmc.svcbagus.com.            IN      CNAME   rmbtn.svcbagus.com.
mggs.svcbagus.com.        IN      A       219.93.##.###
pagar.svcbagus.com.          IN      A       219.93.##.##
plsn.svcbagus.com.        IN      A       219.93.##.###
svcbagus.com.                IN      MX      1 plsn.svcbagus.com.
www.svcbagus.com.            IN      A       219.93.##.###
whb-rtr.svcbagus.com.        IN      A       60.52.###.###
tglembong-rtr.svcbagus.com.  IN      A       218.208.##.###

Ulasan

Catat Ulasan

Catatan popular daripada blog ini

Setting APACHE Tomcat Dengan Configure mod_jk Connector pada RHEL6.4 cara ringkas.

 Asas - Apakah mod_jk?   Penyambung mod_jk ialah modul Apache httpd yang membolehkan httpd untuk berkomunikasi dengan Apache Tomcat  bagi  seluruh  keadaan  protokol AJP. Modul ini digunakan bersama- s ama dengan komponen Penyambung AJP Tomcat ini.  Mengenai Penyambung   Apache Tomcat menggunakan komponen Penyambung untuk membolehkan komunikasi antara contoh nya  Tomcat dan pihak lain, seperti pelayar, pelayan atau contoh lain Tomcat yang merupakan sebahagian daripada rangkaian yang sama. Sebagai contoh, penyambung HTTP mendengar untuk permintaan lebih protokol HTTP/1.1 pada pelbagai port TCP...
Baca lagi

Azure 4 - VNet Peering & Service Chaining

lab title module VNet Peering and Service Chaining Module 05 - Intersite Connectivity Lab: VNet Peering and Service Chaining All tasks in this lab are performed from the Azure portal except for Exercise 2 Task 3, Exercise 3 Task 1, and Exercise 3 Task 2, which include steps performed from a Remote Desktop session to an Azure VM Lab files: Labfiles\Module_05\VNet_Peering_and_Service_Chaining\az-100-04_01_azuredeploy.json Labfiles\Module_05\VNet_Peering_and_Service_Chaining\az-100-04_02_azuredeploy.json Labfiles\Module_05\VNet_Peering_and_Service_Chaining\az-100-04_azuredeploy.parameters.json Scenario Adatum Corporation wants to implement service chaining between Azure virtual networks in its Azure subscription. Objectives After completing this lab, you will be able to: Create Azure virtual networks and deploy Azure VM by using Azure Resource Manager templates. Configure VNet peering. Implement custom routing Validate service chaining ...
Catat Ulasan
Baca lagi

Pasang Fedora 21 pada Surface Pro 3

Sila buat recovery untuk pc anda dulu guna USB yang bersaiz > 8 GB. Windows 8 Tak boleh  shrink volume lebih dari 4 partision. Tapi boleh guna cara khas nak    shrink volume. Jika alat Pengurusan Cakera tidak membenarkan berbuat demikian kerana "fail unmovable", anda akan perlu memasang semula Windows - dan menggunakan helah khas.  Gunakan opsyen Pemulihan untuk Pasang semula (tidak memuat semula) Windows.  Jangan meneruskan Ubahsuaian Awal selepas Windows but untuk kali pertama, sebaliknya, secara paksa mematikannya menggunakan butang kuasa, dan hidupkannya semula. Anda mungkin perlu mematikannya dan pada dua atau tiga kali, sehingga but Windows dan dicadangkan anda untuk menggunakan Advanced Startup untuk membaikinya.  Masukkan Command Prompt daripada pilihan Advanced Startup - Troubleshoot - advance options - command prompt - administrator - continue. .  Gunakan DISKPART mengecut partition C dengan saiz yang anda inginkan.  But s...
Baca lagi