Linux – Bind externo primário CentOS7 e secundário Debian9
Ambiente 1 – Preparar ambiente
|
1 2 3 4 5 6 7 8 |
[root@centos7]# yum -y update [root@centos7]# firewall-cmd --add-port=53/udp --permanent && firewall-cmd --reload && firewall-cmd --list-port [root@centos7]# firewall-cmd --add-port=53/tcp --permanent && firewall-cmd --reload && firewall-cmd --list-port [root@centos7]# setenforce Permissive [root@centos7]# vim /etc/selinux/config [root@centos7]# yum -y install bind bind-chroot bind-utils net-tools [root@centos7]# systemctl start named [root@centos7]# systemctl enable named |
2 – Configurar o /etc/named.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
[root@centos7]# vim /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 127.0.0.1; 35.190.128.157; 10.142.0.2; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/rndc.key"; zone "labs.eti.br" { type master; file "db.labs.eti.br"; allow-update { key rndc-key; }; allow-transfer { 35.196.13.28; 10.142.0.3; }; }; zone "128.190.35.in-addr.arpa" { type master; file "db.128.190.35.in-addr.arpa"; allow-update { key rndc-key; }; allow-transfer { 35.196.13.28; 10.142.0.3; }; }; zone "13.196.35.in-addr.arpa" { type master; file "db.13.196.35.in-addr.arpa"; allow-update { key rndc-key; }; allow-transfer { 35.196.13.28; 10.142.0.3; }; }; [root@centos7]# named-checkconf -z zone localhost.localdomain/IN: loaded serial 0 zone localhost/IN: loaded serial 0 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 zone 0.in-addr.arpa/IN: loaded serial 0 zone labs.eti.br/IN: loaded serial 2018021802 zone 128.190.35.in-addr.arpa/IN: loaded serial 2018021802 zone 13.196.35.in-addr.arpa/IN: loaded serial 2018021801 |
3 – Configurar /var/named/db.labs.eti.br
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
root@centos7]# vim /var/named/db.labs.eti.br $ORIGIN . $TTL 86400 ; 1 dia labs.eti.br IN SOA ns1.labs.eti.br. root.labs.eti.br. ( 2018021803 ; serial 3600 ; refresh 1 hora 1800 ; retry 30 minutos 604800 ; expire 1 semana 86400 ; minimum 1 dia ) NS ns1.labs.eti.br. NS ns2.labs.eti.br. $ORIGIN labs.eti.br. @ IN TXT "v= spf1 a mx ip4 :35.190.128.157 -all " IN MX 10 mail ns1 A 35.190.128.157 ns2 A 35.196.13.28 mail A 35.190.128.157 www A 35.190.128.157 ftp CNAME www site2 CNAME www webmail CNAME mail [root@centos7]# named-checkzone labs.eti.br /var/named/db.labs.eti.br zone labs.eti.br/IN: loaded serial 2018021803 OK |
4 – Configurar /var/named/db.128.190.35.in-addr.arpa
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@centos7]# vim /var/named/db.128.190.35.in-addr.arpa $TTL 86400 ; 1 dia @ IN SOA ns1.labs.eti.br. root.labs.eti.br. ( 2018021802 ; serial 3600 ; refresh 1 hora 1800 ; retry 30 minutos 604800 ; expire 1 semana 86400 ; minimum 1 dia ) IN NS ns1.labs.eti.br. 157 IN PTR ns1.labs.eti.br. [root@centos7]# named-checkzone 128.190.35.in-addr.arpa /var/named/db.128.190.35.in-addr.arpa zone 128.190.35.in-addr.arpa/IN: loaded serial 2018021802 OK |
5 – Configurar /var/named/db.13.196.35.in-addr.arpa
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
[root@centos7]# vim /var/named/db.13.196.35.in-addr.arpa $TTL 86400 ; 1 dia @ IN SOA ns2.labs.eti.br. root.labs.eti.br. ( 2018021801 ; serial 3600 ; refresh 1 hora 1800 ; retry 30 minutos 604800 ; expire 1 semana 86400 ; minimum 1 dia ) IN NS ns2.labs.eti.br. 28 IN PTR ns2.labs.eti.br. [root@centos7]# named-checkzone 13.196.35.in-addr.arpa /var/named/db.13.196.35.in-addr.arpa zone 13.196.35.in-addr.arpa/IN: loaded serial 2018021801 OK [root@centos7]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 10.142.0.2 nameserver 10.142.0.3 nameserver 35.190.128.157 nameserver 35.196.13.28 [root@centos7]# systemctl restart named |
6 – Preparar ambiente
|
1 2 3 |
[root@debina9]# apt-get install bind9 bind9-doc bind9utils [root@debina9]# systemctl start bind9 [root@debina9]# systemctl enable bind9 |
7 – Configurar /etc/bind/named.conf.local
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
[root@debina9]# vim /etc/bind/named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "labs.eti.br" { type slave; file "db.labs.eti.br"; masters { 10.142.0.2; 35.190.128.157; }; }; zone "128.190.35.in-addr.arpa" { type slave; file "db.128.190.35.in-addr.arpa"; masters { 10.142.0.2; 35.190.128.157; }; }; zone "13.196.35.in-addr.arpa" { type slave; file "db.13.196.35.in-addr.arpa"; masters { 10.142.0.2; 35.190.128.157; }; }; [root@debina9]# systemctl restart bind9 [root@debina9]# systemctl status bind9 [root@debina9]# vim /etc/resolv.conf nameserver 10.142.0.3 nameserver 10.142.0.2 nameserver 35.196.13.28 nameserver 35.190.128.157 |
8 – Testes https://www.whatsmydns.net/#NS/labs.eti.br
|
1 2 3 4 5 |
[root@centos7]# host 35.190.128.157 157.128.190.35.in-addr.arpa domain name pointer ns1.labs.eti.br. [root@centos7]# host 35.196.13.28 28.13.196.35.in-addr.arpa domain name pointer ns2.labs.eti.br. |
Continue reading →