title: “2. DNS”
date: 2020-02-04T15:43:54
slug: 1-dns
Adopt to external ip address in /etc/named.conf, /etc/named/zones/registry.os.asanger.eu, /etc/named/zones/1.168.192.in-addr.arpa
yum install -y bind bind-utils
systemctl enable named
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --zone=public --add-port=53/tcp --permanent
firewall-cmd --reload
cat <<EOF > /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache\_dump.db";
statistics-file "/var/named/data/named\_stats.txt";
memstatistics-file "/var/named/data/named\_mem\_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
allow-recursion { 192.168.1.0/24; };
forwarders {
8.8.8.8;
};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/\* Path to ISC DLV key \*/
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default\_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general\_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database\_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security\_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config\_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver\_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in\_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out\_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify\_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client\_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched\_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries\_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network\_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update\_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch\_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec\_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers\_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category default { default\_file; };
category general { general\_file; };
category database { database\_file; };
category security { security\_file; };
category config { config\_file; };
category resolver { resolver\_file; };
category xfer-in { xfer-in\_file; };
category xfer-out { xfer-out\_file; };
category notify { notify\_file; };
category client { client\_file; };
category unmatched { unmatched\_file; };
category queries { queries\_file; };
category network { network\_file; };
category update { update\_file; };
category dispatch { dispatch\_file; };
category dnssec { dnssec\_file; };
category lame-servers { lame-servers\_file; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";
EOF
mkdir /etc/named/zones
mkdir /var/log/named/
chown named /var/log/named/
cat <<EOF > /etc/named/named.conf.local
zone "registry.os.asanger.eu" IN {
type master;
file "/etc/named/zones/registry.os.asanger.eu";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/named/zones/1.168.192.in-addr.arpa";
};
EOF
cat <<EOF > /etc/named/zones/registry.os.asanger.eu
\$TTL 600
@ IN SOA registry.os.asanger.eu. admin.api-v2.match-club.ru. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS registry.os.asanger.eu.
registry.os.asanger.eu. IN A 192.168.1.7
EOF
cat <<EOF > /etc/named/zones/1.168.192.in-addr.arpa
\$TTL 86400
@ IN SOA localhost. root.localhost. (
20091028 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; default\_ttl
)
IN NS registry.os.asanger.eu.
7 IN PTR registry.os.asanger.eu.
EOF
systemctl restart named
dig @localhost registry.os.asanger.eu
dig -x @localhost 192.168.1.7
