Configure-the-Linux-DNS-and-BIND-Server.rar_DNSServer

共1个文件

pdf：1个

版权申诉

dns_server

123 浏览量 2022-09-24 03:25:50 上传评论收藏 300KB RAR 举报

资源详情

资源评论

资源推荐

收起资源包目录

Configure-the-Linux-DNS-and-BIND-Server.rar （1个子文件）

Configure the Linux DNS and BIND Server.pdf 324KB

Linux DNS and BIND Server

Setting up a caching server for client local machines will reduce the load on the site's

primary server. A caching only name server will find the answer to name queries and

remember the answer the next time we need it. This will shorten the waiting time the next

time significantly. For security reasons, it is very important that DNS doesn't exist between

hosts on the corporate network and external hosts; it is far safer to simply use IP addresses

to connect to external machines from the corporate network and vice-versa.

In our configuration and installation we'll run BIND/DNS as non root-user and in a

chrooted environment. We also provide you three different configurations;

•

one for a simple caching name server only client

•

one for a slave secondary server

•

one for a master name server primary server.

The simple caching name server configuration will be used for your servers that don't

act as a master or slave name server, and the slave and master configurations will be used

for your servers that act as a master name server and slave name server. Usually one of

your servers acts as master, another one acts as slave and the rest act as simple caching

client name server.

This is a graphical representation of the DNS configuration we use in this book. We try

to show you different settings

•

Caching Only DNS

•

Master DNS

•

Slave DNS

on different servers. A lot of possibilities exist, and depend on your needs, and network

architecture.

These installation instructions assume

•

Commands are Unix-compatible.

•

The source path is /var/tmp. other paths are possible.

•

Installations were tested on Red Hat Linux 6.1 and 6.2.

•

All steps in the installation will happen in super-user account root.

•

ISC BIND version number is 8.2.2-patchlevel5

These are the Package(s) required:

ISC BIND Homepage:

http://www.isc.org/

ISC BIND FTP Site: 204.152.184.27

You must be sure to download:

bind-contrib.tar.gz, bind-doc.tar.gz, bind-src.tar.gz

Before you decompress Tarballs and install, it is a good idea to make a list of files on

the system before you install BIND, and one afterwards, and then compare them using diff

to find out what file it placed where. Simply run find /* > DNS1 before and find /* > DNS2

after you install the software, and use diff DNS1 DNS2 > DNS-Installed to get a list of what

changed.

Compile and Decompress the tarball (tar.gz).

[root@deep] /#

mkdir

/var/tmp/bind

[root@deep] /# cp bind-contrib.tar.gz /var/tmp/bind/

[root@deep] /# cp bind-doc.tar.gz /var/tmp/bind/

[root@deep] /# cp bind-src.tar.gz /var/tmp/bind/

We create a directory named bind to handle the tar archives and copy them to this

new directory.

Move into the new bind directory cd /var/tmp/bind and decompress the tar files:

[root@deep ]/bind#

tar

xzpf bind

contrib.tar.gz

[root@deep ]/bind# tar xzpf bind-doc.tar.gz

[root@deep ]/bind# tar xzpf bind-src.tar.gz

Configure

Configuration files for different services are very specific depending on your needs

and your network architecture. People can install DNS Servers at home as a caching-only

server, though companies may install it with primary, secondary and caching DNS servers.

: All the configuration files required for each software described in this

book has been provided by us as a gzipped file, floppy.tgz for your convenience.

This can be downloaded from this web address:

http://www.openna.com/books/floppy.tgz You can unpack this to any location on

your local machine, say for example

/tmp, assuming you have done this your directory

structure will be

/tmp/floppy. Within this floppy directory each configuration file has its

own directory for respective software.

For example BIND-DNS configuration file are organised like this:

total 24

drwxr-xr-x 2 harrypotter harrypotter 4096 Jun 8 13:00 Caching-Only-DNS/

-rw-r--r-- 1 harrypotter harrypotter 484 Jun 8 13:00 Compile-BIND

drwxr-xr-x 2 harrypotter harrypotter 4096 Jun 8 13:00 Primary-Master-DNS/

drwxr-xr-x 2 harrypotter harrypotter 4096 Jun 8 13:00 Secondary-Slave-DNS/

-rwx------ 1 harrypotter harrypotter 300 Jun 8 13:00 bind.sh*

drwxr-xr-x 3 harrypotter harrypotter 4096 Jun 8 13:00 init.d/

You can either cut and paste this directly if you are faithfully following our instructions

from the begining or manually edit these to modify to your needs. This facility is there

though as a convenience but please don't forget ultimately it will be your responsibility to

check, verify, etc. before you use them whether modified or as it is.

To run a caching-only name server, the following files are required and must be created

or copied to the appropriate directories on your server.

i. Copy the named.conf file to the /etc/ directory.

ii. Copy the db.127.0.0 file to the /var/named/ directory.

iii. Copy the db.cache file to the /var/named/ directory.

iv. Copy the named script file to the /etc/rc.d/init.d/ directory.

To run a master name server, the following files are required and must be created or

copied to the appropriate directories on your server.

i. Copy the named.conf file to the /etc/ directory.

ii. Copy the db.127.0.0 file to the /var/named/ directory.

iii. Copy the db.cache file to the /var/named/ directory.

iv. Copy the db.208.164.186 file to the /var/named/ directory.

v. Copy the db.openna file to the /var/named/ directory.

vi. Copy the named script file to the /etc/rc.d/init.d/ directory.

To run a slave name server, the following files are required and must be created or

copied to the appropriate directories on your server.

i. Copy the named.conf file to the /etc/ directory.

ii. Copy the db.127.0.0 file to the /var/named/ directory.

iii. Copy the db.cache file to the /var/named/ directory.

iv. Copy the named script file to the /etc/rc.d/init.d/ directory.

: You can obtain the configuration files listed over the next few sections

on the floppy.tgz archive. Copy the following files from the decompressed floppy.tgz archive

to the appropriate places, or copy them directly from this book to the concerned file.

Caching-only

name Server

Caching-only name servers are servers not authoritative for any domains except

0.0.127.in-addr.arpa, the localhost. A caching-only name server can look up names inside

and outside your zone, as can primary and slave name servers. The difference is that when

a caching-only name server initially looks up a name within your zone, it ends up asking

one of the primary or slave names servers for your zone for the answer.

The necessary files to setup a simple caching name server are:

1. named.conf

2. db.127.0.0

3. db.cache

4. named script

To configure the /etc/named.conf file for a simple caching name server, use this for all

servers that don’t act as a master or slave name server. Setting up a simple caching server

for local client machines will reduce the load on the network's primary server. Many users

on dialup connections may use this configuration along with bind for such a purpose.

Create the named.conf file, touch /etc/named.conf and add the following lines to the

file:

options {

directory "/var/named";

forwarders { 208.164.186.1; 208.164.186.2; };

forward only;

};

// a caching only nameserver config

zone "." in {

type hint;

file "db.cache";

};

zone "0.0.127.in-addr.arpa" in {

type master;

file "db.127.0.0";

};

In the forwarders line, 208.164.186.1 and 208.164.186.2 are the IP addresses of

your Primary Master and Secondary Slave DNS server. They can also be the IP addresses of

your ISPs DNS server and another DNS server, respectively.

: To improve the security of your BIND/DNS server you can stop it from

even trying to contact an off-site server if their forwarder is down or doesn't respond. With

the forward only option set in your named.conf file, the name server doesn't try to contact

other servers to find out information if the forwarder doesn't give it an answer.

To configure the /var/named/db.127.0.0 file for a simple caching name server, you

can use this configuration for all machines on your network that don't act as a master or

slave name server.

The db.127.0.0 file covers the loopback network. Create the following files in

/var/named/,

touch

/var/named/db.127.0.0 and add the following lines in the file:

$TTL 345600

@ IN SOA localhost. root.localhost. (

00 ; Serial

86400 ; Refresh

7200 ; Retry

2592000 ; Expire

345600 ) ; Minimum

IN NS localhost.

1 IN PTR localhost.

Configure the /var/named/db.cache file for a simple caching name server before

starting your DNS server. You must take a copy of db.cache file and copy this file to the

/var/named/ directory. The db.cache tells your server where the servers for the root

zone are.

Use the following commands on another UNIX computer in your organization to

query a new db.cache file for your DNS Server or pick one from your Red Hat Linux CD-

ROM source distribution:

[root@deep]#

dig

@.aroot

servers.net.

ns > db.cache

Don't forget to copy the db.cache file to the /var/named/ directory on your server

where you're installing DNS server after retrieving it over the Internet.

: Internal addresses like 192.168.1/24 are not included in the DNS

configuration files for security reasons. It is very important that DNS doesn't exist between

hosts on the corporate network and external hosts.

Primary

master

name Server

A primary master name server for a zone reads the data for the zone from a file on its

host and are authoritative for that zone.The necessary files to setup a primary master name

server are:

a. named.conf

b. db.127.0.0

c. db.208.164.186

d. db.openna

e. db.cache

f. named script

To configure the /etc/named.conf file for a master name server, use this configuration

for the server on your network that acts as a master name server. After compiling DNS, you

need to set up a primary domain name for your server. We'll use openna.com as an

example domain, and assume you are using

IP network address of 208.164.186.0.

To do this, add the following lines to your /etc/named.conf. Create the named.conf

file

touch

/etc/named.conf and add:

ptions {

directory "/var/named";

fetch-glue no;

recursion no;

allow-query { 208.164.186/24; 127.0.0/8; };

allow-transfer { 208.164.186.2; };

transfer-format many-answers;

};

// These files are not specific to any zone

zone "." in {

type hint;

file "db.cache";

};

zone "0.0.127.in-addr.arpa" in {

type master;

file "db.127.0.0";

};

评论收藏

内容反馈

版权申诉

alvarocfc

粉丝: 105
资源: 1万+

Configure-the-Linux-DNS-and-BIND-Server.rar_DNS Server_The Bind

评论0

最新资源

Configure-the-Linux-DNS-and-BIND-Server.rar_DNS Server_The Bind

评论0

arm-2014.05-29-arm-none-linux-gnueabi-linux

arm-2014.05-29-arm-none-linux-gnueabi

linux-NTP-server-configure.rar_linux NTP_linux ntp server_ntp_nt

icu4c-69_1-data-bin-l.zip

sqlite-.rar_Home Home_cross-2.95.3.tar._makefile sqlite_sqlite_s

KBA_180523214236_2__PMIC__PMI632_How_to_configure_.pdf

nvidia-l4t-kernel-dtbs_4.9.201-tegra-32.5.0-20210115151051_arm64.deb

Linux-kernel-configure.rar_linux kernel_linux 内核_linux 内核 配置_lin

arm-cortexa9_neon-linux-uclibcgnueabihf-gcc-7.4.0.tar.bz2

gcc-linaro-5.4.1-2017.01-x86_64_aarch64-linux-gnu

configure-smtp.配置文件

file-5.15-mips32r1-linux-static.tar.xz

DNS.and.BIND.on.IPv6(第1版)

configure_evdo_on_linux.rar_EVDO_USB LINUX

nginx-sticky-module-1.25.zip

2.7.2-packet-tracer---configure-single-area-ospfv2---physical-mode_zh-CN.pka

centos7_rlwrap-0.42.tar.gz

最新nodejs安装包 v8.12.0-linux-x64.tar.xz

FTP使用什么命令来定位服务器与本地硬盘的路径夹.rar

冰河的渗透实战笔记-冰河.pdf

大灰狼远控2021最新版，解压密码222

J-LINK V10 V11固件.rar

ISO21434.pdf

Web安全漏洞扫描工具-AWVS14

CTF 竞赛入门指南（ctf-all-in-one）.pdf

Web中间件常见漏洞总结.pdf

stm32f103 adc采样+dma传输+fft处理 频率计_fft处理_stm32_ADCFFT_频率计_ADC采样_

jts-1.14.zip

CobaltStrike4.4.zip

最新资源

KBA_180523214236_2PMICPMI632_How_to_configure_.pdf

Linux-kernel-configure.rar_linux kernel_linux 内核_linux 内核配置_lin

stm32f103 adc采样+dma传输+fft处理频率计_fft处理_stm32_ADCFFT_频率计_ADC采样_