Difference between revisions of "DNS: Bind9"

From RHS Wiki
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 69: Line 69:
 
11      IN      PTR    wiki.rra.lan.
 
11      IN      PTR    wiki.rra.lan.
 
</nowiki>
 
</nowiki>
 +
 +
== Log to /var/log ==
 +
/etc/bind/named.conf.local
 +
<nowiki>//
 +
// Do any local configuration here
 +
//
 +
 +
// Consider adding the 1918 zones here, if they are not used in your
 +
// organization
 +
//include "/etc/bind/zones.rfc1918";
 +
 +
include "/etc/bind/named.conf.log";</nowiki>
 +
/etc/bind/named.conf.log
 +
<nowiki>logging {
 +
  channel bind_log {
 +
    file "/var/log/bind/bind.log" versions 3 size 5m;
 +
    severity info;
 +
    print-category yes;
 +
    print-severity yes;
 +
    print-time yes;
 +
  };
 +
  category default { bind_log; };
 +
  category update { bind_log; };
 +
  category update-security { bind_log; };
 +
  category security { bind_log; };
 +
  category queries { bind_log; };
 +
  category lame-servers { null; };
 +
};</nowiki>
 +
 +
<source lang=bash>sudo mkdir /var/log/bind
 +
sudo chown bind:bind /var/log/bind
 +
sudo systemctl restart bind9</source>
  
 
== Allow remote access ==
 
== Allow remote access ==
Line 83: Line 115:
 
     allowed;
 
     allowed;
 
};
 
};
...</nowiki>
+
...
<nowiki>...
 
 
allow-recursion {
 
allow-recursion {
    127.0.0.1;
 
 
     allowed;
 
     allowed;
 
};
 
};
 
...</nowiki>
 
...</nowiki>
 +
 +
== Forwarding ==
 +
* Edit /etc/bind/named.conf.default-zones
 +
* Add
 +
<nowiki>// prime the server with knowledge of the root servers
 +
zone "." {
 +
        type hint;
 +
        file "/usr/share/dns/root.hints";
 +
};
 +
 +
// be authoritative for the localhost forward and reverse zones, and for
 +
// broadcast zones as per RFC 1912
 +
 +
zone "localhost" {
 +
        type master;
 +
        file "/etc/bind/db.local";
 +
};
 +
 +
zone "127.in-addr.arpa" {
 +
        type master;
 +
        file "/etc/bind/db.127";
 +
};
 +
 +
zone "0.in-addr.arpa" {
 +
        type master;
 +
        file "/etc/bind/db.0";
 +
};
 +
 +
zone "255.in-addr.arpa" {
 +
        type master;
 +
        file "/etc/bind/db.255";
 +
};
 +
 +
zone "igrupobbva" {
 +
    type forward;
 +
    forward only;
 +
    forwarders {
 +
        22.0.0.1;
 +
    };
 +
};
 +
 +
zone "grupobbva.com" {
 +
    type forward;
 +
    forward only;
 +
    forwarders {
 +
        8.8.8.8;
 +
    };
 +
};
 +
 +
zone "interno.grupobbva.com" {
 +
    type forward;
 +
    forward only;
 +
    forwarders {
 +
        22.0.0.1;
 +
    };
 +
};
 +
 +
zone "ad.bbva.com" {
 +
    type forward;
 +
    forward only;
 +
    forwarders {
 +
        22.0.0.1;
 +
    };
 +
};
 +
 +
zone "rra.lan" {
 +
    type forward;
 +
    forward only;
 +
    forwarders {
 +
        10.0.232.30;
 +
    };
 +
};</nowiki>
 +
[https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04 How To Configure Bind as a Caching or Forwarding DNS Server]

Latest revision as of 07:54, 5 February 2019

SetUp Client[edit]

Windows[edit]

Edit your network adapter preferences/TCP-IP > DNS use as Primary DNS: 22.0.0.1 Use as Secondary DNS: 20.1.40.23

Ubuntu[edit]

Add the following line to: /etc/resolvconf/resolv.conf.d/base

nameserver 20.1.40.23

Server Configuration[edit]

IP: 20.1.40.23
User: brujula
Authorized keys: ['xe50582@rt', 'xe51125@redteam', 'xe55246@rra.lan', 'nicolas@nicolas-laptop', 'Jose@LAPTOP-FDM6SC5N']
Configuration file: /etc/bind/named.conf.local 

zone "rra.lan" {
  type master;
  file "db.rra.lan";
};

zone "40.1.20.in-addr.arpa" {
  type master;
  file "db.20.1.40";
};

Add name resolution[edit]

nano /var/cache/bind/db.rra.lan

It will look something like: 

$TTL 3600
@       IN      SOA     dns.rra.lan.        root.rra.lan. (
                    1    ; Serial
                    6H   ; refresco (6 horas)
                    1H   ; reintentos (1 hora)
                    2W   ; expira (2 semanas)
                    3H   ; mínimo (3 horas)
);

@       IN      NS      dns.rra.lan.
@       IN      MX      10 dns.rra.lan.

dns             IN      A       20.1.40.23
vcenter         IN      A       20.1.40.51
esx             IN      A       20.1.40.35
nsx             IN      A       20.1.40.13
git             IN      A       20.1.40.104
wiki            IN      A       20.1.40.11


Add line:

subdomain           IN       A      20.1.40.XXX

Reverse resolution[edit]

nano /var/cache/bind/db.20.1.40

It will look something like: 

@ IN      SOA     dns.rra.lan.        root.rra.lan. (
        1      ; serie
        6H     ; refresco (6 horas)
        1H     ; reintentos (1 hora)
        2W     ; expire (2 semanas)
        3H     ; mínimo (3 horas)
);

@       IN      NS      dns.
23      IN      PTR     dns.rra.lan.
51      IN      PTR     vcenter.rra.lan.
35      IN      PTR     esx.rra.lan.
13      IN      PTR     nsx.rra.lan.
104     IN      PTR     git.rra.lan.
11      IN      PTR     wiki.rra.lan.

Log to /var/log[edit]

/etc/bind/named.conf.local 

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

include "/etc/bind/named.conf.log";

/etc/bind/named.conf.log 

logging {
  channel bind_log {
    file "/var/log/bind/bind.log" versions 3 size 5m;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
  };
  category default { bind_log; };
  category update { bind_log; };
  category update-security { bind_log; };
  category security { bind_log; };
  category queries { bind_log; };
  category lame-servers { null; };
};

sudo mkdir /var/log/bind
sudo chown bind:bind /var/log/bind
sudo systemctl restart bind9

Allow remote access[edit]

  • Edit /etc/bind/named.conf.options
  • Add
acl allowed {
    127.0.0.1;
    15.17.170.165;
    15.17.162.231;
};
  • Modify
...
allow-query {
    allowed;
};
...
allow-recursion {
    allowed;
};
...

Forwarding[edit]

  • Edit /etc/bind/named.conf.default-zones
  • Add
// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/usr/share/dns/root.hints";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

zone "igrupobbva" {
    type forward;
    forward only;
    forwarders {
        22.0.0.1;
    };
};

zone "grupobbva.com" {
    type forward;
    forward only;
    forwarders {
        8.8.8.8;
    };
};

zone "interno.grupobbva.com" {
    type forward;
    forward only;
    forwarders {
        22.0.0.1;
    };
};

zone "ad.bbva.com" {
    type forward;
    forward only;
    forwarders {
        22.0.0.1;
    };
};

zone "rra.lan" {
    type forward;
    forward only;
    forwarders {
        10.0.232.30;
    };
};

How To Configure Bind as a Caching or Forwarding DNS Server

Retrieved from "https://wiki.herrerosolis.com/index.php?title=DNS:_Bind9&oldid=1705"