BIND DNS
Features:
1. Name-to-IP address mapping
2. Name resolution for DNS clients
3. Caching-only server (Default)
4. Primary DNS server
5. Slave server
6. Replication of DNS database information between servers
7. Dynamic DNS updates
8. Provides numerous client tools: nslookup, dig, host
Tasks:
1. Installation of BIND on the remote system: linuxcbtserv4
•yum -y install bind
2. Setup service to auto-start at boot
•chkconfig --level 35 named on - enables the service in runlevels: 3,5
3. Configure a default, caching-only, named.conf file
•rpm -ql bind - to see samples
• cp /usr/share/doc/bind*/sample/* to /etc/ and /var/named
• Modify /etc/named.conf - disable DDNS_KeyGen sections
• Start the server - service named start
4. Query the server
•dig @localhost www.linuxcbt.com
Returns: question, answer, authoritative DNS servers, query time
•nslookup www.linuxcbt.com OR nslookup - server 127.0.0.1 - www.linuxcbt.com
Note: The server has cached: www.linuxcbt.com, evidenced by the decrementing TTL values for the various records associated with the zone
•host www.linuxcbt.com - also performs a lookup
Note: /etc/resolv.conf controls the DNS servers that are consulted by lookup tools such as: Web browser, GFTP, LFTP, nslookup, dig, host, etc.
•dig linuxcbt.com MX - queries the domain for mail exchangers
Note: DNS is organized into an inverted tree, with '.' representing the root of the DNS tree. e.g.
dig mail1.linuxgenius.com.
•-. = root
•-.com = top level
•-.linuxgenius = second level
•-mail = third level
Note: A trailing '.' in a DNS query is implied, and may optionally be indicated if desired in any standard Internet application (web browser, FTP client, wget, nslookup, dig, host, etc.)
Primary & Secondary Zones:
Features:
1. Ability to service zones
2. Authoritative support for a zone
Tasks:
1. Create internal zone named 'linuxcbt.internal'
•modify /etc/named.conf to include the new zone
zone "linuxcbt.internal"
{
type master;
#allow-update { key ddns_key; };
file "linuxcbt.internal.db";
};
• create the corresponding zone file
• restart named
• test resolution of DNS primary zone
Note: Install 'caching-nameserver*' for Caching-only DNS server
2. Create a slave (Secondary) server
•yum -y install bind
•copy sample files from primary server to secondary server
•modify /etc/named.conf and set 'linuxcbt.internal' zone to slave
•start named service - 'service named start'
•chkconfig --level 35 named on
•Update: /var/named/linuxcbt.internal.db to reflect new name server
3. Create a primary zone on the "secondary" server
•create a zone for: linuxcbt.external - in /etc/named.conf
•copy/create 'linuxcbt.external.db' zone file
•setup 'linuxcbtserv4' to be a slave for the zone: linuxcbt.external
4. Start 'named' as a caching-only DNS server (Default)
•service named start
•'dig @192.168.75.199 www.linuxcbt.com' - forces a caching-only lookup query
Forward IPv6 Records:
Implemented primarily as AAAA records:
linuxcbtserv1 IN AAAA 2002:4687:db25:3:202:b3ff:fe98:4108
linuxcbtserv4 IN AAAA 2002:4687:db25:3:20c:29ff:feb5:1692
linuxcbtmedia1 IN AAAA 2002:4687:db25:3:20a:5eff:fe1b:4aad
linuxcbtrouter1 IN AAAA 2002:4687:DB25:3:21A:2FFF:FEE3:F240
Test IPv6 resolution using:
1. ping6 linuxcbtrouter1.linuxcbt.internal
2. dig @192.168.75.10 linuxcbtrouter1.linuxcbt.internal
Reverse Zones:
Features:
The ability to resolve a name, given an IPv4 or IPv6 address
Tasks:
1. Define an IPv4 reverse zone for the local subnet:
•Define zone name: '75.168.192.in-addr.arpa' - /etc/named.conf
•Update: /etc/named.conf
•Create zone file in: /var/named
•Update configuration
•Restart named
•test using 'dig -x 192.168.75.1'
Note: Reverse zones are built from the prefix in IPv4 subnets
IPv6 Reverse Zone:
Requirements:
1. /etc/named.conf entry
zone "3.0.0.0.5.2.b.d.7.8.6.4.2.0.0.2.ip6.arpa"
{
type master;
file "3.0.0.0.5.2.b.d.7.8.6.4.2.0.0.2.ip6.arpa.reverse";
};
Note: IPv6 reverse zone names are in nibble format, with ALL zeros expanded for the network prefix portion of the address, which is usually 64-bits in length
2. /var/named/zone_file
•Include entries using the last 64-bits or IPv6 host part
•d.a.a.4.b.1.e.f.f.f.e.5.a.0.2.0 IN PTR linuxcbtmedia1.linuxcbt.internal.
Note: When creating reverse IPv6 entries for hosts, do the following:
•reverse the 64-bit portion of the address that corresponds to the host, expanding all zeros
•Create PTR record based on the reverse, nibble-format of the address
Test using dig:
•dig -x 2002:4687:db25:3:20a:5eff:fe1b:4aad
No comments:
Post a Comment