DNS-server rhel7, sätta upp

From Linuxwiki
Revision as of 13:03, 21 February 2020 by Linuxwiki>Wikiadmin (Skapade sidan med '== Sätta upp en DNS-server == Denna information är baserad på https://www.unixmen.com/setting-dns-server-centos-7/ Servern som DNS-servern installeras på har IP '''192.1...')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Sätta upp en DNS-server

Denna information är baserad på https://www.unixmen.com/setting-dns-server-centos-7/

Servern som DNS-servern installeras på har IP 192.168.100.1/24 och känner till en annan DNS-server med IP 192.168.0.5.

Installera programvaran

yum install bind bind-utils

Editera huvudkonfigurationsfil

Redigera filen /etc/named.conf och ändra det som är fetmarkerat nedan. 

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.100.1;}; ### Master DNS IP ###
#    listen-on-v6 port 53 { ::1; }; <- Denna rad kommenteras bort
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 192.168.100.0/24;}; ### IP Range ###
  1. allow-transfer{ localhost; 192.168.1.102; }; ### Slave DNS IP ### <- Denna rad är bortkommenterad. Det finns ingen slavdns.
    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "avdelning.net" IN {
type master;
file "forward.avdelning.net";
allow-update { none; };
};

# Nedanstående kan hoppas över initialt
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Retrieved from "https://wiki.avdelning.se/index.php?title=DNS-server_rhel7,_sätta_upp&oldid=432"