-
Notifications
You must be signed in to change notification settings - Fork 182
/
Copy pathNOTES_Install_DNS_Ubuntu.txt
121 lines (107 loc) · 4.35 KB
/
NOTES_Install_DNS_Ubuntu.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
## Problem statement: We wil
# Install DNS on demo1 (192.168.33.80)
# Make sure BIND is at least at version 9.5+. This check is not included in code...
sudo apt-get install bind9 bind9utils bind9-doc dnsutils -y
# Add support for IPV4
sudo vi /etc/default/bind9
# Add (OR) Edit this line:
# OPTIONS="-4 -u bind"
# Add ACL
# oN windows, edit the file named.conf.options with notepad, on linux with vi/vim
sudo vim named.conf.options
# ADd this line:
acl "trusted" {
192.168.33.80; # ns1 - can be set to localhost
#10.128.20.12; # ns2
192.168.33.81; # host1
192.168.33.82; # host2
192.168.33.83; # host3
192.168.56.1; # Our windows host also :-)
};
#Below the directory directive, add the highlighted configuration lines (and substitute in the proper ns1 IP address) so it looks something like this:
options {
directory "/var/cache/bind";
recursion yes; # enables resursive queries
allow-recursion { any; }; # allows recursive queries from "trusted" clients, this is bad. make sure it it is restricted...
listen-on { any; }; # ns1 private IP address - listen on private network only
allow-transfer { any; }; # disable zone transfers by default
forwarders { # Where should queries be forwarded?? Add your own ISP Server DNS server and make sure it can be reached
8.8.8.8;
8.8.4.4;
};
...
};
# Restart bind, Bind is UNIX implementation of DNS.
sudo /etc/init.d/bind9 start
# Check configuration... Verify....
dig @127.0.0.1 ubuntu.com
##### Edit Local File...ok
sudo vim /etc/bind/named.conf.local, Add following lines... Adapt for your own code..
zone "sridemo.com" {
type master;
file "/etc/bind/db.sridemo.com";
#allow-transfer { 192.168.33.84; }; # ns2 secondary Name Server
};
zone "168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.192.168"; # 192.168.0.0/16 subnet
#allow-transfer { 192.168.33.84; }; # ns2 private IP address - secondary
};
##Create Forward Zone files
sudo mkdir /etc/bind/zones
cd /etc/bind/zones
sudo cp ../db.local ./db.sridemo.com
sudo vi /etc/bind/zones/db.sridemo.com
$TTL 604800
@ IN SOA demo1.sridemo.com. admin.sridemo.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
#@ IN NS localhost. ; delete this line
#@ IN A 127.0.0.1 ; delete this line
#@ IN AAAA ::1 ; delete this line
; name servers - NS records
IN NS demo1.sridemo.com.
; name servers - A records
demo1.sridemo.com. IN A 192.168.33.80
; 10.128.0.0/16 - A records
chef.sridemo.com. IN A 192.168.33.80
demo2.sridemo.com. IN A 192.168.33.81
proxy.sridemo.com. IN A 192.168.33.82
chef.sridemo.com. IN A 192.168.33.83
##Create Reverse Zone files...
sudo vi /etc/bind/zones/db.192.168 # must match what you have in named.local.conf
$TTL 604800
@ IN SOA demo1.sridemo.com. admin.sridemo.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers
IN NS demo1.sridemo.com.
; PTR Records
80.33 IN PTR demo1.sridemo.com. ; 192.168.33.80
81.33 IN PTR demo2.sridemo.com. ; 192.168.33.81
82.33 IN PTR proxy.sridemo.com. ; 192.168.33.82
83.33 IN PTR chef.sridemo.com. ; 192.168.33.83
## Check Configuration.
sudo named-checkconf
sudo named-checkzone sridemo.com db.sridemo.com
sudo named-checkzone 168.192.in-addr.arpa /etc/bind/zones/db.192.168
## if all fine, restart
sudo service bind9 restart
## Configure DNS clients
## On Ubuntu
sudo vi /etc/resolvconf/resolv.conf.d/head
sudo vi/etc/resolv.conf
## add below lines
search sridemo.com # your private domain
nameserver 192.168.33.80 # ns1 private IP address
## onCentos
sudo vi /etc/resolv.conf
## Use nslookup or dig fto test this...
dig -tAXFR sridemo.com