Scribd
Upload
96 views

Configuración Servidor DNS Linux Centos

The key steps are: 1. Configure the network interface with a static IP and restart the network service. 2. Install and configure BIND 9, and edit the main configuration file /etc/named.conf to listen on port 53 and allow queries from hosts on the 192.168.1.0/24 network. 3. Create forward and reverse zone files defining the DNS records, and start and test the named service.

Uploaded by

Juan Gimenez Vilchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
96 views

Configuración Servidor DNS Linux Centos

The key steps are: 1. Configure the network interface with a static IP and restart the network service. 2. Install and configure BIND 9, and edit the main configuration file /etc/named.conf to listen on port 53 and allow queries from hosts on the 192.168.1.0/24 network. 3. Create forward and reverse zone files defining the DNS records, and start and test the named service.

Uploaded by

Juan Gimenez Vilchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Configuracin Servidor DNS

Configuramos la tarjeta de red con un IP estatico:

Reiniciamos el servicio de red:

#systemctl restart network.service

Instalar BIND 9.

yum install bind

yum install bind-utils

Configurar archivo de configuracin, /etc/named.conf .

#vi /etc/named.conf

Agregar o editar las partes resaltadas:

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

listen-on port 53 { 127.0.0.1; 192.168.1.44;}; ### IP DNS Primario ###

# listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; 192.168.1.0/24;}; ### Rango IP ###

/*

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

*/

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

session-keyfile "/run/named/session.key";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};
zone "sisope.local" IN {

type master;

file "forward.sisope";

allow-update { none; };

};

zone "1.168.192.in-addr.arpa" IN {

type master;

file "reverse.sisope";

allow-update { none; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

Crear los archivos de ZONA:

Tenemos que crear los archivos de Zona Directa (Forward) y Zona Inversa (Reverse) que
indicamos en /etc/named.conf .

Para crear Forward Zone

Crear forward.sisope en la carpeta /var/named

vi /var/named/forward.sisope

Agregamos la parte resaltada:

$TTL 86400

@ IN SOA primario.sisope.local. root.sisope.local. (

2011071001 ;Serial

3600 ;Refresh

1800 ;Retry

604800 ;Expire

86400 ;Minimum TTL

@ IN NS primario.sisope.local.

@ IN A 192.168.1.44

@ IN A 192.168.1.103

primario IN A 192.168.1.44
cliente IN A 192.168.1.103

Creamos la ZONA Inversa

Crear reverse.sisope en la carpeta /var/named

vi /var/named/reverse.sisope

Agregamos la parte resaltada:

$TTL 86400

@ IN SOA primario.sisope.local. root.sisope.local. (

2011071001 ;Serial

3600 ;Refresh

1800 ;Retry

604800 ;Expire

86400 ;Minimum TTL

@ IN NS primario.sisope.local.

@ IN PTR sisope.local.

primario IN A 192.168.1.44

cliente IN A 192.168.1.103

44 IN PTR primario.sisope.local.

103 IN PTR cliente.sisope.local.

Arrancamos el servicio DNS:

systemctl enable named

systemctl start named

Configuramos el Firewall

Permitimos el puerto 53 (DNS) a travs del Firewall


firewall-cmd --permanent --add-port=53/tcp

firewall-cmd --permanent --add-port=53/udp

firewall-cmd --reload

Configuramos Permisos

# chmod 777 /var/named/forward.sisope

# chmod 777 /var/named/reverse.sisope

# systemctl restart named.service

Probamos la configuracin de DNS y los archivos de zona:

Ejecutamos el siguiente comando para revisar NAMED:

#named-checkconf /etc/named.conf

Si no retorna nada, tu archivo de configuracin es vlido.

Revisamos el archivo de Zona Directa:

#named-checkzone sisope.local /var/named/forward.sisope

zone sisope.local/IN: loaded serial 2011071001

OK

Revisamos el archivo de Zona Inversa:

#named-checkzone sisope.local /var/named/reverse.sisope

zone sisope.local/IN: loaded serial 2011071001

OK

Probamos el servidor DNS:

#dig primario.sisope.local

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> primario.sisope.local

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;primario.unixmen.local. IN A

;; ANSWER SECTION:

primario.unixmen.local. 86400 IN A 192.168.1.101

;; AUTHORITY SECTION:

sisope.local. 86400 IN NS primario.sisope.local.

;; ADDITIONAL SECTION:

;; Query time: 0 msec

;; SERVER: 192.168.1.44#53(192.168.1.44)

;; WHEN: Wed Aug 20 16:20:46 IST 2014

;; MSG SIZE rcvd: 125

#nslookup sisope.local

Server: 192.168.1.44

Address: 192.168.1.44#53

You might also like