Internal Errigal Collaboration Wiki

User Tools

Site Tools

Trace:
databaseandnetworkmanagement:slave_dns_on_redhat

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
databaseandnetworkmanagement:slave_dns_on_redhat [2017/08/29 10:20] – created ekennydatabaseandnetworkmanagement:slave_dns_on_redhat [2021/06/25 10:09] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====== Setup RedHat as DNS Slave ======
  
 +SSH to server as scotty
 +
 +    * sudo yum install bind
 +    * sudo yum bind-utils
 +    * sudo cp /etc/named.conf /etc/named.conf.backup
 +    * sudo nano /etc/named.conf
 +<code>
 +options {
 + listen-on port 53 { 127.0.0.1; 192.168.123.222;};
 +        listen-on-v6 port 53 { ::1; };
 +        directory "/var/named";
 +        dump-file "/var/named/data/cache_dump.db";
 +        statistics-file "/var/named/data/named_stats.txt";
 +        memstatistics-file "/var/named/data/named_mem_stats.txt";
 +        allow-query     { localhost; 192.168.123.0/24;10.5.5.0/24;};
 +
 +        /*
 +         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
 +         - If you are building a RECURSIVE (caching) DNS server, you need to enable
 +           recursion.
 +         - If your recursive DNS server has a public IP address, you MUST enable access
 +           control to limit queries to your legitimate users. Failing to do so will
 +           cause your server to become part of large scale DNS amplification
 +           attacks. Implementing BCP38 within your network would greatly
 +           reduce such attack surface
 +        */
 + recursion yes;
 +
 +        dnssec-enable yes;
 +        dnssec-validation yes;
 +
 +        /* Path to ISC DLV key */
 +        bindkeys-file "/etc/named.iscdlv.key";
 +
 +        managed-keys-directory "/var/named/dynamic";
 +
 +        pid-file "/run/named/named.pid";
 +        session-keyfile "/run/named/session.key";
 +};
 +</code>
 +
 +    * **Replace 192.168.123.222 with whatever IP Address you want as DNS slave.**
 +    * Below the options, in the same file (/etc/named.conf), add the zones.
 +<code>
 +zone "err" IN {
 +        type slave;
 +        file "/var/named/slaves/forward.errigal";
 +        masters { 10.91.100.71; };
 +};
 +
 +zone "100.91.10.in-addr.arpa" IN {
 +        type slave;
 +        file "/var/named/slaves/reverse.errigal";
 +        masters { 10.91.100.71; };
 +};
 +
 +zone "crc" IN {
 +        type slave;
 +        file "/var/named/slaves/forward.crown";
 +        masters { 10.91.100.71; };
 +};
 +
 +zone"30.10.in-addr.arpa" IN {
 +        type slave;
 +        file "/var/named/slaves/reverse.crown";
 +        masters { 10.91.100.71; };
 +};
 +zone "ext" IN {
 +        type slave;
 +        file "/var/named/slaves/forward.extenet";
 +        masters { 10.91.100.71; };
 +};
 +
 +zone"104.214.10.in-addr.arpa" IN {
 +        type slave;
 +        file "/var/named/slaves/reverse.extenet";
 +        masters { 10.91.100.71; };
 +};
 +</code>
 +    * SSH to the master dns server (qadb2)
 +    * sudo nano /var/named/chroot/etc/named.conf
 +    * Ensure that: <code>allow-transfer  { localhost; 10.5.5.50; 10.5.5.15;  192.168.123.211; 192.168.123.222; }; # Slave DNS Servers IP</code> has your slave ip address.
 +    * If it is not there add it and save your changes
 +    * sudo service named restart
 +    * **SSH back to your slave dns**
 +    * ls -l /var/named/slaves
 +    * Ensure forward and reverse are present for crown extenet and errigal.
 +    * If successful you should now be able to set this as a DNS.
 +    * Remember to restart named on the master and slave so the changes can take place

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki