Scribd Logo
Hochladen

Willkommen bei Scribd!

  • DNS Server Implementation Plan

    Hochgeladen von

    Dimuthu Ruwan Bandara Daundasekara
    17 Ansichten3 Seiten
    This is DNS Server Plain

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    This is DNS Server Plain

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    17 Ansichten3 Seiten

    DNS Server Implementation Plan

    Hochgeladen von

    Dimuthu Ruwan Bandara Daundasekara
    This is DNS Server Plain

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 3

    DNS Server Implementation Plan

    1. Dedicating an IP within 192.168.103.0/24 subnet.


    IP 192.168.103.XXX
    GW 192.168.103.1
    DNS 127.0.0.1 (localhost)
    DNS Forwarder IP 8.8.8.8, 8.8.4.4
    2. Install Linux Destro
    OS: CentOS 7.2 (Core) / RHEL 7.2 (Core)
    3. Firewall Configuration (Allow port #53)
    [root@dns ~]# firewall-cmd --permanent --add-service=dns
    [root@dns ~]# firewall-cmd --permanent --add-port=53/tcp
    [root@dns ~]# firewall-cmd --permanent --add-port=53/udp
    4. Install bind-utils
    [root@dns ~]# yum install bind*
    5. Configure named.conf according to the setup
    [root@dns ~]# vim /etc/named.conf

    ##################################################
    ####################
    options {
    listen-on port 53 {
    192.168.103.3;
    };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query {
    any;
    };

    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
    forwarders {
    192.168.103.1;
    8.8.8.8;
    };
    forward first;
    };

    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };

    zone "." IN {
    type hint;
    file "named.ca";
    };

    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";

    zone "oit.com" {
    type master;
    file "/var/named/oit.com.hosts.signed";
    allow-query {
    any;
    };

    //zone "oit.com" IN {
    // type master;
    // file "/var/named/oit.com.hosts.signed";
    // allow-transfer { 8.8.8.8; };
    // allow-update { none; };
    //};

    ##################################################
    #########################

    5. Setup DNSSEC on authoritative BIND server (For Further Security)

    [root@dns ~]# vim /etc/named.conf


    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    [root@dns /]# dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE oit.com

    [root@dns /]# dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE oit.com

    Execute Following

    for key in `ls | grep Koit.com | grep .key`


    do
    echo "\$INCLUDE $key">> /var/named/oit.com.hosts.signed
    done
    [root@dns /]# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b
    1-16) -N INCREMENT -o oit.com -u -t /var/named/oit.com.hosts.signed

    [root@dns /]# vim /etc/named.conf

    zone "oit.com" {
    type master;
    file "/var/named/oit.com.hosts.signed";
    allow-query {
    any;
    };

    [root@dns /]# systemctl restart named.service

    Das könnte Ihnen auch gefallen