Linux - v.1 - Installare un Server DNS primario e secondario su Centos


<---------------------------->




Promemoria di come settare i DNS di un generico Server Centos:


1) vim /etc/sysconfig/network




NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=server01.localdomain


2) vim /etc/hosts

127.0.0.1               localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6



3) vim /etc/host.conf



order hosts,bind




4) cd /etc/resolv.conf


5) system-config-network-tui


hostname = server01.localdomain


dns = IP


Search = localdomain
<---------------------------->


Di seguito gli step da eseguire per settare un DNS locale in una rete

vim /etc/sysconfig/network


=== file: /etc/sysconfig/network ===
...

NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=server01.localdomain
BOOTPROTO=static
DOMAINNAME=instyle.locale



vim /etc/hosts


=== file: /etc/hosts ===

127.0.0.1   localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.32.10 server01.instyle.locale server01
192.168.32.10 server01.instyle.locale relay



vim /etc/host.conf


=== file: /etc/host.conf ===

order bind, hosts

vim /etc/resolv.conf


=== file: resolv.conf ===

nameserver 192.168.32.10
nameserver 110.23.12.23 #DNS scelto esterno
search localdomain
domain instyle.locale


<---------------------------->

1) yum -y install bind caching-nameserver

2) vim named.conf
       


 #create new
 options {
    directory "/var/named";
    allow-query { localhost; 192.168.32.0/24; };
    allow-transfer { localhost; 192.168.32.0/24; };
    recursion yes;
};
controls {
    inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
view "internal" {
    match-clients {
        localhost;
        192.168.32.0/24;
    };
    zone "." IN {
        type hint;
        file "named.ca";
    };
    zone "instyle.locale" IN {
        type master;
        file "instyle.locale.lan";
        allow-update { none; };
    };
    zone "32.168.192.in-addr.arpa" IN {
        type master;
        file "32.168.192.db";
        allow-update { none; };
    };
    zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
    };
    zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
    };
    zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
    };

    zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
    };
    zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
    };
};
view "external" {
    match-clients { any; };
    allow-query { any; };
    recursion no;
    zone "instyle.locale" IN {
        type master;
        file "instyle.locale.wan";
        allow-update { none; };
    };
    zone "92.169.13.62.in-addr.arpa" IN {
        type master;
        file "92.169.13.62.db";
        allow-update { none; };
    };
};
include "/etc/rndc.key";


# allow-query . query range you permit
# allow-transfer . the range you permit to transfer zone info
# recursion . allow or not to search recursively
# view "internal" { *** }; . write for internal definition
# view "external" { *** }; . write for external definition
# For How to write for reverse resolving, Write network address reversely like below.
# 10.0.0.0/24
# network address. 10.0.0.0
# range of network. 10.0.0.0 - 10.0.0.255
# how to write. 0.0.10.in-addr.arpa
# 172.16.0.80/29
# network address. 172.16.0.80
# range of network. 172.16.0.80 - 172.16.0.87
# how to write. 80.0.16.172.in-addr.arpa


3) For internal use:

vim /var/named/instyle.locale.lan

$TTL 86400

@         IN       SOA i    server01.instyle.locale. root. instyle.locale. (
2007041501   ;Serial
3600                               ;Refresh
1800                                ;Retry
604800           ;Expire
            86400             ;Minimum TTL
)
# define name server
IN       NS       ns. instyle.locale.
# internal IP address of name server
IN       A          192.168.32.10
# define Mail exchanger
IN       MX 10 server01. instyle.locale.
# define IP address and hostname
            server01        IN       A          192.168.0.10
            www.instyle.locale. IN A 192.168.32.10
            mail.instyle.locale. IN A 192.168.32.10
            instyle.locale. IN NS server01.instyle.locale
            instyle.locale. IN MX 10 mail 

4) Sulla falsariga del precedente file si può creare un altro per la parte .wan: (vedere http://www.server-world.info/en/note?os=CentOS_5&p=dns&f=2) usando il dns di prova 62.13.169.92


vim /var/named/instyle.locale.wan 

5) Per la risoluzione inverse:

vim /var/named/32.168.192.db

$TTL 86400
@         IN       SOA     server01.instyle.locale. root.instyle.locale. (
2007041501               ;Serial
3600                                                       ;Refresh
1800                                                        ;Retry
604800                       ;Expire
86400                         ;Minimum TTL
)
# define name server
IN       NS       server01.instyle.locale.

# define range that this domain name in
IN       PTR     instyle.locale.
# define IP address and hostname
IN       A          255.255.255.0

10        IN       PTR     server01.instyle.locale.


6) Sulla falsarica si crea la zona wan esterna

vim /var/named/92.169.13.62.db

7) Avviamo il servizio

/etc/rc.d/init.d/named start

chkconfig named on


vi resolv.conf


search instyle.locale
nameserver 62.13.169.92

N.B.  se appare l'errore /var/log/messages



named[1284]: starting BIND 9.4.3-P1 -t /var/named -u bind
named[1284]: command channel listening on 127.0.0.1#953
named[1284]: the working directory is not writable
named[1284]: running



E' sufficiente dare il comando



chown -R bind /var/named



8) Usare i comandi seguenti per vedere se funziona tutto:

dig server01.instyle.locale.

dig –x 192.168.32.10



host www.instyle.locale localhost 



host -t mx example.org localhost


7) Per settare un cname:

/var/named/instyle.locale.

# update serial
2007041501 ;Serial

# aliase IN CNAME server's name

ftp        IN       CNAME          ns.instyle.locale.

Per ricaricare le impostazioni:

rndc reload

8) Se uno invece vuole settare un DNS secondario è necessario sul server DNS master:

vim /var/named/instyle.locale.lan

$TTL 86400

@         IN       SOA ns.instyle.locale. root. instyle.locale. (
2007041501   ;Serial
3601                                ;Refresh
1801                                 ;Retry
604800           ;Expire
            86400             ;Minimum TTL
)
# define name server
IN       NS       ns. instyle.locale.

#si aggiunge qui la riga per il dns secondario

IN       NS       ns.instyle2.locale.
# internal IP address of name server
IN       A          192.168.0.17
# define Mail exchanger
IN       MX      10        ns. instyle.locale.
# define IP address and hostname
Ns        IN       A          192.168.0.17

rndc reload

Sul DNS secondario aggiungere la seguente riga:

vi /etc/named.conf

# add these lines below
zone "instyle.locale" IN {
type slave;
masters { 172.16.0.17; };
file "slaves/instyle.locale.lan";
};


rndc reload
server reload successful

ls /var/named/slaves
instyle.locale.lan

[APPENDICE]
  • A Records

An A record is probably the most common and easiest of all records to understand. Quite
simply, whatever is placed on the left will resolve to the IP address provided on the right.
Here’s an example of an A record:

www IN A 192.168.1.1

Here, www (expanded to include the full domain name) would resolve to 192.168.1.1.
If this were the zone file for example.org, www would be expanded to www.example.org. You could choose to be specific in your zone file and use something like this:

www.example.org. IN A 192.168.1.1

The final period (or dot) after .org is very important. If you left this out, the record
would be expanded to create www.example.org.example.org.

www IN A 192.168.1.1

  • CNAME


Cname collega due voci dns.

ftp IN CNAME www

The benefit with using CNAME is that if you change the IP address of the server (perhaps
you’re running this particular machine on an Internet connection that has a dynamic
IP address), you have to update only one IP address instead of two.


  • MX Records

mailserver.example.org. IN A 192.168.1.1
example.org. IN MX 10 mailserver

Remember, though, that the MX record must point to an existing hostname; in other words, it requires an A record. This doesn’t have to be in the same domain, as we’ll see in one of the following examples.

Se uno avesse due mail Server:

mailserver.example.org. IN A 192.168.1.1
mailserver2.example.org. IN A 192.168.1.2
example.org. IN MX 10 mailserver
example.org. IN MX 20 mailserver2


  • NS Records
An NS record looks like this:

example.org. IN NS dns0.example.com.

the authoritative name servers for our domain by creating to NS records.
Generally speaking, you should have at least two DNS servers. This is good practice
because if your DNS server goes down, people won’t be able to find your web site or your
e-mail servers. Because many people host their web sites in the same place they host their
DNS, this won’t help much, but it will ensure that e-mail is properly routed to the backup
e-mail server. Multiple NS records look like this:

example.org. IN NS dns0.example.com.
example.org. IN NS ns1.example.net.

  • Esempio di configurazione DNS

www.example.org. IN A 192.168.1.1
ftp.example.org. IN CNAME www
mail.example.org. IN A 192.168.1.2
mail2.example.org. IN A 10.0.0.1
example.org. IN NS dns0.example.com.
example.org. IN NS ns1.example.net.
example.org. IN MX 10 mail
example.org. IN MX 20 mail