Differences
This shows you the differences between two versions of the page.
linux_wiki:configure_a_caching-only_name_server [2016/09/29 22:45] billdozor [Configure A Caching-only Name Server] |
linux_wiki:configure_a_caching-only_name_server [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure A Caching-only Name Server ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Caching-only name servers are non-authoritative. They perform lookups inside or outside the zone and cache the results to use locally. | ||
- | |||
- | The exam requires you to setup a DNS caching server. It does not specify which one. | ||
- | |||
- | ---- | ||
- | |||
- | ====== DNS Caching Server: Unbound ====== | ||
- | |||
- | Install required packages | ||
- | <code bash> | ||
- | yum install unbound | ||
- | </ | ||
- | |||
- | \\ | ||
- | Enable the service | ||
- | <code bash> | ||
- | systemctl enable unbound | ||
- | </ | ||
- | |||
- | \\ | ||
- | Open the firewall | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=dns | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | Prevent errors about server-keys not existing | ||
- | <code bash> | ||
- | unbound-control-setup | ||
- | </ | ||
- | |||
- | \\ | ||
- | Configure to accept on any interface and allow from certain networks | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | interface: 0.0.0.0 | ||
- | access-control: | ||
- | </ | ||
- | |||
- | \\ | ||
- | Configure a fowarder (DNS server that should receive requests the caching server doesn' | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | forward-zone: | ||
- | name: " | ||
- | forward-addr: | ||
- | </ | ||
- | |||
- | \\ | ||
- | Unbound requires DNSSEC validation by default. Disable for internal DNS that do not have this setup | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | domain-insecure: | ||
- | </ | ||
- | |||
- | \\ | ||
- | Verify configuration | ||
- | <code bash> | ||
- | unbound-checkconf | ||
- | </ | ||
- | |||
- | \\ | ||
- | Start the unbound service | ||
- | <code bash> | ||
- | systemctl start unbound | ||
- | </ | ||
- | |||
- | \\ | ||
- | Configure a different system to use the DNS caching server | ||
- | <code bash> | ||
- | nmcli con mod eth0 ipv4.dns 192.168.1.151 | ||
- | </ | ||
- | |||
- | \\ | ||
- | Test a DNS lookup | ||
- | <code bash> | ||
- | dig server3.example.com | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== DNS Caching Server: Bind ====== | ||
- | |||
- | Install required packages | ||
- | <code bash> | ||
- | yum install bind bind-utils | ||
- | </ | ||
- | * bind -> server package | ||
- | * bind-utils -> client utilities | ||
- | |||
- | \\ | ||
- | Enable the service | ||
- | <code bash> | ||
- | systemctl enable named | ||
- | </ | ||
- | |||
- | \\ | ||
- | Open the firewall for DNS | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=dns | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | Make some named configuration changes | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | listen-on port 53 { any; }; | ||
- | allow-query { any; }; | ||
- | |||
- | dnssec-validation no; | ||
- | </ | ||
- | * listen on any IP | ||
- | * allow queries from any sources | ||
- | * do not validate local lookups | ||
- | |||
- | \\ | ||
- | Check named.conf config syntax | ||
- | <code bash> | ||
- | named-checkconf | ||
- | </ | ||
- | * No output = no mistakes | ||
- | |||
- | \\ | ||
- | Start the named service | ||
- | <code bash> | ||
- | systemctl start named | ||
- | </ | ||
- | |||
- | \\ | ||
- | Test a domain lookup | ||
- | <code bash> | ||
- | nslookup google.com 127.0.0.1 | ||
- | |||
- | OR | ||
- | |||
- | dig @127.0.0.1 google.com | ||
- | </ | ||
- | |||
- | ---- | ||