linux_wiki:configure_a_caching-only_name_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:configure_a_caching-only_name_server [2016/10/08 17:58]
billdozor 		linux_wiki:configure_a_caching-only_name_server [2019/05/25 23:50]
Line 1: Line 1:
-====== Configure A Caching-only Name Server ====== 
- 
-**General Information** 
- 
-Caching-only name servers are non-authoritative. They perform lookups inside or outside the zone and cache the results to use locally. 
- 
-The exam requires you to setup a DNS caching server. It does not specify which one. 
- 
----- 
- 
-====== Lab Setup ====== 
- 
-The following virtual machines will be used: 
-  * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here 
-  * server2.example.com (192.168.1.151) -> Install DNS caching here 
- 
----- 
- 
-====== DNS Caching Server: Unbound ====== 
- 
-Installing and configuring the unbound DNS caching only server. 
- 
-\\ 
-Install required packages 
-<code bash> 
-yum install unbound 
-</code> 
- 
-\\ 
-Enable the service 
-<code bash> 
-systemctl enable unbound 
-</code> 
- 
-\\ 
-Open the firewall 
-<code bash> 
-firewall-cmd --permanent --add-service=dns 
-firewall-cmd --reload 
-</code> 
- 
-\\ 
-Prevent errors about server-keys not existing 
-<code bash> 
-unbound-control-setup 
-</code> 
- 
-\\ 
-Configure to accept on any interface and allow from certain networks 
-<code bash> 
-vim /etc/unbound/unbound.conf 
- 
-interface: 0.0.0.0 
-access-control: 192.168.1.0/24 allow 
-</code> 
- 
-\\ 
-Configure a fowarder (DNS server that should receive requests the caching server doesn't know) 
-<code bash> 
-vim /etc/unbound/unbound.conf 
- 
-forward-zone: 
-  name: "." 
-  forward-addr: 192.168.1.152 
-</code> 
- 
-\\ 
-Unbound requires DNSSEC validation by default. Disable for internal DNS that do not have this setup 
-<code bash> 
-vim /etc/unbound/unbound.conf 
- 
-domain-insecure: "example.com" 
-</code> 
- 
-\\ 
-Verify configuration 
-<code bash> 
-unbound-checkconf 
-</code> 
- 
-\\ 
-Start the unbound service 
-<code bash> 
-systemctl start unbound 
-</code> 
- 
-\\ 
-Configure a different system to use the DNS caching server 
-<code bash> 
-nmcli con mod eth0 ipv4.dns 192.168.1.151 
-</code> 
- 
-\\ 
-Test a DNS lookup 
-<code bash> 
-dig server3.example.com 
-</code> 
- 
----- 
- 
-====== DNS Caching Server: Bind ====== 
- 
-Installing and configuring the bind DNS caching only server. 
- 
-\\ 
-Install required packages 
-<code bash> 
-yum install bind bind-utils 
-</code> 
-  * bind -> server package 
-  * bind-utils -> client utilities 
- 
-\\ 
-Enable the service 
-<code bash> 
-systemctl enable named 
-</code> 
- 
-\\ 
-Open the firewall for DNS 
-<code bash> 
-firewall-cmd --permanent --add-service=dns 
-firewall-cmd --reload 
-</code> 
- 
-\\ 
-Make some named configuration changes 
-<code bash> 
-vim /etc/named.conf 
- 
-listen-on port 53 { any; }; 
-allow-query { any; }; 
- 
-dnssec-validation no; 
-</code> 
-  * listen on any IP 
-  * allow queries from any sources 
-  * do not validate local lookups 
- 
-\\ 
-Check named.conf config syntax 
-<code bash> 
-named-checkconf 
-</code> 
-  * No output = no mistakes 
- 
-\\ 
-Start the named service 
-<code bash> 
-systemctl start named 
-</code> 
- 
-\\ 
-Test a domain lookup 
-<code bash> 
-nslookup google.com 127.0.0.1 
- 
-OR 
- 
-dig @127.0.0.1 google.com 
-</code> 
- 
----- 
  
  • linux_wiki/configure_a_caching-only_name_server.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)