Differences
This shows you the differences between two versions of the page.
linux_wiki:configure_a_caching-only_name_server [2018/04/10 23:26] billdozor [DNS Caching Server: Unbound] |
linux_wiki:configure_a_caching-only_name_server [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure A Caching-only Name Server ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Caching-only name servers are non-authoritative. They perform lookups inside or outside the zone and cache the results to use locally. | ||
- | |||
- | The exam requires you to setup a DNS caching server. It does not specify which one. | ||
- | |||
- | ---- | ||
- | |||
- | ====== Lab Setup ====== | ||
- | |||
- | The following virtual machines will be used: | ||
- | * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | ||
- | * server2.example.com (192.168.1.151) -> Install DNS caching here | ||
- | |||
- | ---- | ||
- | |||
- | ====== DNS Caching Server: Unbound ====== | ||
- | |||
- | Installing and configuring the unbound DNS caching only server. | ||
- | |||
- | \\ | ||
- | server2: Install required packages | ||
- | <code bash> | ||
- | yum install unbound | ||
- | </ | ||
- | |||
- | \\ | ||
- | server2: Enable the service | ||
- | <code bash> | ||
- | systemctl enable unbound | ||
- | </ | ||
- | |||
- | \\ | ||
- | server2: Open the firewall | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=dns | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | server2: Prevent errors about server-keys not existing | ||
- | <code bash> | ||
- | unbound-control-setup | ||
- | </ | ||
- | |||
- | \\ | ||
- | Unbound has almost all config commented out by default. Uncomment and modify items. | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | ## Listen on all interfaces | ||
- | # uncomment/ | ||
- | interface: 0.0.0.0 | ||
- | |||
- | ## Allow queries from local networks | ||
- | # uncomment/ | ||
- | access-control: | ||
- | |||
- | ## Disable dns-sec for local domain | ||
- | # uncomment/ | ||
- | domain-insecure: | ||
- | |||
- | ## Configure forward zone | ||
- | # uncomment/ | ||
- | forward-zone: | ||
- | name: " | ||
- | forward-addr: | ||
- | </ | ||
- | |||
- | \\ | ||
- | server2: Verify configuration | ||
- | <code bash> | ||
- | unbound-checkconf | ||
- | </ | ||
- | |||
- | \\ | ||
- | server2: Start the unbound service | ||
- | <code bash> | ||
- | systemctl start unbound | ||
- | </ | ||
- | |||
- | \\ | ||
- | server1: Configure a different system to use the DNS caching server | ||
- | <code bash> | ||
- | nmcli con mod eth0 ipv4.dns 192.168.1.151 | ||
- | </ | ||
- | |||
- | \\ | ||
- | server1: Test a DNS lookup | ||
- | <code bash> | ||
- | dig server3.example.com | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== DNS Caching Server: Bind ====== | ||
- | |||
- | Installing and configuring the bind DNS caching only server. | ||
- | |||
- | \\ | ||
- | Install required packages | ||
- | <code bash> | ||
- | yum install bind bind-utils | ||
- | </ | ||
- | * bind -> server package | ||
- | * bind-utils -> client utilities | ||
- | |||
- | \\ | ||
- | Enable the service | ||
- | <code bash> | ||
- | systemctl enable named | ||
- | </ | ||
- | |||
- | \\ | ||
- | Open the firewall for DNS | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=dns | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | Make some named configuration changes | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | # existing config items, modify | ||
- | listen-on port 53 { any; }; | ||
- | allow-query { 192.168.1.0/ | ||
- | |||
- | # copy and paste allow-query line and change to allow-transfer | ||
- | allow-transfer { 192.168.1.0/ | ||
- | |||
- | # existing config item, modify to no | ||
- | dnssec-validation no; | ||
- | |||
- | # new entry for forward zone - needs to be memorized | ||
- | zone " | ||
- | type forward; | ||
- | forwarders { 192.168.1.200; | ||
- | }; | ||
- | </ | ||
- | * listen on any IP | ||
- | * allow queries/ | ||
- | * do not validate local lookups | ||
- | * zone | ||
- | * " | ||
- | * type forward; | ||
- | * forwarders { 192.168.1.200; | ||
- | |||
- | \\ | ||
- | Check named.conf config syntax | ||
- | <code bash> | ||
- | named-checkconf | ||
- | </ | ||
- | * No output = no mistakes | ||
- | |||
- | \\ | ||
- | Start the named service | ||
- | <code bash> | ||
- | systemctl start named | ||
- | </ | ||
- | |||
- | \\ | ||
- | Test a domain lookup | ||
- | <code bash> | ||
- | nslookup google.com 127.0.0.1 | ||
- | |||
- | OR | ||
- | |||
- | dig @127.0.0.1 google.com | ||
- | </ | ||
- | |||
- | ---- | ||