Nameserver Workshop: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| (11 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
| Zeile 2: | Zeile 2: | ||
Worf und Nagus | Worf und Nagus | ||
==Worf== | ==Worf== | ||
| − | ==Konfiguration== | + | ==Konfiguration Forward Zone== |
*/etc/bind/named.conf.local | */etc/bind/named.conf.local | ||
<pre> | <pre> | ||
| Zeile 70: | Zeile 70: | ||
}; | }; | ||
</pre> | </pre> | ||
| + | ==Restart== | ||
| + | *systemctl restart bind9 | ||
| + | ==Test== | ||
| + | *dig @192.168.255.251 -t ns lan | ||
| + | <pre> | ||
| + | ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.255.251 -t ns lan | ||
| + | ; (1 server found) | ||
| + | ;; global options: +cmd | ||
| + | ;; Got answer: | ||
| + | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37493 | ||
| + | ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3 | ||
| + | |||
| + | ;; OPT PSEUDOSECTION: | ||
| + | ; EDNS: version: 0, flags:; udp: 4096 | ||
| + | ;; QUESTION SECTION: | ||
| + | ;lan. IN NS | ||
| + | |||
| + | ;; ANSWER SECTION: | ||
| + | lan. 60 IN NS nagus.xinux.lan. | ||
| + | lan. 60 IN NS worf.xinux.lan. | ||
| + | |||
| + | ;; ADDITIONAL SECTION: | ||
| + | worf.xinux.lan. 300 IN A 192.168.255.250 | ||
| + | nagus.xinux.lan. 300 IN A 192.168.255.251 | ||
| + | |||
| + | ;; Query time: 0 msec | ||
| + | ;; SERVER: 192.168.255.251#53(192.168.255.251) | ||
| + | ;; WHEN: Tue Apr 04 11:44:51 CEST 2017 | ||
| + | ;; MSG SIZE rcvd: 109 | ||
| + | </pre> | ||
| + | =Second Level Domains= | ||
| + | janix.lan und aaronix.lan | ||
| + | |||
| + | Für jede Domain müssen Lanix 2 Nameserver mit zugeöriger IP mitgeteilt werden. | ||
| + | |||
| + | ==janix.lan== | ||
| + | ==Namerver== | ||
| + | *erdogan.janix.lan. A 192.168.244.144 | ||
| + | *benis.aaronix.lan. A 192.168.246.121 | ||
| + | |||
| + | ==aaronix.lan== | ||
| + | ==Namerver== | ||
| + | *erdogan.janix.lan. A 192.168.244.144 | ||
| + | *benis.aaronix.lan. A 192.168.246.121 | ||
| + | ==Eintrag im Toplevel DNS in der lan Zone== | ||
| + | <pre> | ||
| + | aaronix.lan. NS erdogan.janix.lan. | ||
| + | aaronix.lan. NS benis.aaronix.lan. | ||
| + | erdogan.janix.lan. A 192.168.244.144 | ||
| + | benis.aaronix.lan. A 192.168.246.121 | ||
| + | </pre> | ||
| + | ==Einträge auf erdogang.janix.lan== | ||
| + | */etc/bind/named.conf.local | ||
| + | <pre> | ||
| + | zone "janix.lan" { | ||
| + | type master; | ||
| + | file "janix.lan"; | ||
| + | }; | ||
| + | |||
| + | zone "aaronix.lan" { | ||
| + | type slave; | ||
| + | file "aaronix.lan"; | ||
| + | masters { 192.168.246.121; }; | ||
| + | }; | ||
| + | </pre> | ||
| + | */var/cache/bind/janix.lan | ||
| + | <pre> | ||
| + | $TTL 60 ; 5 minutes | ||
| + | @ SOA erdogan.janix.lan. technik.xinux.de. ( | ||
| + | 2017040401 ; serial | ||
| + | 14400 ; refresh (4 hours) | ||
| + | 3600 ; retry (1 hour) | ||
| + | 3600000 ; expire (5 weeks 6 days 16 hours) | ||
| + | 86400 ; minimum (1 day) | ||
| + | ) | ||
| + | NS erdogan.janix.lan. | ||
| + | NS benis.aaronix.lan. | ||
| + | erdogan.janix.lan. A 192.168.244.144 | ||
| + | </pre> | ||
| + | |||
| + | [[Datei:workshop.dia]] | ||
| + | |||
| + | =Forwarding DNS= | ||
| + | */etc/bind/named.conf.options | ||
| + | <pre> | ||
| + | acl goodclients { | ||
| + | 192.168.0.0/16; | ||
| + | localhost; | ||
| + | localnets; | ||
| + | }; | ||
| + | options { | ||
| + | directory "/var/cache/bind"; | ||
| + | allow-query { goodclients; }; | ||
| + | recursion yes; | ||
| + | forwarders { | ||
| + | 192.168.255.250; | ||
| + | 192.168.255.251; | ||
| + | }; | ||
| + | dnssec-validation no; | ||
| + | dnssec-enable no; | ||
| + | auth-nxdomain no; | ||
| + | listen-on-v6 { none; }; | ||
| + | }; | ||
| + | </pre> | ||
| + | Worf und Nagus | ||
| + | ==Worf== | ||
| + | ==Konfiguration Reverse Zone== | ||
| + | */etc/bind/named.conf.local | ||
| + | <pre> | ||
| + | zone "10.in-addr.arpa" { | ||
| + | type master; | ||
| + | file "10.in-addr.arpa"; | ||
| + | }; | ||
| + | </pre> | ||
| + | */var/cache/bind/10.in-addr.arpa | ||
| + | <pre> | ||
| + | $TTL 300 ; 5 minutes | ||
| + | @ IN SOA worf.xinux.lan. technik.xinux.de. ( | ||
| + | 2017040501 ; serial | ||
| + | 14400 ; refresh (4 hours) | ||
| + | 3600 ; retry (1 hour) | ||
| + | 3600000 ; expire (5 weeks 6 days 16 hours) | ||
| + | 86400 ; minimum (1 day) | ||
| + | ) | ||
| + | NS worf.xinux.lan. | ||
| + | NS nagus.xinux.lan. | ||
| + | 115.40.10.in-addr.arpa. NS erdogan.janix.lan. | ||
| + | </pre> | ||
| + | ==Restart== | ||
| + | *systemctl restart bind9 | ||
| + | ==Test== | ||
| + | *dig @127.0.0.1 -t soa 10.in-addr.arpa | ||
| + | <pre> | ||
| + | ; (1 server found) | ||
| + | ;; global options: +cmd | ||
| + | ;; Got answer: | ||
| + | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23841 | ||
| + | ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 | ||
| + | ;; WARNING: recursion requested but not available | ||
| + | |||
| + | ;; OPT PSEUDOSECTION: | ||
| + | ; EDNS: version: 0, flags:; udp: 4096 | ||
| + | ;; QUESTION SECTION: | ||
| + | ;10.in-addr.arpa. IN SOA | ||
| + | |||
| + | ;; ANSWER SECTION: | ||
| + | 10.in-addr.arpa. 300 IN SOA worf.xinux.lan. technik.xinux.de. 2017040501 14400 3600 3600000 86400 | ||
| + | |||
| + | ;; AUTHORITY SECTION: | ||
| + | 10.in-addr.arpa. 300 IN NS worf.xinux.lan. | ||
| + | 10.in-addr.arpa. 300 IN NS nagus.xinux.lan. | ||
| + | |||
| + | ;; ADDITIONAL SECTION: | ||
| + | worf.xinux.lan. 300 IN A 192.168.255.250 | ||
| + | nagus.xinux.lan. 300 IN A 192.168.255.251 | ||
| + | |||
| + | ;; Query time: 0 msec | ||
| + | ;; SERVER: 127.0.0.1#53(127.0.0.1) | ||
| + | ;; WHEN: Wed Apr 05 12:11:29 CEST 2017 | ||
| + | ;; MSG SIZE rcvd: 176 | ||
| + | </pre> | ||
| + | |||
| + | ==Nagus== | ||
| + | */etc/bind/named.conf.local | ||
| + | <pre> | ||
| + | zone "10.in-addr.arpa" { | ||
| + | type slave; | ||
| + | file "10.in-addr.arpa"; | ||
| + | masters {192.168.255.250; }; | ||
| + | }; | ||
| + | </pre> | ||
| + | ==Restart== | ||
| + | *systemctl restart bind9 | ||
Aktuelle Version vom 5. April 2017, 10:13 Uhr
Toplevel Nameserver
Worf und Nagus
Worf
Konfiguration Forward Zone
- /etc/bind/named.conf.local
zone "lan" {
type master;
file "lan";
};
- /var/cache/bind/lan
$TTL 60 ; 5 minutes
@ SOA worf.xinux.lan. technik.xinux.de. (
2017040301 ; serial
14400 ; refresh (4 hours)
3600 ; retry (1 hour)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS worf.xinux.lan.
NS nagus.xinux.lan.
worf.xinux.lan. A 192.168.255.250
nagus.xinux.lan. A 192.168.255.251
Restart
- systemctl restart bind9
Test
- dig @127.0.0.1 -t soa lan
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @127.0.0.1 -t soa lan ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53306 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;lan. IN SOA ;; ANSWER SECTION: lan. 60 IN SOA worf.xinux.lan. technik.xinux.de. 2017040301 14400 3600 3600000 86400 ;; AUTHORITY SECTION: lan. 60 IN NS worf.xinux.lan. lan. 60 IN NS nagus.xinux.lan. ;; ADDITIONAL SECTION: worf.xinux.lan. 300 IN A 192.168.255.250 nagus.xinux.lan. 300 IN A 192.168.255.251 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Apr 04 11:41:31 CEST 2017 ;; MSG SIZE rcvd: 161
Nagus
- /etc/bind/named.conf.local
zone "lan" {
type slave;
file "lan";
masters { 192.168.255.250; };
};
Restart
- systemctl restart bind9
Test
- dig @192.168.255.251 -t ns lan
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.255.251 -t ns lan ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37493 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;lan. IN NS ;; ANSWER SECTION: lan. 60 IN NS nagus.xinux.lan. lan. 60 IN NS worf.xinux.lan. ;; ADDITIONAL SECTION: worf.xinux.lan. 300 IN A 192.168.255.250 nagus.xinux.lan. 300 IN A 192.168.255.251 ;; Query time: 0 msec ;; SERVER: 192.168.255.251#53(192.168.255.251) ;; WHEN: Tue Apr 04 11:44:51 CEST 2017 ;; MSG SIZE rcvd: 109
Second Level Domains
janix.lan und aaronix.lan
Für jede Domain müssen Lanix 2 Nameserver mit zugeöriger IP mitgeteilt werden.
janix.lan
Namerver
- erdogan.janix.lan. A 192.168.244.144
- benis.aaronix.lan. A 192.168.246.121
aaronix.lan
Namerver
- erdogan.janix.lan. A 192.168.244.144
- benis.aaronix.lan. A 192.168.246.121
Eintrag im Toplevel DNS in der lan Zone
aaronix.lan. NS erdogan.janix.lan. aaronix.lan. NS benis.aaronix.lan. erdogan.janix.lan. A 192.168.244.144 benis.aaronix.lan. A 192.168.246.121
Einträge auf erdogang.janix.lan
- /etc/bind/named.conf.local
zone "janix.lan" {
type master;
file "janix.lan";
};
zone "aaronix.lan" {
type slave;
file "aaronix.lan";
masters { 192.168.246.121; };
};
- /var/cache/bind/janix.lan
$TTL 60 ; 5 minutes
@ SOA erdogan.janix.lan. technik.xinux.de. (
2017040401 ; serial
14400 ; refresh (4 hours)
3600 ; retry (1 hour)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS erdogan.janix.lan.
NS benis.aaronix.lan.
erdogan.janix.lan. A 192.168.244.144
Forwarding DNS
- /etc/bind/named.conf.options
acl goodclients {
192.168.0.0/16;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
allow-query { goodclients; };
recursion yes;
forwarders {
192.168.255.250;
192.168.255.251;
};
dnssec-validation no;
dnssec-enable no;
auth-nxdomain no;
listen-on-v6 { none; };
};
Worf und Nagus
Worf
Konfiguration Reverse Zone
- /etc/bind/named.conf.local
zone "10.in-addr.arpa" {
type master;
file "10.in-addr.arpa";
};
- /var/cache/bind/10.in-addr.arpa
$TTL 300 ; 5 minutes
@ IN SOA worf.xinux.lan. technik.xinux.de. (
2017040501 ; serial
14400 ; refresh (4 hours)
3600 ; retry (1 hour)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS worf.xinux.lan.
NS nagus.xinux.lan.
115.40.10.in-addr.arpa. NS erdogan.janix.lan.
Restart
- systemctl restart bind9
Test
- dig @127.0.0.1 -t soa 10.in-addr.arpa
; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23841 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;10.in-addr.arpa. IN SOA ;; ANSWER SECTION: 10.in-addr.arpa. 300 IN SOA worf.xinux.lan. technik.xinux.de. 2017040501 14400 3600 3600000 86400 ;; AUTHORITY SECTION: 10.in-addr.arpa. 300 IN NS worf.xinux.lan. 10.in-addr.arpa. 300 IN NS nagus.xinux.lan. ;; ADDITIONAL SECTION: worf.xinux.lan. 300 IN A 192.168.255.250 nagus.xinux.lan. 300 IN A 192.168.255.251 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Apr 05 12:11:29 CEST 2017 ;; MSG SIZE rcvd: 176
Nagus
- /etc/bind/named.conf.local
zone "10.in-addr.arpa" {
type slave;
file "10.in-addr.arpa";
masters {192.168.255.250; };
};
Restart
- systemctl restart bind9