Scribd Logo
Carica

Benvenuto in Scribd!

  • Chapter 05 - Managing DNS For Servers

    Caricato da

    Dimuthu Ruwan Bandara Daundasekara
    31 visualizzazioni3 pagine
    RHCE DNS SERVER CONFIGURATION NOTE

    Titolo originale

    Chapter 05 - Managing DNS for Servers

    Copyright

    © © All Rights Reserved

    Formati disponibili

    TXT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    RHCE DNS SERVER CONFIGURATION NOTE

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    31 visualizzazioni3 pagine

    Chapter 05 - Managing DNS For Servers

    Caricato da

    Dimuthu Ruwan Bandara Daundasekara
    RHCE DNS SERVER CONFIGURATION NOTE

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 3

    The Domain Name System:-

    DNS is a hierarchical nameing system.


    DNS Hierarchy begins with the root domain "." at the top.
    Domain - A collection of resource records that ends in a common name and
    represents an entire subtree of the DNS name space.
    EX:- example.com
    Top Level Domain (TLD) - Domain that has only one component.
    Ex:- .com .edu .org
    Subdomain - A domain that is a subtree of another domain.
    EX:- lab.example.com
    Zone - The portion of a domain for which a particuler nameserver is directly res
    ponsible or authritative.

    Anatomy of DNS Lookups:-


    When a system needs to perform name resolution using a DNS server, It begins by
    sending querries to the servers listed in /etc/resolove.conf in order.
    Local aithoritative data:-
    When the query arrives at a DNS server, the server first determines whether the
    information being being queried resides in a zonethat it is authoritative for.
    If the server is an authoritaive for the zone that the name or address being que
    ried belongs to, then the server responds to the client with the information con
    tained in its local zone. this is the Authoritative Answare (aa).
    Local cached non-authoritative data:-
    If the DNS server is not an authority for the record in question, But, it has a
    copy of recored in the cahche to the answare for prviously queried. If the answ
    are provided to the client. This answare will not have the "aa" flag set. since
    the server is not authoritative for the data being provided.
    DNS Resource Records (DNS RRs):-
    Entries in a DNS zone that specify information about a partculer name or object
    in the zone.
    RR contains a Type,TTL,Class and Data.
    Owner-name - Name for resource records
    TTL - Specifies how long this resource record should be cached by DNS resolvers.
    Class - "IN" internet
    Type - Sort of information stored by this record (EX: A records maps hostname to
    an IPv4 address)
    Data - Data stored by this record
    A Records:- Maps a hostname to an IPv4 address
    AAAA Rcordes:- Maps host name to an IPv6 address
    CNAME - Records aliases one name to another name (canonical name). Which should
    have A or AAAA records

    PTR (Pointer) - PTR maps IP addresses to a hostname. Used for reverse DNS resolu
    tion.
    NS (name server) Records - NS record maps a domain name to a DNS name server whi
    ch is authoritative for its DNS zone.
    SOA (Start of authority) Records - Provide information about how a DNS zone work
    s.
    MX (Mail Exchange) - MX records maps a domain name to mail exchange which will a
    ccept email for that name.

    Configuring Caching DNS Name Server:-


    Caching DNS servers store DNS queries in a local cache and removes resource reco
    rds from the cacge when thier TTL expire.

    INSTALL UNBOUND:-
    [root@cdns ~]# yum install unbound -y
    CONFIGURE UNBOUND.CONF:-
    [root@cdns ~]# vim /etc/unbound/unbound.conf
    interface: 192.168.110.22
    By default only listen on the localhost. To change to insten on all interfaces 0
    .0.0.0 . Specify the network interfaces to listen on.
    access-control: 192.168.110.0/24 allow
    Specify which clients are allowed to make recursive aueries.
    forward-zone:
    name: "."
    forward-addr: 192.168.110.21

    By specifying . for the name we are saying to forward all queries, this can be cha
    nged to a specific domain name to only forward queries for that specific domain
    to the address set.
    Specifies which DNS servers to forward queries to. Forward all queries by specif
    ying a foreward-zone of "."
    DNSSEC - Perform DNSSEC added security for validate to verify all DNS queries.
    domain-insecure: "main.com"
    Bypass DNSSEC validation for select unsigned zones.
    VALIDATING CONFIGURATIONS:-
    [root@Srv1 /]# unbound-checkconf
    unbound-checkconf: no errors in /etc/unbound/unbound.conf
    FIREWALL CONFIGURATION:-
    [root@cdns ~]# firewall-cmd --permanent --add-service=dns
    [root@cdns ~]# firewall-cmd --reload
    [root@cdns ~]# systemctl enable unbound.service
    [root@cdns ~]# systemctl start unbound.service
    TROUBLESHOOTING:-
    [root@cdns ~]# unbound-anchor -a /etc/unbound/unbound_server.key
    [root@cdns ~]# chown unbound /etc/unbound/unbound_server.key
    [root@cdns ~]# unbound-checkconf
    unbound-checkconf: no errors in /etc/unbound/unbound.conf

    Potrebbero piacerti anche