search

rabbitmac / LearningLinux

This repo is to track the learning materials and documenting the linux commands.
0 stars 0 forks source link

DNS Port number 53 (8/13/2023) #6

Open rabbitmac opened 1 year ago

rabbitmac commented 1 year ago

set ipaddress

yum install bind*

systemctl enable named.service

vim /etc/resole.conf

search ferrari.com nameserver 181.1.1.1

vim /etc/host

127.0.0.1 localhost.localdomain 181.1.1.1 ferrai.com 181.1.1.1 www.ferrari.com

vim /etc/named.conf

options { listen-on port 53 { 181.1.1.1; }; ( 11th line change ipaddress ) listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { 181.1.1.0; 181.1.1.1; }; (19th line change network ip system ip)

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

  dnssec-validation yes;

    managed-keys-directory "/var/named/dynamic";
    geoip-directory "/usr/share/GeoIP";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

    /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
    include "/etc/crypto-policies/back-ends/bind.config";

};

logging { channel default_debug { file "data/named.run"; severity dynamic; }; };

zone "." IN { type hint; file "named.ca"; };

zone "ferrari.com" IN { type master; (for forward lookup) file "ferrari.com"; }; zone "1.1.181.in-addr.arpa" IN { type master; (revers lookup) file "ferrari.local"; };

include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

cd /var/named

cp named.localhost ferrari.com

cp named .localhost ferrari.com

vim ferrari .com

$TTL 1D @ IN SOA RabbitMac.ferrari.com. rname.ferrari.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ferrari.com. ferrari.com. IN A 181.1.1.1 www IN A 181.1.1.1 RabbitMac IN A 181.1.1.1

vim ferrari.local

$TTL 1D @ IN SOA RabbitMac.ferrari.com. rname.ferrari.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ferrari.com. 1 IN PTR ferrari.com. 1 IN PTR www.ferrari.com. 1 IN PTR RabbitMac.ferrari.com.

chmod 777 /var/named/ferrari.local

chmod 777 /var/named/ferrari.com

nslookup ferrari.com

nslookup ipaddress (reverse zone)

rabbitmac commented 1 year ago

vim ferrari.com

TTL 1D @ IN SOA RabbitMac.ferrari.com. rname.ferrari.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ferrari.com. ferrari.com. IN A 181.1.1.1 www IN A 181.1.1.1 RabbitMac IN A 181.1.1.1

vim ferrari.local

$TTL 1D @ IN SOA RabbitMac.ferrari.com. rname.ferrari.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ferrari.com. 1 IN PTR ferrari.com. 1 IN PTR www.ferrari.com. 1 IN PTR RabbitMac.ferrari.com.