amarait.files.wordpress.com  · web viewdns zone transfer without key. dns zone transfer with key....

Practice

DNS Zone Transfer without Key DNS Zone Transfer with Key

Solution We must be have 2 machine One machine is primary (master) and One machine is secondary (slave) Primary IP 172.16.0.17 and Secondary IP 172.16.0.19 Primary (master) must be install bind and then edit named.conf Secondary (slave) must be install bind and edit named.conf like Primary

Install Bind and IP address in yast

Write command vi /etc/named.conf

Restart named.conf

After restart named.conf we come to edit zone file localhost.zone and 127.0.0.zone My domain name servers pnc.lan and IP 172.16.0.17 And we change localhost.zone to pnc.lan.zone and 127.0.0.1.zone to 172.16.0.zone

After edit already we must restart service named.conf by command rcname restart

Now we edit in pnc.lan.zone with command vi /var/lib/named/master/pnc.lan.zone

Now we edit in 172.16.0.zone by command vi /var/lib/named/master/172.16.0.zone

We need to restart service named.conf

After we nslookup already we go to named.conf to edit Notify

Set IP address by command yast lan IP for slave is 172.16.0.19

In secondary or ( Slave), we go to named.conf and we must be writing

Masters { 172.16.0.17 }

Now write command vi /var/lib/named/slave/pnc.lan.zone to edit it

Before we need to generate key Command that generate key is dnssec –keygen –a hmac –md5 –b 128 –n HOST key-dns After generate key we take key that generate to put in named.conf We put key generate in Primary and Secondary After we put into named.conf we need edit it

-a = algorithm Selects the cryptographic algorithm. The value of algorithm must be One of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC-MD5. These values are case insensitive. Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC-MD5 is mandatory.

-b = keysize Specifies the number of bits in the key. The choice of key size Depends on the algorithm used. RSAMD5 / RSASHA1 keys must be Between 512 and 2048 bits. Diffie Hellman keys must be between 128 And 4096 bits. DSA keys must be between 512 and 1024 bits and an Exact multiple of 64. HMAC-MD5 keys must be between 1 and 512 bits.-n = nametype Specifies the owner type of the key. The value of nametype must Either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (For a key associated with a host (KEY)), USER (for a key Associated with a user (KEY)) or OTHER (DNSKEY). These values are Case insensitive. Defaults to ZONE for DNSKEY generation.

Now write command VI Kamara.+157+29486.private we can see

Now write command vi /etc/named.conf for configur

1. In Slave, open vi /etc/ named.conf and edit like you did in master: