dns configuration in red hat enterprise linux
TRANSCRIPT
-
8/3/2019 DNS configuration in Red Hat Enterprise Linux
1/3
What You Must Know After Having Read Basics of Linux
Domain Name Server Configuration(RHEL 6 Server)
the configuration file varies in few aspects with version of BIND in use. converting your
existing BIND 4.x configuration file to be compliant with BIND 8.x is easy! In the
documentation directory provided as part of BIND (for example, ``/usr/doc/bind-
8.1.2/'' for BIND version 8.1.2), there exists a file called ``named-bootconf.pl'',which is an executable Perl program. Assuming you have Perl installed on your system,
you can use this program to convert your configuration file. To do so, type the following
commands (as root).
The configuration file consists of a collection of statements with nested options
surrounded by opening and closing curly brackets (that is, { and }). Note that whenediting the file, you have to be careful not to make any syntax error, otherwise thenamed service will not start.
If you have installed the bind-chroot package, the BIND service will run in the
/var/named/chroot environment. In that case, the initialization script will mount
the above configuration files using the mount --bind command, so that you canmanage the configuration outside this environment.
One has to define hosts to the nameserver who will then have permission to access it.
The following types of statements are commonly used in /etc/named.conf:acl
The acl (Access Control List) statement allows you to define groups of hosts, so that theycan be permitted or denied access to the nameserver. It takes the following form:
acl acl-name { match-element;...
};
The acl-name statement name is the name of the access control list, and the match-element option is usually an individual IP address (such as 10.0.1.1) or a CIDR networknotation (for example, 10.0.1.0/24)
Predefined ACLs: anyMatches every IP address. localhost Matches any IP addressthat is in use by the local system. localnets Matches any IP address on anynetwork to which the local system is connected. none Does not match any IP address.
The include statement allows you to include files in the /etc/named.conf, sothat potentially sensitive data can be placed in a separate file with restricted permissions.
It takes the following form:include "file-name"
The file-name statement name is an absolute path to a file.
Using ACLs with options: acl black-hats {10.0.2.0/24;192.168.0.0/24;1234:5678::9abc/24;};acl red-hats {10.0.1.0/24;};
options { blackhole { black-hats; }; allow-query { red-hats; }; allow-query-cache { red-hats; };
http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html# -
8/3/2019 DNS configuration in Red Hat Enterprise Linux
2/3
};
Few common options are:
To prevent distributed denial of service (DDoS) attacks, it is recommended that you use
the allow-query-cache option to restrict recursive DNS services for a particularsubset of clients only.
Look at the loopback mentioned there too: listen-on port 53 { 127.0.0.1;};
zone zone-name [zone-class] { option;
...};
The zone-name attribute is particularly important, as it is the defaultvalue assigned for the $ORIGIN directive used within the corresponding zone filelocated in the /var/named/ directory. The named daemon appends the name of thezone to any non-fully qualified domain name listed in the zone file. Forexample, if a zone statement defines the namespace for example.com, useexample.com as the zone-name so that it is placed at the end of hostnameswithin the example.com zone file.
Changes made to /etc/named.conf are often these zone changes becausethese override the global options.
The /etc/sysconfig/network file is used to specify information aboutthe desired network configuration.
http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html#http://www.linuxtopia.org/online_books/rhel6/rhel_6_deployment/rhel_6_deployment_s1-bind-namedconf.html# -
8/3/2019 DNS configuration in Red Hat Enterprise Linux
3/3