amarait.files.wordpress.com · web viewdns zone transfer without key. dns zone transfer with key....
TRANSCRIPT
Practice
DNS Zone Transfer without Key DNS Zone Transfer with Key
Solution We must be have 2 machine One machine is primary (master) and One machine is secondary (slave) Primary IP 172.16.0.17 and Secondary IP 172.16.0.19 Primary (master) must be install bind and then edit named.conf Secondary (slave) must be install bind and edit named.conf like Primary
Install Bind and IP address in yast
Write command vi /etc/named.conf
Restart named.conf
After restart named.conf we come to edit zone file localhost.zone and 127.0.0.zone My domain name servers pnc.lan and IP 172.16.0.17 And we change localhost.zone to pnc.lan.zone and 127.0.0.1.zone to 172.16.0.zone
After edit already we must restart service named.conf by command rcname restart
Now we edit in pnc.lan.zone with command vi /var/lib/named/master/pnc.lan.zone
Now we edit in 172.16.0.zone by command vi /var/lib/named/master/172.16.0.zone
We need to restart service named.conf
After we nslookup already we go to named.conf to edit Notify
Set IP address by command yast lan IP for slave is 172.16.0.19
In secondary or ( Slave), we go to named.conf and we must be writing
Masters { 172.16.0.17 }
Now write command vi /var/lib/named/slave/pnc.lan.zone to edit it
Before we need to generate key Command that generate key is dnssec –keygen –a hmac –md5 –b 128 –n HOST key-dns After generate key we take key that generate to put in named.conf We put key generate in Primary and Secondary After we put into named.conf we need edit it
-a = algorithm Selects the cryptographic algorithm. The value of algorithm must be One of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC-MD5. These values are case insensitive. Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC-MD5 is mandatory.
-b = keysize Specifies the number of bits in the key. The choice of key size Depends on the algorithm used. RSAMD5 / RSASHA1 keys must be Between 512 and 2048 bits. Diffie Hellman keys must be between 128 And 4096 bits. DSA keys must be between 512 and 1024 bits and an Exact multiple of 64. HMAC-MD5 keys must be between 1 and 512 bits.-n = nametype Specifies the owner type of the key. The value of nametype must Either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (For a key associated with a host (KEY)), USER (for a key Associated with a user (KEY)) or OTHER (DNSKEY). These values are Case insensitive. Defaults to ZONE for DNSKEY generation.
Now write command VI Kamara.+157+29486.private we can see
Now write command vi /etc/named.conf for configur
1. In Slave, open vi /etc/ named.conf and edit like you did in master: