====== DNS master e slave ======
====== Instalação no master======
root@ns1:~# yum install bind-utils bind-chroot
====== Informações sobre os pacotes instalados ======
**bind-chroot**
root@ns1:~# rpm -qil bind-chroot
Name : bind-chroot
Epoch : 32
Version : 9.9.4
Release : 29.el7_2.1
Architecture: x86_64
Install Date: Seg 04 Abr 2016 11:49:28 BRT
Group : System Environment/Daemons
Size : 3308
License : ISC
Signature : RSA/SHA256, Qua 16 Dez 2015 16:42:26 BRT, Key ID 24c6a8a7f4a80eb5
Source RPM : bind-9.9.4-29.el7_2.1.src.rpm
Build Date : Qua 16 Dez 2015 15:40:35 BRT
Build Host : worker1.bsys.centos.org
Relocations : /var/named/chroot
Packager : CentOS BuildSystem
Vendor : CentOS
URL : http://www.isc.org/products/BIND/
Summary : A chroot runtime environment for the ISC BIND DNS server, named(8)
Description :
This package contains a tree of files which can be used as a
chroot(2) jail for the named(8) program from the BIND package.
Based on the code from Jan "Yenya" Kasprzak
/usr/lib/systemd/system/named-chroot-setup.service
/usr/lib/systemd/system/named-chroot.service
/usr/libexec/setup-named-chroot.sh
/var/named/chroot
/var/named/chroot/dev
/var/named/chroot/dev/null
/var/named/chroot/dev/random
/var/named/chroot/dev/zero
/var/named/chroot/etc
/var/named/chroot/etc/named
/var/named/chroot/etc/named.conf
/var/named/chroot/etc/pki
/var/named/chroot/etc/pki/dnssec-keys
/var/named/chroot/run
/var/named/chroot/run/named
/var/named/chroot/usr
/var/named/chroot/usr/lib64
/var/named/chroot/usr/lib64/bind
/var/named/chroot/var
/var/named/chroot/var/log
/var/named/chroot/var/named
/var/named/chroot/var/run
/var/named/chroot/var/tmp
**bind**
root@ns1:~# rpm -qil bind
Name : bind
Epoch : 32
Version : 9.9.4
Release : 29.el7_2.1
Architecture: x86_64
Install Date: Seg 04 Abr 2016 11:49:28 BRT
Group : System Environment/Daemons
Size : 4543208
License : ISC
Signature : RSA/SHA256, Qua 16 Dez 2015 16:42:21 BRT, Key ID 24c6a8a7f4a80eb5
Source RPM : bind-9.9.4-29.el7_2.1.src.rpm
Build Date : Qua 16 Dez 2015 15:40:35 BRT
Build Host : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem
Vendor : CentOS
URL : http://www.isc.org/products/BIND/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
/etc/NetworkManager/dispatcher.d/13-named
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/run/named
/usr/lib/systemd/system/named-setup-rndc.service
/usr/lib/systemd/system/named.service
/usr/lib/tmpfiles.d/named.conf
/usr/lib64/bind
/usr/libexec/generate-rndc-key.sh
/usr/sbin/arpaname
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-checkds
/usr/sbin/dnssec-coverage
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-importkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/dnssec-verify
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/share/doc/bind-9.9.4
/usr/share/doc/bind-9.9.4/Bv9ARM.ch01.html
/usr/share/doc/bind-9.9.4/Bv9ARM.ch02.html
/usr/share/doc/bind-9.9.4/Bv9ARM.ch03.html
/usr/share/doc/bind-9.9.4/Bv9ARM.ch04.html
/usr/share/doc/bind-9.9.4/Bv9ARM.ch05.html
/usr/share/doc/bind-9.9.4/Bv9ARM.ch06.html
/usr/share/doc/bind-9.9.4/Bv9ARM.ch07.html
/usr/share/doc/bind-9.9.4/Bv9ARM.ch08.html
/usr/share/doc/bind-9.9.4/Bv9ARM.ch09.html
/usr/share/doc/bind-9.9.4/Bv9ARM.ch10.html
/usr/share/doc/bind-9.9.4/Bv9ARM.html
/usr/share/doc/bind-9.9.4/Bv9ARM.pdf
/usr/share/doc/bind-9.9.4/CHANGES
/usr/share/doc/bind-9.9.4/README
/usr/share/doc/bind-9.9.4/isc-logo.pdf
/usr/share/doc/bind-9.9.4/man.arpaname.html
/usr/share/doc/bind-9.9.4/man.ddns-confgen.html
/usr/share/doc/bind-9.9.4/man.dig.html
/usr/share/doc/bind-9.9.4/man.dnssec-checkds.html
/usr/share/doc/bind-9.9.4/man.dnssec-coverage.html
/usr/share/doc/bind-9.9.4/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.9.4/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.9.4/man.dnssec-keygen.html
/usr/share/doc/bind-9.9.4/man.dnssec-revoke.html
/usr/share/doc/bind-9.9.4/man.dnssec-settime.html
/usr/share/doc/bind-9.9.4/man.dnssec-signzone.html
/usr/share/doc/bind-9.9.4/man.dnssec-verify.html
/usr/share/doc/bind-9.9.4/man.genrandom.html
/usr/share/doc/bind-9.9.4/man.host.html
/usr/share/doc/bind-9.9.4/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.9.4/man.named-checkconf.html
/usr/share/doc/bind-9.9.4/man.named-checkzone.html
/usr/share/doc/bind-9.9.4/man.named-journalprint.html
/usr/share/doc/bind-9.9.4/man.named.html
/usr/share/doc/bind-9.9.4/man.nsec3hash.html
/usr/share/doc/bind-9.9.4/man.nsupdate.html
/usr/share/doc/bind-9.9.4/man.rndc-confgen.html
/usr/share/doc/bind-9.9.4/man.rndc.conf.html
/usr/share/doc/bind-9.9.4/man.rndc.html
/usr/share/doc/bind-9.9.4/named.conf.default
/usr/share/doc/bind-9.9.4/sample
/usr/share/doc/bind-9.9.4/sample/etc
/usr/share/doc/bind-9.9.4/sample/etc/named.conf
/usr/share/doc/bind-9.9.4/sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.9.4/sample/var
/usr/share/doc/bind-9.9.4/sample/var/named
/usr/share/doc/bind-9.9.4/sample/var/named/data
/usr/share/doc/bind-9.9.4/sample/var/named/my.external.zone.db
/usr/share/doc/bind-9.9.4/sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.9.4/sample/var/named/named.ca
/usr/share/doc/bind-9.9.4/sample/var/named/named.empty
/usr/share/doc/bind-9.9.4/sample/var/named/named.localhost
/usr/share/doc/bind-9.9.4/sample/var/named/named.loopback
/usr/share/doc/bind-9.9.4/sample/var/named/slaves
/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-checkds.8.gz
/usr/share/man/man8/dnssec-coverage.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/dnssec-verify.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
**bind-utils**
root@ns1:~# rpm -qil bind-utils
Name : bind-utils
Epoch : 32
Version : 9.9.4
Release : 29.el7_2.1
Architecture: x86_64
Install Date: Seg 04 Abr 2016 11:49:29 BRT
Group : Applications/System
Size : 444682
License : ISC
Signature : RSA/SHA256, Qua 16 Dez 2015 16:43:23 BRT, Key ID 24c6a8a7f4a80eb5
Source RPM : bind-9.9.4-29.el7_2.1.src.rpm
Build Date : Qua 16 Dez 2015 15:40:35 BRT
Build Host : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem
Vendor : CentOS
URL : http://www.isc.org/products/BIND/
Summary : Utilities for querying DNS name servers
Description :
Bind-utils contains a collection of utilities for querying DNS (Domain
Name System) name servers to find out information about Internet
hosts. These tools will provide you with the IP addresses for given
host names, as well as other information about registered domains and
network addresses.
You should install bind-utils if you need to get information from DNS name
servers.
/etc/trusted-key.key
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz
====== Alterando o resolv.conf ======
Apontando as consultar para o próprio servidor
root@ns1:~# cat /etc/resolv.conf
nameserver 127.0.0.1
Deixando o arquivo imutável para não sofrer alteração durante a inicialização
root@ns1:~# chattr +i /etc/resolv.conf
====== Configurando o chroot ======
**Preparando o diretório**
root@ns1:~# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
root@ns1:~# ls -la /var/named/chroot/*
/var/named/chroot/dev:
total 0
drwxr-x---. 2 root named 41 Abr 4 11:49 .
drwxr-x---. 7 root named 56 Abr 4 11:49 ..
crw-r--r--. 1 root root 1, 3 Abr 4 11:49 null
crw-r--r--. 1 root root 1, 8 Abr 4 11:49 random
crw-r--r--. 1 root root 1, 5 Abr 4 11:49 zero
/var/named/chroot/etc:
total 24
drwxr-x---. 4 root named 4096 Abr 4 12:06 .
drwxr-x---. 7 root named 56 Abr 4 11:49 ..
-rw-r--r--. 1 root root 574 Out 7 19:43 localtime
drwxr-x---. 2 root named 6 Dez 16 15:40 named
-rw-r-----. 1 root named 1558 Jun 1 2015 named.conf
-rw-r--r--. 1 root named 2389 Dez 16 15:40 named.iscdlv.key
-rw-r-----. 1 root named 931 Jun 21 2007 named.rfc1912.zones
-rw-r--r--. 1 root named 487 Jul 19 2010 named.root.key
drwxr-x---. 3 root named 24 Abr 4 11:49 pki
/var/named/chroot/run:
total 0
drwxr-x---. 3 root named 18 Abr 4 11:49 .
drwxr-x---. 7 root named 56 Abr 4 11:49 ..
drwxr-xr-x. 2 named named 40 Dez 16 15:40 named
/var/named/chroot/usr:
total 0
drwxrwx---. 3 named named 18 Abr 4 11:49 .
drwxr-x---. 7 root named 56 Abr 4 11:49 ..
drwxrwx---. 3 named named 17 Abr 4 11:49 lib64
/var/named/chroot/var:
total 4
drwxr-x---. 5 root named 48 Abr 4 11:49 .
drwxr-x---. 7 root named 56 Abr 4 11:49 ..
drwxrwx---. 2 named named 6 Dez 16 15:40 log
drwxr-x---. 6 root named 4096 Abr 4 11:49 named
lrwxrwxrwx. 1 named named 6 Abr 4 11:49 run -> ../run
drwxrwx---. 2 named named 6 Dez 16 15:40 tmp
root@ns1:~# mount | tail -n9
/dev/mapper/centos-root on /var/named/chroot/etc/localtime type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
/dev/mapper/centos-root on /var/named/chroot/etc/named type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
/dev/mapper/centos-root on /var/named/chroot/etc/named.root.key type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
/dev/mapper/centos-root on /var/named/chroot/etc/named.conf type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
/dev/mapper/centos-root on /var/named/chroot/etc/named.rfc1912.zones type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
/dev/mapper/centos-root on /var/named/chroot/usr/lib64/bind type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
/dev/mapper/centos-root on /var/named/chroot/etc/named.iscdlv.key type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
tmpfs on /var/named/chroot/run/named type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
/dev/mapper/centos-root on /var/named/chroot/var/named type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
====== Iniciando e habilitando o bind ======
root@ns1:~# systemctl start named-chroot.service
root@ns1:~# systemctl enable named-chroot.service
Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.
Status dos serviços
root@ns1:~# systemctl status named-chroot.service -l
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; enabled; vendor preset: disabled)
Active: active (running) since Seg 2016-04-04 12:11:43 BRT; 1min 2s ago
Main PID: 2380 (named)
CGroup: /system.slice/named-chroot.service
└─2380 /usr/sbin/named -u named -t /var/named/chroot
Abr 04 12:11:43 ns1 named[2380]: command channel listening on ::1#953
Abr 04 12:11:43 ns1 named[2380]: managed-keys-zone: loaded serial 0
Abr 04 12:11:43 ns1 named[2380]: zone 0.in-addr.arpa/IN: loaded serial 0
Abr 04 12:11:43 ns1 named[2380]: zone localhost.localdomain/IN: loaded serial 0
Abr 04 12:11:43 ns1 named[2380]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Abr 04 12:11:43 ns1 named[2380]: zone localhost/IN: loaded serial 0
Abr 04 12:11:43 ns1 named[2380]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Abr 04 12:11:43 ns1 named[2380]: all zones loaded
Abr 04 12:11:43 ns1 named[2380]: running
Abr 04 12:11:43 ns1 systemd[1]: Started Berkeley Internet Name Domain (DNS).
root@ns1:~# ps -ef | grep named
named 2380 1 0 12:11 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
====== Configuração ======
Criando backup do arquivo original
root@ns1:~# cp -ap /var/named/chroot/etc/named.conf{,.dist}
Configuração do //named.conf//
root@ns1:~# cat /var/named/chroot/etc/named.conf
#### CONFIGURAÇÃO DE ACLs ####
acl interface_v4 {127.0.0.1; 192.0.2.250; };
acl interface_v6 { ::1; 2001:db8::250; };
acl rede_privada { 192.0.2.0/24; 198.51.100.0/24; };
acl bloco_v6 { 2001:db8::/34; };
options {
listen-on port 53 { interface_v4; };
listen-on-v6 port 53 { interface_v6; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
recursive-clients 3000;
tcp-clients 2000;
max-cache-size 256M;
version none;
server-id none;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
// Rede externa
view "externa" {
match-clients { !interface_v4; !interface_v6; !rede_privada; any; };
recursion no;
include "/etc/named/named.externa.zones";
};
// Rede interna
view "interna" {
match-clients { interface_v4; interface_v6; rede_privada; };
recursion yes;
include "/etc/named/named.interna.zones";
include "/etc/named/named.common.zones";
};
Configuração dos arquivos de zona
root@ns1:~# cat /var/named/chroot/etc/named/named.common.zones
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
root@ns1:~# cat /var/named/chroot/etc/named/named.externa.zones
#### CONFIGURAÇÃO DA ZONA DIRETA ####
zone "exemplo.org" IN { type master; file "externo/exemplo.org.db"; };
#### CONFIGURAÇÃO DA ZONA REVERSA ####
zone "113.0.203.in-addr.arpa" IN { type master; file "externo/113-0-203.db"; };
# Exemplo para clientes ISPs 128.66.0.0/20 zona reversa
zone "0.66.128.in-addr.arpa" IN { type master; file "externo/0-66-128.db"; };
zone "1.66.128.in-addr.arpa" IN { type master; file "externo/1-66-128.db"; };
zone "2.66.128.in-addr.arpa" IN { type master; file "externo/2-66-128.db"; };
zone "3.66.128.in-addr.arpa" IN { type master; file "externo/3-66-128.db"; };
zone "4.66.128.in-addr.arpa" IN { type master; file "externo/4-66-128.db"; };
zone "5.66.128.in-addr.arpa" IN { type master; file "externo/5-66-128.db"; };
zone "6.66.128.in-addr.arpa" IN { type master; file "externo/6-66-128.db"; };
zone "7.66.128.in-addr.arpa" IN { type master; file "externo/7-66-128.db"; };
zone "8.66.128.in-addr.arpa" IN { type master; file "externo/8-66-128.db"; };
zone "9.66.128.in-addr.arpa" IN { type master; file "externo/9-66-128.db"; };
zone "10.66.128.in-addr.arpa" IN { type master; file "externo/10-66-128.db"; };
zone "11.66.128.in-addr.arpa" IN { type master; file "externo/11-66-128.db"; };
zone "12.66.128.in-addr.arpa" IN { type master; file "externo/12-66-128.db"; };
zone "13.66.128.in-addr.arpa" IN { type master; file "externo/13-66-128.db"; };
zone "14.66.128.in-addr.arpa" IN { type master; file "externo/14-66-128.db"; };
zone "15.66.128.in-addr.arpa" IN { type master; file "externo/15-66-128.db"; };
zone "0.0.0.4.0.8.b.d.0.1.0.0.2.ip6.arpa" IN { type master; file "externo/2001-db8-4000.db"; };
root@ns1:~# cat /var/named/chroot/etc/named/named.interna.zones
#### CONFIGURAÇÃO DA ZONA DIRETA ####
zone "exemplo.org" IN { type master; file "interno/exemplo.org.db"; };
#### CONFIGURAÇÃO DA ZONA REVERSA ####
zone "2.0.192.in-addr.arpa" IN { type master; file "interno/2-0-192.db"; };
#zone "100.51.198.in-addr.arpa" IN { type master; file "interno/100-51-198.db"; };
zone "8.b.d.0.1.0.0.2.ip6.arpa" IN { type master; file "interno/2001-db8.db"; };
Alterando as permissões
root@ns1:~# chown -R root:named /var/named/chroot/etc/named/*
root@ns1:~# mkdir /var/named/chroot/var/named/externo
root@ns1:~# mkdir /var/named/chroot/var/named/interno
====== zonas externas ======
root@ns1:~# cat /var/named/chroot/var/named/externo/exemplo.org.db
$TTL 1D
@ IN SOA ns1.exemplo.org. hostmaster.exemplo.org. (
2016040401 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
;
@ IN NS exemplo.org.
exemplo.org. IN TXT "v=spf1 a mx ip4:203.0.113.240 ip6:2001:db8:4000::240 -all"
exemplo.org. IN SPF "v=spf1 a mx ip4:203.0.113.240 ip6:2001:db8:4000::240 -all"
;
IN NS ns1.exemplo.org.
IN NS ns2.exemplo.org.
IN MX 10 mx1.exemplo.org.
;
ns1 IN A 203.0.113.250
IN AAAA 2001:db8:4000::250
ns2 IN A 203.0.113.251
IN AAAA 2001:db8:4000::251
mx1 IN A 203.0.113.240
IN AAAA 2001:db8:4000::240
imap IN CNAME mx1
pop IN CNAME mx1
smtp IN CNAME mx1
webmail IN CNAME mx1
@ IN A 203.0.113.80
IN AAAA 2001:db8:4000::80
; IPs gerados automaticamente
$GENERATE 0-255 128-66-0-$.exemplo.org IN A 128.66.0.$
$GENERATE 0-255 128-66-1-$.exemplo.org IN A 128.66.1.$
$GENERATE 0-255 128-66-2-$.exemplo.org IN A 128.66.2.$
$GENERATE 0-255 128-66-3-$.exemplo.org IN A 128.66.3.$
$GENERATE 0-255 128-66-4-$.exemplo.org IN A 128.66.4.$
$GENERATE 0-255 128-66-5-$.exemplo.org IN A 128.66.5.$
$GENERATE 0-255 128-66-6-$.exemplo.org IN A 128.66.6.$
$GENERATE 0-255 128-66-7-$.exemplo.org IN A 128.66.7.$
$GENERATE 0-255 128-66-8-$.exemplo.org IN A 128.66.8.$
$GENERATE 0-255 128-66-9-$.exemplo.org IN A 128.66.9.$
$GENERATE 0-255 128-66-10-$.exemplo.org IN A 128.66.10.$
$GENERATE 0-255 128-66-11-$.exemplo.org IN A 128.66.11.$
$GENERATE 0-255 128-66-12-$.exemplo.org IN A 128.66.12.$
$GENERATE 0-255 128-66-13-$.exemplo.org IN A 128.66.13.$
$GENERATE 0-255 128-66-14-$.exemplo.org IN A 128.66.14.$
$GENERATE 0-255 128-66-15-$.exemplo.org IN A 128.66.15.$
root@ns1:~# cat /var/named/chroot/var/named/externo/113-0-203.db
$TTL 1D
@ IN SOA ns1.exemplo.org. hostmaster.exemplo.org. (
2016011301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
;
IN NS ns1.exemplo.org.
IN NS ns2.exemplo.org.
;
250 IN PTR ns1.exemplo.org.
251 IN PTR ns2.exemplo.org.
240 IN PTR mx1.exemplo.org.
80 IN PTR www.exemplo.org.
root@ns1:~# cat /var/named/chroot/var/named/externo/2001-db8-4000.db
$TTL 1D
@ IN SOA ns1.exemplo.org. hostmaster.exemplo.org. (
2016011301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.exemplo.org.
IN NS ns2.exemplo.org.
;
$ORIGIN 0.0.0.4.8.b.d.0.1.0.0.2.ip6.arpa.
0.5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ns1.exemplo.org
1.5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ns2.exemplo.org
0.4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR mx1.exemplo.org
root@ns1:~# cat /var/named/chroot/var/named/externo/0-66-128.db
$TTL 1D
@ IN SOA ns1.exemplo.org. hostmaster.exemplo.org. (
2016011301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.exemplo.org.
IN NS ns2.exemplo.org.
;
$GENERATE 0-199 $ IN PTR 128-66-0-$.exemplo.org.
root@ns1:~# cat /var/named/chroot/var/named/externo/1-66-128.db
$TTL 1D
@ IN SOA ns1.exemplo.org. hostmaster.exemplo.org. (
2016011301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.exemplo.org.
IN NS ns2.exemplo.org.
;
$GENERATE 0-255 $ IN PTR 128-66-1-$.exemplo.org.
root@ns1:~# cat /var/named/chroot/var/named/externo/2-66-128.db
$TTL 1D
@ IN SOA ns1.exemplo.org. hostmaster.exemplo.org. (
2016011301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.exemplo.org.
IN NS ns2.exemplo.org.
;
$GENERATE 0-255 $ IN PTR 128-66-2-$.exemplo.org.
root@ns1:~# cat /var/named/chroot/var/named/externo/3-66-128.db
$TTL 1D
@ IN SOA ns1.exemplo.org. hostmaster.exemplo.org. (
2016011301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.exemplo.org.
IN NS ns2.exemplo.org.
;
$GENERATE 0-255 $ IN PTR 128-66-3-$.exemplo.org.
FIXME Foram omitidas as subnetes da 4 à 15.
====== Zonas interna ======
root@ns1:~# cat /var/named/chroot/var/named/interno/exemplo.org.db
$TTL 1D
@ IN SOA ns1.exemplo.org. hostmaster.exemplo.org. (
2016011301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS exemplo.org.
exemplo.org. IN TXT "v=spf1 a mx ip4:192.0.2.240 ip6:2001:db8::240 -all"
exemplo.org. IN SPF "v=spf1 a mx ip4:192.0.2.240 ip6:2001:db8::240 -all"
;
NS ns1.exemplo.org.
NS ns2.exemplo.org.
MX 10 mx1.exemplo.org.
;
ns1 IN A 192.0.2.250
IN AAAA 2001:db8::250
ns2 IN A 192.0.2.251
IN AAAA 2001:db8::251
mx1 IN A 192.0.2.240
IN AAAA 2001:db8::240
imap IN CNAME mx1
pop IN CNAME mx1
smtp IN CNAME mx1
webmail IN CNAME mx1
@ IN A 192.0.2.80
IN AAAA 2001:db8::80
root@ns1:~# cat /var/named/chroot/var/named/interno/2-0-192.db
$TTL 1D
@ IN SOA ns1.exemplo.org. hostmaster.exemplo.org. (
2016011301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.exemplo.org.
IN NS ns2.exemplo.org.
250 IN PTR ns1.exemplo.org.
251 IN PTR ns2.exemplo.org.
240 IN PTR mx1.exemplo.org.
root@ns1:~# cat /var/named/chroot/var/named/interno/2001-db8.db
$TTL 1D
@ IN SOA ns1.exemplo.org. hostmaster.exemplo.org. (
2016011301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.exemplo.org.
IN NS ns2.exemplo.org.
;
;2001:db8::/48
$ORIGIN 8.b.d.0.1.0.0.2.ip6.arpa
0.5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ns1.exemplo.org.
1.5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ns2.exemplo.org.
0.4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR mx1.exemplo.org.
Alterando as permissões
root@ns1:~# chown named:named -R /var/named/chroot/var/named/externo
root@ns1:~# chown named:named -R /var/named/chroot/var/named/interno
root@ns1:~# chcon -t named_cache_t /var/named/chroot/var/named/interno
root@ns1:~# chcon -t named_cache_t /var/named/chroot/var/named/externo
root@ns1:~# semanage fcontext -a -t named_zone_t "/var/named/chroot/var/named/externo(/.*)?"
root@ns1:~# semanage fcontext -a -t named_zone_t "/var/named/chroot/var/named/interno(/.*)?"
====== Checando as configurações ======
root@ns1:~# named-checkzone exemplo.org /var/named/chroot/var/named/externo/exemplo.org.db
zone exemplo.org/IN: loaded serial 2016040401
OK
root@ns1:~# named-checkzone 113.0.203.in-addr.arpa /var/named/chroot/var/named/externo/113-0-203.db
zone 113.0.203.in-addr.arpa/IN: loaded serial 2016011301
OK
root@ns1:~# named-checkzone 0.0.0.4.8.b.d.0.1.0.0.2.ip6.arpa /var/named/chroot/var/named/externo/2001-db8-4000.db
zone 0.0.0.4.8.b.d.0.1.0.0.2.ip6.arpa/IN: loaded serial 2016011301
OK
root@ns1:~# named-checkzone exemplo.org /var/named/chroot/var/named/interno/exemplo.org.db
zone exemplo.org/IN: loaded serial 2016011301
OK
====== Reiniciando e testando as consultas ======
root@ns1:~# systemctl restart named-chroot
root@ns1:~# host -a exemplo.org
Trying "exemplo.org"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54063
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 6
;; QUESTION SECTION:
;exemplo.org. IN ANY
;; ANSWER SECTION:
exemplo.org. 86400 IN A 192.0.2.80
exemplo.org. 86400 IN AAAA 2001:db8::80
exemplo.org. 86400 IN SOA ns1.exemplo.org. hostmaster.exemplo.org. 2016011301 86400 3600 604800 10800
exemplo.org. 86400 IN NS exemplo.org.
exemplo.org. 86400 IN NS ns1.exemplo.org.
exemplo.org. 86400 IN NS ns2.exemplo.org.
exemplo.org. 86400 IN TXT "v=spf1 a mx ip4:192.0.2.240 ip6:2001:db8::240 -all"
exemplo.org. 86400 IN SPF "v=spf1 a mx ip4:192.0.2.240 ip6:2001:db8::240 -all"
exemplo.org. 86400 IN MX 10 mx1.exemplo.org.
;; ADDITIONAL SECTION:
ns1.exemplo.org. 86400 IN A 192.0.2.250
ns1.exemplo.org. 86400 IN AAAA 2001:db8::250
ns2.exemplo.org. 86400 IN A 192.0.2.251
ns2.exemplo.org. 86400 IN AAAA 2001:db8::251
mx1.exemplo.org. 86400 IN A 192.0.2.240
mx1.exemplo.org. 86400 IN AAAA 2001:db8::240
Received 448 bytes from 127.0.0.1#53 in 0 ms
Condulta direta
root@ns1:~# dig +short mx1.exemplo.org
192.0.2.240
Cosulta reversa
root@ns1:~# dig +short -x 192.0.2.240
mx1.exemplo.org.
====== Consultas de um cliente externo ======
FIXME ip do cliente: 203.0.113.2
root@cliente:~# host -a exemplo.org
Trying "exemplo.org"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37138
;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 6
;; QUESTION SECTION:
;exemplo.org. IN ANY
;; ANSWER SECTION:
exemplo.org. 86400 IN A 203.0.113.80
exemplo.org. 86400 IN AAAA 2001:db8:4000::80
exemplo.org. 86400 IN SOA ns1.exemplo.org. hostmaster.exemplo.org. 2016040401 86400 3600 604800 10800
exemplo.org. 86400 IN NS exemplo.org.
exemplo.org. 86400 IN NS ns2.exemplo.org.
exemplo.org. 86400 IN NS ns1.exemplo.org.
exemplo.org. 86400 IN TXT "v=spf1 a mx ip4:203.0.113.240 ip6:2001:db8:4000::240 -all"
exemplo.org. 86400 IN SPF "v=spf1 a mx ip4:203.0.113.240 ip6:2001:db8:4000::240 -all"
exemplo.org. 86400 IN MX 10 mx1.exemplo.org.
;; ADDITIONAL SECTION:
ns1.exemplo.org. 86400 IN A 203.0.113.250
ns1.exemplo.org. 86400 IN AAAA 2001:db8:4000::250
ns2.exemplo.org. 86400 IN A 203.0.113.251
ns2.exemplo.org. 86400 IN AAAA 2001:db8:4000::251
mx1.exemplo.org. 86400 IN A 203.0.113.240
mx1.exemplo.org. 86400 IN AAAA 2001:db8:4000::240
Received 462 bytes from 203.0.113.1#53 in 4 ms
root@cliente:~# dig -x 128.66.0.2
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -x 128.66.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54683
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.0.66.128.in-addr.arpa. IN PTR
;; ANSWER SECTION:
2.0.66.128.in-addr.arpa. 86400 IN PTR 128-66-0-2.exemplo.org.
;; AUTHORITY SECTION:
0.66.128.in-addr.arpa. 86400 IN NS ns1.exemplo.org.
0.66.128.in-addr.arpa. 86400 IN NS ns2.exemplo.org.
;; ADDITIONAL SECTION:
ns1.exemplo.org. 86400 IN A 203.0.113.250
ns1.exemplo.org. 86400 IN AAAA 2001:db8:4000::250
ns2.exemplo.org. 86400 IN A 203.0.113.251
ns2.exemplo.org. 86400 IN AAAA 2001:db8:4000::251
;; Query time: 4 msec
;; SERVER: 203.0.113.1#53(203.0.113.1)
;; WHEN: Mon Apr 04 17:39:12 BRT 2016
;; MSG SIZE rcvd: 212