BIND : Configure for External Network2021/05/05 |
Install BIND to Configure DNS (Domain Name System) Server to provide Name or Address Resolution service for Clients.
|
|
[1] | Install BIND. |
[root@dlp ~]# dnf -y install bind bind-utils
|
[2] | On this example, Configure BIND for External Network. The example follows is for the case that External network is [172.16.0.80/29], Domain name is [srv.world], Replace them to your own environment. ( Actually, [172.16.0.80/29] is for private IP addresses, though. ) |
[root@dlp ~]#
vi /etc/named.conf ..... ..... options { # change ( listen all ) listen-on port 53 { any; }; # change if need ( if not listen IPv6, set [none] ) listen-on-v6 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; # change : receive queries from all hosts allow-query { any; }; # network range you allow to transfer zone files to clients # add secondary DNS servers if it exist allow-transfer { localhost; }; ..... ..... # change : not allow recursive queries # answer to zones only this server has their entries recursion no; dnssec-enable yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ include "/etc/crypto-policies/back-ends/bind.config"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; # add zones for your network and domain name zone "srv.world" IN { type master; file "srv.world.wan"; allow-update { none; }; }; zone "80.0.16.172.in-addr.arpa" IN { type master; file "80.0.16.172.db"; allow-update { none; }; }; # if you don't use IPv6 and also suppress logs for IPv6 related, possible to change # set BIND to use only IPv4 [root@dlp ~]# vi /etc/sysconfig/named # add to the end OPTIONS="-4" # For how to write the section [*.*.*.*.in-addr.arpa], write your network address reversely like follows # case of 172.16.0.80/29 # network address ⇒ 172.16.0.80 # network range ⇒ 172.16.0.80 - 172.16.0.87 # how to write ⇒ 80.0.16.172.in-addr.arpa |
[3] |
Next, Configure Zone Files for each Zone you set in [named.conf] above.
To Configure Zone Files, refer to here. |
Sponsored Link |