Fedora 34
Sponsored Link

BIND : Configure for External Network2021/05/05

 
Install BIND to Configure DNS (Domain Name System) Server to provide Name or Address Resolution service for Clients.
[1] Install BIND.
[root@dlp ~]#
dnf -y install bind bind-utils
[2] On this example, Configure BIND for External Network.
The example follows is for the case that External network is [172.16.0.80/29], Domain name is [srv.world], Replace them to your own environment.
( Actually, [172.16.0.80/29] is for private IP addresses, though. )
[root@dlp ~]#
vi /etc/named.conf
.....
.....
options {
        # change ( listen all )
        listen-on port 53 { any; };
        # change if need ( if not listen IPv6, set [none] )
        listen-on-v6 { any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        # change : receive queries from all hosts
        allow-query     { any; };
        # network range you allow to transfer zone files to clients
        # add secondary DNS servers if it exist
        allow-transfer  { localhost; };

        .....
        .....

        # change : not allow recursive queries
        # answer to zones only this server has their entries
        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";

        /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
        include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

# add zones for your network and domain name
zone "srv.world" IN {
        type master;
        file "srv.world.wan";
        allow-update { none; };
};
zone "80.0.16.172.in-addr.arpa" IN {
        type master;
        file "80.0.16.172.db";
        allow-update { none; };
};

# if you don't use IPv6 and also suppress logs for IPv6 related, possible to change

# set BIND to use only IPv4

[root@dlp ~]#
vi /etc/sysconfig/named
# add to the end

OPTIONS="-4"
# For how to write the section [*.*.*.*.in-addr.arpa], write your network address reversely like follows
# case of 172.16.0.80/29
# network address    ⇒ 172.16.0.80
# network range      ⇒ 172.16.0.80 - 172.16.0.87
# how to write       ⇒ 80.0.16.172.in-addr.arpa
[3]
Next, Configure Zone Files for each Zone you set in [named.conf] above.
To Configure Zone Files, refer to here.
Matched Content