CentOS 7 : serveur DNS local
Mise en place d’un serveur DNS local sur CentOS 7
Environnement
| IP | Nom de l’hôte | Rôle | OS |
|---|---|---|---|
| 172.16.0.10/24 | primarydns.stan.local | Serveur DNS primaire | CentOS 7 |
| 172.16.0.11/24 | secondarydns.stan.local | Serveur DNS secondaire | CentOS 7 |
| 172.16.0.12/24 | client.stan.local | Client | CentOS 7 |
Mise en place du serveur DNS primaire
Installer le serveur DNS bind et les utilitaires DNS bind-utils.
root@centos~#: yum install -y bind bind-utils
Configurer le service named.
root@centos~#: vim /etc/named.conf
contenu du fichier
options {
listen-on port 53 { 127.0.0.1; 172.16.0.10;}; ### DNS primaire ###
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 172.16.0.0/24;}; ### Fourchette d'IP ###
allow-transfer { localhost; 172.16.0.11; }; ### DNS secondaire ###
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "stan.local" IN {
type master;
file "forward.stan";
allow-update { none; };
};
zone "0.16.172.in-addr.arpa" IN {
type master;
file "reverse.stan";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Créer le fichier de zone.
root@centos~#: vim /var/named/forward.stan
contenu du fichier
$TTL 86400 @ IN SOA masterdns.stan.local. root.stan.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.stan.local. @ IN NS secondarydns.stan.local. @ IN A 172.16.0.10 @ IN A 172.16.0.11 @ IN A 172.16.0.12 masterdns IN A 172.16.0.10 secondarydns IN A 172.16.0.11 client IN A 172.16.0.12
Créer le fichier de zone inverse.
root@centos~#: vim /var/named/reverse.stan
contenu du fichier
$TTL 86400 @ IN SOA masterdns.stan.local. root.stan.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.stan.local. @ IN NS secondarydns.stan.local. @ IN PTR stan.local. masterdns IN A 172.16.0.10 secondarydns IN A 172.16.0.11 client IN A 172.16.0.12 11 IN PTR masterdns.stan.local. 12 IN PTR secondarydns.stan.local. 13 IN PTR client.stan.local.
Démarrer le service named (DNS).
root@centos~#: systemctl start named
Démarrage du service named au boot.
root@centos~#: systemctl enable named
Autoriser le service DNS à communiquer avec l’extérieur.
root@centos~#: firewall-cmd --permanent --add-port=53/tcp root@centos~#: firewall-cmd --permanent --add-port=53/udp root@centos~#: firewall-cmd --reload
Configuration des permissions.
root@centos~#: chgrp named -R /var/named root@centos~#: chown -v root:named /etc/named.conf root@centos~#: restorecon -rv /var/named root@centos~#: restorecon /etc/named.conf
Vérification du fichier de configuration.
root@centos~#: named-checkconf /etc/named.conf
Vérification de la zone.
root@centos~#: named-checkzone stan.local /var/named/forward.stan
sortie
zone stan.local/IN: loaded serial 2011071001 OK
Vérification de la zone inverse.
root@centos~#: named-checkzone stan.local /var/named/reverse.stan
sortie
zone stan.local/IN: loaded serial 2011071001 OK
Configuration de l’interface réseau.
root@centos~#: vim /etc/sysconfig/network-scripts/ifcfg-enp0s3
contenu du fichier
TYPE="Ethernet" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME="enp0s3" UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa" ONBOOT="yes" HWADDR="08:00:27:19:68:73" IPADDR0="172.16.0.10" PREFIX0="24" GATEWAY0="172.16.0.254" DNS="172.16.0.10" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes"
Ajout du nouveau DNS dans le fichier /etc/resolv.conf.
root@centos~#: vim /etc/resolv.conf
aperçu du contenu du fichier
[…]
nameserver 172.16.0.10
Redémarrage du service réseau.
root@centos~#: systemctl restart network
Test du serveur DNS primary.
root@centos~#: dig masterdns.stan.local
sortie
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> masterdns.stan.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55792 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.stan.local. IN A ;; ANSWER SECTION: masterdns.stan.local. 86400 IN A 172.16.0.10 ;; AUTHORITY SECTION: stan.local. 86400 IN NS masterdns.stan.local. stan.local. 86400 IN NS secondarydns.stan.local. ;; ADDITIONAL SECTION: secondarydns.stan.local. 86400 IN A 172.16.0.11 ;; Query time: 1 msec ;; SERVER: 172.16.0.10#53(172.16.0.10) ;; WHEN: Sat Mar 31 02:03:46 EDT 2018 ;; MSG SIZE rcvd: 122
root@centos~#: nslookup stan.local
sortie
Server: 172.16.0.10 Address: 172.16.0.10#53 Name: stan.local Address: 172.16.0.12 Name: stan.local Address: 172.16.0.10 Name: stan.local Address: 172.16.0.11
Mise en place du serveur DNS secondaire
Installer le serveur DNS bind et les utilitaires DNS bind-utils.
root@centos~#: yum install -y bind bind-utils
Configurer le service named.
root@centos~#: vim /etc/named.conf
contenu du fichier
options {
listen-on port 53 { 127.0.0.1; 172.16.0.11;}; ### DNS secondaire ###
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 172.16.0.0/24;}; ### Fourchette d'IP ###
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "stan.local" IN {
type slave;
file "slaves/stan.fwd";
masters { 172.16.0.10; };
};
zone "0.16.172.in-addr.arpa" IN {
type slave;
file "slaves/stan.rev";
masters { 172.16.0.10; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Démarrer le service named (DNS).
root@centos~#: systemctl start named
Démarrage du service named au boot.
root@centos~#: systemctl enable named
Autoriser le service DNS à communiquer avec l’extérieur.
root@centos~#: firewall-cmd --permanent --add-port=53/tcp root@centos~#: firewall-cmd --permanent --add-port=53/udp root@centos~#: firewall-cmd --reload
Maintenant le serveur DNS secondaire a automatiquement répliqué les zones depuis le serveur DNS primaire.
root@centos~#: ls /var/named/slaves/
sortie
stan.fwd stan.rev
Configuration de l’interface réseau.
root@centos~#: vim /etc/sysconfig/network-scripts/ifcfg-enp0s3
contenu du fichier
TYPE="Ethernet" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME="enp0s3" UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa" ONBOOT="yes" HWADDR="08:00:27:19:68:73" IPADDR0="172.16.0.10" PREFIX0="24" GATEWAY0="172.16.0.254" DNS1="172.16.0.10" DNS2="172.16.0.11" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes"
Ajout du nouveau DNS dans le fichier /etc/resolv.conf.
root@centos~#: vim /etc/resolv.conf
aperçu du contenu du fichier
[…] nameserver 172.16.0.10 nameserver 172.16.0.11
Redémarrage du service réseau.
root@centos~#: systemctl restart network
Configuration des permissions.
root@centos~#: chgrp named -R /var/named root@centos~#: chown -v root:named /etc/named.conf root@centos~#: restorecon -rv /var/named root@centos~#: restorecon /etc/named.conf
Vérification du fichier de configuration.
root@centos~#: named-checkconf /etc/named.conf
Test du serveur DNS secondaire.
root@centos~#: dig masterdns.stan.local
sortie
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29265 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.unixmen.local. IN A ;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018033100 1800 900 604800 86400 ;; Query time: 131 msec ;; SERVER: 172.16.0.11#53(172.16.0.11) ;; WHEN: Sat Mar 31 02:19:31 EDT 2018 ;; MSG SIZE rcvd: 127
root@centos~#: dig secondarydns.stan.local
sortie
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> secondarydns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43255 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;secondarydns.unixmen.local. IN A ;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018033100 1800 900 604800 86400 ;; Query time: 150 msec ;; SERVER: 172.16.0.11#53(172.16.0.11) ;; WHEN: Sat Mar 31 02:21:09 EDT 2018 ;; MSG SIZE rcvd: 130
root@centos~#: nslookup stan.local
sortie
Server: 172.16.0.11 Address: 172.16.0.11#53 Name: stan.local Address: 172.16.0.10 Name: stan.local Address: 172.16.0.12 Name: stan.local Address: 172.16.0.11
Mise en place du client DNS
root@centos~#: yum install -y bind-utils
Ajout du nouveau DNS dans le fichier /etc/resolv.conf.
root@centos~#: vim /etc/resolv.conf
aperçu du contenu du fichier
[…] nameserver 172.16.0.10 nameserver 172.16.0.11
Test de la configuration DNS.
root@centos~#: dig masterdns.stan.local root@centos~#: dig secondarydns.stan.local root@centos~#: dig client.stan.local root@centos~#: nslookup stan.local
root@centos~#: dig secondarydns.stan.local
sortie
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> secondarydns.stan.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61897 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;secondarydns.stan.local. IN A ;; ANSWER SECTION: secondarydns.stan.local. 86400 IN A 172.16.0.11 ;; AUTHORITY SECTION: stan.local. 86400 IN NS masterdns.stan.local. stan.local. 86400 IN NS secondarydns.stan.local. ;; ADDITIONAL SECTION: masterdns.stan.local. 86400 IN A 172.16.0.10 ;; Query time: 1 msec ;; SERVER: 172.16.0.10#53(172.16.0.10) ;; WHEN: Sat Mar 31 02:25:29 EDT 2018 ;; MSG SIZE rcvd: 122
root@centos:~#
root@centos~#: dig client.stan.local
sortie
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> client.stan.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54407 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;client.stan.local. IN A ;; ANSWER SECTION: client.stan.local. 86400 IN A 172.16.0.12 ;; AUTHORITY SECTION: stan.local. 86400 IN NS masterdns.stan.local. stan.local. 86400 IN NS secondarydns.stan.local. ;; ADDITIONAL SECTION: masterdns.stan.local. 86400 IN A 172.16.0.10 secondarydns.stan.local. 86400 IN A 172.16.0.11 ;; Query time: 1 msec ;; SERVER: 172.16.0.10#53(172.16.0.10) ;; WHEN: Sat Mar 31 02:25:32 EDT 2018 ;; MSG SIZE rcvd: 145
root@centos~#: nslookup stan.local
sortie
Server: 172.16.0.10 Address: 172.16.0.10#53 Name: stan.local Address: 172.16.0.10 Name: stan.local Address: 172.16.0.12 Name: stan.local Address: 172.16.0.11
: manipulation faites sous centOS 7 (Kernel: Linux 3.10.0-693.21.1.el7.x86_64)
by Nicolas SHINEY | March 31, 2018 | No Comments | Système | Tags : centos centos 7 dns