Logon “root” to your “webmin” WEB page

Open BIND DNS server menu to manage your DNS.

dnswebwin

 

 

 

 

 

 

 

 

Create a master zone :

dnswebwin1

 

 

 

 

 

 

 

 

Click on “Return to zone list” to create a new reverse master zone :

dnswebwin2

 

 

 

 

 

 

 

 

Click on “Return to zone list” to create your first record, and click on “argonay.wou” in the “Existing DNS Zones” panel :

dnswebwin3

 

 

 

Click on Address :

dnswebwin4

 

 

 

 

 

 

 

The PTR record is automaticaly added (we return to zone list, there we click on “192.168.1” zone, then we click on “Reverse Address”) :

dnswebwin5

 

 

 

 

 

 

 

 

Return to to zone list to create to create a CNAME, and click on “argonay.wou” zone :

dnswebwin6

 

 

 

 

Click on “Name Alias” :

dnswebwin7

 

 

 

 

 

 

So, what have we done ?

  • We added following lines in “/etc/named.conf” configuration file :
zone "argonay.wou" {
 type master;
 file "/var/named/argonay.wou.hosts";
 };
zone "1.168.192.in-addr.arpa" {
 type master;
 file "/var/named/192.168.1.rev";
 };
  • For “argonay.wou” zone, we created this file :
[root@fedora22 ~]# cat /var/named/argonay.wou.hosts
$ttl 38400
argonay.wou. IN SOA fedora22. 192.168.1.200 (
 1447147096
 10800
 3600
 604800
 38400 )
argonay.wou. IN NS fedora22.
ubuntu15-10.argonay.wou. IN A 192.168.1.202
dns1.argonay.wou. IN CNAME fedora22.maison.wou.
  • For “argonay.wou” reverse zone, we created this file :
[root@fedora22 ~]# cat /var/named/192.168.1.rev
$ttl 38400
1.168.192.in-addr.arpa. IN SOA fedora22.argonay.wou. root (
 1447149768
 10800
 3600
 604800
 38400 )
1.168.192.in-addr.arpa. IN NS fedora22.argonay.wou.
202.1.168.192.in-addr.arpa. IN PTR ubuntu15-10.argonay.wou.

Does it work : NO !!!

  1. Check DNS client configuration
[root@fedora22 ~]# cat /etc/resolv.conf
domain maison.wou
nameserver 192.168.1.200
  1. Check DNS server listen I.P. addresses
[root@fedora22 ~]# netstat -tulp | egrep "LISTEN.*named"
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 2527/named
tcp 0 0 localhost:rndc 0.0.0.0:* LISTEN 2527/named
tcp6 0 0 localhost:domain [::]:* LISTEN 2527/named

The “bind 9” server is listening on the “localhost” port only, so modify “/etc/named.conf” configuration file to listen and accept queries on all I.P. addresses.

Here are our I.P. addresses :

[root@fedora22 ~]# ip addr | awk '/inet / {print $2}'
127.0.0.1/8
192.168.1.200/24
192.168.3.200/24
192.168.2.200/24

We updated “/etc/named.conf” :

[root@fedora22 ~]# egrep "listen-on port|allow-query" /etc/named.conf
// ## initial value ## listen-on port 53 { 127.0.0.1; };
 listen-on port 53 { 127.0.0.1; 192.168.1.200; 192.168.2.200; 192.168.3.200;};
// ## initial value ## allow-query { localhost; };
 allow-query { localhost; 192.168.1.0/24; 192.168.2.0/24; 192.168.3.0/24; };

Don’t forget to restart the service :

[root@fedora22 ~]# systemctl restart named.service

OK, the “bind 9” server is listening on all I.P. addresses :

[root@fedora22 ~]# netstat -ntulp | egrep "LISTEN.*named"
tcp 0 0 192.168.2.200:53 0.0.0.0:* LISTEN 2604/named
tcp 0 0 192.168.3.200:53 0.0.0.0:* LISTEN 2604/named
tcp 0 0 192.168.1.200:53 0.0.0.0:* LISTEN 2604/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2604/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2604/named
tcp6 0 0 ::1:53 :::* LISTEN 2604/named
  1. Check firewall configuration to allow DNS queries

Allow “domain” (53) port on both TCP & UDP :

[root@fedora22 ~]# firewall-cmd --permanent --add-port=domain/tcp
You're performing an operation over default zone ('argonay'),
but your connections/interfaces are in zone 'maison' (see --get-active-zones)
You most likely need to use --zone=maison option.
success
[root@fedora22 ~]# firewall-cmd --permanent --add-port=domain/udp
You're performing an operation over default zone ('argonay'),
but your connections/interfaces are in zone 'maison' (see --get-active-zones)
You most likely need to use --zone=maison option.
success

And reload “firewalld” service :

[root@fedora22 ~]# firewall-cmd --reload
success

OK, now :

[root@fedora22 ~]# firewall-cmd --list-all
You're performing an operation over default zone ('argonay'),
but your connections/interfaces are in zone 'maison' (see --get-active-zones)
You most likely need to use --zone=maison option.
argonay (default)
  interfaces:
  sources:
  services: http https ssh
  ports: 10000/udp 53/udp 10000/tcp 53/tcp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

Now, does it work ?

wou@ubuntu15-10:~$ nslookup ubuntu15-10
Server: 192.168.1.200
Address: 192.168.1.200#53
Name: ubuntu15-10.argonay.wou
Address: 192.168.1.202

Yes !

 

www.pdf24.org    Send article as PDF   

Leave a Reply

Your email address will not be published. Required fields are marked *


*