My named.conf file:
Code: Select all
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; 192.168.1.20; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; 192.168.1.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "olimpus.local" IN {
type master;
file "olimpus.local.zone";
//allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Code: Select all
;
;Data file for olimpus.local
;
$TTL 2D
olimpus.local. IN SOA olimpus.local. root.olimpus.local. (
2014082701; Serial
1D; Refresh
2H; Retry
1W; Expire
2D); Default TTL
IN NS delphos.olimpus.local.
IN MX 10 prometheus.olimpus.local.
delphos IN A 192.168.1.20
prometheus IN A 192.168.1.21
aphrodite IN A 192.168.1.22
dns IN CNAME delphos
mail IN CNAME prometheus
Code: Select all
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=1f37913b-67e7-438c-8d76-ac4032988ab0
DEVICE=ens33
ONBOOT=no
BOOTPROTO=dhcp
TYPE=Ethernet
DNS="192.168.1.20"
Code: Select all
# Generated by NetworkManager
search localdomain
nameserver 192.168.64.2
nameserver 192.168.1.20
Code: Select all
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @192.168.1.21 delphos.olimpus.local
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Code: Select all
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> olimpus.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11839
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0005, udp: 65494
;; QUESTION SECTION:
;olimpus.local. IN A
;; Query time: 0 msec
;; SERVER: 192.168.64.2#53(192.168.64.2)
;; WHEN: Fri Oct 18 10:21:02 EDT 2019
;; MSG SIZE rcvd: 42
