StefanoStrozzi.it

Nuova configurazione di un semplice server DNS con BIND per una rete LAN senza collegamenti con l'esterno Il dominio in questione si chiama “locale”
Questa prima guida viene fatta senza specificare alre estensioni di dominio.
Installare una semplice distro debian impostando in fase di installazione i semplici parametri per lo scaricamento da internet dei pacchetti necessari. Poi verranno fatte le opportune modifiche ai file di configurazione.
Se lo si ritene opportuno e se non lo si usa, disabilitare l'IPV6 (vedi guida specifica)
Aggiornare l'elenco dei pacchetti
apt-get update Eventualmente aggiornare tutti i pacchetti della distro
apt-get upgrade Installare bind
apt-get install bind dalla via che ci siamo installare anche le utility per i dns
apt-get install dnsutils ora iniziamo a modificare i file /etc/hosts , /etc/hostname , /etc/resolv.conf , /etc/network/interface
/etc/hosts
127.0.0.1 localhost 127.0.1.1 ns1 ns1.locale 192.168.1.71 ns1 ns1.locale /etc/resolv.conf
search locale nameserver 127.0.0.1 /etc/hostname
ns1.locale /etc/network/interface source /etc/network/interfaces.d/* auto lo iface lo inet loopback allow-hotplug ens192 iface ens192 inet static address 192.168.1.71/24 gateway 192.168.1.254 dns-nameservers 192.168.1.71 dns-search locale ovviamente gli ip della macchina e il gateway dovranno essere statici e scelti in base alle proprie esigenze
ora vediamo i file di configurazione di bind:
/etc/bind/named.conf.local
zone “locale” { type master; file “/etc/bind/db.locale”; }; zone “1.168.192.in-addr.arpa” { type master; file “/etc/bind/db.192.168.1”; }; creare un nuovo file di zona chiamato db.locale
/etc/bind/db.locale
<file txt db.locale> $ORIGIN . ; — AREA 1 — $TTL 86400 ; — AREA 2 — locale IN SOA ns1.locale. stefano.ns1.locale. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 86400 ) ; Negative Cache TTL ; — AREA 3 — IN NS ns1.locale. ; — AREA 4 — $ORIGIN locale. ns1 IN A 192.168.1.71 cliente IN A 192.168.1.72 vsphere IN A 192.168.1.98 servente IN A 192.168.1.73 esxi1 IN A 192.168.1.94 esxi2 IN A 192.168.1.95 esxi3 IN A 192.168.1.96 esxi4 IN A 192.168.1.97 </file> file
===== link utili ===== https://www.dnsqueries.com/it/check_dns_dominio.php ===== varie ===== Ho già visto come configurare un semplice dns di cache.
vi /etc/bind/named.conf.options ora per creare la parte autoritativa è necessario editare il file /etc/bind/named.conf.local
prima però possiamo fare una copia del file originale in /home
cp /etc/bind/named.conf.local /home/pi poi copiamo rinominando il file /etc/bind/db.local in /etc/bind/db.dominio.it
cp /etc/bind/db.local /etc/bind/db.dominio.it e il file /etc/bind/db.0 in /etc/bind/db.192 per la risoluzione inversa
cp /etc/bind/db.0 /etc/bind/db.192 ora editiamo il file /etc/bind/named.conf.local
zone “dominio.com” { type master; file “/etc/bind/db.dominio.it”; }; zone “9.168.192.in-addr.arpa” { type master; notify no; file “/etc/bind/db.192”; }; adesso dobbiamo editare i due file db
vi /etc/bind/db.dominio.it in questo modo
$TTL 604800 @ IN SOA n1.strsoft.eu. root.strsoft.eu. ( 201810131 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 86400 ) ; Negative Cache TTL ; @ IN NS n1.strsoft.eu. @ IN MX 10 mail.strsoft.eu. n1 IN A 192.168.9.44 n2 IN A 192.168.9.46 cl IN A 192.168.9.48 www IN CNAME cl mail IN CNAME cl e poi
vi /etc/bind/db.192 $TTL 604800 @ IN SOA n1.strsoft.eu root.strsoft.eu. ( 201810131 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS n1.strsoft.eu. 44 IN PTR n1.strsoft.eu 46 IN PTR n2.strsoft.eu 48 IN PTR cl.strsoft.eu <file txt appunti> DNS AUTORITATIVI con il ping al dominio mi risponde l'IP associato al record A come nome @ e se è stato impostato il reverse sull'IP verrà mostrato il nome associato al PTR dig -x xxx.xxx.xxx.xxx si ottiene il reverse di un IP dig stefanostrozzi.it any si ottiene l'elenco completo dei record dig +nssearch magicoweb.it dig @str4s.net axfr per vedere se sono ammessi i trasferimenti di zona (bisogna evitarlo) oppure controllare su https://hackertarget.com/zone-transfer/ magicoweb.it web-whois.nic.it dominiofaidate SOA ns2.dominiofaidate.com. hostmaster.magicoweb.it. 2015010520 86400 7200 604800 86400 from server 5.144.169.178 in 164 ms. SOA ns2.dominiofaidate.com. hostmaster.magicoweb.it. 2015010520 86400 7200 604800 86400 from server 85.94.212.168 in 177 ms. 64 bytes from ns2.dominiofaidate.com (85.94.212.168): icmp_seq=1 ttl=118 time=109 ms - stefanostrozzi.it web-whois.nic.it dominiofaidate SOA ns2.dominiofaidate.com. hostmaster.stefanostrozzi.it. 2010090312 86400 7200 604800 86400 from server 5.144.169.178 in 168 ms. SOA ns2.dominiofaidate.com. hostmaster.stefanostrozzi.it. 2010090312 86400 7200 604800 86400 from server 85.94.212.168 in 180 ms. al ping mi risponde il mio IP con il reverse su “mail” (perchè è stato fatto impostare dal provider dell'IP) 64 bytes from mail.stefanostrozzi.it (5.150.129.227): icmp_seq=1 ttl=64 time=1.09 ms - strsoft.eu whois.eurid.eu dominiofaidate SOA ns1.dominiofaidate.com. hostmaster.strsoft.eu. 2016062408 86400 7200 604800 86400 from server 5.144.169.178 in 97 ms. SOA ns1.dominiofaidate.com. hostmaster.strsoft.eu. 2016062408 86400 7200 604800 86400 from server 85.94.212.168 in 132 ms. 64 bytes from host4-171-static.141-217-b.business.telecomitalia.it (217.141.171.4): icmp_seq=1 ttl=52 time=65.3 ms - str4s.it web-whois.nic.it dominiofaidate SOA ns1.dominiofaidate.com. hostmaster.str4s.it. 2018110322 86400 7200 604800 86400 from server 5.144.169.178 in 201 ms. SOA ns1.dominiofaidate.com. hostmaster.str4s.it. 2018110322 86400 7200 604800 86400 from server 85.94.212.168 in 230 ms. 64 bytes from mail.stefanostrozzi.it (5.150.129.227): icmp_seq=1 ttl=64 time=1.09 ms - risorsalibera.org pir.org/products/org-domain publicdomainregistry dominiofaidate SOA ns1.risorsalibera.org. hostmaster.risorsalibera.org. 2018110304 3600 600 86400 600 from server 5.150.129.227 in 2 ms. SOA ns1.risorsalibera.org. hostmaster.risorsalibera.org. 2018110304 3600 600 86400 600 from server 217.141.171.4 in 120 ms. 64 bytes from mail.stefanostrozzi.it (5.150.129.227): icmp_seq=1 ttl=64 time=1.09 ms - str4s.net whois.tucows.com aruba SOA ns1.str4s.net. hostmaster.str4s.net. 2018110601 3600 600 86400 600 from server 5.150.129.227 in 2 ms. SOA ns1.str4s.net. hostmaster.str4s.net. 2018110601 3600 600 86400 600 from server 217.141.171.4 in 228 ms. 64 bytes from mail.stefanostrozzi.it (5.150.129.227): icmp_seq=4 ttl=64 time=0.702 ms - piccinini.biz www.whois.biz opensrs SOA ns1.piccinini.biz. giovanni.piccinini.biz. 2017113003 86400 1800 604800 86400 from server 51.254.153.32 in 95 ms. SOA ns1.piccinini.biz. giovanni.piccinini.biz. 2017113003 86400 1800 604800 86400 from server 109.168.70.100 in 95 ms. 64 bytes from mail.it8.it (109.168.70.100): icmp_seq=1 ttl=61 time=111 ms - it8.it web-whois.nic.it dominiofaidate SOA ns1.it8dns.net. giovanni.piccinini.biz. 2018103001 86400 1800 604800 86400 from server 51.254.153.32 in 99 ms. SOA ns1.it8dns.net. giovanni.piccinini.biz. 2018103001 86400 1800 604800 86400 from server 109.168.70.100 in 111 ms. 64 bytes from web.it8.it (109.168.70.101): icmp_seq=1 ttl=61 time=163 ms - it8dns.net whois.tucows.com dominiofaidate SOA ns1.it8dns.net. giovanni.piccinini.biz. 2017071402 86400 1800 604800 86400 from server 51.254.153.32 in 103 ms. SOA ns1.it8dns.net. giovanni.piccinini.biz. 2017071402 86400 1800 604800 86400 from server 109.168.70.100 in 103 ms. 64 bytes from mail.it8.it (109.168.70.100): icmp_seq=1 ttl=61 time=117 ms - maxblade.it web-whois.nic.it register SOA ns1.it8dns.net. giovanni.piccinini.biz. 2018111002 86400 1800 604800 86400 from server 51.254.153.32 in 73 ms. SOA ns1.it8dns.net. giovanni.piccinini.biz. 2018111002 86400 1800 604800 86400 from server 109.168.70.100 in 73 ms. 64 bytes from 51.254.153.37 (51.254.153.37): icmp_seq=1 ttl=52 time=73.6 ms - - - - root@strde:~# dig it8.it root@strde:~# dig it8.it @ns1.it8dns.net ; «» DiG 9.10.3-P4-Debian «» it8.it ;; global options: +cmd ;; Got answer: ;; →>HEADER«- opcode: QUERY, status: NOERROR, id: 28178 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;; QUESTION SECTION: ;it8.it. IN A ;it8.it. IN A ;; ANSWER SECTION: ;; ANSWER SECTION: it8.it. 3599 IN A 109.168.70.101 it8.it. 3600 IN A 109.168.70.101 ;; AUTHORITY SECTION: it8.it. 3600 IN NS ns1.it8dns.net. it8.it. 3600 IN NS ns2.it8dns.net. ;; ADDITIONAL SECTION: ns1.it8dns.net. 86400 IN A 109.168.70.100 ns2.it8dns.net. 86400 IN A 51.254.153.32 ;; Query time: 91 msec ;; Query time: 28 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; SERVER: 109.168.70.100#53(109.168.70.100) ;; WHEN: Thu Oct 18 21:35:03 CEST 2018 ;; WHEN: Thu Oct 18 22:10:15 CEST 2018 ;; MSG SIZE rcvd: 51 ;; MSG SIZE rcvd: 129 ————————————————————————————————————————————- ; «» DiG 9.10.3-P4-Debian «» it8dns.net ;; global options: +cmd ;; Got answer: ;; →>HEADER«- opcode: QUERY, status: NOERROR, id: 3551 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;; QUESTION SECTION: ;it8dns.net. IN A ;it8dns.net. IN A ;; ANSWER SECTION: ;; ANSWER SECTION: it8dns.net. 3599 IN A 109.168.70.100 it8dns.net. 3600 IN A 109.168.70.100 ;; AUTHORITY SECTION: it8dns.net. 3600 IN NS ns1.it8dns.net. it8dns.net. 3600 IN NS ns2.it8dns.net. ;; ADDITIONAL SECTION: ns1.it8dns.net. 86400 IN A 109.168.70.100 ns2.it8dns.net. 86400 IN A 51.254.153.32 ;; Query time: 57 msec ;; Query time: 36 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; SERVER: 109.168.70.100#53(109.168.70.100) ;; WHEN: Thu Oct 18 21:38:43 CEST 2018 ;; WHEN: Thu Oct 18 22:17:10 CEST 2018 ;; MSG SIZE rcvd: 55 ;; MSG SIZE rcvd: 123 ————————————————————————————————————————————— ; «» DiG 9.10.3-P4-Debian «» piccinini.biz ;; global options: +cmd ;; Got answer: ;; →>HEADER«- opcode: QUERY, status: NOERROR, id: 41387 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;; QUESTION SECTION: ;piccinini.biz. IN A ;piccinini.biz. IN A ;; ANSWER SECTION: ;; ANSWER SECTION: piccinini.biz. 3599 IN A 109.168.70.100 piccinini.biz. 3600 IN A 109.168.70.100 ;; AUTHORITY SECTION: piccinini.biz. 3600 IN NS ns1.piccinini.biz. piccinini.biz. 3600 IN NS ns2.piccinini.biz. ;; ADDITIONAL SECTION: ns1.piccinini.biz. 86400 IN A 109.168.70.100 ns2.piccinini.biz. 86400 IN A 51.254.153.32 ;; Query time: 63 msec ;; Query time: 27 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; SERVER: 109.168.70.100#53(109.168.70.100) ;; WHEN: Thu Oct 18 21:39:36 CEST 2018 ;; WHEN: Thu Oct 18 22:24:31 CEST 2018 ;; MSG SIZE rcvd: 58 ;; MSG SIZE rcvd: 126 —————————————————————————————————————————————– ; «» DiG 9.10.3-P4-Debian «» stefanostrozzi.it ;; global options: +cmd ;; Got answer: ;; →>HEADER«- opcode: QUERY, status: NOERROR, id: 56700 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;; QUESTION SECTION: ;stefanostrozzi.it. IN A ;stefanostrozzi.it. IN A ;; ANSWER SECTION: ;; ANSWER SECTION: stefanostrozzi.it. 21599 IN A 5.150.129.227 stefanostrozzi.it. 86400 IN A 5.150.129.227 ;; AUTHORITY SECTION: stefanostrozzi.it. 86400 IN NS ns2.dominiofaidate.com. stefanostrozzi.it. 86400 IN NS ns1.dominiofaidate.com. ;; ADDITIONAL SECTION: ns2.dominiofaidate.com. 86400 IN A 85.94.212.168 ns1.dominiofaidate.com. 86400 IN A 5.144.169.178 ;; Query time: 81 msec ;; Query time: 28 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; SERVER: 85.94.212.168#53(85.94.212.168) ;; WHEN: Thu Oct 18 21:37:51 CEST 2018 ;; WHEN: Thu Oct 18 22:34:59 CEST 2018 ;; MSG SIZE rcvd: 62 ;; MSG SIZE rcvd: 148 ——————————————————————————————————————————————- </file>