Les deux machines DNS seront des machines Centos7
Elles vont répondre à toutes les requêtes envoyées par les VM du réseau VM et privé pour identifier
Les machines par leurs noms machines.
Spécification des machines
Le Pool « Server_DNS » va être composé de deux machines virtuelles
- dns-pri.house.cpb => 172.16.185.1
- 2vCPU, 2G RAM, 32Go Disk
- dns-pri.house.cpb => 172.16.185.2
- 2vCPU, 2G RAM, 32Go Disk
Désactiver SeLinux (sur les 2 machines)
[ @dns-pri ~]$ vi /etc/sysconfig/selinux SELINUX=disabled
Reboot Machine.
Désactiver IPv6 (sur les 2 machines)
[chris@dns-pri ~]$ vi /etc/sysctl.d/disableipv6.conf net.ipv6.conf.all.disable_ipv6 = 1
Installation des paquets utiles (sur les 2 machines)
[root@dns-pri chris]# yum update && yum upgrade [root@dns-pri chris]# yum install qemu-guest-agent [root@dns-pri chris]# yum install htop nmap net-tools
Installer le serveur BIND (sur les 2 machines)
[root@dns-pri chris]# yum install -y bind bind-utils
1°) Mise en place Serveur Primaire (dns-pri.house.cpb)
Configuration du serveur Primaire (dns-pri.house.cpb)
[root@dns-pri chris]# cp /etc/named.conf{,-old}
[root@dns-pri chris]# vi /etc/named.conf options { listen-on port 53 { 127.0.0.1; 172.16.185.1 ; }; #listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; 172.16.185.0/24;}; allow-transfer { localhost; 172.16.185.2; }; recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "house.cpb" IN { type master; file "forward.house.cpb"; allow-update { none; }; }; zone "185.16.172.in-addr.arpa" IN { type master; file "reverse.house.cpb"; allow-update { none; }; };
Création du fichier de Zone « forward.house.cpb » (dns-pri.house.cpb)
[root@dns-pri chris]# vi /var/named/forward.house.cpb $TTL 86400 @ IN SOA dns-pri.house.cpb. root.house.cpb. ( 2021040601 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS dns-pri.house.cpb. @ IN NS dns-sec.house.cpb. @ IN A 172.16.185.1 @ IN A 172.16.185.2 ; Machine Serveur DNS dns-pri IN A 172.16.185.1 dns-sec IN A 172.16.185.2
Création du fichier de Zone « reverse.house.cpb » (dns-pri.house.cpb)
[root@dns-pri chris]# vi /var/named/reverse.house.cpb $TTL 86400 @ IN SOA dns-pri.house.cpb. root.house.cpb. ( 2021070601 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS dns-pri.house.cpb. @ IN NS dns-sec.house.cpb. dns-pri IN A 172.16.185.1 dns-sec IN A 172.16.185.2 1 IN PTR dns-pri.house.cpb. 2 IN PTR dns-sec.house.cpb.
Ajustement des droits (dns-pri.house.cpb)
[root@dns-pri named]# chmod 640 /var/named/reverse.house.cpb /var/named/forward.house.cpb [root@dns-pri named]# chown root.named /var/named/reverse.house.cpb /var/named/forward.house.cpb
Test des Configurations (dns-pri.house.cpb)
[root@dns-pri named]# named-checkconf /etc/named.conf [root@dns-pri named]# named-checkzone house.cpb forward.house.cpb zone house.cpb/IN: loaded serial 2021040601 OK [root@dns-pri named]# named-checkzone house.cpb reverse.house.cpb zone house.cpb/IN: loaded serial 2021070601 OK
Démarrage du DNS (dns-pri.house.cpb)
[root@dns-pri named]# systemctl start named [root@dns-pri named]# systemctl enable named
Configuration du resolver.conf (dns-pri.house.cpb)
[root@dns-pri named]# vi /etc/resolv.conf search house.cpb #nameserver 192.168.1.1 nameserver 172.16.185.1 nameserver 172.16.185.2
Test de la résolution du domaine « house.cpb » (dns-pri.house.cpb)
[root@dns-pri named]# nslookup house.cpb Server: 172.16.185.1 Address: 172.16.185.1#53 Name: house.cpb Address: 172.16.185.2 Name: house.cpb Address: 172.16.185.1
[root@dns-pri named]# dig house.cpb ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.4 <<>> house.cpb ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1610 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;house.cpb. IN A ;; ANSWER SECTION: house.cpb. 86400 IN A 172.16.185.1 house.cpb. 86400 IN A 172.16.185.2 ;; AUTHORITY SECTION: house.cpb. 86400 IN NS dns-pri.house.cpb. house.cpb. 86400 IN NS dns-sec.house.cpb. ;; ADDITIONAL SECTION: dns-pri.house.cpb. 86400 IN A 172.16.185.1 dns-sec.house.cpb. 86400 IN A 172.16.185.2 ;; Query time: 0 msec ;; SERVER: 172.16.185.1#53(172.16.185.1) ;; WHEN: Tue Apr 06 19:35:27 CEST 2021 ;; MSG SIZE rcvd: 146
Ouverture des Rules dans le firewall (dns-pri.house.cpb)
[root@dns-pri named]# firewall-cmd --zone=public --add-port=53/tcp --permanent [root@dns-pri named]# firewall-cmd --zone=public --add-port=53/udp --permanent [root@dns-pri named]# firewall-cmd --reload [root@dns-pri named]# firewall-cmd --list-ports 53/tcp 53/udp
2°)Mise en place Serveur secondaire (dns-sec.house.cpb)
Configuration du serveur Secondaire (dns-sec.house.cpb)
[root@dns-sec cp219538]# cp /etc/named.conf{,-old}
[root@dns-sec cp219538]# vi /etc/named.conf options { listen-on port 53 { 127.0.0.1;172.16.185.2; }; #listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost;172.16.185.0/24; }; recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "house.cpb" IN { type slave; file "slaves/forward.house.cpb"; masters { 172.16.185.1; }; }; zone "185.16.172.in-addr.arpa" IN { type slave; file "slaves/reverse.house.cpb"; masters { 172.16.185.1; }; };
Lancement serveur Secondaire (dns-sec.house.cpb)
[root@dns-sec cp219538]# systemctl start named [root@dns-sec cp219538]# systemctl enable named
Ouverture des Rules dans le firewall (dns-sec.house.cpb)
[root@dns-sec named]# firewall-cmd --zone=public --add-port=53/tcp --permanent [root@dns-sec named]# firewall-cmd --zone=public --add-port=53/udp --permanent [root@dns-sec named]# firewall-cmd --reload [root@dns-sec named]# firewall-cmd --list-ports 53/tcp 53/udp
Vérifions la réplication du serveur Primaire vers le secondaire
[root@dns-sec cp219538]# ls /var/named/slaves/ forward.house.cpb reverse.house.cpb
Configuration du resolver.conf (dns-sec.house.cpb)
[root@dns-sec named]# vi /etc/resolv.conf search house.cpb #nameserver 192.168.1.1 nameserver 172.16.185.1 nameserver 172.16.185.2
3°) Ajouter des machines dans le DNS et propagation au DNS secondaire
Editer le fichier « forward.house.cpb »
[root@dns-pri chris]# vi /var/named/forward.house.cpb
On ajoute les machines suivantes et on augmente le numéro de série + 1 dans la Zone SOA
$TTL 86400 @ IN SOA dns-pri.house.cpb. root.house.cpb. ( 2021051905 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS dns-pri.house.cpb. @ IN NS dns-sec.house.cpb. @ IN A 172.16.185.1 @ IN A 172.16.185.2 ; Serveur LAN VM - Mysql PERCONA node01-sql IN A 172.16.185.9 node02-sql IN A 172.16.185.10 node03-sql IN A 172.16.185.11 node04-sql IN A 172.16.185.12 ; Serveur LAN VM - Web Cluster ;Cluster NGINX node01-web IN A 172.16.185.13 node02-web IN A 172.16.185.14 node03-web IN A 172.16.185.15
Editer le fichier « forward.house.cpb »
[root@dns-pri chris]# vi /var/named/reverse.house.cpb
On ajoute les nouvelles machines dans le fichier de reverse et on augmente le numéro de série + 1 dans la Zone SOA
$TTL 86400 @ IN SOA dns-pri.house.cpb. root.house.cpb. ( 2021042106 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS dns-pri.house.cpb. @ IN NS dns-sec.house.cpb. @ IN MX 1 mail.house.cpb. ; LAN VM - Mysql PERCONA 9 IN PTR node01-sql.house.cpb. 10 IN PTR node02-sql.house.cpb. 11 IN PTR node03-sql.house.cpb. 12 IN PTR node04-sql.house.cpb. ; LAN VM - WEB 13 IN PTR node01-web.house.cpb. 14 IN PTR node02-web.house.cpb. 15 IN PTR node03-web.house.cpb.
Test des Configurations (dns-pri.house.cpb)
[root@dns-pri named]# named-checkzone house.cpb forward.house.cpb zone house.cpb/IN: loaded serial 2021051905 OK [root@dns-pri named]# named-checkzone house.cpb reverse.house.cpb zone house.cpb/IN: loaded serial 2021042106 OK
Recharger la zone DNS Primaire et secondaire
[root@dns-pri named]# systemctl reload named
Coté Logs DNS Primaire
Côté logs DNS Secondaire
La propagation est OK.
Test sur un client Lambda.
[root@test1 ~]# yum install bind-utils [root@test1 ~]# nslookup node01-sql.house.cpb [root@test1 ~]# nslookup node02-sql.house.cpb [root@test1 ~]# nslookup node03-sql.house.cpb [root@test1 ~]# nslookup node04-sql.house.cpb
La résolution des noms machine est OK
Views: 34