diff --git a/provisioning/client-motd b/provisioning/client-motd new file mode 100644 index 0000000..6784fc4 --- /dev/null +++ b/provisioning/client-motd @@ -0,0 +1,17 @@ +### Welcome to the DNS lab! ### + +- Use this client to test the enviroment, with dig or nslookup. + dig @192.168.50.10 ns01.dns.lab + dig @192.168.50.11 -x 192.168.50.10 + +- nsupdate is available in the ddns.lab zone. Ex: + nsupdate -k /etc/named.zonetransfer.key + server 192.168.50.10 + zone ddns.lab + update add www.ddns.lab. 60 A 192.168.50.15 + send + +- rndc is also available to manage the servers + rndc -c ~/rndc.conf reload + +Enjoy! diff --git a/provisioning/client-resolv.conf b/provisioning/client-resolv.conf new file mode 100644 index 0000000..5b9e077 --- /dev/null +++ b/provisioning/client-resolv.conf @@ -0,0 +1,4 @@ +domain dns.lab +search dns.lab +nameserver 192.168.50.10 +nameserver 192.168.50.11 diff --git a/provisioning/master-named.conf b/provisioning/master-named.conf new file mode 100644 index 0000000..bf273c4 --- /dev/null +++ b/provisioning/master-named.conf @@ -0,0 +1,131 @@ +options { + + // network + listen-on port 53 { 192.168.50.10; }; + listen-on-v6 port 53 { ::1; }; + + // data + directory "/var/named"; + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + memstatistics-file "/var/named/data/named_mem_stats.txt"; + + // server + recursion yes; + allow-query { any; }; + allow-transfer { any; }; + + // dnssec + dnssec-enable yes; + dnssec-validation yes; + + // others + bindkeys-file "/etc/named.iscdlv.key"; + managed-keys-directory "/var/named/dynamic"; + pid-file "/run/named/named.pid"; + session-keyfile "/run/named/session.key"; +}; + +logging { + channel default_debug { + file "data/named.run"; + severity dynamic; + }; +}; + +// RNDC Control for client +key "rndc-key" { + algorithm hmac-md5; + secret "GrtiE9kz16GK+OKKU/qJvQ=="; +}; +controls { + inet 192.168.50.10 allow { 192.168.50.15; } keys { "rndc-key"; }; +}; + + +// ZONE TRANSFER WITH TSIG +include "/etc/named.zonetransfer.key"; +server 192.168.50.11 { + keys { "zonetransfer.key"; }; +}; +server 192.168.50.12 { + keys { "zonetransfer.key"; }; +}; + +acl "client" { 192.168.50.15; }; +acl "client2" { 192.168.50.20; }; +acl "slave" { 192.168.50.12; }; + +view "client" { + match-clients { "client"; "slave"; }; + zone "dns.lab" { + type master; + allow-transfer { key "zonetransfer.key"; }; + file "/etc/named/named.dns.lab.limit"; + }; + + zone "newdns.lab" { + type master; + allow-transfer { key "zonetransfer.key"; }; + file "/etc/named/named.newdns.lab"; + }; +}; + +view "client2" { + match-clients { "client2"; }; + zone "dns.lab" { + type master; + allow-transfer { key "zonetransfer.key"; }; + file "/etc/named/named.dns.lab"; + }; + +}; + +view "any" { + match-clients { "any"; }; + + // root zone + zone "." IN { + type hint; + file "named.ca"; + }; + + // zones like localhost + include "/etc/named.rfc1912.zones"; + // root's DNSKEY + include "/etc/named.root.key"; + + // lab's zone + zone "dns.lab" { + type master; + allow-transfer { key "zonetransfer.key"; }; + file "/etc/named/named.dns.lab"; + }; + + + // lab's zone reverse + zone "50.168.192.in-addr.arpa" { + type master; + allow-transfer { key "zonetransfer.key"; }; + file "/etc/named/named.dns.lab.rev"; + }; + + // lab's ddns zone + zone "ddns.lab" { + type master; + allow-transfer { key "zonetransfer.key"; }; + allow-update { key "zonetransfer.key"; }; + file "/etc/named/named.ddns.lab"; + }; + + // newlab's zone + zone "newdns.lab" { + type master; + allow-transfer { key "zonetransfer.key"; }; + file "/etc/named/named.newdns.lab"; + }; + +}; + + + diff --git a/provisioning/named.ddns.lab b/provisioning/named.ddns.lab new file mode 100644 index 0000000..78263ce --- /dev/null +++ b/provisioning/named.ddns.lab @@ -0,0 +1,16 @@ +$TTL 3600 +$ORIGIN ddns.lab. +@ IN SOA ns01.dns.lab. root.dns.lab. ( + 2711201407 ; serial + 3600 ; refresh (1 hour) + 600 ; retry (10 minutes) + 86400 ; expire (1 day) + 600 ; minimum (10 minutes) + ) + + IN NS ns01.dns.lab. + IN NS ns02.dns.lab. + +; DNS Servers +ns01 IN A 192.168.50.10 +ns02 IN A 192.168.50.11 diff --git a/provisioning/named.dns.lab b/provisioning/named.dns.lab new file mode 100644 index 0000000..01fd9f2 --- /dev/null +++ b/provisioning/named.dns.lab @@ -0,0 +1,20 @@ +$TTL 3600 +$ORIGIN dns.lab. +@ IN SOA ns01.dns.lab. root.dns.lab. ( + 2711201407 ; serial + 3600 ; refresh (1 hour) + 600 ; retry (10 minutes) + 86400 ; expire (1 day) + 600 ; minimum (10 minutes) + ) + + IN NS ns01.dns.lab. + IN NS ns02.dns.lab. + +; DNS Servers +ns01 IN A 192.168.50.10 +ns02 IN A 192.168.50.11 + +;web1 & web2 +web1 IN A 192.168.50.15 +web2 IN A 192.168.50.20