Загрузить файлы в «provisioning»

2026-04-04 16:29:49 +03:00
parent 88ebf65997
commit 5036b9d541
5 changed files with 188 additions and 0 deletions
--- a/provisioning/client-motd
+++ b/provisioning/client-motd
@@ -0,0 +1,17 @@
+### Welcome to the DNS lab! ###
+
+- Use this client to test the enviroment, with dig or nslookup.
+    dig @192.168.50.10 ns01.dns.lab
+    dig @192.168.50.11 -x 192.168.50.10
+
+- nsupdate is available in the ddns.lab zone. Ex:
+    nsupdate -k /etc/named.zonetransfer.key
+    server 192.168.50.10
+    zone ddns.lab 
+    update add www.ddns.lab. 60 A 192.168.50.15
+    send
+
+- rndc is also available to manage the servers
+    rndc -c ~/rndc.conf reload
+
+Enjoy!
--- a/provisioning/client-resolv.conf
+++ b/provisioning/client-resolv.conf
@@ -0,0 +1,4 @@
+domain dns.lab
+search dns.lab
+nameserver 192.168.50.10
+nameserver 192.168.50.11
--- a/provisioning/master-named.conf
+++ b/provisioning/master-named.conf
@@ -0,0 +1,131 @@
+options {
+
+    // network 
+	listen-on port 53 { 192.168.50.10; };
+	listen-on-v6 port 53 { ::1; };
+
+    // data
+	directory 	"/var/named";
+	dump-file 	"/var/named/data/cache_dump.db";
+	statistics-file "/var/named/data/named_stats.txt";
+	memstatistics-file "/var/named/data/named_mem_stats.txt";
+
+    // server
+	recursion yes;
+	allow-query     { any; };
+    allow-transfer { any; };
+    
+    // dnssec
+	dnssec-enable yes;
+	dnssec-validation yes;
+
+    // others
+	bindkeys-file "/etc/named.iscdlv.key";
+	managed-keys-directory "/var/named/dynamic";
+	pid-file "/run/named/named.pid";
+	session-keyfile "/run/named/session.key";
+};
+
+logging {
+        channel default_debug {
+                file "data/named.run";
+                severity dynamic;
+        };
+};
+
+// RNDC Control for client
+key "rndc-key" {
+    algorithm hmac-md5;
+    secret "GrtiE9kz16GK+OKKU/qJvQ==";
+};
+controls {
+        inet 192.168.50.10 allow { 192.168.50.15; } keys { "rndc-key"; }; 
+};
+
+
+// ZONE TRANSFER WITH TSIG
+include "/etc/named.zonetransfer.key"; 
+server 192.168.50.11 {
+    keys { "zonetransfer.key"; };
+};
+server 192.168.50.12 {
+    keys { "zonetransfer.key"; };
+};
+
+acl "client" { 192.168.50.15; }; 
+acl "client2" { 192.168.50.20; };
+acl "slave" { 192.168.50.12; };
+
+view "client" {
+    match-clients { "client"; "slave"; };
+    zone "dns.lab" {
+        type master;
+        allow-transfer { key "zonetransfer.key"; };
+        file "/etc/named/named.dns.lab.limit";
+    };
+    
+    zone "newdns.lab" {
+        type master;
+        allow-transfer { key "zonetransfer.key"; };
+        file "/etc/named/named.newdns.lab";
+    };
+};
+
+view "client2" {
+    match-clients { "client2"; };
+    zone "dns.lab" {
+        type master;
+        allow-transfer { key "zonetransfer.key"; };
+        file "/etc/named/named.dns.lab";
+    };
+    
+};
+
+view "any" {
+    match-clients { "any"; };
+
+    // root zone
+    zone "." IN {
+        type hint;
+        file "named.ca";
+    };
+
+    // zones like localhost
+    include "/etc/named.rfc1912.zones";
+    // root's DNSKEY
+    include "/etc/named.root.key";
+
+    // lab's zone
+    zone "dns.lab" {
+        type master;
+        allow-transfer { key "zonetransfer.key"; };
+        file "/etc/named/named.dns.lab";
+    };
+
+
+    // lab's zone reverse
+    zone "50.168.192.in-addr.arpa" {
+        type master;
+        allow-transfer { key "zonetransfer.key"; };
+        file "/etc/named/named.dns.lab.rev";
+    };
+
+    // lab's ddns zone
+    zone "ddns.lab" {
+        type master;
+        allow-transfer { key "zonetransfer.key"; };
+        allow-update { key "zonetransfer.key"; };
+        file "/etc/named/named.ddns.lab";
+    };
+
+    // newlab's zone
+    zone "newdns.lab" {
+        type master;
+        allow-transfer { key "zonetransfer.key"; };
+        file "/etc/named/named.newdns.lab";
+    };
+
+};
+
+
+
--- a/provisioning/named.ddns.lab
+++ b/provisioning/named.ddns.lab
@@ -0,0 +1,16 @@
+$TTL 3600
+$ORIGIN ddns.lab.
+@               IN      SOA     ns01.dns.lab. root.dns.lab. (
+                            2711201407 ; serial
+                            3600       ; refresh (1 hour)
+                            600        ; retry (10 minutes)
+                            86400      ; expire (1 day)
+                            600        ; minimum (10 minutes)
+                        )
+
+                IN      NS      ns01.dns.lab.
+                IN      NS      ns02.dns.lab.
+
+; DNS Servers
+ns01            IN      A       192.168.50.10
+ns02            IN      A       192.168.50.11
--- a/provisioning/named.dns.lab
+++ b/provisioning/named.dns.lab
@@ -0,0 +1,20 @@
+$TTL 3600
+$ORIGIN dns.lab.
+@               IN      SOA     ns01.dns.lab. root.dns.lab. (
+                            2711201407 ; serial
+                            3600       ; refresh (1 hour)
+                            600        ; retry (10 minutes)
+                            86400      ; expire (1 day)
+                            600        ; minimum (10 minutes)
+                        )
+
+                IN      NS      ns01.dns.lab.
+                IN      NS      ns02.dns.lab.
+
+; DNS Servers
+ns01            IN      A       192.168.50.10
+ns02            IN      A       192.168.50.11
+
+;web1 & web2
+web1            IN      A       192.168.50.15
+web2            IN      A       192.168.50.20