Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # cat /etc/sysconfig/network-scripts/ifcfg-eth0
- DEVICE=eth0
- TYPE=Ethernet
- UUID=07644a2c-ef2c-40e6-b456-c263ba66c688
- ONBOOT=yes
- NM_CONTROLLED=yes
- BOOTPROTO=static
- IPADDR=192.168.1.220
- PREFIX=24
- GATEWAY=192.168.1.1
- DNS1=192.168.1.220
- DOMAIN=local
- DEFROUTE=yes
- IPV4_FAILURE_FATAL=yes
- IPV6INIT=no
- NAME="System eth0"
- DNS2=8.8.8.8
- HWADDR=00:0C:29:DC:47:43
- LAST_CONNECT=1403433020
- # cat /etc/sysconfig/network
- NETWORKING=yes
- HOSTNAME=centos.local
- NTPSERVERARGS=iburst
- # cat /etc/hosts
- 127.0.0.1 localhost puppet.local centos.local localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- # cat /etc/resolv.conf
- # Generated by NetworkManager
- search local
- nameserver 192.168.1.220
- nameserver 8.8.8.8
- # cat /etc/named.conf
- //
- // named.conf
- //
- // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
- // server as a caching only nameserver (as a localhost DNS resolver only).
- //
- // See /usr/share/doc/bind*/sample/ for example named configuration files.
- //
- options {
- listen-on port 53 { 127.0.0.1; 192.168.1.220; };
- listen-on-v6 port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { localhost; 192.168.1.1/24; };
- recursion yes;
- dnssec-enable yes;
- dnssec-validation yes;
- dnssec-lookaside auto;
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
- managed-keys-directory "/var/named/dynamic";
- };
- logging {
- channel default_debug {
- file "data/named.run";
- severity dynamic;
- };
- };
- zone "." IN {
- type hint;
- file "named.ca";
- };
- include "/etc/named.rfc1912.zones";
- include "/etc/named.root.key";
- zone "local" IN {
- type master;
- file "local.zone";
- allow-update { none; };
- };
- zone "1.168.192.in-addr.arpa" IN {
- type master;
- file "localrr.zone";
- allow-update { none; };
- };
- # cat /var/named/local.zone
- $TTL 86400
- @ IN SOA puppet ja.puppet.local. (
- 2001062501 ; serial
- 21600 ; refresh after 6 hours
- 3600 ; retry after 1 hour
- 604800 ; expire after 1 week
- 86400 ) ; minimum TTL of 1 day
- IN NS puppet
- puppet IN A 192.168.1.220
- centos IN A 192.168.1.220
- cent1 IN A 192.168.1.221
- cent2 IN A 192.168.1.222
- # cat /var/named/localrr.zone
- $TTL 86400
- @ IN SOA local ja.puppet.local. (
- 2001062501 ; serial
- 21600 ; refresh after 6 hours
- 3600 ; retry after 1 hour
- 604800 ; expire after 1 week
- 86400 ) ; minimum TTL of 1 day
- IN NS puppet.
- 220 IN PTR puppet.local.
- 221 IN PTR cent1.local.
- 222 IN PTR cent2.local.
- # host 192.168.1.222
- 222.1.168.192.in-addr.arpa domain name pointer cent2.local.
- # host cent2.local
- cent2.local has address 192.168.1.222
- # dig cent1.local @192.168.1.220
- ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> cent1.local @192.168.1.220
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56294
- ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
- ;; QUESTION SECTION:
- ;cent1.local. IN A
- ;; ANSWER SECTION:
- cent1.local. 86400 IN A 192.168.1.221
- ;; AUTHORITY SECTION:
- local. 86400 IN NS puppet.local.
- ;; ADDITIONAL SECTION:
- puppet.local. 86400 IN A 192.168.1.220
- ;; Query time: 0 msec
- ;; SERVER: 192.168.1.220#53(192.168.1.220)
- ;; WHEN: Sun Jun 22 15:22:59 2014
- ;; MSG SIZE rcvd: 82
- # dig cent2.local @puppet.local
- ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> cent2.local @puppet.local
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48528
- ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
- ;; QUESTION SECTION:
- ;cent2.local. IN A
- ;; ANSWER SECTION:
- cent2.local. 86400 IN A 192.168.1.222
- ;; AUTHORITY SECTION:
- local. 86400 IN NS puppet.local.
- ;; ADDITIONAL SECTION:
- puppet.local. 86400 IN A 192.168.1.220
- ;; Query time: 0 msec
- ;; SERVER: 127.0.0.1#53(127.0.0.1)
- ;; WHEN: Sun Jun 22 15:23:39 2014
- ;; MSG SIZE rcvd: 82
- # service named restart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- #Turn ON named at boot :
- # chkconfig --list named
- # chkconfig named on
- # chkconfig --list named
- named 0:vyp 1:vyp 2:zap 3:zap 4:zap 5:zap 6:vyp
- #Check if is DNS port open in IPTABLES (FireWall)
- # iptables --list
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
- ACCEPT icmp -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
- ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
- ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
- ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
- REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
- ACCEPT icmp -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement