Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

RHCE > DNS > Flashcards

DNS Flashcards

1
Q

DNS: Configure a caching-only name server

A

Configure a caching-only name server

1. Install bind
# yum search bind
# yum install bind bind-utils -y
2. Edit /etc/named.conf and make these changes
# vim /etc/named.conf

listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
dnssec-validation no;

3. confirm named.conf ownership are to root:named
# ls -l /etc/named.conf
# ls -l /etc/named.rfc1012.zones
4. Verify selinux context to be in "system_u:object_r:named_conf_t:s0"
# ls -lZ /etc/named.conf
# ls -lZ /etc/named.rfc1912.zones
if needed
# getsebool -a | grep named
5. review file for syntax errors
# named-checkconfig /etc/named.conf
6. Start bind(named) service & set to start at startup
# serviced named start
# chkconfig named on
7. Open firewall for port 53
# iptables -I INPUT -p udp --dport 53 -j ACCEPT
# iptables -I INPUT -p tcp --dport 53 -j ACCEPT

Example to open port for specific subnet
iptables -I INPUT -s 192.168.0.0/24 -p tcp –dport 53 -j ACCEPT
iptables -I INPUT -s 192.168.0.0/24 -p udp –dport 53 -j ACCEPT

8. Save firewall configuration
# service iptables save
9. Verify
# dig @localhost facebook.com
# dig @localhost www.google.com
# nslookup facebook.com
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Configure a caching-only name server to forward DNS queries

A

Configure a caching-only name server to forward DNS queries.

1. Install bind
# yum search bind
# yum install bind bind-utils -y
2. Edit /etc/named.conf and make these changes
# vim /etc/named.conf

listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
dnssec-validation no;

below the recursion option add these two lines (serverIP is the server to
forward to)
forward only;
forwarders { serverIP; };

3. confirm named.conf ownership are to root:named
# ls -l /etc/named.conf
# ls -l /etc/named.rfc1012.zones
4. Verify selinux context to be in "system_u:object_r:named_conf_t:s0"
# ls -lZ /etc/named.conf
# ls -lZ /etc/named.rfc1912.zones
if needed
# getsebool -a | grep named
5. review file for syntax errors
# named-checkconfig /etc/named.conf
6. Start bind(named) service & set to start at startup
# serviced named start
# chkconfig named on
7. Open firewall for port 53
# iptables -I INPUT -p udp --dport 53 -j ACCEPT
# iptables -I INPUT -p tcp --dport 53 -j ACCEPT

Example to open port for specific subnet
iptables -I INPUT -s 192.168.0.0/24 -p tcp –dport 53 -j ACCEPT
iptables -I INPUT -s 192.168.0.0/24 -p udp –dport 53 -j ACCEPT

8. Save firewall configuration
# service iptables save
9. Verify
# dig @localhost facebook.com
# dig @localhost www.google.com
# nslookup facebook.com
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

RHCE (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions