LINUX RHEL 6 BIND DNS
[root@desktop6 ~]# yum install bind*
Loaded plugins: refresh-packagekit, rhnplugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Package 32:bind-libs-9.7.0-5.P2.el6.x86_64 already installed and latest version
Package 32:bind-utils-9.7.0-5.P2.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.7.0-5.P2.el6 set to be updated
---> Package bind-chroot.x86_64 32:9.7.0-5.P2.el6 set to be updated
---> Package bind-devel.x86_64 32:9.7.0-5.P2.el6 set to be updated
---> Package bind-dyndb-ldap.x86_64 0:0.1.0-0.9.b.el6 set to be updated
---> Package bind-sdb.x86_64 32:9.7.0-5.P2.el6 set to be updated
--> Processing Dependency: libpq.so.5()(64bit) for package: 32:bind-sdb-9.7.0-5.P2.el6.x86_64
--> Running transaction check
---> Package postgresql-libs.x86_64 0:8.4.4-2.el6 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
bind x86_64 32:9.7.0-5.P2.el6 base 3.5 M
bind-chroot x86_64 32:9.7.0-5.P2.el6 base 65 k
bind-devel x86_64 32:9.7.0-5.P2.el6 optional 362 k
bind-dyndb-ldap x86_64 0.1.0-0.9.b.el6 base 47 k
bind-sdb x86_64 32:9.7.0-5.P2.el6 optional 276 k
Installing for dependencies:
postgresql-libs x86_64 8.4.4-2.el6 base 188 k
Transaction Summary
================================================================================
Install 6 Package(s)
Upgrade 0 Package(s)
Total download size: 4.4 M
Installed size: 8.9 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): bind-9.7.0-5.P2.el6.x86_64.rpm | 3.5 MB 00:00
(2/6): bind-chroot-9.7.0-5.P2.el6.x86_64.rpm | 65 kB 00:00
(3/6): bind-devel-9.7.0-5.P2.el6.x86_64.rpm | 362 kB 00:00
(4/6): bind-dyndb-ldap-0.1.0-0.9.b.el6.x86_64.rpm | 47 kB 00:00
(5/6): bind-sdb-9.7.0-5.P2.el6.x86_64.rpm | 276 kB 00:00
(6/6): postgresql-libs-8.4.4-2.el6.x86_64.rpm | 188 kB 00:00
--------------------------------------------------------------------------------
Total 31 MB/s | 4.4 MB 00:00
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
base/gpgkey | 6.3 kB 00:00 ...
Importing GPG key 0xFD431D51 "Red Hat, Inc. (release key 2) " from /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Is this ok [y/N]: y
Importing GPG key 0x2FA658E0 "Red Hat, Inc. (auxiliary key) " from /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : 32:bind-9.7.0-5.P2.el6.x86_64 1/6
Installing : postgresql-libs-8.4.4-2.el6.x86_64 2/6
Installing : 32:bind-sdb-9.7.0-5.P2.el6.x86_64 3/6
Installing : bind-dyndb-ldap-0.1.0-0.9.b.el6.x86_64 4/6
Installing : 32:bind-chroot-9.7.0-5.P2.el6.x86_64 5/6
Installing : 32:bind-devel-9.7.0-5.P2.el6.x86_64 6/6
Installed:
bind.x86_64 32:9.7.0-5.P2.el6 bind-chroot.x86_64 32:9.7.0-5.P2.el6
bind-devel.x86_64 32:9.7.0-5.P2.el6 bind-dyndb-ldap.x86_64 0:0.1.0-0.9.b.el6
bind-sdb.x86_64 32:9.7.0-5.P2.el6
Dependency Installed:
postgresql-libs.x86_64 0:8.4.4-2.el6
Complete!
[root@desktop6 ~]# cd /var/named/chroot/etc/
[root@desktop6 etc]# ls
localtime named pki
[root@desktop6 etc]# cd named/
[root@desktop6 named]# ls
[root@desktop6 named]# cd ..
[root@desktop6 etc]# ls
localtime named pki
[root@desktop6 etc]# updatedb
[root@desktop6 etc]# cd /usr/share/doc/
Display all 751 possibilities? (y or n)
[root@desktop6 etc]# cd /usr/share/doc/bind-9.7.0/
arm/ Copyright draft/ named.conf.default rfc/ sample/
CHANGES COPYRIGHT misc/ README rfc1912.txt
[root@desktop6 etc]# cd /usr/share/doc/bind-9.7.0/sample/
etc/ var/
[root@desktop6 etc]# ls /usr/share/doc/bind-9.7.0/sample/etc/named.conf
localtime named/ pki/
[root@desktop6 etc]# ls
localtime named pki
[root@desktop6 etc]# cd named/
[root@desktop6 named]# ls
[root@desktop6 named]# pwd
/var/named/chroot/etc/named
[root@desktop6 named]#
[root@desktop6 named]# man named.conf
[root@desktop6 named]#
[root@desktop6 named]# man named
[root@desktop6 named]#
[root@desktop6 named]# pwd
/var/named/chroot/etc/named
[root@desktop6 named]# cd ..
[root@desktop6 etc]# vim named.conf
i[root@desktop6 etc]# cp /usr/share/doc/bind-9.7.0/named.conf.default named.conf
cp: overwrite `named.conf'? y
[root@desktop6 etc]# vim named.conf
[root@desktop6 etc]# cat /usr/share/doc/bind-9.7.0/named.conf.default
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; }; #<============== you need to add your ip address
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; }; ###<============= add all the network which will be client to this dns
recursion yes;
dnssec-enable yes; ###<============ remove this lines for basic config
dnssec-validation yes; ###<============ remove this lines for basic config
dnssec-lookaside auto; ###<============ remove this lines for basic config
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key"; ###<============ remove this lines for basic config
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
[root@desktop6 etc]# /etc/init.d/named restart
Stopping named: [ OK ]
Starting named: [ OK ]
NOW LET US MAKE SOME BASIC CHANGES FOR FORWARDER DNS.
[root@desktop6 etc]# vim named.conf
AFTER CHANGES THE named.conf look likes as below
[root@desktop6 etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.6; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; };
recursion yes;
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
[root@desktop6 etc]#
NOTE : BEFORE TESTING YOUR DNS PLEASE CHECK TO PING ANY SITE ON INTERNET, CHECK YOUR GATEWAY PROPERLY.
NOW GIVE FOLLOWING COMMAND FOR TESTING THE BASIC DNS
[root@desktop6 etc]# dig @localhost www.google.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> @localhost www.google.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41729
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 604800 IN CNAME www.l.google.com.
www.l.google.com. 300 IN A 209.85.231.104
;; AUTHORITY SECTION:
google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns4.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns1.google.com.
;; Query time: 116 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 24 03:46:47 2011
;; MSG SIZE rcvd: 140
[root@desktop6 etc]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 br0
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 br0
LET US NOW ADD CONFIGURATION FOR FORWARDER
[root@desktop6 etc]# vim named.conf
[root@desktop6 etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.6; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; };
recursion yes;
forward only;
forwarders { 192.168.0.254; };
};
###
###zone "." IN {
### type hint;
### file "named.ca";
###};
###
###include "/etc/named.rfc1912.zones";
[root@desktop6 etc]#
[root@desktop6 etc]# /etc/init.d/named restart
Stopping named: [ OK ]
Starting named: [ OK ]
NOW RECORDS ON MASTER DNS ON 192.168.0.254 CAN BE QUERY AND TEST
[root@desktop6 etc]# dig desktop9.example.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> desktop9.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16311
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;desktop9.example.com. IN A
;; ANSWER SECTION:
desktop9.example.com. 86400 IN A 192.168.0.9
;; AUTHORITY SECTION:
example.com. 86400 IN NS instructor.example.com.
;; ADDITIONAL SECTION:
instructor.example.com. 86400 IN A 192.168.0.254
;; Query time: 0 msec
;; SERVER: 192.168.0.254#53(192.168.0.254)
;; WHEN: Thu Mar 24 03:49:08 2011
;; MSG SIZE rcvd: 95
IF MASTER DNS 192.18.0.254 WILL NOT ALLOWED OUR FORWARDER DNS IT CAN NOT CHECK THE ADDRESSES ON INTERNET
[root@desktop6 etc]# dig www.google.com
WAITING ONLY ...
Thats it.
Imprtant reference
1. man named.conf
2. man named
3. directory /usr/share/doc/bind-******/
4. /usr/share/doc/bind-9.7.0/arm/Bv9ARM.pdf
5. /usr/share/doc/bind-9.7.0/sample/
6. /usr/share/doc/bind-9.7.0/sample/etc/
7. /usr/share/doc/bind-9.7.0/sample/var/
Cockpit can manage containers via docker. This functionality is present in the Cockpit docker package. Cockpit communicates with docker via its API via the /var/run/docker.sock unix socket. The docker API is root equivalent, and on a properly configured system, only root can access the docker API. If the currently logged in user is not root then Cockpit will try to escalate the user’s privileges via Polkit or sudo before connecting to the socket. Alternatively, we can create a docker Unix group. Anyone in that docker group can then access the docker API, and gain root privileges on the system. [root@rhel8 ~] # yum install cockpit-docker -y Once the package installed then "containers" section would be added in the dashboard and we can manage the containers and images from the console. We can search or pull an image from docker hub just by searching with the keyword like nginx centos. Once the Image downloaded we can start a contai
Comments
Post a Comment