Understanding DNS Andrew Mallett @theurbanpenguin | www.theurbanpenguin.com Overview • BIND configuration files • Zone files • Named and rndc • Server tools • Client tools $ dpkg -L bind9 /etc/bind/named.conf /etc/bind/rndc.key $ named -v | V Configuration Files We can use dpkg or rpm to list the package contents /etc/bind/db.local /etc/bind/db.127 $GENERATE 10-254 $ PTR dhcp-$.example.com Zone Files DNS information is stored in text file called zones BIND can auto-create entries with $GENERATE A chroot jail can protect against malicious attack The directory named ‘runs from’ appears as the root of the filesystem Create directory structure first Use option -t in /etc/default/bind9 $ sudo -u bind rndc status $ rndc-confgen TCP PORT 953 Control DNS Server The command rndc can be used to control the named service $ sudo named-checkconf $ sudo named-checkzone localhost /etc/bind/db.local Additional Server Tools We can run syntax checks on the configuration file and on zones $ dig www.pluralsight.com -t A $ nslookup -query=A www.pluralsight.com Client Tools The package dnsutils provides client tools such as dig and nslookup More on client tools later Summary • Identified configuration files • Viewed sample zone files • • Confirmed version and status of the server Server and client tools Next Up : Installing BIND on CentOS ... or rpm to list the package contents /etc/bind/db.local /etc/bind/db. 127 $GENERATE 10 -25 4 $ PTR dhcp-$.example.com Zone Files DNS information is stored in text file called zones BIND can auto-create... option -t in /etc/default/bind9 $ sudo -u bind rndc status $ rndc-confgen TCP PORT 953 Control DNS Server The command rndc can be used to control the named service $ sudo named-checkconf $ sudo... $ dig www.pluralsight.com -t A $ nslookup -query=A www.pluralsight.com Client Tools The package dnsutils provides client tools such as dig and nslookup More on client tools later Summary • Identified