Dns on Apuntes de root

OpenDNSSEC

jorti@pm.me (Juan Orti Alcaine) — Tue, 28 Jul 2015 00:00:00 +0000

A quick guide about how to migrate a signed zone from dnssec-tools to OpenDNSSEC.

dnssec-tools and bind authoritative name server in Fedora

jorti@pm.me (Juan Orti Alcaine) — Mon, 30 Sep 2013 00:00:00 +0000

Some time ago, I wrote a post about using dnssec-tools for managing an authoritative name server in CentOS, now I’m going to extend it to cover their usage in a Fedora system.

First of all, I’m going to use the latest versions which currently is not in the repositories. Download the source rpm, recompile and install the rpms: $ mock -r fedora-19-x86_64 dnssec-tools-2.0-1.fc18.src.rpm # yum install /var/lib/mock/fedora-19-x86_64/result/*rpm

The configuration of bind as authoritative name server /etc/named.conf:

Bind authoritative name server with DNSSEC in CentOS 6

jorti@pm.me (Juan Orti Alcaine) — Thu, 09 May 2013 00:00:00 +0000

I’m going to explain how to implement DNSSEC in CentOS, using Bind as authoritative name server and the dnssec-tools utilities. To deploy DNSSEC, your parent zone must be signed, you can check it here.

The main reference for this post is in the dnssec-tools Wiki: https://www.dnssec-tools.org/wiki/index.php/Authoritative_Server

DNS timeout while logging in via SSH

jorti@pm.me (Juan Orti Alcaine) — Fri, 08 Feb 2013 00:00:00 +0000

In a computer which is in a isolated network, I have experienced a long delay while logging in via SSH. This is because a DNS timeout. It’s possible to disable the DNS lookups of sshd, modifying this setting in /etc/ssh/sshd_config:

UseDNS no

Transferencia de zona DNS de Windows a bind

jorti@pm.me (Juan Orti Alcaine) — Thu, 01 Mar 2012 00:00:00 +0000

Podemos configurar un servidor DNS bind para recibir zonas de un controlador de dominio, para ello simplemente habría que habilitar la transferencia de zona en el servidor Windows y configurarlas en bind de la siguiente manera:

zone "dominio.local" in {
   type slave;
   file "slaves/dominio.local.db";
   masters { 192.168.1.100; };
   allow-transfer { any; };
   allow-query { any;};
   check-names ignore;
   notify yes;
};

zone "_msdcs.dominio.local" in {
   type slave;
   file "slaves/_msdcs.dominio.local.db";
   masters { 192.168.1.100; };
   allow-transfer { any; };
   allow-query { any;};
   check-names ignore;
   notify yes;
};

zone "1.168.192.in-addr.arpa" in {
   type slave;
   file "slaves/1.168.192.in-addr.arpa.db";
   masters { 192.168.1.100; };
   allow-transfer { any; };
   allow-query { any;};
   check-names ignore;
   notify yes;
};