Poniendo en contexto.- Se planea instalar un servidor zimbra 8.8, en CentOS 7 alojado en hypervisor vmware esxi, en primer lugar es muy recomendable instalar vmware tools para mejorar el desempeño del servidor, para ello ejecutamos:
yum install open-vm-tools
Posteriormente ejecutamos en orden los siguientes comandos
yum install bind bind-chroot bind-utils
rndc-confgen -a -r /dev/urandom -b 512 -c /etc/rndc.key
chown named:named /etc/rndc.key
cd /var/named/
for f in named.* data dynamic slaves; do mv $f ./chroot/var/named/; ln -s /var/named/chroot/var/named/$f ./; done
cd /etc
for f in named.* rndc.key; do mv $f /var/named/chroot/etc/; ln -s /var/named/chroot/etc/$f ./; done
systemctl enable named-chroot
PRUEBAS
dig @127.0.0.1 cisco.com
Instalando zonas directa e inversa
cd /var/named/chroot/var/named/
touch 100.168.192.in-addr.arpa.zone
$TTL 86400
@ IN SOA midominio.com. esinchi.hotmail.com. (
2007092918
28800
7200
604800
86400 )
@ IN NS dns.midominio.com.
15 IN PTR mail.midominio.com.touch midominio.com.zone
@ IN SOA midominio.com. esinchi.hotmail.com. (
2007101111
28800
7200
604800
86400 )
@ IN NS dns
@ IN MX 0 mail
@ IN A 192.168.100.15
mail IN A 192.168.100.15
dns IN A 192.168.100.15vi /var/named/chroot/etc/named.conf
options {
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
directory «/var/named»;
dump-file «/var/named/data/cache_dump.db»;
statistics-file «/var/named/data/named_stats.txt»;
memstatistics-file «/var/named/data/named_mem_stats.txt»;
secroots-file «/var/named/data/named.secroots»;
recursing-file «/var/named/data/named.recursing»;
allow-query { any; };/*
– If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
– If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
– If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;dnssec-enable yes;
dnssec-validation yes;managed-keys-directory «/var/named/dynamic»;
pid-file «/run/named/named.pid»;
session-keyfile «/run/named/session.key»;/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include «/etc/crypto-policies/back-ends/bind.config»;
};logging {
channel default_debug {
file «data/named.run»;
severity dynamic;
};
};zone «.» IN {
type hint;
file «named.ca»;
};zone «midominio.com» {
type master;
file «midominio.com.zone»;
allow-update { none; };
};zone «100.168.192.in-addr.arpa» {
type master;
file «100.168.192.in-addr.arpa.zone»;
allow-update { none; };
};
include «/etc/named.rfc1912.zones»;
include «/etc/named.root.key»;