DNS and DHCP in Debian 8 "Jessie" - SMB Networks

fico

42 minutes

General index of the series: Computer Networks for SMEs: Introduction

Hello friends!. After the previous couple of articles on the Domain Name System and Dynamic Host Configuration Protocol published in «DNS and DHCP in openSUSE 13.2 'Harlequin'" and "DNS and DHCP on CentOS 7«, Both from the series SME Networks, we have to configure those services in Debian.

We repeat that a good starting point to learn about the theoretical concepts of DNS and DHCP is Wikipedia.

Installing the operating system

We will start from the basic installation of a server with the Debian 8 "Jessie" operating system without installing any graphical environment or other program. A virtual machine with 512 megabytes of RAM and a 20 gigabyte hard drive is more than enough.

During the installation process - preferably in text mode - and following the order of the screens, we chose the following parameters:

  • Language: Spanish - Spanish
  • Country, territory or area: U.S
  • Keymap to use: American English
  • Configure the network manually:
    • IP address: 192.168.10.5
    • Netmask: 255.255.255.0
    • Gateway: 192.168.10.1
    • Nameserver addresses: 127.0.0.1
    • Machine name: dns
    • Domain name: desdelinux.fan
  • Super User Password: SuClave (then ask for confirmation)
  • Full name for the new user: Debian First OS Buzz
  • Username for the account:buzz
  • Choose a password for the new user: SuClave (then ask for confirmation)
  • Select your time zone: East
  • Partitioning method: Guided - use the entire disk
    • Choose disk to partition: Virtual disk 1 (vda) - 21.5 GB Virto Block Device
    • Partitioning scheme: All files in one partition (recommended for newbies).
    • Finish partitioning and write changes to disk
    • Do you want to write the changes to the disks?
  • Do you want to analyze another CD or DVD?:
  • Do you want to use a replica ofd?:
  • Do you want to take the package usage survey?:
  • Choose the programs to install:
    [] Debian desktop environment
    [*] Standard system utilities
  • Do you want to install the GRUB boot loader in the main boot record?
    • / dev / vda
  • "Installation completed":

In my modest opinion, installing Debian is simple. It is only required to answer questions of predefined options and some other information. I even dare to say that it is easier to follow the previous steps than through a video, for example. When I read I don't lose concentration. Another issue is to watch, read, interpret, and give the video back and forth, when I lose or do not understand well some important meaning. A handwritten sheet, or a plain text file copied to the mobile, will serve as an effective guide perfectly.

Initial settings

After finishing the basic installation and the first reboot, we proceed to declare the Program Repositories.

When editing the file sources.list, we comment on all the existing entries by default because we will only work with local repositories. The final content of the file -excluding the commented lines- would be:

root @ dns: ~ # nano /etc/apt/sources.list
deb http://192.168.10.1/repos/jessie/debian/ jessie main contrib deb http://192.168.10.1/repos/jessie/debian-security/ jessie / updates main contrib

We update the system

root @ dns: ~ # aptitude update
root @ dns: ~ # aptitude upgrade
root @ dns: ~ # reboot

We install SSH to access remotely

root @ dns: ~ # aptitude install ssh

To allow the user to start a remote session via SSH root -From the Enterprise LAN only- we modify its configuration file:

root @ dns: ~ # nano / etc / ssh / sshd_config
.... PermitRootLogin yes ....

root @ dns: ~ # systemctl restart ssh.service
root @ dns: ~ # systemctl status ssh.service

We start a remote session via SSH in «dns» from the «sysadmin» machine:

buzz @ sysadmin: ~ $ rm .ssh / known_hosts buzz @ sysadmin: ~ $ ssh root@192.168.10.5 ... root@192.168.10.5's password: ... root @ dns: ~ #

Main configuration files

The main files of the system configuration will be according to our selections during the installation:

root @ dns: ~ # cat / etc / hosts
127.0.0.1 localhost 192.168.10.5 dns.desdelinux.fan dns # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters

root @ dns: ~ # cat /etc/resolv.conf 
search desdelinux.fan nameserver 127.0.0.1

root @ dns: ~ # hostname
dns

root @ dns: ~ # hostname -f
dns.desdelinux.fan

root @ dns: ~ # cat / etc / network / interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet static address 192.168.10.5 netmask 255.255.255.0 network 192.168.10.0 broadcast 192.168.10.255. 192.168.10.1 gateway 127.0.0.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers XNUMX dns-search desdelinux.fan

We install super experience packages

root @ dns: ~ # aptitude install htop mc deborphan

Cleaning downloaded packages, if any

root @ dns: ~ # aptitude install -f root @ dns: ~ # aptitude purge ~ c root @ dns: ~ # aptitude clean root @ dns: ~ # aptitude autoclean

We install the BIND9

  • BEFORE installing the BIND we strongly recommend visit the page DNS record types on Wikipedia, both in its Spanish and English versions. These types of registers are the ones that we will use in the configuration of the Zones files, both Direct and Reverse. It is very educational to know what we are dealing with.
  • As well we suggest read the following Request for Comments RFCs - Requests for Comments, which are closely related to a healthy functioning of the DNS service, especially with regard to Recursion to the Root Servers:
    • RFCs 1912, 5735, 6303, and BCP 32: relating to localhost
    • RFCs 1912, 6303: Style zone for IPv6 localhost address
    • RFCs 1912, 5735 and 6303: Relating to the Local Network - "This" Network
    • RFCs 1918, 5735 and 6303: Private Use Networks
    • RFC 6598: Shared Address Space
    • RFCs 3927, 5735 and 6303: Link-local / APIPA
    • RFCs 5735 and 5736: Internet Engineering Task Force protocol assignments
    • RFCs 5735, 5737 and 6303: TEST-NET- [1-3] for Documentation
    • RFCs 3849 and 6303: IPv6 Example Range for Documentation
    • BCP 32: Domain Names for Documentation and Testing
    • RFCs 2544 and 5735: Router Benchmark Testing
    • RFC 5735: IANA Reserved - Old Class E Space
    • RFC 4291: IPv6 Unassigned Addresses
    • RFCs 4193 and 6303: IPv6 ULA
    • RFCs 4291 and 6303: IPv6 Link-Local
    • RFCs 3879 and 6303: IPv6 Deprecated Site-Local Addresses
    • RFC 4159: IP6.INT is Deprecated

Installation

root @ dns: ~ # aptitude search bind9
p bind9 - Internet Domain Name Server p bind9-doc - Documentation for BIND i bind9-host - Version of 'host' bundled with BIND 9.X p bind9utils - Utilities for BIND p gforge-dns-bind9 - collaborative development tool - DNS management (using Bind9) i A libbind9-90 - BIND9 Shared Library used by BIND

Also try running aptitude search ~ dbind9

root @ dns: ~ # aptitude install bind9

root @ dns: ~ # systemctl restart bind9.service

root @ dns: ~ # systemctl status bind9.service
● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ named.conf
   Active: activate (running) since Fri 2017-02-03 10:33:11 EST; 1s ago Docs: man: named (8) Process: 1460 ExecStop = / usr / sbin / rndc stop (code = exited, status = 0 / SUCCESS) Main PID: 1465 (named) CGroup: /system.slice/bind9.service └─1465 / usr / sbin / named -f -u bind Feb 03 10:33:11 dns named [1465]: automatic empty zone: 8.BD0.1.0.0.2.IP6.ARPA Feb 03 10:33:11 dns named [1465]: command channel listening on 127.0.0.1 # 953 Feb 03 10:33:11 dns named [1465]: command channel listening on :: 1 # 953 Feb 03 10:33:11 dns named [1465]: managed -keys-zone: loaded serial Feb 2 03 10:33:11 dns named [1465]: zone 0.in-addr.arpa/IN: loaded serial Feb 1 03 10:33:11 dns named [1465]: zone localhost / IN: loaded serial Feb 2 03 10:33:11 dns named [1465]: zone 127.in-addr.arpa/IN: loaded serial Feb 1 03 10:33:11 dns named [1465]: zone 255.in -addr.arpa/IN: loaded serial 1 Feb 03 10:33:11 dns named [1465]: all zones loaded Feb 03 10:33:11 dns named [1465]: running Hint: Some lines were ellipsized, use -l to show in full.

Configuration files installed by the BIND9

In a slightly different way than configuring the DNS service in CentOS and openSUSE, in Debian the following files are created in the directory / etc / bind:

root @ dns: ~ # ls -l / etc / bind /
total 52 -rw-r - r-- 1 root root 2389 Jun 30 2015 bind.keys -rw-r - r-- 1 root root 237 Jun 30 2015 db.0 -rw-r - r-- 1 root root 271 Jun 30 2015 db.127 -rw-r - r-- 1 root root 237 Jun 30 2015 db.255 -rw-r - r-- 1 root root 353 Jun 30 2015 db.empty -rw- r - r-- 1 root root 270 Jun 30 2015 db.local -rw-r - r-- 1 root root 3048 Jun 30 2015 db.root -rw-r - r-- 1 root bind 463 Jun 30 2015 named.conf -rw-r - r-- 1 root bind 490 Jun 30 2015 named.conf.default-zones -rw-r - r-- 1 root bind 165 Jun 30 2015 named.conf.local -rw -r - r-- 1 root bind 890 Feb 3 10:32 named.conf.options -rw-r ----- 1 bind bind 77 Feb 3 10:32 rndc.key -rw-r - r- - 1 root root 1317 Jun 30 2015 zones.rfc1918

All the above files are in plain text. If we want to know the meaning and content of each of them, we can do it using the commands moins o cat, which is good practice.

Accompanying documentation

In the address book / usr / share / doc / bind9 we will have:

root @ dns: ~ # ls -l / usr / share / doc / bind9
total 56 -rw-r - r-- 1 root root 5927 Jun 30 2015 copyright -rw-r - r-- 1 root root 19428 30 Jun 2015 1 changelog.Debian.gz -rw-r - r-- 11790 root root 27 Jan 2014 1 FAQ.gz -rw-r - r-- 396 root root 30 Jun 2015 1 NEWS.Debian.gz -rw-r - r-- 3362 root root 30 Jun 2015 1 README.Debian. gz -rw-r - r-- 5840 root root 27 Jan 2014 XNUMX README.gz

In the previous documentation we will find Abundant Study Material that we recommend reading BEFORE configuring the BIND, and even BEFORE searching the Internet for articles related to BIND and DNS in general.. We are going to read the content of some of those files:

FAQ o Frecently Aspoon QQuestions about BIND 9

  1. Compilation and Installation Questions - Questions about Compilation and Installation
  2. Configuration and Setup Questions - Questions about configuration and tuning
  3. Operations Questions - Questions about the Operation
  4. General Questions - General inquiries
  5. Operating-System Specific Questions - Specific Questions about each Operating System
    1. HPUX
    2. Linux
    3. Windows
    4. FreeBSD
    5. Solaris
    6. Apple Mac OS X

NEWS.Debian.gz

NEWS.Debian in summary tells us that the parameters allow-query-cache y allow-recursion are enabled by default for ACLs embedded in BIND -built-in- 'localnets'Y'localhost'. It also informs us that the default changes were made to make the cache servers less attractive to an attack by spoofing from external networks.

To check what is written in the previous paragraph, if from a machine on the network itself 192.168.10.0/24 which is the one in our example, we make a DNS request on the domain desdelinux.net, and at the same time on the server itself dns.desdelinux.fan we execute tail -f / var / log / syslog we will obtain the following:

buzz @ sysadmin: ~ $ dig localhost
.... ;; OPT PSEUDOSECTION:; EDNS: version: 0, flags :; udp: 4096 ;; QUESTION SECTION:; localhost. IN A ;; ANSWER SECTION: localhost. 604800 IN A 127.0.0.1 ;; AUTHORITY SECTION: localhost. 604800 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 604800 IN AAAA :: 1

buzz@sysadmin:~$ dig desdelinux.net
...
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;desdelinux.net. IN A
...
root @ dns: ~ # tail -f / var / log / syslog ....
Feb 4 13:04:31 dns named[1602]: error (network unreachable) resolving 'desdelinux.net/A/IN': 2001:7fd::1#53 Feb 4 13:04:31 dns named[1602]: error (network unreachable) resolving 'desdelinux.net/A/IN': 2001:503:c27::2:30#53
...

The output of syslog it is much longer due to the search for the root servers by BIND. Of course the file / Etc / resolv.conf in the team sysadmin.desdelinux.fan points to DNS 192.168.10.5.

From the execution of the previous commands we can draw several conclusions beforehand:

  • The BIND is configured by default as a functional Cache Server without the need for subsequent configurations, and answers DNS queries for the localnets and localhost
  • Recursion - recursion is enabled for localnets and localhost
  • Not yet an Authoritarian server
  • Unlike CentOS, where we had to declare the parameter «Listen-on port 53 {127.0.0.1; 192.168.10.5; }; » explicitly to listen for DNS requests over the network interface 192.168.10.5 DNS itself, in Debian it is not necessary because it supports DNS requests for localnets and localhost default. Review the contents of the file /etc/bind/named.conf.options and they will see that there is no statement listen on.
  • IPv4 and IPv6 queries are enabled

If just by reading and interpreting -a tin as we say in Cuba- the archive NEWS.Debian.gz We have reached interesting conclusions that allow us to know a little more about the Default Configuration Philosophy of Team Debian with respect to BIND, what other interesting aspects can we know from continuing to read the files of the Accompanying Documentation?.

README.Debian.gz

README.Debian informs us -among many other aspects- that the Security Extensions for the Domain Name System - Domain Name System Security Extensions o DNSSEC, are enabled; and reaffirms that the default configuration works for most servers (leaf servers - leaf server referring to the leaves of the domain tree) without the need for user intervention.

  • DNSSEC according to Wikipedia: The Domain Name System Security Extensions (DNSSEC) is a set of specifications of the Internet Engineering Task Force (IETF) to secure certain types of information provided by the name system domain name (DNS) used in the Internet Protocol (IP). It is a set of extensions to DNS that provide DNS clients (or resolvers) with DNS data source authentication, authenticated denial of the existence and integrity of data, but not availability or confidentiality.

On Configuration Scheme tells us that all the Static Configuration Files, the Zone Files for the Root Servers, and the Forward and Reverse Zones of the localhost are / etc / bind.

The Demon Working Directory named es / var / cache / bind so that any transient file generated by the named such as databases for which it acts as a Slave Server, are written in the File System / var, which is where they belong.

Unlike previous versions of the BIND package for Debian, the file named.conf and db. * supplied, they are labeled as configuration files. In such a way that if we need a DNS Server that acts mainly as a Cache Server and that is not Authoritarian for anyone else, we can use it as it is installed and configured by default.

If you need to implement an Authoritative DNS, they suggest to put the files of the Master Zones in the same directory / etc / bind. If the complexity of the areas for which the named will be Authoritarian requires it, it is recommended to create a subdirectory structure, referring to the zone files absolutely in the file named.conf.

Any Zone File for which the named act as Slave Server must be located in / var / cache / bind.

The Zone Files subject to Dynamic Updates by a DHCP or the command nupdate, should be stored in / var / lib / bind.

If the operating system uses apparmor, the installed profile only works with the default BIND settings. Subsequent changes in the configuration of the named they may require changes to the apparmor profile. Visited https://wiki.ubuntu.com/DebuggingApparmor before filling in a form accusing a bugs in that service.

There are several issues associated with running Debian BIND in a Chroot Cage - chroot jail. Visit http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html for more information.

Other information

man named, man named.conf, man named-checkconf, man named-checkzone, man rndc, etc.

root @ dns: ~ # named -v
BIND 9.9.5-9 + deb8u1-Debian (Extended Support Version)

root @ dns: ~ # named -V
BIND 9.9.5-9 + deb8u1-Debian (Extended Support Version) built by make with '--prefix = / usr' '--mandir = / usr / share / man' \ '--infodir = / usr / share / info' '--sysconfdir = / etc / bind' \ '- -localstatedir = / var '' --enable-threads '' --enable-largefile '\' --with-libtool '' --enable-shared '' --enable-static '\' --with-openssl = / usr '' --with-gssapi = / usr '' --with-gnu-ld '\' --with-geoip = / usr '' --with-atf = no '' --enable-ipv9 '' --enable-rrl '\' --enable-filter-aaaa '\' CFLAGS = -fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O8 'compiled by GCC 50 using OpenSSL version : OpenSSL 6k 2 Jan 4.9.2 using libxml1.0.1 version: 8

root @ dns: ~ # ps -e | grep named
  408? 00:00:00 named

root @ dns: ~ # ps -e | grep bind
  339? 00:00:00 rpcbind

root @ dns: ~ # ps -e | grep bind9
root @ dns: ~ #

root @ dns: ~ # ls / var / run / named /
named.pid session.key  
root @ dns: ~ # ls -l /var/run/named/named.pid 
-rw-r - r-- 1 bind bind 4 Feb 4 13:20 /var/run/named/named.pid

root @ dns: ~ # rndc status
version: 9.9.5-9 + deb8u1-Debian CPUs found: 9 worker threads: 8 UDP listeners per interface: 50 number of zones: 1 debug level: 1 xfers running: 1 xfers deferred: 100 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/0 tcp clients: 0/0 server is up and running
  • It is undeniable the importance of consulting the Documentation installed with the BIND9 package before any other.

bind9-doc

root @ dns: ~ # aptitude install bind9-doc links2
root @ dns: ~ # dpkg -L bind9-doc

The package bind9-doc installs, among other useful information, the BIND 9 Administrator Reference Manual. To access the manual -in English- we execute:

root @ dns: ~ # links2 file: ///usr/share/doc/bind9-doc/arm/Bv9ARM.html
BIND 9 Administrator Reference Manual Copyright (c) 2004-2013 Internet Systems Consortium, Inc. ("ISC") Copyright (c) 2000-2003 Internet Software Consortium.

We hope you enjoy reading it.

  • Without leaving home, we have at hand Abundant Official Documentation about BIND and about the DNS service in general.

We configure the BIND in the Debian style

/etc/bind/named.conf "the principal"

root @ dns: ~ # nano /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, * BEFORE * you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

Does the commented heading require translation?

/etc/bind/named.conf.options

root @ dns: ~ # cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original

root @ dns: ~ # nano /etc/bind/named.conf.options
options {directory "/ var / cache / bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders {// 0.0.0.0; //}; // =============================================== ===================== $ // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys // ================================= =================================== $

    // We don't want DNSSEC
        dnssec-enable no;
        //dnssec-validation self;

        auth-nxdomain no; # conform to RFC1035

 // We don't need to listen for IPv6 addresses
        // listen-on-v6 {any; };
    listen-on-v6 {none; };

 // For checks from localhost and sysadmin
    // via dig desdelinux.fan axfr // We don't have Slave DNS... until now
 allow-transfer {localhost; 192.168.10.1; };
};

root @ dns: ~ # named-checkconf 
root @ dns: ~ #

/etc/bind/named.conf.local

In the commented header of this file, they recommend including the Zones indicated in the RFC-1918 described in the file /etc/bind/zones.rfc1918. The inclusion of these zones locally provides that any query regarding them does not go outside the local network to the root servers, which has two significant advantages:

  • Faster local resolution for local users
  • It does not create unnecessary - or spurious - traffic to the root servers.

Personally I do not have an Internet connection to test Recursion or Forwarding. However, and as we have not invalidated the Recursion in the named.conf.options file -by means of recursion not; - we can include the aforementioned areas and others that I explain below.

When installing BIND 9.9.7 in the FreeBSD 10.0 Operating System, which is also -and incidentally- Free Software, the configuration file /usr/local/etc/namedb/named.conf.sample it contains a whole series of zones that recommend serving locally to -also- obtain the aforementioned advantages.

In order not to alter the original BIND configuration in Debian, we suggest creating the file /etc/bind/zones.rfcFreeBSD and include it in the /etc/bind/named.conf.local with the content indicated below, and with the paths - paths to files already adapted to Debian:

root @ dns: ~ # nano /etc/bind/zones.rfcFreeBSD
// Shared Address Space (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "65.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "66.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "67.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "68.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "69.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "70.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "71.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "72.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "73.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "74.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "75.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "76.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "77.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "78.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "79.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "80.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "81.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "82.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "83.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "84.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "85.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "86.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "87.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "88.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "89.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "90.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "91.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "92.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "93.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "94.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "95.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "96.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "97.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "98.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "99.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "100.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "101.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "102.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "103.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "104.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "105.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "106.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "107.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "108.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "109.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "110.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "111.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "112.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "113.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "114.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "115.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "116.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "117.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "118.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "119.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "120.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "121.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "122.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "123.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "124.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "125.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "126.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "127.100.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

// Link-local / APIPA (RFCs 3927, 5735 and 6303)
zone "254.169.in-addr.arpa" {type master; file "/etc/bind/db.empty"; };

// IETF protocol assignments (RFCs 5735 and 5736)
zone "0.0.192.in-addr.arpa" {type master; file "/etc/bind/db.empty"; };

// TEST-NET- [1-3] for Documentation (RFCs 5735, 5737 and 6303)
zone "2.0.192.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "100.51.198.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "113.0.203.in-addr.arpa" {type master; file "/etc/bind/db.empty"; };

// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.bd0.1.0.0.2.ip6.arpa" {type master; file "/etc/bind/db.empty"; };

// Domain Names for Documentation and Testing (BCP 32)
zone "test" {type master; file "/etc/bind/db.empty"; }; zone "example" {type master; file "/etc/bind/db.empty"; }; zone "invalid" {type master; file "/etc/bind/db.empty"; }; zone "example.com" {type master; file "/etc/bind/db.empty"; }; zone "example.net" {type master; file "/etc/bind/db.empty"; }; zone "example.org" {type master; file "/etc/bind/db.empty"; };

// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "19.198.in-addr.arpa" {type master; file "/etc/bind/db.empty"; };

// IANA Reserved - Old Class E Space (RFC 5735)
zone "240.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "241.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "242.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "243.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "244.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "245.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "246.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "247.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "248.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "249.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "250.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "251.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "252.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "253.in-addr.arpa" {type master; file "/etc/bind/db.empty"; }; zone "254.in-addr.arpa" {type master; file "/etc/bind/db.empty"; };

// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "3.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "4.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "5.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "6.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "7.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "8.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "9.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "a.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "b.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "c.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "d.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "e.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "0.f.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "1.f.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "2.f.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "3.f.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "4.f.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "5.f.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "6.f.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "7.f.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "8.f.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "9.f.ip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "afip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "bfip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "0.efip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "1.efip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "2.efip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "3.efip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "4.efip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "5.efip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "6.efip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "7.efip6.arpa" {type master; file "/etc/bind/db.empty"; };

// IPv6 ULA (RFCs 4193 and 6303)
zone "cfip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "dfip6.arpa" {type master; file "/etc/bind/db.empty"; };

// IPv6 Link-Local (RFCs 4291 and 6303)
zone "8.efip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "9.efip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "aefip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "befip6.arpa" {type master; file "/etc/bind/db.empty"; };

// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
zone "cefip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "defip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "eefip6.arpa" {type master; file "/etc/bind/db.empty"; }; zone "fefip6.arpa" {type master; file "/etc/bind/db.empty"; };

// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int" {type master; file "/etc/bind/db.empty"; };

Although we have eliminated the possibility of listening to IPv6 requests in our example, it is worth including the IPv6 zones in the previous file for those who need them.

The final content of /etc/bind/named.conf.local is

root @ dns: ~ # nano /etc/bind/named.conf.local
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization
include "/etc/bind/zones.rfc1918"; include "/etc/bind/zones.rfcFreeBSD";

// Declaration of the name, type, location, and update permission
// of the DNS Records Zones // Both Zones are MASTERS
area "desdelinux.fan" {
 typemaster;
 file "/var/lib/bind/db.desdelinux.fan";
};

zone "10.168.192.in-addr.arpa" {
 typemaster;
 file "/var/lib/bind/db.10.168.192.in-addr.arpa";
};

root @ dns: ~ # named-checkconf root @ dns: ~ #

We create the files for each Zone

The content of the files in each area can be copied literally from the article «DNS and DHCP on CentOS 7«, As long as we are careful to change the destination directory to / var / lib / bind:

[root@dns ~]# nano /var/lib/bind/db.desdelinux.fan
$TTL 3H @ IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum or ; Negative caching time to live ; @ IN NS dns.desdelinux.fan. @ IN MX 10 email.desdelinux.fan. @ IN TXT "DesdeLinux, his blog dedicated to free software "; Sysadmin in A 192.168.10.1 AD-DC IN A 192.168.10.3 FILESERVER IN A 192.168.10.4 DNS IN A 192.168.10.5 PROXYWEB IN A 192.168.10.6 BLOG IN A 192.168.10.7 FTPSERVER IN A 192.168.10.8 mail IN A 192.168.10.9

[root @ dns ~] # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$TTL 3H @ IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum or ; Negative caching time to live ; @ IN NS dns.desdelinux.fan. ; 1 IN PTR sysadmin.desdelinux.fan. 3 IN PTR ad-dc.desdelinux.fan. 4 IN PTR fileserver.desdelinux.fan. 5 IN PTR dns.desdelinux.fan. 6 IN PTR proxyweb.desdelinux.fan. 7 IN PTR blog.desdelinux.fan. 8 IN PTR ftpserver.desdelinux.fan. 9 IN PTR mail.desdelinux.fan.

We check the syntax of each zone

root@dns:~# named-checkzone desdelinux.fan /var/lib/bind/db.desdelinux.fan 
areas desdelinux.fan/IN: loaded serial 1 OK

root @ dns: ~ # named-checkzone 10.168.192.in-addr.arpa /var/lib/bind/db.10.168.192.in-addr.arpa 
zone 10.168.192.in-addr.arpa/IN: loaded serial 1 OK

Checking the general BIND settings

root @ dns: ~ # named-checkconf -zp
  • Following the procedure of modifying the named.conf According to our needs and check, and create each zone file and check it, we doubt that we will have to face major configuration problems. In the end we realize that it is a boy's game, with many concepts and fussy syntax,

The checks returned satisfactory results, therefore we can restart the BIND - named.

We restart the BIND and check its status

[root @ dns ~] # systemctl restart bind9.service
[root @ dns ~] # systemctl status bind9.service
● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf- $ named.conf Active: active (running) since Sun 2017-02-05 07:45:03 EST; 5s ago Docs: man: named (8) Process: 1345 ExecStop = / usr / sbin / rndc stop (code = exited, status = 0 / SUCCESS) Main PID: 1350 (named) CGroup: /system.slice/bind9.service └─1350 / usr / sbin / named -f -u bind Feb 05 07:45:03 dns named [1350]: zone 1.f.ip6.arpa/IN: loaded serial 1 Feb 05 07:45:03 dns named [1350]: zone afip6.arpa/IN: loaded serial 1 Feb 05 07:45:03 dns named [1350]: zone localhost / IN: loaded serial 2 Feb 05 07:45:03 dns named [1350]: zone test / IN: loaded serial 1 Feb 05 07:45:03 dns named [1350]: zone example / IN: loaded serial 1 Feb 05 07:45:03 dns named [1350]: zone 5.efip6.arpa/IN: loaded serial 1 Feb 05 07:45:03 dns named [1350]: zone bfip6.arpa/IN: loaded serial 1 Feb 05 07:45:03 dns named [1350]: zone ip6.int/IN: loaded serial 1 Feb 05 07:45:03 dns named [1350]: all zones loaded Feb 05 07:45:03 dns named [1350]: running

If we get any kind of error in the output of the last command, we must restart the named.service and recheck your status. If the errors disappeared, the service started successfully. Otherwise, we must carry out a thorough review of all the modified and created files, and repeat the procedure.

Checks

The checks can be run on the same server or on a machine connected to the LAN. We prefer to do them from the team sysadmin.desdelinux.fan to which we gave express permission so that it can make Zone Transfers. The file / Etc / resolv.conf of that team is the following:

buzz @ sysadmin: ~ $ cat /etc/resolv.conf 
# Generated by NetworkManager search desdelinux.fan nameserver 192.168.10.5

buzz@sysadmin:~$ dig desdelinux.fan axfr
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> desdelinux.fan axfr ;; global options: +cmd
desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800
desdelinux.fan. 10800 IN NS dns.desdelinux.fan.
desdelinux.fan. 10800 IN MX 10 email.desdelinux.fan.
desdelinux.fan. 10800 IN TXT"DesdeLinux, your Blog dedicated to Free Software" ad-dc.desdelinux.fan. 10800 IN A 192.168.10.3 blog.desdelinux.fan. 10800 IN A 192.168.10.7 dns.desdelinux.fan. 10800 IN TO 192.168.10.5 fileserver.desdelinux.fan. 10800 IN A 192.168.10.4 ftpserver.desdelinux.fan. 10800 IN A 192.168.10.8 mail.desdelinux.fan. 10800 IN A 192.168.10.9 proxyweb.desdelinux.fan. 10800 IN A 192.168.10.6 sysadmin.desdelinux.fan. 10800 IN TO 192.168.10.1
desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 ;; Query time: 1 msec ;; SERVER: 192.168.10.5#53(192.168.10.5) ;; WHEN: Sun Feb 05 07:49:01 EST 2017
;; XFR size: 13 records (messages 1, bytes 385)

buzz @ sysadmin: ~ $ dig 10.168.192.in-addr.arpa axfr
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> 10.168.192.in-addr.arpa axfr ;; global options: +cmd 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 10.168.192.in-addr.arpa. 10800 IN NS dns.desdelinux.fan. 1.10.168.192.in-addr.arpa. 10800 IN PTR sysadmin.desdelinux.fan. 3.10.168.192.in-addr.arpa. 10800 IN PTR ad-dc.desdelinux.fan. 4.10.168.192.in-addr.arpa. 10800 IN PTR fileserver.desdelinux.fan. 5.10.168.192.in-addr.arpa. 10800 IN PTR dns.desdelinux.fan. 6.10.168.192.in-addr.arpa. 10800 IN PTR proxyweb.desdelinux.fan. 7.10.168.192.in-addr.arpa. 10800 IN PTR blog.desdelinux.fan. 8.10.168.192.in-addr.arpa. 10800 IN PTR ftpserver.desdelinux.fan. 9.10.168.192.in-addr.arpa. 10800 IN PTR mail.desdelinux.fan. 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 ;; Query time: 1 msec ;; SERVER: 192.168.10.5#53(192.168.10.5) ;; WHEN: Sun Feb 05 07:49:47 EST 2017
;; XFR size: 11 records (messages 1, bytes 333)

buzz@sysadmin:~$ dig IN SOA desdelinux.fan
buzz@sysadmin:~$ dig IN MX desdelinux.fan buzz@sysadmin:~$ dig IN TXT desdelinux.fan

buzz @ sysadmin: ~ $ host proxyweb
proxyweb.desdelinux.fan has address 192.168.10.6

buzz @ sysadmin: ~ $ host ftpserver
ftpserver.desdelinux.fan has address 192.168.10.8

buzz @ sysadmin: ~ $ host 192.168.10.9
9.10.168.192.in-addr.arpa domain name pointer mail.desdelinux.fan.

… And any other checks we need.

We install and configure DHCP

On Debian, the DHCP service is provided by the package isc-dhcp-server:

root @ dns: ~ # aptitude search isc-dhcp
i isc-dhcp-client - DHCP client for automatically obtaining an IP address p isc-dhcp-client-dbg - ISC DHCP server for automatic IP address assignment (client debug) i isc-dhcp-common - common files used by all of the isc-dhcp packages p isc-dhcp-dbg - ISC DHCP server for automatic IP address assignment (debuging symbol p isc-dhcp-dev - API for accessing and modifying the DHCP server and client state p isc-dhcp-relay - ISC DHCP relay daemon p isc-dhcp-relay-dbg - ISC DHCP server for automatic IP address assignment (relay debug) p isc-dhcp-server - ISC DHCP server for automatic IP address assignment p isc-dhcp-server-dbg - ISC DHCP server for automatic IP address assignment (server debug) p isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend

root @ dns: ~ # aptitude install isc-dhcp-server

After the installation of the package, the -omnipresent- systemd complains that it could not start the service. In Debian, we have to explicitly declare over which network interface it will lease IP addresses and respond to requests, the isc-dhcp-server:

root @ dns: ~ # nano / etc / default / isc-dhcp-server
.... # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, eg "eth0 eth1".
INTERFACES = "eth0"

Installed documentation

root @ dns: ~ # ls -l / usr / share / doc / isc-dhcp-server /
total 44 -rw-r - r-- 1 root root 1235 Dec 14 2014 copyright -rw-r - r-- 1 root root 26031 Feb 13 2015 changelog.Debian.gz drwxr-xr-x 2 root root 4096 Feb 5 08:10 examples -rw-r - r-- 1 root root 592 Dec 14 2014 NEWS.Debian.gz -rw-r - r-- 1 root root 1099 Dec 14 2014 README.Debian

TSIG key "dhcp-key"

The generation of the key is recommended TSIG o Transaction Signature - Transaction SIGnature, for authentication of dynamic DNS updates by DHCP. As we saw in the previous article «DNS and DHCP on CentOS 7«We consider that the generation of this key is not so essential, especially when both services are installed on the same server. However, we offer the general procedure for its automatic generation:

root @ dns: ~ # dnssec-keygen -a HMAC-MD5 -b 128 -r / dev / urandom -n USER dhcp-key
Kdhcp-key. + 157 + 11088

root @ dns: ~ # cat Kdhcp-key. +157 + 11088.private 
Private-key-format: v1.3 Algorithm: 157 (HMAC_MD5) Key: TEqfcx2FUMYBQ1hA1ZGelA == Bits: AAA = Created: 20170205121618 Publish: 20170205121618 Activate: 20170205121618

root @ dns: ~ # nano dhcp.key
key dhcp-key {
        algorithm hmac-md5;
        secret "TEqfcx2FUMYBQ1hA1ZGelA ==";
};

root @ dns: ~ # install -o root -g bind -m 0640 dhcp.key /etc/bind/dhcp.key root @ dns: ~ # install -o root -g root -m 0640 dhcp.key / etc / dhcp /dhcp.key root @ dns: ~ # ls -l /etc/bind/*.key
-rw-r ----- 1 root bind 78 Feb 5 08:21 /etc/bind/dhcp.key -rw-r ----- 1 bind bind 77 Feb 4 11:47 / etc / bind / rndc .key
root @ dns: ~ # ls -l /etc/dhcp/dhcp.key 
-rw-r ----- 1 root root 78 Feb 5 08:21 /etc/dhcp/dhcp.key

Updating the BIND Zones using the dhcp-key

root @ dns: ~ # nano /etc/bind/named.conf.local
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization include "/etc/bind/zones.rfc1918"; include "/etc/bind/zones.rfcFreeBSD"; include "/etc/bind/dhcp.key"; // Declaration of the name, type, location, and update permission // of the DNS Record Zones // Both Zones are MASTER zone "desdelinux.fan" { type master; file "/var/lib/bind/db.desdelinux.fan";
 allow-update {key dhcp-key; };
}; zone "10.168.192.in-addr.arpa" {type master; file "/var/lib/bind/db.10.168.192.in-addr.arpa";
 allow-update {key dhcp-key; };
};
root @ dns: ~ # named-checkconf 
root @ dns: ~ #

We configure the isc-dhcp-server

root @ dns: ~ # mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
root @ dns: ~ # nano /etc/dhcp/dhcpd.conf
ddns-update-style interim; ddns-updates on; ddns-domainname "desdelinux.fan."; ddns-rev-domainname "in-addr.arpa."; ignore client-updates; authoritative; option ip-forwarding off; option domain-name "desdelinux.fan"; include "/etc/dhcp/dhcp.key"; zone desdelinux.fan. { primary 127.0.0.1; key dhcp-key; } zone 10.168.192.in-addr.arpa. { primary 127.0.0.1; key dhcp-key; } shared-network redlocal { subnet 192.168.10.0 netmask 255.255.255.0 { option routers 192.168.10.1; option subnet-mask 255.255.255.0; option broadcast-address 192.168.10.255; option domain-name-servers 192.168.10.5; option netbios-name-servers 192.168.10.5; range 192.168.10.30 192.168.10.250; } } # END dhcpd.conf

We check the dhcpd.conf file

root @ dns: ~ # dhcpd -t
Internet Systems Consortium DHCP Server 4.3.1 Copyright 2004-2014 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: / var / run /dhcpd.pid

We restart the BIND and start the isc-dhcp-server

root @ dns: ~ # systemctl restart bind9.service 
root @ dns: ~ # systemctl status bind9.service 

root @ dns: ~ # systemctl start isc-dhcp-server.service
root @ dns: ~ # systemctl status isc-dhcp-server.service 
● isc-dhcp-server.service - LSB: DHCP server Loaded: loaded (/etc/init.d/isc-dhcp-server) Active: active (running) since Sun 2017-02-05 08:41:45 EST; 6s ago Process: 2039 ExecStop = / etc / init.d / isc-dhcp-server stop (code = exited, status = 0 / SUCCESS) Process: 2049 ExecStart = / etc / init.d / isc-dhcp-server start ( code = exited, status = 0 / SUCCESS) CGroup: /system.slice/isc-dhcp-server.service └─2057 / usr / sbin / dhcpd -q -cf /etc/dhcp/dhcpd.conf -pf / var / run / dhcpd.pid eth0 Feb 05 08:41:43 dns dhcpd [2056]: Wrote 0 leases to leases file. Feb 05 08:41:43 dns dhcpd [2057]: Server starting service. Feb 05 08:41:45 dns isc-dhcp-server [2049]: Starting ISC DHCP server: dhcpd.

Checks with clients

We started a client with the Windows 7 operating system, with the name «LAGER».

buzz @ sysadmin: ~ $ host lager
LAGER.desdelinux.fan has address 192.168.10.30

buzz@sysadmin:~$ dig in txt lager.desdelinux.fan

We change the name of that client to "seven" and restart the client

buzz @ sysadmin: ~ $ host lager
;; connection timed out; no servers could be reached

buzz@sysadmin: ~ $ host seven
seven.desdelinux.fan has address 192.168.10.30
buzz @ sysadmin: ~ $ host 192.168.10.30
30.10.168.192.in-addr.arpa domain name pointer seven.desdelinux.fan.

buzz@sysadmin:~$ dig in txt seven.desdelinux.fan

We changed the name of the Windows 7 client back to "win7"

buzz @ sysadmin: ~ $ host seven
;; connection timed out; no servers could be reached

buzz @ sysadmin: ~ $ host win7
win7.desdelinux.fan has address 192.168.10.30
buzz @ sysadmin: ~ $ host 192.168.10.30
30.10.168.192.in-addr.arpa domain name pointer win7.desdelinux.fan.

buzz@sysadmin:~$ dig in txt win7.desdelinux.fan
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> in txt win7.desdelinux.fan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11218 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;win7.desdelinux.fan. IN TXT ;; ANSWER SECTION: win7.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" ;; AUTHORITY SECTION:
desdelinux.fan. 10800 IN NS dns.desdelinux.fan. ;; ADDITIONAL SECTION: dns.desdelinux.fan. 10800 IN A 192.168.10.5 ;; Query time: 0 msec ;; SERVER: 192.168.10.5#53(192.168.10.5) ;; WHEN: Sun Feb 05 09:13:20 EST 2017 ;; MSG SIZE rcvd: 129

buzz@sysadmin:~$ dig desdelinux.fan axfr
; <<>> DiG 9.9.5-9+deb8u1-Debian <<>> desdelinux.fan axfr ;; global options: +cmd
desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 8 86400 3600 604800 10800
desdelinux.fan. 10800 IN NS dns.desdelinux.fan.
desdelinux.fan. 10800 IN MX 10 email.desdelinux.fan.
desdelinux.fan. 10800 IN TXT"DesdeLinux, your Blog dedicated to Free Software" ad-dc.desdelinux.fan. 10800 IN A 192.168.10.3 blog.desdelinux.fan. 10800 IN A 192.168.10.7 dns.desdelinux.fan. 10800 IN TO 192.168.10.5 fileserver.desdelinux.fan. 10800 IN A 192.168.10.4 ftpserver.desdelinux.fan. 10800 IN A 192.168.10.8 mail.desdelinux.fan. 10800 IN A 192.168.10.9 proxyweb.desdelinux.fan. 10800 IN A 192.168.10.6 sysadmin.desdelinux.fan. 10800 IN TO 192.168.10.1
win7.desdelinux.fan. 3600 IN  TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"
win7.desdelinux.fan. 3600 IN A 192.168.10.30
desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 8 86400 3600 604800 10800 ;; Query time: 2 msec ;; SERVER: 192.168.10.5#53(192.168.10.5) ;; WHEN: Sun Feb 05 09:15:13 EST 2017 ;; XFR size: 15 records (messages 1, bytes 453)

In the output above, we highlighted on bold that TTL -in seconds- for the computers with IP addresses granted by the DHCP service, those that have an explicit declaration of the TTL 3600 given by the DHCP. Fixed IPs are guided by the $ TTL of 3H -3 hours = 10800 seconds- declared in the SOA record of each zone file.

They can check the reverse zone in the same way.

[root @ dns ~] # dig 10.168.192.in-addr.arpa axfr

Other extremely interesting commands are:

[root@dns ~]# named-journalprint /var/lib/bind/db.desdelinux.fan.jnl
of the desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 add desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800 add LAGER.desdelinux.fan. 3600 IN A 192.168.10.30 add LAGER.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" from desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800 of LAGER.desdelinux.fan. 3600 IN A 192.168.10.30 add desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800 del desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800 of LAGER.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" add desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800 del desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800 add desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800 add seven.desdelinux.fan. 3600 IN A 192.168.10.30 add seven.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" from desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800 of seven.desdelinux.fan. 3600 IN A 192.168.10.30 add desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 6 86400 3600 604800 10800 del desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 6 86400 3600 604800 10800 of seven.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9" add desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 7 86400 3600 604800 10800 del desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 7 86400 3600 604800 10800 add desdelinux.fan. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 8 86400 3600 604800 10800 add win7.desdelinux.fan. 3600 IN A 192.168.10.30 add win7.desdelinux.fan. 3600 IN TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"

[root @ dns ~] # named-journalprint /var/lib/bind/db.10.168.192.in-addr.arpa.jnl
from 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 1 86400 3600 604800 10800 add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800 add 30.10.168.192.in-addr.arpa. 3600 IN PTR LAGER.desdelinux.fan. from 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 2 86400 3600 604800 10800 del 30.10.168.192.in-addr.arpa. 3600 IN PTR LAGER.desdelinux.fan. add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800 del 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 3 86400 3600 604800 10800 add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800 add 30.10.168.192.in-addr.arpa. 3600 IN PTR seven.desdelinux.fan. from 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 4 86400 3600 604800 10800 del 30.10.168.192.in-addr.arpa. 3600 IN PTR seven.desdelinux.fan. add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800 del 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 5 86400 3600 604800 10800 add 10.168.192.in-addr.arpa. 10800 IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. 6 86400 3600 604800 10800 add 30.10.168.192.in-addr.arpa. 3600 IN PTR win7.desdelinux.fan.

[root @ dns ~] # journalctl -f

Manual modification of Zones files

After DHCP enters the game of dynamically updating the BIND zone files, if we ever need to manually modify a zone file, we must carry out the following procedure, but not before knowing a little more about the operation of the zone. utility rndc -man rndc- for the control of named.

  • rndc freeze [zone [class [view]]], suspends the dynamic update of a zone. If one is not specified, all will freeze. The command allows manual editing of the frozen zone or all zones. Any dynamic update will be denied while frozen.
  • rndc thaw [zone [class [view]]], enables dynamic updates on a previously frozen zone. The DNS server reloads the zone file from disk, and dynamic updates are re-enabled after the reload is complete.

Cautions to be taken when we manually edit a zone file? The same as if we were creating it, without forgetting to increase the serial number by 1 or serial before saving the file with the final changes.

We freeze the zones

As we are going to make changes to the Forward and Reverse Zones while DNS and DHCP are running, the healthiest thing is to freeze the DNS Zones:

[root @ dns ~] # rndc freeze

The Zone desdelinux.fan contains the following records:

[root@dns ~]# cat /var/lib/bind/db.desdelinux.fan
$ORIGIN . $TTL 10800 ; 3 hours
desdelinux.fan IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. (
                                8; serial
                                86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS dns.desdelinux.fan. MX 10 email.desdelinux.fan. TXT"DesdeLinux, your Blog dedicated to Free Software" $ORIGIN desdelinux.fan. ad-dc To 192.168.10.3 blog To 192.168.10.7 dns To 192.168.10.5 fileserver To 192.168.10.4 ftpserver To 192.168.10.8 mail To 192.168.10.9 proxyweb To 192.168.10.6 sysadmin To 192.168.10.1 3600 $TTL 1 ; 7 hour win192.168.10.30 A 31 TXT "7228b3ddd3a73b2be9fda09e601e3f9eXNUMX"

Let's add the server «shore wall»With the IP 192.168.10.10:

root@dns:~# nano /var/lib/bind/db.desdelinux.fan
$ORIGIN . $TTL 10800 ; 3 hours
desdelinux.fan IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. (
                9; serial
                86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS dns.desdelinux.fan. MX 10 email.desdelinux.fan. TXT"DesdeLinux, your Blog dedicated to Free Software" $ORIGIN desdelinux.fan. ad-dc To 192.168.10.3 blog To 192.168.10.7 dns To 192.168.10.5 fileserver To 192.168.10.4 ftpserver To 192.168.10.8 mail To 192.168.10.9 proxyweb To 192.168.10.6
shorewall A 192.168.10.10
sysadmin A 192.168.10.1 $ TTL 3600; 1 hour win7 A 192.168.10.30 TXT "31b7228ddd3a3b73be2fda9e09e601f3e9"

We are supposed to also modify the reverse zone:

root @ dns: ~ # nano /var/lib/bind/db.10.168.192.in-addr.arpa
$ORIGIN . $TTL 10800 ; 3 hours 10.168.192.in-addr.arpa IN SOA dns.desdelinux.fan. root.dns.desdelinux.fan. (
                                7; serial
                                86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS dns.desdelinux.fan. $ORIGIN 10.168.192.in-addr.arpa. 1 PTR sysadmin.desdelinux.fan. 3 PTR ad-dc.desdelinux.fan. $TTL 3600 ; 1 hour 30 PTR win7.desdelinux.fan. $TTL 10800 ; 3 hours 4 PTR fileserver.desdelinux.fan. 5 PTR dns.desdelinux.fan. 6 PTR proxyweb.desdelinux.fan. 7 PTR blog.desdelinux.fan. 8 PTR ftpserver.desdelinux.fan. 9 PTR mail.desdelinux.fan.
10 PTR shorewall.desdelinux.fan.

We defrost and recharge the zones

[root @ dns ~] # rndc thaw

root @ dns: ~ # journalctl -f
-- Logs begin at Sun 2017-02-05 06:27:10 EST. -- Feb 05 12:00:29 dns named[1996]: received control channel command 'thaw' Feb 05 12:00:29 dns named[1996]: thawing all zones: success Feb 05 12:00:29 dns named[ 1996]: zone 10.168.192.in-addr.arpa/IN: journal file is out of date: removing journal file Feb 05 12:00:29 dns named[1996]: zone 10.168.192.in-addr.arpa/ IN: loaded serial 7 Feb 05 12:00:29 dns named[1996]: zone desdelinux.fan/IN: journal file is out of date: removing journal file Feb 05 12:00:29 dns named[1996]: zone desdelinux.fan/IN: loaded serial 9

buzz @ sysadmin: ~ $ host shorewall
shorewall.desdelinux.fan has address 192.168.10.10

buzz @ sysadmin: ~ $ host 192.168.10.10
10.10.168.192.in-addr.arpa domain name pointer shorewall.desdelinux.fan.

buzz@sysadmin:~$ dig desdelinux.fan axfr

buzz @ sysadmin: ~ $ dig 10.168.192.in-addr.arpa axfr

root @ dns: ~ # journalctl -f
.... Feb 05 12:03:05 dns named[1996]: client 192.168.10.1#37835 (desdelinux.fan): transfer of 'desdelinux.fan/IN': AXFR started Feb 05 12:03:05 dns named[1996]: client 192.168.10.1#37835 (desdelinux.fan): transfer of 'desdelinux.fan/IN': AXFR ended Feb 05 12:03:20 dns named[1996]: client 192.168.10.1#46905 (10.168.192.in-addr.arpa): transfer of '10.168.192.in-addr. arpa/IN': AXFR started Feb 05 12:03:20 dns named[1996]: client 192.168.10.1#46905 (10.168.192.in-addr.arpa): transfer of '10.168.192.in-addr.arpa /IN': AXFR ended

Summary

So far we have a Caché DNS server in operation, which supports Recursion, which is Authoritarian for the Zone desdelinux.fan, and that allows DHCP to update the Forward and Reverse Zones with the names of computers and IP that it grants.

This article and the previous two «DNS and DHCP in openSUSE 13.2 'Harlequin'" and "DNS and DHCP on CentOS 7»Are practically one. You will find general concepts about DNS and DHCP, and particularities of each distribution in each of them. They are a Entry point to the subject, and a basis for more complex developments.

We will not hesitate to insist - once again - on the importance of reading the technical documentation that is installed by default with each package, BEFORE configuring any detail. We say it from our own experience.

Next delivery

It's probably "Microsoft® Active Directory + BIND"


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   lizard said
    ago 7 years

    What a piece of tutorial that you have sent partner, I do not know where so much capacity for detail and order in subjects as complex as that comes from.

    My most sincere congratulations, an honor to be able to read you

    Respond to lizard
  2.   bafo said
    ago 7 years

    I have to tell you that the HOSTIA is the tutorials you publish, I love them.
    I am always waiting for your next chapter.
    When you're done, will you put it in a pdf? It is a documentation that in my opinion is very valuable, which deserves to be well kept.
    Thank you very much and a big greeting.
    Bafo.

    Reply to Bafo
  3.   federico said
    ago 7 years

    Bafo: Thank you very much for your evaluation and comment. The best reward for the time, work, and effort that I dedicate to each tutor is the comment. Be it positive or negative, but it is the sign that it does not go unnoticed. I guess a lot of readers just download and save, or bookmark it. But I can only assume that according to the number of visits. It is a pity that not many comment, although I know that the issues I deal with are fundamentally for Sysadmins. Greetings to you too and I will wait for you in my next articles.

    Reply to federico
  4.   federico said
    ago 7 years

    Lagarto: Thank you for your honest evaluation that I will always keep in mind.

    Reply to federico
  5.   artus said
    ago 7 years

    How would the configuration be if I have two network interfaces in the case of bind
    Thanks and congratulations on the material.

    Reply to artus
  6.   federico said
    ago 7 years

    Artus: Thank you for your comment and congratulations.
    The answer to your question deserves a separate article on the use of Views - views in the BIND.

    In case you have a Delegated Zone under your responsibility, and you want to have a single BIND to attend internal queries from your LAN and external queries from the Internet -with the BIND protected by a Firewall of course- it is recommended to use the Views.

    The Views, for example, allow you to present a configuration for your SME Network and another for the Internet. When we do not configure any View explicitly, the BIND implicitly creates a single one that shows all the computers that consult it.

    As the use of Views I consider it an advanced topic can and write an article about it, before or after the promised post announced at the end of it.

    Now, if you have two network interfaces facing your SME Network -formed by two Private Networks- for whatever reason of design, load balance, number of equipment or other, and you want to present all your zones to both networks, you can solve with statement:

    listen on {
    127.0.0.1;
    IP-Private-Interface1;
    IP-interface-Private2;
    };

    In this way, the BIND listens for requests on both interfaces.

    If all your computers are on Class C Private Network 192.168.10.0/255.255.240.0 -up to 4094 hosts- for example, you can also use the statement:

    listen-on {127.0.0.1; 192.168.10.0/20; };

    And you keep showing a single view to all the computers connected to your Private LAN.

    I hope my short answer helps you. Greetings and success.

    Reply to federico
    1.    artus said
      ago 7 years

      Thanks for answer so soon. You see I am setting up a Debian Server with version 9 (Strech), it has DNS, dhcp and squid as proxy, for the content filters I will use e2guardian.

      The computer has two network interfaces, which will allow computers on the LAN to go out to the Internet.
      router: 192.168.1.1
      eth0: 192.168.1.55 (through this interface it will go to the Internet)
      eth1:192.168.100.1 (LAN)

      The idea is that the computers can go to the Internet through this proxy server, which will also provide ips and dns to the computers on the internal network.

      In this case, I don't need the server to attend dns requests through the eth0 interface (I don't want to present my zones to both networks, only to my LAN); so if I remove the private-interface-IP1, would that be enough?

      Thanks again and regards.

      Reply to artus
  7.   Edward Claus said
    ago 7 years

    Very good article my friend
    You have the BIND in your veins, even if you say and think otherwise 🙂
    Congratulations

    Reply to Eduardo Noel
  8.   federico said
    ago 7 years

    Artus: Remove the 192.168.1.55 interface from the listen-on statement and go. Or declare just listen-on {127.0.0.1; 192.168.100.1; }; and that's it. The BIND will only listen on those interfaces.

    Reply to federico
    1.    artus said
      ago 7 years

      Fine thanks.

      Reply to artus
  9.   federico said
    ago 7 years

    Eduardo: my friend, I still prefer dnsmasq for "small" networks, and we will have to see how "big" they can be. 😉 Although I recognize that the BIND + isc-dhcp-server is the BIND + isc-dhcp-server. 😉

    Reply to federico
  10.   federico said
    ago 7 years

    Eduardo: I forgot to tell you that the BIND Specialist is you, Master.

    Reply to federico
  11.   dhunter said
    ago 7 years

    Years using BIND and I continue to learn from your writing, thank you very much Federico, with this series of tutorials a sysadmin is fired. I come back and I repeat, the idea of ​​encompassing all this knowledge in an official portable format is not bad at all, give it head that something very good can come out. A greeting.

    Reply to dhunter
  12.   federico said
    ago 7 years

    Dhunter friend: Your comments are always well received. Encompassing everything is difficult and almost impossible, because a new topic always comes up. By chapters, it goes and it is possible. Some article would have to be rewritten to gain consistency in configurations. I don't promise anything, but we'll see.

    Reply to federico
  13.   Ismael Alvarez Wong said
    ago 7 years

    hello federico, here are my comments:
    1) The emphasis you make on «... read before configuring the BIND and even BEFORE searching the Internet for articles related to BIND and DNS ...» searching for them on our own computer and all this «... without leaving home ...» to use your own words.
    2) In this post we find more theory about DNS that complements the one provided in the two previous posts and is always appreciated; for example: the DNSSEC (Domain Name System Security Extensions) and what it is used for; as well as the BIND Configuration Scheme with its Static Configuration Files, Zone Files for the Root Servers, and the Forward and Reverse Zones of localhost in Debian.
    3) GREAT the tip of not disabling recursion (using the line "recursion no;") then include in the configuration file /etc/bind/named.conf.local, the zone files / etc / bind / zones. rfc1918 and /etc/bind/zones.rfcFreeBSD to prevent any queries regarding them from leaving the local network to the root servers.
    4) Unlike the previous post about CentOS 7, in this post if the TSIG Key "dhcp-key" is generated for dynamic DNS updates from DHCP; to allow it in the /etc/bind/named.conf.local file, include "allow-update {key dhcp-key; }; » in the configuration of the direct and reverse zones of our domain.
    5) The great detail (equal to the previous post in CentOS 7) of everything related to the checks of the operation of DNS, DHCP and with the clients.
    6) GREAT the tip of using the "install" command (if, as it is written, I do not mean the option of the same name that is used in other commands), I did not know it, for it is a true "3 in 1" because groups copy (cp), establishment of owners (chown) and permissions (chmod).
    . Finally, your answer to Artus about the use of Views in BIND is very good, one for the LAN (private network) and the other for the Internet so that only the public services can be consulted. Hopefully later you have time to prepare a post as it is a very practical application topic for many sysadmins.
    Nothing Federico that I continue to be more enthusiastic about the PYMES series and I look forward to the next post "Microsoft Active Directory + BIND"

    Reply to Ismael Alvarez Wong
  14.   federico said
    ago 7 years

    Wong: Colleague and friend, your comments complement my articles and demonstrate that they are understandable. The "install" command has many more options. Query man install. Thanks a thousand for commenting !!!

    Reply to federico
  15.   crespo88 said
    ago 7 years

    I have not read the comments yet, I will do so after stating my criteria.
    You have done and achieved a lot, you have given us a light, but not the one that is seen at the "end of the tunnel" when there is no more hope as we use to say; not that not for nothing, you have given the complete light to be able to say "In the end we realize that it is a boy's game, with many concepts and fussy syntax" as you explain in the post.
    POST TRUNK and along with the previous ones for a couple of more famous distros. You complied with the expansion of concepts and theory that on many occasions takes its toll on us. I have read in detail, calmly and it is impossible not to comment and feel COMPLETELY GRATEFUL for such dedication and dedication.
    Without further ado, we wish you all health and that you continue to contribute; We thank you and may luck, economy, health (we wish you double) and love accompany you (with Sandra's for more, hahaha).
    I know that the comment goes a little beyond the content of the post, it goes to the personal because we are friends and I admire your selfless delivery. Nobody NOBODY does what you do for those of us who want to learn more and more and we have the responsibility of managing SME networks on our shoulders, not an easy task.
    Sl2 everyone.

    Reply to crespo88
  16.   federico said
    ago 7 years

    crespo88: Thank you very much for your evaluations about this and other published articles. Some readers may think that I give it my all, when it is not true. I always mean an Entry Point, even if the examples are fully functional. BIND is The Electronic Industry and DHCP is not far behind. To know them above the average, you have to pass a postgraduate degree at the University of Helsinki, 😉

    Reply to federico
  17.   Miguel Guaramato placeholder image said
    ago 7 years

    I find this topic interesting and very important. I am interested in this study of what is all about the administration of linux networks and especially servers: dns, dynamic and static dhcp and virtual networks, bin9, samba, print servers, ldap, network supervision with applications, mounts of databases for programmers' applications and vlan, etc. That is why it is important and these tips are very good and with practices and examples.

    Reply to Miguel Guaramato
  18.   federico said
    ago 7 years

    Hi miguel!!!
    Thanks for commenting and I hope the series helps you in what interests you. Regards.

    Reply to federico
  19.   George said
    ago 7 years

    Thank you very much for the article Federico, it shows that you know about debian. A hug.

    Reply to Jorge
  20.   federico said
    ago 7 years

    Thank you Jorge, for your comment. Hope my articles help you.

    Reply to federico
  21.   Pablo Raúl Vargas Hall said
    ago 7 years

    Thank you very much for the post which is well documented and urges us to read, read and read again. Now with the following post that you are going to publish, I would like you to take into account the points of convergence that it would have:
    Microsoft Active Directory with Samba4 as Active Directory

    Besides, I wanted to consult the following:
    How would be the implementation of Bind + Isc-dhcp in the FW in a dmz where the domain controller would be in the dmz with a samba 4 AD

    Reply to Pablo Raul Vargas Hall