|
Below is a example how to setup a secure DNS server based on bind 9.2.1 from www.isc.org. John Nimda has two domains (my-domain.net and my-domain.org). Its a DSL network with a inside part and a outside part. The inside part contains 10.0.18.0/24 and 192.168.1.0/24 as networks. The outside part is just 1 ip-number being 61.9.252.148 . The ISP (isp.net) has two DNS servers on 195.133.252.4 and 195.133.252.5. The hmac-md5 keys are generated as follows : dnssec-keygen -a HMAC-MD5 -b 128 -n HOST lnx-srv.my-domain.net. ( See chapter11 from DNS and BIND 4th ed. by Paul Albitz & Cricket Liu, O'Reilly ) Disclaimer: The used names and ip-numbers are completely fictious. I do not take any responsibilty for just unthoughtfull applying of these examples . total 24 -rw-r--r-- 1 crashrec klant 2496 Nov 8 01:52 named.cache -rw-r--r-- 1 crashrec klant 2547 Nov 22 06:24 named.conf -rw-r--r-- 1 crashrec klant 365 Nov 12 2001 named.local drwxr-xr-x 2 crashrec klant 4096 Nov 22 06:19 primary/ drwxr-xr-x 2 crashrec klant 4096 Nov 22 06:19 secondary/ -rw-r--r-- 1 crashrec klant 1703 Nov 22 06:24 slaves.conf ./primary: total 24 -rw-r--r-- 1 crashrec klant 1713 Nov 22 06:15 10.0.18.rev -rw-r--r-- 1 crashrec klant 2057 Nov 22 06:16 192.168.1.rev -rw-r--r-- 1 crashrec klant 6167 Nov 22 06:16 my-domain.net.hosts.inside -rw-r--r-- 1 crashrec klant 940 Nov 22 06:18 my-domain.net.hosts.outside -rw-r--r-- 1 crashrec klant 961 Nov 22 06:19 my-domain.org.hosts.outside ./secondary: total 0 |
|