Difference between revisions of "Named"
(6 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
= Named serves DNS records = | = Named serves DNS records = | ||
− | Named is the deamon that provides DNS services. It runs on | + | Named is the deamon that provides DNS services. It runs on [[jalapeno]], <strike> and [[lentil]] </strike>, where [[jalapeno]] is the master <strike>and [[lentil]] is the slave </strike>. These DNS services are only accessible <strike>on the backend network: 10.0.0.253 for jalapeno.</strike> on the "peers" group, i.e. the backend and the UNH network. |
The configuration for DNS is in /etc/named.conf | The configuration for DNS is in /etc/named.conf | ||
− | The entries for the DNS are on ''' | + | The entries for the DNS are on '''jalapeno''' in /var/named/<br> |
After making any edits, make sure you reload the tables: /etc/init.d/named reload | After making any edits, make sure you reload the tables: /etc/init.d/named reload | ||
− | There is still | + | Note that to make use of jalapeno as a name server, the resolve.conf of the node has to have 10.0.0.253 come first. The UNH name servers will return the nuclear.unh.edu for anything *physics.unh.edu and thus give the wrong address for *.farm.physics.unh.edu |
+ | |||
+ | Configuration information for named i.e. BIND is found here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-BIND.html | ||
+ | |||
+ | There is STILL a problem with the UNH network and the forwarding request reaching servers. On September 16 2014 this completely stopped working. | ||
+ | |||
+ | === Securing === | ||
+ | See: https://www.us-cert.gov/ncas/alerts/TA13-088A | ||
+ | Seems our system was used in a DDOS attack on Feb 22, 2016 | ||
+ | This was set wide open. Seems Aaron’s legacy, still had Xemed and “9green”, “sunsetlabs” etc in it, but commented out. | ||
+ | I now restricted query, transfer and recursion to “peers”: local systems and the farm. | ||
+ | |||
+ | = OLD CONFIGURATION = | ||
+ | |||
+ | Comments below were for the old configuration. This is no longer the case. | ||
+ | |||
+ | Named used to run on Jalapeño and tomato, but it no longer runs on tomato. The alternate system is now lentil. | ||
+ | |||
+ | == Named (Bind) Configuration == | ||
+ | |||
+ | We run named in a "chroot jail" for safety. The jail is in /var/named/chroot. See [http://www.faqs.org/docs/Linux-HOWTO/Chroot-BIND-HOWTO.html Chroot-BIND-HOWTO]. | ||
+ | The chroot directory does NOT need a "proc", which messes up backups of "var". "dev" also messes up the backups, but I'm unsure about whether this is actually necessary. |
Latest revision as of 21:52, 27 February 2016
Named serves DNS records
Named is the deamon that provides DNS services. It runs on jalapeno, and lentil , where jalapeno is the master and lentil is the slave . These DNS services are only accessible on the backend network: 10.0.0.253 for jalapeno. on the "peers" group, i.e. the backend and the UNH network.
The configuration for DNS is in /etc/named.conf
The entries for the DNS are on jalapeno in /var/named/
After making any edits, make sure you reload the tables: /etc/init.d/named reload
Note that to make use of jalapeno as a name server, the resolve.conf of the node has to have 10.0.0.253 come first. The UNH name servers will return the nuclear.unh.edu for anything *physics.unh.edu and thus give the wrong address for *.farm.physics.unh.edu
Configuration information for named i.e. BIND is found here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-BIND.html
There is STILL a problem with the UNH network and the forwarding request reaching servers. On September 16 2014 this completely stopped working.
Securing
See: https://www.us-cert.gov/ncas/alerts/TA13-088A Seems our system was used in a DDOS attack on Feb 22, 2016 This was set wide open. Seems Aaron’s legacy, still had Xemed and “9green”, “sunsetlabs” etc in it, but commented out. I now restricted query, transfer and recursion to “peers”: local systems and the farm.
OLD CONFIGURATION
Comments below were for the old configuration. This is no longer the case.
Named used to run on Jalapeño and tomato, but it no longer runs on tomato. The alternate system is now lentil.
Named (Bind) Configuration
We run named in a "chroot jail" for safety. The jail is in /var/named/chroot. See Chroot-BIND-HOWTO. The chroot directory does NOT need a "proc", which messes up backups of "var". "dev" also messes up the backups, but I'm unsure about whether this is actually necessary.