Track2Agenda: 03-dns-reverse-delegation.txt

File 03-dns-reverse-delegation.txt, 4.1 KB (added by Andy Linton, 6 years ago)

Line
1	IP Reverse Delegation
2	=====================
3
4	Before you start you need to change a parameter in /usr/local/etc/unbound/unbound.conf:
5
6	# a number of locally served zones can be configured.
7	# local-zone: "10.10.in-addr.arpa." nodefault
8	local-zone: "10.in-addr.arpa." transparent
9
10	Then reload the unbound server:
11
12	# unbound-control reload
13
14	On your servers auth1, auth2 and resolv you have an IPv4 and an IPv6 address. You should
15	make sure you have entries for each of these in your forward file.
16	e.g.
17
18	auth1.MYTLD. IN A 10.10.X.1
19	IN AAAA 2400:4136:8b5f:3a11::X:1
20	auth2.MYTLD. IN A 10.10.X.2
21	IN AAAA 2400:4136:8b5f:3a11::X:2
22	resolv.MYTLD. IN A 10.10.X.3
23	IN AAAA 2400:4136:8b5f:3a11::X:3
24
25	Don't forget to replace 'MYTLD' with your own domain (unless your name is Annie!)
26
27	Adding the zones
28	----------------
29
30	1. You should create a zone file for your in-addr.arpa zone and for your ip6.arpa zone
31	using the names:
32
33	db.X.10.10.in-addr.arpa
34	db.X.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa
35
36	You should copy the SOA and NS records from your MYTLD file to these files.
37
38	2. You will need to add a zone statement to the named.conf file on auth1 and the nsd.conf
39	file on auth2. Use the existing details for your MYTLD as a template.
40
41	3. On the parent server the following delegations have been set up already
42
43	Your in-addr.arpa delegations are:
44
45	1.10.10.in-addr.arpa. IN NS auth1.grp1.dns.nsrc.org.
46	IN NS auth2.grp1.dns.nsrc.org.
47
48	2.10.10.in-addr.arpa. IN NS auth1.grp2.dns.nsrc.org.
49	IN NS auth2.grp2.dns.nsrc.org.
50
51	3.10.10.in-addr.arpa. IN NS auth1.grp3.dns.nsrc.org.
52	IN NS auth2.grp3.dns.nsrc.org.
53
54	4.10.10.in-addr.arpa. IN NS auth1.grp4.dns.nsrc.org.
55	IN NS auth2.grp4.dns.nsrc.org.
56
57	5.10.10.in-addr.arpa. IN NS auth1.grp5.dns.nsrc.org.
58	IN NS auth2.grp5.dns.nsrc.org.
59
60	6.10.10.in-addr.arpa. IN NS auth1.grp6.dns.nsrc.org.
61	IN NS auth2.grp6.dns.nsrc.org.
62
63	7.10.10.in-addr.arpa. IN NS auth1.grp7.dns.nsrc.org.
64	IN NS auth2.grp7.dns.nsrc.org.
65
66	8.10.10.in-addr.arpa. IN NS auth1.grp8.dns.nsrc.org.
67	IN NS auth2.grp8.dns.nsrc.org.
68
69	Your ip6.arpa delegations are:
70
71	1.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp1.dns.nsrc.org.
72	IN NS auth2.grp1.dns.nsrc.org.
73
74	2.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp2.dns.nsrc.org.
75	IN NS auth2.grp2.dns.nsrc.org.
76
77	3.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp3.dns.nsrc.org.
78	IN NS auth2.grp3.dns.nsrc.org.
79
80	4.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp4.dns.nsrc.org.
81	IN NS auth2.grp4.dns.nsrc.org.
82
83	5.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp5.dns.nsrc.org.
84	IN NS auth2.grp5.dns.nsrc.org.
85
86	6.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp6.dns.nsrc.org.
87	IN NS auth2.grp6.dns.nsrc.org.
88
89	7.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp7.dns.nsrc.org.
90	IN NS auth2.grp7.dns.nsrc.org.
91
92	8.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp8.dns.nsrc.org.
93	IN NS auth2.grp8.dns.nsrc.org.
94
95	4. Use dig to check that the nameservers are delegated properly after you reload your servers.
96
97	5. Add PTR records to each of the zone files for each of your three servers.
98
99	e.g.
100
101	1 PTR auth1.MYTLD.
102
103	and
104
105	1.0.0.0 PTR auth1.MYTLD.
106
107	and so on.
108
109	6. Check that the reverse lookup works using "dig -x"