Index

5.2 Startup DNS Server virtual machine

5.4 Configure Firewall for DNS service


5.3 Configure DNS Server


• Startup the "DNS" virtual machine (see 5.2 Startup DNS Server virtual machine)




Now you could log in directly in the virtual machine as user root, but connecting through SSH from your host PC, makes it possible to copy and paste text into the console window


• Open "Command Prompt" on your host computer




Write what is highlighted in red


Instead of writing "teddy", then write the username you have created on the master virtual machine:

C:\Users\teddy>ssh teddy@192.168.0.128

teddy@192.168.0.128's password:write your user's password here


[teddy@localhost ~]$ su

Password:write the root password here


Set the hostname of this machine, but use your own domain name instead of "yddet.dk":

[root@localhost teddy]# hostnamectl set-hostname dns.yddet.dk


Install the DNS service:

[root@localhost teddy]# yum install bind* -y

output output output ...

Complete!


Create and edit a forward lookup zone file, but use you own domain name instead of "yddet.dk":

[root@localhost teddy]# cd /var/named

[root@localhost named]# cp named.localhost yddet.dk.db

[root@localhost named]# vim yddet.dk.db


Make the document look like this, but write your own domain name instead of "yddet.dk":



Save the document and quit vim


Create and edit a reverse lookup zone file for the "192.168.1.0/24" network:

[root@localhost named]# cp named.loopback 1.168.192.db

[root@localhost named]# vim 1.168.192.db


Make the document look like this, but write your own domain name instead of "yddet.dk":



Save the document and quit vim


Create and edit a reverse lookup zone file for the "192.168.255.0/24" network:

[root@localhost named]# cp named.loopback 255.168.192.db

[root@localhost named]# vim 255.168.192.db


Make the document look like this, but write your own domain name instead of "yddet.dk":



Save the document and quit vim


Set the "named" group as owner of the three newly created files:

[root@localhost named]# chown :named yddet.dk.db 1.168.192.db 255.168.192.db


Edit the DNS service configuration file:

[root@localhost named]# cd /etc

[root@localhost etc]# cp named.conf /backup

[root@localhost etc]# vim named.conf


To set up the DNS service to listen on the ethernet interface address, and to allow queries from all the local addresses, find these lines and add what is highlighted in red:

listen-on port 53 { 127.0.0.1; 192.168.255.2; };


allow-query { localhost; 192.168.0.0/24; 192.168.1.0/24; 192.168.255.0/24; };


To disable dnssec, find these lines and add a comment mark to the start of the first line, and change what is highlighted in red in the second line:

# dnssec-enable yes;

dnssec-validation no;


Add these lines as the next lines:

forwarders { 192.168.0.1; };

forward only;


Add the lines highlighted in red:

zone "." IN {

type hint;

file "named.ca";

};


zone "yddet.dk" IN {

type master;

file "yddet.dk.db";

allow-update {none;};

};


zone "1.168.192.in-addr-arpa" IN {

type master;

file "1.168.192.db";

allow-update {none;};

};


zone "255.168.192.in-addr-arpa" IN {

type master;

file "255.168.192.db";

allow-update {none;};

};


Save the document and quit vim


[root@localhost etc]# systemctl enable named

Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.


Edit the configuration file for the first Ethernet adapter:

[root@dns named]# EditNet


Find these lines and change them to:

IPADDR=192.168.255.2

GATEWAY=192.168.255.1

DNS1=127.0.0.1


Add this line to the end of the document, but use your own domain name instead of "yddet.dk":

DOMAIN=yddet.dk


Save the document and quit vim


Shutdown the system, and exit "Command Prompt":

[root@firewall firewall]# shutdown -h now

Connection to 192.168.0.128 closed by remote host.

Connection to 192.168.0.128 closed.


C:\Users\teddy>exit


Return to the "DNS" virtual machine



Click "X" to close the virtual machine

Return to "Hyper-V Manager"



• At "Actions" click "Settings..."



At "Hardware" select "Network Adapter"

• At "Virtual switch:" select "DMZ"

• Click "OK"