Virtual Private Server - VPS, hospedado no Hypervisor esxi18.ifce.edu.br localizado na sala de maquinas do IFCE Campus Fortaleza/Benfica. Atua como servidor de DNS autoritativo secundário dos dominios:
ifce.edu.br cefet-ce.br cefetce.br etfce.br
Hostname: ns2.ifce.edu.br IPv4: 200.129.46.60 OS: FreeBSD-10.1-RELEASE-amd64 Username: operador Passwd: 1Password @ Dominios -> ifce.edu.br -> esxi18.ifce.edu.br -> ns2 vCPU's: 2 RAM: 2GiB HDD: 20GiB
nsd-4.1.0 vim-7.4.657
Navegue até o port do NSD:
# cd /usr/ports/dns/nsd
Compile-o:
# make # make install clean
Crie a estrutura de diretórios que utilizaremos:
# mkdir -p /usr/local/etc/nsd/var/db/nsd # mkdir -p /usr/local/etc/nsd/var/db/master # mkdir -p /usr/local/etc/nsd/var/db/slave # mkdir -p /usr/local/etc/nsd/var/db/view # mkdir -p /usr/local/etc/nsd/var/run/nsd # mkdir -p /usr/local/etc/nsd/var/log # mkdir /usr/local/etc/nsd/tmp
Configure o NSD para ser inicializado juntamente com o sistema:
# echo 'nsd_enable="YES"' >> /etc/rc.conf
Para que possamos gerar os certificados que o NSD precisa para permitir controle remoto, utilize o nsd-control
nsd-control-setup
A saída deve mostrar algo do tipo:
setup in directory /usr/local/etc/nsd generating nsd_server.key Generating RSA private key, 1536 bit long modulus .++++ .........................++++ e is 65537 (0x10001) generating nsd_control.key Generating RSA private key, 1536 bit long modulus ...........................................++++ ....................................++++ e is 65537 (0x10001) create nsd_server.pem (self signed certificate) create nsd_control.pem (signed client certificate) Signature ok subject=/CN=nsd-control Getting CA Private Key Setup success. Certificates created. Enable in nsd.conf file to use
Todos os arquivos de zona, devem ser colocados em /usr/local/etc/nsd/var/db
. O diretório base contém todos os arquivos de configuração de zonas (ex: localhost, mapeamentos reversos, root.servers, etc) e com a seguinte estrutura:
/usr/local/etc/nsd/var/db/master
- master zone files/usr/local/etc/nsd/var/db/view
- where views are used/usr/local/etc/nsd/var/db/slave
- slave zones files/usr/local/etc/nsd/var/db/slave/reverse
- reverse slave zones files
Encontram-se no diretório /usr/local/etc/nsd
, os arquivos de configuração do serviço e de suas zonas:
nsd.conf
- Arquivo de configuração do serviçoconf.d/zones.conf
- Arquivo de configuração de zonasconf.d/reverse.conf
- Arquivo de configuração de zonas reversas
Arquivos de zona master: são nomeados domain.tld.zone
(ou ifce.edu.br.zone
), se for um subdomínio, deverá então ser subdominio.domain.tld.zone
(ou dgti.ifce.edu.br.zone
).
Arquivos de zona slave: são nomeados domain.tld.zone
(ou slave.ifce.edu.br.zone
), se for um subdomínio, deverá então ser subdominio.domain.tld.zone
(ou slave.dgti.ifce.edu.br.zone
).
Root servers: Se presentes na máquina (DNS Recursivo habilitado), são nomeados root.servers
Arquivos de zona reversa são nomeados a partir do número da subrede a qual se refere adicionado do sufíxo “.rev”ex: Um arquivo para a zona 23.168.192.IN-ADDR.ARPA
deverá se chamar: 192.168.23.rev
<note important>Esta nomenclatura mais simples é adota a fim de evitar ter de se escrever digitos reversamente às 03:00am ofegante por que sua maquina não resolve queries para o mundo!</note>
Arquivos de zona localhost são nomeados master.localhost
e seu reverso nomeado localhost.rev
Reincia-se o serviço do NSD através do comando:
service nsd start
Reincia-se o serviço do NSD através do comando:
service nsd stop
Reincia-se o serviço do NSD através do comando:
service nsd restart
Força-se a transferência de zonas do servidor Master
através do comando:
nsd-control transfer ifce.edu.br
Persistem-se as zonas em seus respectivos arquivos (descritos em conf.d/zones.conf) através do comando:
nsd-control write
server: hide-version: yes database: "/usr/local/etc/nsd/var/db/nsd/nsd.db" logfile: "/usr/local/etc/nsd/var/log/nsd.log" server-count: 1 tcp-count: 10 pidfile: "/usr/local/etc/nsd/var/run/nsd/nsd.pid" username: nsd difffile: "/usr/local/etc/nsd/var/db/nsd/ixfr.db" xfrdfile: "/usr/local/etc/nsd/var/db/nsd/xfrd.state" verbosity: 2 remote-control: control-enable: yes key: name: "rndc-key" algorithm: hmac-md5 secret: "TROQUE_A_CHAVE" pattern: name: "secundario" allow-notify: 200.17.33.7/32 rndc-key request-xfr: AXFR 200.17.33.7 rndc-key include: "/usr/local/etc/nsd/conf.d/zones.conf" include: "/usr/local/etc/nsd/conf.d/reverse.conf"
zone: name: "33.17.200.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/200.17.33.rev" include-pattern: "secundario" zone: name: "32.17.200.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/200.17.32.rev" include-pattern: "secundario" zone: name: "46.129.200.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/200.129.46.rev" include-pattern: "secundario" zone: name: "128.129.200.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/200.129.128.rev" include-pattern: "secundario" zone: name: "48.128.200.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/200.129.48.rev" include-pattern: "secundario" zone: name: "176.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.176.rev" include-pattern: "secundario" zone: name: "177.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.177.rev" include-pattern: "secundario" zone: name: "178.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.178.rev" include-pattern: "secundario" zone: name: "179.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.179.rev" include-pattern: "secundario" zone: name: "180.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.180" include-pattern: "secundario" zone: name: "181.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.181.rev" include-pattern: "secundario" zone: name: "182.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.182.rev" include-pattern: "secundario" zone: name: "183.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.183.rev" include-pattern: "secundario" zone: name: "184.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.184.rev" include-pattern: "secundario" zone: name: "185.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.185.rev" include-pattern: "secundario" zone: name: "186.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.186.rev" include-pattern: "secundario" zone: name: "187.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.187.rev" include-pattern: "secundario" zone: name: "188.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.188.rev" include-pattern: "secundario" zone: name: "189.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.189.rev" include-pattern: "secundario" zone: name: "190.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.190.rev" include-pattern: "secundario" zone: name: "191.109.179.in-addr.arpa" zonefile: "/usr/local/etc/nsd/var/db/slave/reverse/179.109.191.rev" include-pattern: "secundario"
zone: name: "ifce.edu.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.ifce.edu.br.zone" include-pattern: "secundario" zone: name: "cefetce.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.cefetce.br.zone" include-pattern: "secundario" zone: name: "cefet-ce.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.cefet-ce.br.zone" include-pattern: "secundario" zone: name: "etfce.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.etfce.br.zone" include-pattern: "secundario" zone: name: "otrs.ifce.edu.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.otrs.ifce.edu.br.zone" include-pattern: "secundario" zone: name: "listas.ifce.edu.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.listas.ifce.edu.br.zone" include-pattern: "secundario" zone: name: "gdeste.ifce.edu.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.gdeste.ifce.edu.br.zone" include-pattern: "secundario" zone: name: "lit.ifce.edu.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.lit.ifce.edu.br.zone" include-pattern: "secundario" zone: name: "cppd.ifce.edu.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.cppd.ifce.edu.br.zone" include-pattern: "secundario" zone: name: "lds.ifce.edu.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.lds.ifce.edu.br.zone" include-pattern: "secundario" zone: name: "dgti.ifce.edu.br" zonefile: "/usr/local/etc/nsd/var/db/slave/slave.dgti.ifce.edu.br.zone" include-pattern: "secundario"