Table of Contents
Install Bind on your DNS Node Server #
1 | yum <span class="token function">install</span> <span class="token builtin class-name">bind</span> bind-chroot bind-utils -y |
Optionally, create security log files and add them in selinux policy (fail2ban or other firewall solution):
1 2 3 4 5 6 | <span class="token function">mkdir</span> /var/named/logs <span class="token function">chown</span> named:named /var/named/logs <span class="token function">touch</span> /var/named/logs/security.log <span class="token function">chown</span> named:named /var/named/logs/security.log semanage fcontext -a -t named_log_t <span class="token string">'/var/named/logs(/.*)?'</span> restorecon -Rv /var/named/logs |
Create the zone file which the Zonecloud node will write agent’s zones
1 2 3 | <span class="token function">touch</span> /var/named/zones.conf <span class="token function">chown</span> root:named /var/named/zones.conf <span class="token function">chmod</span> <span class="token number">640</span> /var/named/zones.conf |
Edit /etc/named.conf. #
In short, we need:
- “recursion no” , “notify no” , “masterfile-format text”
- bind on external IP address (“listen-on” option)
- Include the “/var/named/zones.conf” in the end.
- comment-out/remove any “allow-query” option
Optionally, remove the default zones that exist in the standard configuration file.
Any custom zones should be inside named.conf or in another include file.
Centos 7/8/9 named.conf example #
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; recursion no; version ""; masterfile-format text; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; include "/etc/crypto-policies/back-ends/bind.config"; querylog false; rate-limit { responses-per-second 50; }; }; // Uncomment for logging //include "/var/named/named-logging.conf"; include "/etc/named.root.key"; include "/var/named/zones.conf"; |
Rocky Linux / AlmaLinux 8 #
1 2 | <span class="token function">wget</span> http://repo.nixpal.com/el8/nixpal-el8-1.1-1.el8.x86_64.rpm yum localinstall nixpal-el8-1.1-1.el8.x86_64.rpm |
Rocky Linux / AlmaLinux 9 #
1 2 | <span class="token function">wget </span>https://repo.nixpal.com/el9/nixpal-el9-1.0-0.el9.x86_64.rpm yum localinstall nixpal-el9-1.0-0.el9.x86_64.rpm |
Install zcloudnode #
1 2 | yum clean all yum <span class="token function">install</span> zcloudnode |
Configure zcloudnode #
Now add the
- SERVER_HOSTNAME: your controller’s hostname
- LICENSE: Obtained from us
- TOKEN: Security Generated Token obtained from the controller when you create a server
fields in /etc/zcloudnode.conf.
1 2 3 4 5 6 7 8 9 10 11 | /* ZCloud Configuration Node Conf */ <span class="token assign-left variable">ZONES_FILE</span><span class="token operator">=</span>/var/named/zones.conf <span class="token assign-left variable">DAEMONIZE</span><span class="token operator">=</span>FALSE <span class="token assign-left variable">SERVER_HOSTNAME</span><span class="token operator">=</span>zcloud.server.hostname <span class="token assign-left variable">TOKEN</span><span class="token operator">=</span>Token_From_zCloud_Server <span class="token assign-left variable">UPDATE_INTERVAL</span><span class="token operator">=</span><span class="token number">60</span> <span class="token assign-left variable">LICENSE</span><span class="token operator">=</span>ZCNode-XXXXX //LOG LEVEL: ERROR - WARNING - INFO -DEBUG <span class="token assign-left variable">LOG_LEVEL</span><span class="token operator">=</span>DEBUG <span class="token assign-left variable">RNDC_PATH</span><span class="token operator">=</span>/usr/sbin/rndc <span class="token assign-left variable">ZONE_TEMPLATE</span><span class="token operator">=</span>zone <span class="token punctuation">\</span>"<span class="token punctuation">[</span>%DOMAIN_NAME%<span class="token punctuation">]</span><span class="token punctuation">\</span>" <span class="token punctuation">{</span><span class="token punctuation">\</span>n<span class="token punctuation">\</span>ttype slave<span class="token punctuation">;</span><span class="token punctuation">\</span>n<span class="token punctuation">\</span>tfile <span class="token punctuation">\</span>"slaves/<span class="token punctuation">[</span>%DOMAIN_NAME%<span class="token punctuation">]</span>.db<span class="token punctuation">\</span>"<span class="token punctuation">;</span><span class="token punctuation">\</span>n<span class="token punctuation">\</span>tmasters <span class="token punctuation">{</span> <span class="token punctuation">[</span>%SERVER_IP%<span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span><span class="token punctuation">\</span>n<span class="token punctuation">}</span><span class="token punctuation">;</span><span class="token punctuation">\</span>n |
Enable and start bind and zcloudnode #
1 2 | systemctl <span class="token builtin class-name">enable</span> named-chroot --now systemctl <span class="token builtin class-name">enable</span> zcloudnode --now |