Optionally, create security log files and add them in selinux policy (fail2ban or other firewall solution):
mkdir /var/named/logs chown named:named /var/named/logs touch /var/named/logs/security.log chown named:named /var/named/logs/security.log semanage fcontext -a -t named_log_t '/var/named/logs(/.*)?' restorecon -Rv /var/named/logs
Create the zone file which the Zonecloud node will write agent’s zones
touch /var/named/zones.conf
chown root:named /var/named/zones.conf
chmod 640 /var/named/zones.conf
Edit /etc/named.conf. #
In short, we need:
- “recursion no” , “notify no” , “masterfile-format text”
- bind on external IP address (“listen-on” option)
- Include the “/var/named/zones.conf” in the end.
- comment-out/remove any “allow-query” option
Optionally, remove the default zones that exist in the standard configuration file.
Any custom zones should be inside named.conf or in another include file.
Centos 7/8/9 named.conf example #
options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; recursion no; version ""; masterfile-format text; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; include "/etc/crypto-policies/back-ends/bind.config"; querylog false; rate-limit { responses-per-second 50; }; }; // Uncomment for logging //include "/var/named/named-logging.conf"; include "/etc/named.root.key"; include "/var/named/zones.conf";
yum install https://repo.nixpal.com/el/nixpal.rpm
Install zcloudnode #
yum clean all
yum install zcloudnode
Configure zcloudnode #
Now add the
- SERVER_HOSTNAME: your controller’s hostname
- LICENSE: Obtained from us
- TOKEN: Security Generated Token obtained from the controller when you create a server
fields in /etc/zcloudnode.conf.
/* ZCloud Configuration Node Conf */
ZONES_FILE=/var/named/zones.conf
DAEMONIZE=FALSE
SERVER_HOSTNAME=zcloud.server.hostname
TOKEN=Token_From_zCloud_Server
UPDATE_INTERVAL=60
LICENSE=ZCNode-XXXXX
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=DEBUG
RNDC_PATH=/usr/sbin/rndc
ZONE_TEMPLATE=zone \"[%DOMAIN_NAME%]\" {\n\ttype slave;\n\tfile \"slaves/[%DOMAIN_NAME%].db\";\n\tmasters { [%SERVER_IP%]; };\n};\n
Enable and start bind and zcloudnode #
systemctl enable named --now
systemctl enable zcloudnode --now