Manager

From DHVLab

Revision as of 21:07, 9 September 2016 by Wiki admin (talk | contribs) (BIND Daemon)


Network Configuration

NFS Server

#install required packages
yum install nfs-utils libnfsidmap

#create exports
cat << EOT >> /etc/exports
/exports/homes     DMZ_NETWORK/DMZ_SUBNETMASK  (rw,sync,no_root_squash,no_all_squash,fsid=1)   
                   NODE_NETWORK/NODE_SUBNETMASK(rw,sync,no_root_squash,no_all_squash,fsid=1)
EOT

#start and enable NFS server
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server
systemctl start rpc-statd
systemctl start nfs-idmapd

DHCP Daemon

#install required packages
yum install dhcp

Edit configuration file
/etc/dhcp/dhcpd.conf

authoritative;
#DMZ network definition
subnet DMZ_NETWORK netmask DMZ_SUBNETMASK {
        interface NIC2;
        range DMZ_NETWORK_START_IP DMZ_NETWORK_END_IP;
        default-lease-time 600;
        max-lease-time 7200;
        option domain-name "DMZ.YOUR_DOMAIN";
        option domain-name-servers MANAGER_DMZ_IP;
        option broadcast-address DMZ_NETWORK_BROADCAST;
        option subnet-mask DMZ_SUBNETMASK;
        option routers MANAGER_DMZ_IP;
}
#Nodes network definition
subnet NODES_NETWORK netmask NODES_SUBNETMASK {
        interface NIC1;
        range NODE_NETWORK_START_IP NODE_NETWORK_START_IP;
        default-lease-time 600;
        max-lease-time 7200;
        option domain-name "NODE.YOUR_DOMAIN";
        option domain-name-servers MANAGER_NODE_IP;
        option broadcast-address NODE_NETWORK_BROADCAST;
        option subnet-mask NODES_SUBNETMASK;
        option routers MANAGER_NODES_IP;
}
#...
#define fixed addresses
host HOST_0_NAME {
                hardware ethernet XX:XX:XX:XX:XX:XX;
                fixed-address HOST_0_IP;
                option host-name "HOST_0_NAME";
}
host HOST_1_NAME {
                hardware ethernet XX:XX:XX:XX:XX:XX;
                fixed-address HOST_1_IP;
                option host-name "HOST_1_NAME";
}
#....


systemctl start dhcpd.service
systemctl enable dhcpd.service

BIND Daemon

#install required packages
yum install bind bind-utils

/etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; DMZ_MANAGER_IP; NODES_MANAGER_IP;};
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 127.0.0.1; DMZ_NETWORK/24; NODES_NETWORK/24;};
        allow-transfer { trusted; };
        recursion yes;
        forwarders {
                LOCAL_DNS_SERVER_IP;
                PROVIDER_DNS_SERVER_IP;
                OTHER_DNS_SERVERS;
        };
        forward only ;
        dnssec-enable yes;
        dnssec-validation yes;
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
acl "trusted" {
        localhost;
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";

/etc/named/named.conf.local

zone "DMZ.YOUR_DOMAIN" IN {
        type master;
        file "/etc/named/zones/dmz.YOUR_DOMAIN.zone";
};

zone "XXX.XXX.XXX.in-addr.arpa" IN {
        type master;
        file "/etc/named/zones/XXX.XXX.XXX.zone";
};

zone "nodes.YOUR_DOMAIN" IN {
        type master;
        file "/etc/named/zones/nodes.YOUR_DOMAIN.zone";
};

zone "XXX.XXX.XXX.in-addr.arpa" IN {
        type master;
        file "/etc/named/zones/XXX.XXX.XXX.zone";
};

Create zone files
/etc/named/zones/dmz.YOUR_DOMAIN.zone

$TTL 1D

dmz.YOUR_DOMAIN.      IN     SOA     MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. (
                             200612060                 ; serial
                             2H                        ; refresh slaves
                             5M                        ; retry
                             1W                        ; expire
                             1M                        ; Negative TTL
)
@                     IN      NS      MANAGER.dmz.YOUR_DOMAIN.
MANAGER.YOUR_DOMAIN.  IN      A       MANAGER_IP       ; Firewall/Gateway
WEB.dmz.YOUR_DOMAIN.  IN      A       WEBSERVER_IP     ; Webserver
...

/etc/named/zones/XXX.XXX.XXX.zone

$TTL 1D
@                     IN      SOA     MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. (
                              200612060                ; serial
                              2H                       ; refresh slaves
                              5M                       ; retry
                              1W                       ; expire
                              1M                       ; Negative TTL
)
                      IN      NS      MANAGER.dmz.YOUR_DOMAIN.
XXX                   IN      PTR     MANAGER.dmz.YOUR_DOMAIN.
XXX                   IN      PTR     WEB.dmz.YOUR_DOMAIN.
#fix permissions
chgrp named -R /var/named
chown -v root:named /etc/named.conf

#enable service
systemctl enable named
systemctl start named

#use own nameserver
echo "nameserver localhost" >> /etc/resolv.conf

For further information read BIND Documentation

LDAP Server