<div dir="ltr"><div dir="ltr">Hola Santiago,<div><br></div><div>Si querés configurar un servidor recursivo local estos serían (en forma muy resumida, pero con esto queda funcionando) los pasos a seguir (esto está hecho sobre un Ubuntu):<br>Tené en cuenta que deberás agregarle todo lo necesario para asegurar que tu servidor no quede abierto al mundo y efectivamente sea "local".</div><div>Otro aspecto que tendrías que agregar es algún mecanismo para monitorear ciertas cosas tanto del hardware como del propio servidor, con la finalidad de saber que es lo que sucede y si todo está funcionando correctamente.</div><div>Adicionalmente y dado que estarás también validando DNSSEC es crítico que tu servidor tenga bien configurado el tema del tiempo (fecha/hora). Para eso te recomiendo mirar alguna guía de configuración de NTP (es bastante simple de configurar pero es muy importante pues todo el manejo de firmas de DNSSEC se basa, entre otros, en los tiempos especificados de validez de las mismas).</div><div>Finalmente, esto es una idea muy general para que el servidor quede funcionando... si lo piensas utilizar en un ambiente de producción para dar servicios de resolución a terceros te recomiendo antes tomar experiencia utilizándolo internamente en una fase de prueba.</div><div><br></div><div>Probalo primero (siempre) en un ambiente controlado y de testing porque además lo escribí medio rápido basado en una configuración genérica de un tutorial (así que no lo tomes como una verdad absoluta)... 😊</div><div><br></div><div><p class="gmail-MsoListParagraphCxSpFirst" style="margin:0cm 0cm 0cm 36pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif">1)<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="ES" style="font-family:Arial,sans-serif">Configuración del servidor BIND<br>
<br>
</span></p>
<p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">a.<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman""> </span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Instalando los paquetes de software necesarios<br>
<br>
</span></p>
<p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:"Courier New";color:black"># apt-get install bind9 bind9utils bind9-doc dnsutils</span></p>
<p class="MsoNormal" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black"><br>
Para instalar los paquetes necesarios para ejecutar BIND, usaremos los comandos
anteriores (apt-get).</span></p>
<p class="MsoNormal" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">Si el
proceso de instalación nos pregunta si queremos instalar alguno de los
paquetes, diremos </span><span lang="ES" style="font-family:"Courier New";color:black">yes</span><span lang="ES" style="font-family:Arial,sans-serif;color:black">.<br>
<br>
</span></p>
<p class="MsoNormal" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">Los
comandos anteriores instalan paquetes BIND, documentación BIND, utilidades BIND
(por ejemplo, para verificar la configuración, etc.) y utilidades DNS.<br>
<br>
</span></p>
<p class="gmail-MsoListParagraphCxSpFirst" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">b.<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman""> </span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Es conveniente agregar una regla para permitir el puerto
53 en caso de que tengamos un firewall en ejecución (Ubuntu a menudo viene con
un firewall UFW en ejecución):<br>
<br>
</span></p>
<p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:"Courier New";color:black"># ufw allow 53</span><span lang="ES" style="font-family:Arial,sans-serif;color:black"><br clear="all" style="break-before:page">
</span><span lang="ES" style="font-family:"Courier New";color:black"></span></p>
<p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0cm 36pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black"><br></span></p><p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0cm 36pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black"><br></span></p><p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0cm 36pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">2)<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman""> </span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Configurando BIND<br>
<br>
</span></p>
<p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">a.<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman""> </span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Acceder a la carpeta de BIND<br>
</span><span lang="ES" style="font-family:"Courier New";color:black"># cd /etc/bind</span><span lang="ES" style="font-family:Arial,sans-serif;color:black"><br>
<br>
</span></p>
<p class="gmail-MsoListParagraphCxSpLast" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">b.<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman""> </span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">La instalación estándar ya traerá la información para
localizar los servidores raíz<br>
</span><span lang="ES" style="font-family:"Courier New";color:black"># more db.root</span><span lang="ES" style="font-family:Arial,sans-serif;color:black"></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-size:11pt;font-family:"Courier New";color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; This file holds the
information on root name servers needed</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; to initialize cache of Internet domain name
servers</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; (e.g. reference this file
in the "cache . </span><span lang="ES" style="font-size:9pt;font-family:Menlo;color:black"><file>"</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; configuration file of BIND
domain name servers).</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-size:9pt;font-family:Menlo;color:black">;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; This file is made available by InterNIC </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; under anonymous FTP as</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; file /domain/named.cache</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; on server <a href="http://FTP.INTERNIC.NET">FTP.INTERNIC.NET</a></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; -OR- <a href="http://RS.INTERNIC.NET">RS.INTERNIC.NET</a></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; last update: February 17, 2016</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; related version of root
zone: 2016021701</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; formerly <a href="http://NS.INTERNIC.NET">NS.INTERNIC.NET</a></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">.
3600000 NS <a href="http://A.ROOT-SERVERS.NET">A.ROOT-SERVERS.NET</a>.</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"><a href="http://A.ROOT-SERVERS.NET">A.ROOT-SERVERS.NET</a>.
3600000 A 198.41.0.4</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"><a href="http://A.ROOT-SERVERS.NET">A.ROOT-SERVERS.NET</a>.
3600000 AAAA 2001:503:ba3e::2:30</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; FORMERLY <a href="http://NS1.ISI.EDU">NS1.ISI.EDU</a></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">…<br>
<br>
</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; OPERATED BY ICANN</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">.
3600000 NS <a href="http://L.ROOT-SERVERS.NET">L.ROOT-SERVERS.NET</a>.</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"><a href="http://L.ROOT-SERVERS.NET">L.ROOT-SERVERS.NET</a>.
3600000 A 199.7.83.42</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"><a href="http://L.ROOT-SERVERS.NET">L.ROOT-SERVERS.NET</a>.
3600000 AAAA 2001:500:3::42</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">; OPERATED BY WIDE</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">.
3600000 NS <a href="http://M.ROOT-SERVERS.NET">M.ROOT-SERVERS.NET</a>.</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"><a href="http://M.ROOT-SERVERS.NET">M.ROOT-SERVERS.NET</a>.
3600000 A 202.12.27.33</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"><a href="http://M.ROOT-SERVERS.NET">M.ROOT-SERVERS.NET</a>.
3600000 AAAA 2001:dc3::35</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-size:9pt;font-family:Menlo;color:black">; End of
file</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<span lang="ES" style="font-size:12pt;font-family:"Times New Roman",serif;color:black"><br clear="all" style="break-before:page">
</span>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="color:black"> </span></p>
<p class="gmail-MsoListParagraph" style="margin:0cm 0cm 0cm 36pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">3)<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman""> </span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Editando los archivos de configuración de BIND</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black"> </span></p>
<p class="gmail-MsoListParagraph" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">a.<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman""> </span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">El archivo de configuración (named.conf.options) para la
instalación estándar se encuentra en el directorio BIND (</span><span lang="ES" style="font-family:"Courier New";color:black">/etc/bind</span><span lang="ES" style="font-family:Arial,sans-serif;color:black">)<br>
<br>
</span><span lang="ES" style="font-family:"Courier New";color:black"># more named.conf.options</span><span lang="ES" style="font-family:Arial,sans-serif;color:black"></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"><br>
</span><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">options {</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> directory
"/var/cache/bind";</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // If there is a firewall
between you and nameservers you want</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // to talk to, you may need
to fix the firewall to allow </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // multiple</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // ports to talk. See <a href="http://www.kb.cert.org/vuls/id/800113">http://www.kb.cert.org/vuls/id/800113</a></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // If your ISP provided one
or more IP addresses for stable </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // nameservers, you probably
want to use them as forwarders. </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // Uncomment the following
block, and insert the addresses </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // replacing </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // the all-0's placeholder.</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // forwarders {</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // 0.0.0.0;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // };</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> //=============================================================</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // If BIND logs error
messages about the root key being </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // expired,</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // you will need to update
your keys. See </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // <a href="https://www.isc.org/bind-keys">https://www.isc.org/bind-keys</a></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> //=============================================================</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> dnssec-validation auto;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> auth-nxdomain no; # conform to RFC1035</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span><span lang="ES" style="font-size:9pt;font-family:Menlo;color:black">listen-on-v6 { any; };</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-size:9pt;font-family:Menlo;color:black">};</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black"> </span></p>
<p class="gmail-MsoListParagraphCxSpFirst" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">b.<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman""> </span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Realizaremos las siguientes acciones en la configuración (explicación
de las opciones)</span></p>
<p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0cm 108pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Wingdings;color:black">§<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Para simplificar la
práctica, hemos deshabilitado la capacidad de recibir consultas usando el
protocolo IPv6 (solo consultas usando IPv4). Sin embargo, recomendamos que
cualquier servidor DNS recursivo tenga configurados los protocolos IPv4 e IPv6
en todos los casos de implementaciones de producción.<br>
</span><span lang="ES" style="font-size:11pt;font-family:Menlo;color:black"><br>
//listen-on-v6 { any; };<br>
<br>
</span><span lang="ES" style="font-family:Arial,sans-serif;color:black"></span></p>
<p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0cm 108pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Wingdings;color:black">§<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Tenga en cuenta que, de
forma predeterminada, BIND tendrá habilitada la validación de DNSSEC.<br>
</span><span lang="ES" style="font-size:11pt;font-family:Menlo;color:black"><br>
dnssec-validation auto;<br>
<br>
</span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Cuando <i>dnssec-validation</i> se
establece en automático, el valor predeterminado es la zona raíz de DNS como
ancla de confianza. BIND incluye una copia de la clave raíz que se mantiene
actualizada automáticamente. Si se establece en yes, se debe configurar un
ancla de confianza explícitamente utilizando la opción de claves administradas
o claves confiables. (<i>managed-keys</i> </span><span lang="EN-US" style="font-family:Arial,sans-serif;color:black">/</span><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"> </span><i><span lang="ES" style="font-family:Arial,sans-serif;color:black">trusted-keys</span></i><span lang="ES" style="font-family:Arial,sans-serif;color:black">
option).<br>
<br>
</span></p>
<p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0cm 0cm 0cm 108pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Wingdings;color:black">§<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Habilitamos la recursión
en forma explícita.<br>
<br>
</span><span lang="ES" style="font-size:11pt;font-family:Menlo;color:black">recursion yes;<br>
<br>
</span><span lang="ES" style="font-family:Arial,sans-serif;color:black"></span></p>
<p class="gmail-MsoListParagraphCxSpLast" style="margin:0cm 0cm 0cm 108pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Wingdings;color:black">§<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="ES" style="font-family:Arial,sans-serif;color:black">Creamos una lista de
acceso para permitir solo consultas de DNS desde el propio servidor o desde
nuestra red (para evitar que el servidor recursivo esté abierto al mundo).<br>
<br>
</span><span lang="ES" style="font-size:11pt;font-family:Menlo;color:black">listen-on port 53 { localhost; <a href="http://10.0.1.0/24">10.0.1.0/24</a>; };<br>
allow-query { localhost; <a href="http://10.0.1.0/24">10.0.1.0/24</a>; };</span><span lang="ES" style="font-family:Arial,sans-serif;color:black"><br>
<br>
Se deberá agregar también la lista de prefijos IPv6 desde los cuales queremos
aceptar consultas.</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black">Para
que el archivo de configuración sea el siguiente:<br>
<br>
</span><span lang="ES" style="font-family:"Courier New";color:black"># nano named.conf.options</span><span lang="ES" style="font-family:Arial,sans-serif;color:black"></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"><br>
</span><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black">options {</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> directory
"/var/cache/bind";</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // If there is a firewall
between you and nameservers you want</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // to talk to, you may need
to fix the firewall to allow multiple</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // ports to talk. See <a href="http://www.kb.cert.org/vuls/id/800113">http://www.kb.cert.org/vuls/id/800113</a></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // If your ISP provided one
or more IP addresses for stable </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // nameservers, you probably
want to use them as forwarders. </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // Uncomment the following
block, and insert the addresses replacing </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // the all-0's placeholder.</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // forwarders {</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // 0.0.0.0;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // };</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> //========================================================================</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // If BIND logs error
messages about the root key being expired,</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> // you will need to update
your keys. See <a href="https://www.isc.org/bind-keys">https://www.isc.org/bind-keys</a></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> //========================================================================</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> dnssec-validation auto;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> auth-nxdomain no; # conform to RFC1035</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> listen-on-v6 { any; };</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> listen-on port 53 {
localhost; <a href="http://10.0.1.0/24">10.0.1.0/24</a>; };</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> allow-query { localhost; <a href="http://10.0.1.0/24">10.0.1.0/24</a>;
};</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-size:9pt;font-family:Menlo;color:black"> recursion yes;</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-size:9pt;font-family:Menlo;color:black">};</span></p>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black"> </span></p>
<span lang="ES" style="font-size:12pt;font-family:Arial,sans-serif;color:black"><br clear="all" style="break-before:page">
</span>
<p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="ES" style="font-family:Arial,sans-serif;color:black"> </span></p>
<p class="gmail-MsoListParagraph" style="margin:0cm 0cm 0cm 72pt;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:"Courier New"">c.<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman""> </span></span><span lang="EN-US" style="font-family:Arial,sans-serif;color:black">Finally, we use the BIND functionality to
confirm that there are no errors in the configuration files and restart the
BIND server to apply the configuration changes<br>
<br>
</span><span lang="EN-US" style="font-family:"Courier New""># named-checkconf<br>
# service bind9 restart</span></p>
<p class="MsoNormal" style="margin:0cm;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"> </span></p><p class="MsoNormal" style="margin:0cm;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"><br></span></p><p class="MsoNormal" style="margin:0cm;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black">Listo, allí tendrás funcionando un servidor recursivo de DNS con un mínimo de configuración para limitar las consultas y permitir solo desde las redes que especifiques en las opciones "listen-on port 53" y "allow-query".</span></p><p class="MsoNormal" style="margin:0cm;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"><br></span></p><p class="MsoNormal" style="margin:0cm;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black">Luego busco algo similar para la configuración básica de un autoritativo (que es un poco más complejo).</span></p><p class="MsoNormal" style="margin:0cm;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"><br></span></p><p class="MsoNormal" style="margin:0cm;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black">Saludos,</span></p><p class="MsoNormal" style="margin:0cm;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black">Nico</span></p><p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"><br></span></p><p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"><br></span></p><p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"><br></span></p><p class="MsoNormal" style="margin:0cm;font-size:12pt;font-family:"Times New Roman",serif"><span lang="EN-US" style="font-family:Arial,sans-serif;color:black"><br></span></p></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">El mar, 9 de feb. de 2021 a la(s) 11:29, SANTIAGO TRUCCO - INTERNET CORDOBA (<a href="mailto:cstrucco@internetcordoba.com.ar">cstrucco@internetcordoba.com.ar</a>) escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="font-size:10pt;font-family:Verdana,Geneva,sans-serif">
<p>Hola estoy necesitando quien pueda compartir una guía para instalar un DNS local, estuve revisando sobre un <strong>bind9</strong> pero necesito si alguien tiene una guia paso a paso. </p>
<div>-- <br>
<table style="width:auto;border:0px;border-collapse:collapse;font:13px/1.2em sans-serif">
<tbody>
<tr>
<td style="font:13px/1.2em sans-serif;padding:0px 10px 0px 0px;vertical-align:top;border-right:2px solid rgb(179,61,61)">
<div>
<div style="margin:8px 0px;width:150px"><img style="width: 100%;" src="http://webmail.ferozo.com/data/xsignature/000/197/71b77630b12ff5a2.png?r=841281462">
<div> </div>
</div>
</div>
</td>
<td style="font:13px/1.2em sans-serif;padding:0px 0px 0px 10px;vertical-align:top">
<div>
<div style="font-weight:bold;text-align:left">TRUCCO CARLOS SANTIAGO</div>
</div>
<div> </div>
<div>
<div style="text-align:left">CEO - INTERNET CORDOBA</div>
</div>
<div>
<div style="margin:8px 0px">
<table style="width:auto;border:0px;border-collapse:collapse;font:13px/1.2em sans-serif">
<tbody>
<tr>
<td style="vertical-align:top;padding:0px 5px 0px 0px;border:none;font:bold 13px/1.2em sans-serif;color:rgb(0,0,0)">Email:</td>
<td style="vertical-align:top;padding:0px 5px 0px 0px;border:none;font:13px/1.2em sans-serif"><a style="color:rgb(0,102,255)" href="mailto:cstrucco@internetcordoba.com.ar" target="_blank">cstrucco@internetcordoba.com.ar</a></td>
</tr>
<tr>
<td style="vertical-align:top;padding:0px 5px 0px 0px;border:none;font:bold 13px/1.2em sans-serif;color:rgb(0,0,0)">Website:</td>
<td style="vertical-align:top;padding:0px 5px 0px 0px;border:none;font:13px/1.2em sans-serif"><a style="color:rgb(0,102,255)" href="http://www.internetcordoba.com.ar" target="_blank">www.internetcordoba.com.ar</a></td>
</tr>
<tr>
<td style="vertical-align:top;padding:0px 5px 0px 0px;border:none;font:bold 13px/1.2em sans-serif;color:rgb(0,0,0)">Telefono:</td>
<td style="vertical-align:top;padding:0px 5px 0px 0px;border:none;font:13px/1.2em sans-serif">0351-5685968 - INT: 501</td>
</tr>
<tr>
<td style="vertical-align:top;padding:0px 5px 0px 0px;border:none;font:bold 13px/1.2em sans-serif;color:rgb(0,0,0)">Mobile:</td>
<td style="vertical-align:top;padding:0px 5px 0px 0px;border:none;font:13px/1.2em sans-serif">0351-153675710</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div style="margin:8px 0px;text-align:left"><a style="display:inline-block;padding-right:5px" href="https://www.facebook.com/Internetcordoba" target="_blank"><img src="http://webmail.ferozo.com/plugins/xsignature/icons/square_gloss/png/facebook.png" alt="" width="24" height="24"></a><a style="display:inline-block;padding-right:5px" href="https://www.instagram.com/internetcordoba" target="_blank"><img src="http://webmail.ferozo.com/plugins/xsignature/icons/square_gloss/png/instagram.png" alt="" width="24" height="24"></a></div>
</div>
</td>
<td style="font:13px/1.2em sans-serif;padding:0px;vertical-align:top"> </td>
</tr>
</tbody>
</table>
<div> </div>
<div> </div>
</div>
</div>
_______________________________________________<br>
Lista mailing list<br>
<a href="mailto:Lista@arnog.com.ar" target="_blank">Lista@arnog.com.ar</a><br>
<a href="http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista" rel="noreferrer" target="_blank">http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista</a><br>
</blockquote></div></div>