BIND Memo
不要ファイルの削除
# cd /etc/namedb/
# rm -fr PROTO.localhost* make-localhost named.root rndc.key
root DNS サーバリストの取得
# dig @A.ROOT-SERVERS.NET. > /etc/namedb/named.root
rndc の設定
# rndc-confgen -a
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
# cat /etc/namedb/rndc.key > /etc/namedb/named.conf
# rm /etc/namedb/rndc.key
# vi /etc/namedb/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "md5";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Server 127.0.0.1 {
key "rndc-key";
};
# chmod 400 /etc/namedb/rndc.conf
# chmod 600 /etc/namedb/named.conf
# chown bind:wheel /etc/namedb/named.conf
内向き DNS
named.conf
# vi /etc/namedb/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "md5";
};
acl localnet {
127.0.0.1;
192.168.1.0/24;
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on {
127.0.0.1;
192.168.1.100;
};
listen-on-v6 { none; };
allow-query { localnet; };
allow-transfer { localnet; };
allow-recursion { localnet; };
forwarders {
202.224.32.1;
202.224.32.2;
};
version "unknown";
};
zone "." {
type hint;
file "named.root";
};
zone "clx.ath.cx" {
type master;
file "master/clx.ath.cx";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "master/1.168.192.in-addr.arpa";
};
正引きのゾーン設定
# vi /etc/namedb/master/clx.ath.cx
$TTL 1D
@ IN SOA ns.clx.ath.cx. root.ns.clx.ath.cx. (
2007062701
3H
1H
1W
1D )
IN NS ns.clx.ath.cx.
IN MX 10 smtp.clx.ath.cx.
@ IN A 192.168.1.100
gw IN A 192.168.1.1
s1 IN A 192.168.1.100
ns IN A 192.168.1.100
www IN A 192.168.1.100
smtp IN A 192.168.1.100
mail IN A 192.168.1.100
ftp IN A 192.168.1.100
ntp IN A 192.168.1.100
ldap IN A 192.168.1.100
svn IN A 192.168.1.100
cvs IN A 192.168.1.100
dev IN A 192.168.1.100
stat IN A 192.168.1.100
逆引きのゾーン設定
# vi /etc/namedb/master/1.168.192.in-addr.arpa
$TTL 1D
@ IN SOA ns.clx.ath.cx. root.ns.clx.ath.cx. (
2007062701
3H
1H
1W
1D )
IN NS ns.clx.ath.cx.
1 IN PTR gw.clx.ath.cx.
100 IN PTR s1.clx.ath.cx.
Logging
# vi /etc/namedb/named.conf
logging {
channel default_log {
file "/var/log/named.log" versions 7 size 10m;
severity info;
print-time yes;
print-category yes;
};
category default { default_log; };
};
設定ファイルの確認
# named-checkconf /etc/namedb/named.conf
# named-checkzone clx.ath.cx /etc/namedb/master/clx.ath.cx
# named-checkzone 1.168.192.in-addr.arpa /etc/namedb/master/1.168.192.in-addr.arpa
問題が無かったら起動。
# vi /etc/rc.conf
named_enable="YES"
# /etc/rc.d/named start
動作確認
messages の確認。
# cat /var/log/messages | grep named
Jun 27 07:20:48 server named[69213]: starting BIND 9.3.3 -t /var/named -u bind
Jun 27 07:20:48 server named[69213]: command channel listening on 127.0.0.1#953
Jun 27 07:20:48 server named[69213]: running
LISTEN しているかどうか。
# netstat -a | grep .domain
tcp4 0 0 localhost.domain *.* LISTEN
tcp4 0 0 s1.domain *.* LISTEN
udp4 0 0 localhost.domain *.*
udp4 0 0 s1.domain *.*
# netstat -a | grep rndc
tcp4 0 0 s1.rndc *.* LISTEN
dig で DNS を引けるかどうか。
# dig @127.0.0.1 -x 127.0.0.1
# dig @127.0.0.1 localhost
# dig @127.0.0.1 -x 192.168.1.100
# dig @127.0.0.1 s1.clx.ath.cx
# dig @127.0.0.1 yahoo.co.jp
# dig @127.0.0.1 google.co.jp
名前解決に BIND を使用する
# vi /etc/resolv.conf
nameserver 127.0.0.1