BIND9 インストール
BIND9インストール
[root@freebsd ~]# cd /usr/ports/dns/bind98
[root@freebsd bind9]# make BATCH=yes install clean
[root@freebsd bind9]# cd
rndc設定
[root@freebsd ~]# mv /etc/namedb/named.conf /etc/namedb/named.conf.org
[root@freebsd ~]# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
[root@freebsd ~]# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
[root@freebsd ~]# cat /etc/namedb/rndc.key > /etc/namedb/named.conf
[root@freebsd ~]# rm -f /etc/namedb/rndc.key
[root@freebsd ~]# vi /etc/namedb/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Server 127.0.0.1 {
key "rndc-key";
};
named.conf編集
[root@freebsd ~]# vi /etc/namedb/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
version "unknown";
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on-v6 { none; };
listen-on { localhost; localnets; };
allow-query { localhost; localnets; };
allow-recursion { localhost; localnets; };
allow-transfer { localhost; localnets; };
forwarders { xxx.xxx.xxx.xx1; xxx.xxx.xxx.xx2; };
};
view "internal"{
match-clients { localnets; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "1.168.192.in-addr.arpa";
};
zone "freebsd.orz" {
type master;
file "freebsd.orz.local";
};
};
ヒント
xxx.xxx.xxx.xx1 はプロバイダのプライマリDNSサーバーのIPアドレスです。
xxx.xxx.xxx.xx2 はプロバイダのセカンダリDNSサーバーのIPアドレスです。
named.conf編集 (固定IPの場合)
[root@freebsd ~]# vi /etc/namedb/named.conf
↓最終行に下記を記入
view "external"{
match-clients { any; };
recursion no;
zone "freebsd.orz" {
type master;
file "freebsd.orz.zone";
allow-transfer { yyy.yyy.yyy.yyy; };
};
};
ヒント
yyy.yyy.yyy.yyy はセカンダリDNSサーバーのIPアドレスです。
localhost逆引き
[root@freebsd ~]# vi /etc/namedb/0.0.127.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2010052100 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
1 IN PTR localhost.
内部正引き
[root@freebsd ~]# vi /etc/namedb/freebsd.orz.local
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2010052100 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
IN MX 10 mail.freebsd.orz.
@ IN A 192.168.1.10
ns1 IN A 192.168.1.10
www IN A 192.168.1.10
ftp IN A 192.168.1.10
mail IN A 192.168.1.10
内部逆引き
[root@freebsd ~]# vi /etc/namedb/1.168.192.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2010052100 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS freebsd.orz.
10 IN PTR freebsd.orz.
外部正引き (固定IPの場合)
[root@freebsd ~]# vi /etc/namedb/freebsd.orz.zone
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2010052100 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
IN MX 10 mail.freebsd.orz.
@ IN A zzz.zzz.zzz.zzz
ns1 IN A zzz.zzz.zzz.zzz
www IN A zzz.zzz.zzz.zzz
ftp IN A zzz.zzz.zzz.zzz
mail IN A zzz.zzz.zzz.zzz
freebsd.orz. IN TXT "v=spf1 a mx ~all"
ヒント
zzz.zzz.zzz.zzzは固定IPアドレスです。
ルートゾーン最新化
[root@freebsd ~]# dig . ns @198.41.0.4 > /etc/namedb/named.ca
resolv.conf編集
[root@freebsd ~]# echo 'nameserver 127.0.0.1' > /etc/resolv.conf
BIND起動
[root@freebsd ~]# vi /etc/rc.conf
named_enable="YES" ←追加(named起動設定)
BIND動作確認
[root@freebsd ~]# dig @127.0.0.1 freebsd.orz soa ←SOAレコード確認
; <<>> DiG 9.6.1-P1 <<>> @127.0.0.1 freebsd.orz soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65353
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;freebsd.orz. IN SOA
;; ANSWER SECTION:
freebsd.orz. 86400 IN SOA freebsd.freebsd.orz. root.freebsd.orz. 2010052100 28800 7200 604800 86400
;; AUTHORITY SECTION:
freebsd.orz. 86400 IN NS freebsd.freebsd.orz.
;; ADDITIONAL SECTION:
freebsd.freebsd.orz. 86400 IN A 192.168.1.10
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 28 23:14:47 2010
;; MSG SIZE rcvd: 104
[root@freebsd ~]# dig @127.0.0.1 freebsd.orz ns ←NSレコード確認
; <<>> DiG 9.6.1-P1 <<>> @127.0.0.1 freebsd.orz ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20853
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;freebsd.orz. IN NS
;; ANSWER SECTION:
freebsd.orz. 86400 IN NS freebsd.freebsd.orz.
;; ADDITIONAL SECTION:
freebsd.freebsd.orz. 86400 IN A 192.168.1.10
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 28 23:15:08 2010
;; MSG SIZE rcvd: 63
[root@freebsd ~]# dig @127.0.0.1 freebsd.freebsd.orz ←Aレコード確認
; <<>> DiG 9.6.1-P1 <<>> @127.0.0.1 freebsd.freebsd.orz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21547
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;freebsd.freebsd.orz. IN A
;; ANSWER SECTION:
freebsd.freebsd.orz. 86400 IN A 192.168.1.10
;; AUTHORITY SECTION:
freebsd.orz. 86400 IN NS freebsd.freebsd.orz.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 28 23:15:27 2010
;; MSG SIZE rcvd: 63
[root@freebsd ~]# dig @127.0.0.1 -x 192.168.1.10 ←逆引き確認
; <<>> DiG 9.6.1-P1 <<>> @127.0.0.1 -x 192.168.1.10
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63965
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;10.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.1.168.192.in-addr.arpa. 86400 IN PTR freebsd.orz.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS freebsd.orz.
;; ADDITIONAL SECTION:
freebsd.orz. 86400 IN A 192.168.1.10
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 28 23:15:51 2010
;; MSG SIZE rcvd: 98
[root@freebsd ~]# dig @127.0.0.1 www.freebsd.org ←外部ホスト確認
; <<>> DiG 9.6.1-P1 <<>> @127.0.0.1 www.freebsd.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61299
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; QUESTION SECTION:
;www.freebsd.org. IN A
;; ANSWER SECTION:
www.freebsd.org. 3600 IN A 69.147.83.33
;; AUTHORITY SECTION:
freebsd.org. 3600 IN NS ns2.isc-sns.com.
freebsd.org. 3600 IN NS ns1.isc-sns.net.
freebsd.org. 3600 IN NS ns3.isc-sns.info.
;; ADDITIONAL SECTION:
ns2.isc-sns.com. 172800 IN A 38.103.2.1
;; Query time: 301 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 28 23:16:10 2010
;; MSG SIZE rcvd: 153
外部に公開する場合
プロトコル(TCP/UDP)ポート53番(DNS)を開放。
