玄箱/bind
出典: Fukudat
< 玄箱
ドメイン名を fukudat.com, サブネットを 192.168.0.0/255.255.255.0, ネームサーバーマスターのアドレスを 192.168.0.11 と仮定したときの,設定例を示す.
目次 |
[編集]
インストール
apt-get install bind
[編集]
共通の設定
- /etc/bind/named.conf を編集
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind/README.Debian for information on the
// structure of BIND configuration files in Debian for BIND versions 8.2.1
// and later, *BEFORE* you customize this configuration file.
//
include "/etc/bind/named.conf.options";
// reduce log verbosity on issues outside our control
logging {
category lame-servers { null; };
category cname { null; };
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// add local zone definitions here
include "/etc/bind/named.conf.local";
- /etc/bind/named.conf.options を作成
options {
directory "/var/cache/bind";
// from bind 9:
// [fetch-glue] is obsolete. In BIND 8, fetch-glue yes caused the
// server to attempt to fetch glue resource records it didn't have
// when constructing the additional data section of a response.
// This is now considered a bad idea and BIND 9 never does it.
fetch-glue no;
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
192.168.0.1;
};
};
[編集]
マスターの設定
- /etc/bind/named.conf.local を作成
zone "fukudat.com" {
type master;
file "/etc/bind/db.fukudat.com";
allow-update {
192.168.0.0/24;
127.0.0.1;
};
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.0.168.192";
allow-update {
192.168.0.0/24;
127.0.0.1;
};
};
- 順引きDB db.fukudat.com を作成
;BIND DUMP V8
$ORIGIN com.
fukudat 86400 IN SOA nas01.fukudat.com. root.fukudat.com. (
2006032411 10800 1800 4320000 86400 ) ;Cl=2
86400 IN NS nas01.fukudat.com. ;Cl=2
86400 IN NS nas02.fukudat.com. ;Cl=2
$ORIGIN fukudat.com.
crew 86400 IN A 192.168.0.31 ;Cl=2
nas01 86400 IN A 192.168.0.11 ;Cl=2
cam01 86400 IN A 192.168.0.21 ;Cl=2
nas02 86400 IN A 192.168.0.12 ;Cl=2
fukudatp 1800 IN TXT "31e1a0fa4fb26f51ec5e585d5d371a21bb" ;Cl=2
1800 IN A 192.168.0.210 ;Cl=2
nas03 86400 IN A 192.168.0.13 ;Cl=2
cam02 86400 IN A 192.168.0.22 ;Cl=2
www 86400 IN CNAME crew.fukudat.com. ;Cl=2
chiori 86400 IN A 192.168.0.32 ;Cl=2
ns1 86400 IN CNAME nas01.fukudat.com. ;Cl=2
ns2 86400 IN CNAME nas02.fukudat.com. ;Cl=2
router 86400 IN A 192.168.0.1 ;Cl=2
- 逆引きDB db.0.168.192 を作成
;BIND DUMP V8
$ORIGIN 168.192.in-addr.arpa.
0 86400 IN SOA nas01.fukudat.com. root.fukudat.com. (
2006032411 10800 1800 4320000 86400 ) ;Cl=5
86400 IN NS nas01.fukudat.com. ;Cl=5
86400 IN NS nas02.fukudat.com. ;Cl=5
$ORIGIN 0.168.192.in-addr.arpa.
12 86400 IN PTR nas02.fukudat.com. ;Cl=5
13 86400 IN PTR nas03.fukudat.com. ;Cl=5
169 1800 IN PTR bekkame.fukudat.com. ;Cl=5
31 86400 IN PTR crew.fukudat.com. ;Cl=5
32 86400 IN PTR chiori.fukudat.com. ;Cl=5
1 86400 IN PTR router.fukudat.com. ;Cl=5
210 1800 IN PTR fukudatp.fukudat.com. ;Cl=5
21 86400 IN PTR cam01.fukudat.com. ;Cl=5
149 1800 IN PTR bekkame.fukudat.com. ;Cl=5
22 86400 IN PTR cam02.fukudat.com. ;Cl=5
11 86400 IN PTR nas01.fukudat.com. ;Cl=5
[編集]
スレーブの設定
- /etc/bind/named.conf.local を作成
//
// Add local zone definitions here.
zone "fukudat.com" {
type slave;
file "/etc/bind/db.fukudat.com";
masters {
192.168.0.11;
};
allow-update {
192.168.0.0/24;
127.0.0.1;
};
};
zone "0.168.192.in-addr.arpa" {
type slave;
file "/etc/bind/db.0.168.192";
masters {
192.168.0.11;
};
allow-update {
192.168.0.0/24;
127.0.0.1;
};
};
[編集]
VPNとNAT接続したときの設定
LAN, WAN, VPNと複数のドメインに接続する設定を行ったような場合,ドメインごとに異なるDNSを使わなければならない.クライアントでいちいち切り替えるのは面倒である.
そんな時には,次のように named.conf に設定すればよかった.
zone "xxx.com" {
type forward;
forwarder { 9.14.1.3; 9.46.1.2; 9.78.1.2; };
}
zone "9.in-addr.arpa" {
type forward;
forwarder { 9.14.1.3; 9.46.1.2; 9.78.1.2; };
}
これにより,"xxx.com"ドメインに対する順引き,9.x.x.x に対する逆引きをそれぞれ forwarder に指定されているDNSに転送するように指示していることになる.
もちろん,設定が終わったら bind を再起動する.
# /etc/init.d/bind restart
/var/log/syslog を見てエラーが出ていないか確認しよう.
あとは9.x.x.x に対するIP routingの設定ができていれば,xxx.com内のDNS,ローカルのDNSのDNS両方を使って名前解決ができる.適当なマシンから dig を使って確認.
$ dig @192.168.0.11 w3.xxx.com
