![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
#portinstall dns/bind9
portでBIND9をインストールすると、もともと有った/etc/namedb -> /var/named/etc/namedb へのリンクが無くなる場合がります。
オプション指定で、もともとのBINDを入れ替えることにする。
*************************************************************************
* If you are running BIND 9 in a chroot environment, make *
* sure that there is a /dev/random device in the chroot. *
* *
* BIND 9 also requires configuration of rndc, including a *
* "secret" key. The easiest, and most secure way to configure *
* rndc is to run 'rndc-confgen -a' to generate the proper conf *
* file, with a new random key, and appropriate file permissions. *
* *
* The /etc/rc.d/named script in the base will do both for you. *
* *
===> Compressing manual pages for bind9-9.3.5.2
===> Registering installation for bind9-9.3.5.2
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/named
/usr/local/sbin/rndc-confgen
/usr/local/bin/host
/usr/local/sbin/dnssec-signzone
/usr/local/bin/nsupdate
/usr/local/sbin/rndc
/usr/local/sbin/lwresd
/usr/local/bin/dig
/usr/local/sbin/dnssec-keygen
/usr/local/sbin/named-checkzone
/usr/local/sbin/named-checkconf
/usr/local/bin/nslookup
# cd /etc/namedb/ # rndc-confgen -a wrote key file "/etc/namedb/rndc.key" # cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
# mv /etc/namedb/named.conf /etc/namedb/named.conf.org # rndc-confgen -a wrote key file "/etc/namedb/rndc.key" # cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf # cat /etc/namedb/rndc.key > /etc/namedb/named.conf # rm /etc/namedb/rndc.key
# vi /etc/namedb/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Server 127.0.0.1 {
key "rndc-key";
};
# chmod 400 /etc/namedb/rndc.conf # chmod 600 /etc/namedb/named.conf # chown bind:wheel /etc/namedb/named.conf
# vi /etc/namedb/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
version "unknown";
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on-v6 { none; };
listen-on { localhost; localnets; };
allow-query { localhost; localnets; };
allow-recursion { localhost; localnets; };
allow-transfer { localhost; localnets; };
forwarders { xxx.xxx.xxx.xx1; xxx.xxx.xxx.xx2; };
};
view "internal"{
match-clients { localnets; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa";
};
zone "3.168.192.in-addr.arpa" {
type master;
file "3.168.192.in-addr.arpa";
};
zone "freebsd.orz" {
type master;
file "freebsd.orz.local";
};
};
※黄色い部分は環境に合わせて変更してください。
※xxx.xxx.xxx.xx1 はプロバイダのプライマリDNSサーバーのIPアドレスです。
※xxx.xxx.xxx.xx2 はプロバイダのセカンダリDNSサーバーのIPアドレスです。
# vi /etc/namedb/named.conf
↓最終行に下記を記入
view "external"{
match-clients { any; };
recursion no;
zone "freebsd.orz" {
type master;
file "freebsd.orz.zone";
allow-transfer { yyy.yyy.yyy.yyy; };
};
};
※黄色い部分は環境に合わせて変更してください
※yyy.yyy.yyy.yyy はセカンダリDNSサーバーのIPアドレスです。
# vi /etc/namedb/0.0.127.in-addr.arpa
↓下記を記入 $TTL 86400 @ IN SOA ns1.freebsd.orz. root.freebsd.orz. ( 2007052900 ;Serial 28800 ;Refresh 7200 ;Retry 604800 ;Expire 86400 ;Minimum ) IN NS ns1.freebsd.orz. 1 IN PTR localhost.
※黄色い部分は環境に合わせて変更してください。
# vi /etc/namedb/freebsd.orz.local
↓下記を記入 $TTL 86400 @ IN SOA ns1.freebsd.orz. root.freebsd.orz. ( 2007052900 ;Serial 28800 ;Refresh 7200 ;Retry 604800 ;Expire 86400 ;Minimum ) IN NS ns1.freebsd.orz. IN MX 10 mail.freebsd.orz. @ IN A 192.168.3.10 * IN A 192.168.3.10 mail IN A 192.168.3.10
# vi /etc/namedb/3.168.192.in-addr.arpa
↓下記を記入
$TTL 86400 @ IN SOA ns1.freebsd.orz. root.freebsd.orz. ( 2007052900 ;Serial 28800 ;Refresh 7200 ;Retry 604800 ;Expire 86400 ;Minimum ) IN NS freebsd.orz. 10 IN PTR freebsd.orz.
# vi /etc/namedb/freebsd.orz.zone
↓下記を記入
$TTL 86400 @ IN SOA ns1.freebsd.orz. root.freebsd.orz. ( 2007052900 ;Serial 28800 ;Refresh 7200 ;Retry 604800 ;Expire 86400 ;Minimum ) IN NS ns1.freebsd.orz. IN MX 10 mail.freebsd.orz. @ IN A zzz.zzz.zzz.zzz * IN A zzz.zzz.zzz.zzz mail IN A zzz.zzz.zzz.zzz freebsd.orz. IN TXT "v=spf1 a mx ~all"
# dig . ns @128.63.2.53 > /etc/namedb/named.ca
# echo 'nameserver 127.0.0.1' > /etc/resolv.conf
# vi /etc/rc.conf
named_enable="YES" ←追加(named起動)
# /etc/rc.d/named start
Oct 8 07:05:37 vaio_ns1 kernel: Oct 8 07:05:37 vaio_ns1 named[1075]: isc_log_open '/var/log/named/named.log' failed: file not found vaio_ns1# touch /var/log/named/update.log touch: /var/log/named/update.log: No such file or directory vaio_ns1# touch /var/log/named/update.log touch: /var/log/named/update.log: No such file or directory vaio_ns1# mkdir /var/log/named vaio_ns1# chown bind:bind /var/log/named
http://hazyinfo.net/wiki/index.php?FreeBSD%2FBIND9
http://www.kishiro.com/FreeBSD/bind.html
http://freebsd.server-manual.com/bind.html
https://www.dns-oarc.net/oarc/services/dnsentropy
2010-02-17 (水) 10:05:13
