BIND 9

bind9-9.3.5.2で、外向きのDNSを作成するメモ†

#portinstall dns/bind9

オプション指定で、OS付属？のBINDを入れ替えることにする。

rndcの設定†

rndc用のキーを作る†

# cd /etc/namedb/
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf

rndcの設定†

# mv /etc/namedb/named.conf /etc/namedb/named.conf.org
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
# cat /etc/namedb/rndc.key > /etc/namedb/named.conf
# rm /etc/namedb/rndc.key

# vi /etc/namedb/rndc.conf

key "rndc-key" {
       algorithm hmac-md5;
       secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
options {
	default-key "rndc-key";
	default-server 127.0.0.1;
	default-port 953;
};

Server 127.0.0.1 {
	key "rndc-key";
};

# chmod 400 /etc/namedb/rndc.conf
# chmod 600 /etc/namedb/named.conf
# chown bind:wheel /etc/namedb/named.conf

named.conf編集†

named.conf編集†

# vi /etc/namedb/named.conf

key "rndc-key" {
       algorithm hmac-md5;
       secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};

↓続きに下記を記入

controls {
      inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};

options {
	version	"unknown";
	directory	"/etc/namedb";
//  forward only;      // スレーブ DNSにする場合コメントアウト
	pid-file	"/var/run/named/pid";
	dump-file	"/var/dump/named_dump.db";
	statistics-file	"/var/stats/named.stats";
	listen-on-v6	{ none; };
//	listen-on	{ localhost; localnets; };
//	allow-query	{ localhost; localnets; };
	allow-recursion	{ localhost; localnets; };
	allow-transfer	{ localhost; localnets; };
//	forwarders { xxx.xxx.xxx.xx1; xxx.xxx.xxx.xx2; };// 利用できる上位 DNSサーバを指定
};


view "external"{
	match-clients { any; };
	recursion no;

	zone "." IN {
		type hint;
		file "named.ca";
	};

	zone "0.0.127.in-addr.arpa" {
		type master;
		file "0.0.127.in-addr.arpa";
	};


	zone "kuji-clinic.net" {
		type master;
		file "kuji-clinic.net.zone";
		notify yes;
//		allow-transfer { yyy.yyy.yyy.yyy; }; //セカンダリDNSサーバーのIPアドレスです。

	};

	zone "208h.122.255.210.in-addr.arpa" in {
		type master;
		file "kuji-clinic.net.rev";
	};

};

ゾーンファイル・逆引きファイルの設定†

localhost逆引き†

# vi /etc/namedb/0.0.127.in-addr.arpa

↓下記を記入
$TTL 86400
@	IN	SOA	ns.kuji-clinic.net.	root.kuji-clinic.net. (
	2007052900	;Serial
	28800		;Refresh
	7200		;Retry
	604800		;Expire	
	86400		;Minimum
)

	IN	NS	ns.kuji-clinic.net.
1	IN	PTR	localhost.

外部正引き (固定IPの場合)†

# vi /etc/namedb/freebsd.orz.zone

↓下記を記入

$TTL	86400	; 1 day
@	IN	SOA	ns.kuji-clinic.net.	root.kuji-clinic.net.  (
		2008100303	; Serial
		3600		;refresh (1houre)
		900		;retry (15min)
		3600000		; expire (1 week)
		3600 		; minimum (1 day)
)
	IN	NS	ns1.kuji-clinic.net.
	IN	NS	ns.kuji-clinic.net.
	IN	NS	ns3.smb.net.
	IN	MX	10	mail.kuji-clinic.net.
	
kuji-clinic.net. IN TXT "v=spf1 a mx ~all"

	IN	MX	150	210.255.122.222.
	IN	MX	200	mail.smb.net.
;	IN	PTR	kuji-clinic.net.
localhost	IN	A	127.0.0.1
;
;Network		210.255.122.208
gw		IN	A	210.255.122.209
ns		IN	A	210.255.122.210
ns1		IN	A	210.255.122.211
;
k212		IN	A	210.255.122.212
k213		IN	A	210.255.122.213
k214		IN	A	210.255.122.214
k215		IN	A	210.255.122.215
k216		IN	A	210.255.122.216
k217		IN	A	210.255.122.217
k218		IN	A	210.255.122.218
k219		IN	A	210.255.122.219
k220		IN	A	210.255.122.220
;tfc.thousand-winds.jp	IN	A	210.255.122.221
k221		IN	A	210.255.122.221
k222		IN	A	210.255.122.222
;Broadcast			210.255.122.223
; aliases
;
mail	IN	CNAME	k213.kuji-clinic.net.
www	IN	CNAME	k213.kuji-clinic.net.

外部逆引きファイル†

; XXXXXXXXXXX    Serial No.is not DATE    XXXXXXXXX
; file "kuji-clinic.net.rev"
;
$TTL 86400
@	IN	SOA	ns.kuji-clinic.net. hostmaster.kuji-clinic.net. (
		2008091702	; Serial
		10800
		3600
		604800
		86400 )
	IN	NS	ns.kuji-clinic.net.
	IN	NS	ns3.smb.net.
;	IN	NS	ns2.uic.net.
;	IN	NS	ns1.stnet.ad.jp.
;
;	IN	PTR	kuji-clinic.net.
	IN	A	255.255.255.240	
;kuji-clinic.net.
;208	IN	PTR	kuji-clinic.net.
209	IN	PTR	gw.kuji-clinic.net.
210	IN	PTR	ns.kuji-clinic.net.
211	IN	PTR	ns1.kuji-clinic.net.
212	IN	PTR	k212.kuji-clinic.net.
213	IN	PTR	k213.kuji-clinic.net.
214	IN	PTR	k214.kuji-clinic.net.
215	IN	PTR	k215.kuji-clinic.net.
216	IN	PTR	k216.kuji-clinic.net.
217	IN	PTR	k217.kuji-clinic.net.
218	IN	PTR	k218.kuji-clinic.net.
219	IN	PTR	k219.kuji-clinic.net.
220	IN	PTR	k220.kuji-clinic.net.
221	IN	PTR	k221.kuji-clinic.net.
222	IN	PTR	k222.kuji-clinic.net.
;223	for broadchast
;END OF FILE

TIPs†

ルートゾーン最新化†

# dig . ns @128.63.2.53 > /etc/namedb/named.ca

vi /etc/resolv.conf†

domain	kuji-clinic.net
nameserver	210.255.122.211
nameserver	210.255.122.210
nameserver	127.0.0.1

BIND起動†

# vi /etc/rc.conf

named_enable="YES" ←追加(named起動)

# /etc/rc.d/named start

Junk†

Oct  8 07:05:37 vaio_ns1 kernel: Oct  8 07:05:37 vaio_ns1 named[1075]: isc_log_open '/var/log/named/named.log' failed: file not found
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or directory
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or directory
vaio_ns1# mkdir /var/log/named
vaio_ns1# chown bind:bind /var/log/named

http://hazyinfo.net/wiki/index.php?FreeBSD%2FBIND9

http://www.kishiro.com/FreeBSD/bind.html

http://freebsd.server-manual.com/bind.html

https://www.dns-oarc.net/oarc/services/dnsentropy

http://www.kncn.net/FreeBSD/router/dns.html

2008-10-11 (土) 07:48:16

備忘録

Base System:FreeBSD

1. FreeBSD 6.2Rのインストール
   1. portupgrade のインストール
   2. ports collection の更新
   3. sudo のインストール
   4. portaudit のインストール
   5. 時刻同期
   6. screen
2. Tips
   1. portsのインストールオプションの解除・確認・設定
   2. 起動メニュー待ち時間
   3. コンテンツの一括凍結

edit

http://piano2nd.smb.net/webalizer/

https://piano2nd.smb.net/PukiWiki/

https://www.smb.net/PukiWiki/

最新の60件

edit

2008-10-11 (土) 07:48:16