|[[FrontPage]]|[[BIND 1]]|[[BIND 2]]|[[BIND 3]]|
#contents
*bind9-9.3.5.2 [#g5d1f945]
#portinstall dns/bind9
%%portでBIND9をインストールすると、もともと有った/etc/namedb -> /var/named/etc/namedb へのリンクが無くなる場合がります。%%
&ref(BIND9_Conf.gif);オプション指定で、もともとのBINDを入れ替えることにする。
#clear
*************************************************************************
* If you are running BIND 9 in a chroot environment, make *
* sure that there is a /dev/random device in the chroot. *
* *
* BIND 9 also requires configuration of rndc, including a *
* "secret" key. The easiest, and most secure way to configure *
* rndc is to run 'rndc-confgen -a' to generate the proper conf *
* file, with a new random key, and appropriate file permissions. *
* *
* The /etc/rc.d/named script in the base will do both for you. *
* *
===> Compressing manual pages for bind9-9.3.5.2
===> Registering installation for bind9-9.3.5.2
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/named
/usr/local/sbin/rndc-confgen
/usr/local/bin/host
/usr/local/sbin/dnssec-signzone
/usr/local/bin/nsupdate
/usr/local/sbin/rndc
/usr/local/sbin/lwresd
/usr/local/bin/dig
/usr/local/sbin/dnssec-keygen
/usr/local/sbin/named-checkzone
/usr/local/sbin/named-checkconf
/usr/local/bin/nslookup
# cd /etc/namedb/
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
***rndc設定 [#x29b7bac]
# mv /etc/namedb/named.conf /etc/namedb/named.conf.org
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
# cat /etc/namedb/rndc.key > /etc/namedb/named.conf
# rm /etc/namedb/rndc.key
# vi /etc/namedb/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Server 127.0.0.1 {
key "rndc-key";
};
# chmod 400 /etc/namedb/rndc.conf
# chmod 600 /etc/namedb/named.conf
# chown bind:wheel /etc/namedb/named.conf
***named.conf編集 [#ccacfdb2]
# vi /etc/namedb/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
version "unknown";
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on-v6 { none; };
listen-on { localhost; localnets; };
allow-query { localhost; localnets; };
allow-recursion { localhost; localnets; };
allow-transfer { localhost; localnets; };
forwarders { xxx.xxx.xxx.xx1; xxx.xxx.xxx.xx2; };
};
view "internal"{
match-clients { localnets; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa";
};
zone "3.168.192.in-addr.arpa" {
type master;
file "3.168.192.in-addr.arpa";
};
zone "freebsd.orz" {
type master;
file "freebsd.orz.local";
};
};
※黄色い部分は環境に合わせて変更してください。~
※xxx.xxx.xxx.xx1 はプロバイダのプライマリDNSサーバーのIPアドレスです。~
※xxx.xxx.xxx.xx2 はプロバイダのセカンダリDNSサーバーのIPアドレスです。~
***named.conf編集 (固定IPの場合) [#h1028d28]
# vi /etc/namedb/named.conf
↓最終行に下記を記入
view "external"{
match-clients { any; };
recursion no;
zone "freebsd.orz" {
type master;
file "freebsd.orz.zone";
allow-transfer { yyy.yyy.yyy.yyy; };
};
};
※黄色い部分は環境に合わせて変更してください~
※yyy.yyy.yyy.yyy はセカンダリDNSサーバーのIPアドレスです。
***localhost逆引き [#ubfa6c88]
# vi /etc/namedb/0.0.127.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
1 IN PTR localhost.
※黄色い部分は環境に合わせて変更してください。
***内部正引き [#dfc20194]
# vi /etc/namedb/freebsd.orz.local
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
IN MX 10 mail.freebsd.orz.
@ IN A 192.168.3.10
* IN A 192.168.3.10
mail IN A 192.168.3.10
***内部逆引き [#ia4bef52]
# vi /etc/namedb/3.168.192.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS freebsd.orz.
10 IN PTR freebsd.orz.
***外部正引き (固定IPの場合) [#dc32c08e]
# vi /etc/namedb/freebsd.orz.zone
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
IN MX 10 mail.freebsd.orz.
@ IN A zzz.zzz.zzz.zzz
* IN A zzz.zzz.zzz.zzz
mail IN A zzz.zzz.zzz.zzz
freebsd.orz. IN TXT "v=spf1 a mx ~all"
***ルートゾーン最新化 [#gebedcee]
# dig . ns @128.63.2.53 > /etc/namedb/named.ca
***resolv.conf編集 [#k39434c2]
# echo 'nameserver 127.0.0.1' > /etc/resolv.conf
***BIND起動 [#o6fb6ff3]
# vi /etc/rc.conf
named_enable="YES" ←追加(named起動)
# /etc/rc.d/named start
**Bind [#f989fb97]
Oct 8 07:05:37 vaio_ns1 kernel: Oct 8 07:05:37 vaio_ns1 named[1075]: isc_log_open '/var/log/named/named.log' failed: file not found
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or directory
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or directory
vaio_ns1# mkdir /var/log/named
vaio_ns1# chown bind:bind /var/log/named
http://hazyinfo.net/wiki/index.php?FreeBSD%2FBIND9
http://www.kishiro.com/FreeBSD/bind.html
http://freebsd.server-manual.com/bind.html
https://www.dns-oarc.net/oarc/services/dnsentropy
----
#counter([total|today|yesterday]);
&lastmod;
----
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
