|[[FrontPage]]|[[BIND 1]]|[[BIND 2]]|[[BIND 3]]| #contents *bind9-9.3.5.2 [#g5d1f945] #portinstall dns/bind9 %%portでBIND9をインストールすると、もともと有った/etc/namedb -> /var/named/etc/namedb へのリンクが無くなる場合がります。%% &ref(BIND9_Conf.gif);オプション指定で、もともとのBINDを入れ替えることにする。 #clear ************************************************************************* * If you are running BIND 9 in a chroot environment, make * * sure that there is a /dev/random device in the chroot. * * * * BIND 9 also requires configuration of rndc, including a * * "secret" key. The easiest, and most secure way to configure * * rndc is to run 'rndc-confgen -a' to generate the proper conf * * file, with a new random key, and appropriate file permissions. * * * * The /etc/rc.d/named script in the base will do both for you. * * * ===> Compressing manual pages for bind9-9.3.5.2 ===> Registering installation for bind9-9.3.5.2 ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/sbin/named /usr/local/sbin/rndc-confgen /usr/local/bin/host /usr/local/sbin/dnssec-signzone /usr/local/bin/nsupdate /usr/local/sbin/rndc /usr/local/sbin/lwresd /usr/local/bin/dig /usr/local/sbin/dnssec-keygen /usr/local/sbin/named-checkzone /usr/local/sbin/named-checkconf /usr/local/bin/nslookup # cd /etc/namedb/ # rndc-confgen -a wrote key file "/etc/namedb/rndc.key" # cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf ***rndc設定 [#x29b7bac] # mv /etc/namedb/named.conf /etc/namedb/named.conf.org # rndc-confgen -a wrote key file "/etc/namedb/rndc.key" # cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf # cat /etc/namedb/rndc.key > /etc/namedb/named.conf # rm /etc/namedb/rndc.key # vi /etc/namedb/rndc.conf key "rndc-key" { algorithm hmac-md5; secret "xxxxxxxxxxxxxxxxxxxxxxxx"; }; ↓最終行に下記を記入 options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; Server 127.0.0.1 { key "rndc-key"; }; # chmod 400 /etc/namedb/rndc.conf # chmod 600 /etc/namedb/named.conf # chown bind:wheel /etc/namedb/named.conf ***named.conf編集 [#ccacfdb2] # vi /etc/namedb/named.conf key "rndc-key" { algorithm hmac-md5; secret "xxxxxxxxxxxxxxxxxxxxxxxx"; }; ↓最終行に下記を記入 controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { version "unknown"; directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; listen-on-v6 { none; }; listen-on { localhost; localnets; }; allow-query { localhost; localnets; }; allow-recursion { localhost; localnets; }; allow-transfer { localhost; localnets; }; forwarders { xxx.xxx.xxx.xx1; xxx.xxx.xxx.xx2; }; }; view "internal"{ match-clients { localnets; }; recursion yes; zone "." IN { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa" { type master; file "0.0.127.in-addr.arpa"; }; zone "3.168.192.in-addr.arpa" { type master; file "3.168.192.in-addr.arpa"; }; zone "freebsd.orz" { type master; file "freebsd.orz.local"; }; }; ※黄色い部分は環境に合わせて変更してください。~ ※xxx.xxx.xxx.xx1 はプロバイダのプライマリDNSサーバーのIPアドレスです。~ ※xxx.xxx.xxx.xx2 はプロバイダのセカンダリDNSサーバーのIPアドレスです。~ ***named.conf編集 (固定IPの場合) [#h1028d28] # vi /etc/namedb/named.conf ↓最終行に下記を記入 view "external"{ match-clients { any; }; recursion no; zone "freebsd.orz" { type master; file "freebsd.orz.zone"; allow-transfer { yyy.yyy.yyy.yyy; }; }; }; ※黄色い部分は環境に合わせて変更してください~ ※yyy.yyy.yyy.yyy はセカンダリDNSサーバーのIPアドレスです。 ***localhost逆引き [#ubfa6c88] # vi /etc/namedb/0.0.127.in-addr.arpa ↓下記を記入 $TTL 86400 @ IN SOA ns1.freebsd.orz. root.freebsd.orz. ( 2007052900 ;Serial 28800 ;Refresh 7200 ;Retry 604800 ;Expire 86400 ;Minimum ) IN NS ns1.freebsd.orz. 1 IN PTR localhost. ※黄色い部分は環境に合わせて変更してください。 ***内部正引き [#dfc20194] # vi /etc/namedb/freebsd.orz.local ↓下記を記入 $TTL 86400 @ IN SOA ns1.freebsd.orz. root.freebsd.orz. ( 2007052900 ;Serial 28800 ;Refresh 7200 ;Retry 604800 ;Expire 86400 ;Minimum ) IN NS ns1.freebsd.orz. IN MX 10 mail.freebsd.orz. @ IN A 192.168.3.10 * IN A 192.168.3.10 mail IN A 192.168.3.10 ***内部逆引き [#ia4bef52] # vi /etc/namedb/3.168.192.in-addr.arpa ↓下記を記入 $TTL 86400 @ IN SOA ns1.freebsd.orz. root.freebsd.orz. ( 2007052900 ;Serial 28800 ;Refresh 7200 ;Retry 604800 ;Expire 86400 ;Minimum ) IN NS freebsd.orz. 10 IN PTR freebsd.orz. ***外部正引き (固定IPの場合) [#dc32c08e] # vi /etc/namedb/freebsd.orz.zone ↓下記を記入 $TTL 86400 @ IN SOA ns1.freebsd.orz. root.freebsd.orz. ( 2007052900 ;Serial 28800 ;Refresh 7200 ;Retry 604800 ;Expire 86400 ;Minimum ) IN NS ns1.freebsd.orz. IN MX 10 mail.freebsd.orz. @ IN A zzz.zzz.zzz.zzz * IN A zzz.zzz.zzz.zzz mail IN A zzz.zzz.zzz.zzz freebsd.orz. IN TXT "v=spf1 a mx ~all" ***ルートゾーン最新化 [#gebedcee] # dig . ns @128.63.2.53 > /etc/namedb/named.ca ***resolv.conf編集 [#k39434c2] # echo 'nameserver 127.0.0.1' > /etc/resolv.conf ***BIND起動 [#o6fb6ff3] # vi /etc/rc.conf named_enable="YES" ←追加(named起動) # /etc/rc.d/named start **Bind [#f989fb97] Oct 8 07:05:37 vaio_ns1 kernel: Oct 8 07:05:37 vaio_ns1 named[1075]: isc_log_open '/var/log/named/named.log' failed: file not found vaio_ns1# touch /var/log/named/update.log touch: /var/log/named/update.log: No such file or directory vaio_ns1# touch /var/log/named/update.log touch: /var/log/named/update.log: No such file or directory vaio_ns1# mkdir /var/log/named vaio_ns1# chown bind:bind /var/log/named http://hazyinfo.net/wiki/index.php?FreeBSD%2FBIND9 http://www.kishiro.com/FreeBSD/bind.html http://freebsd.server-manual.com/bind.html https://www.dns-oarc.net/oarc/services/dnsentropy ---- #counter([total|today|yesterday]); &lastmod; ----