|[[FrontPage]]|[[BIND 1]]|[[BIND 2]]|[[BIND 3]]|
#contents
*bind9-9.3.5.2で、外向きのDNSを作成するメモ [#o4ba1029]
#portinstall dns/bind9
&ref(BIND9_Conf.gif);オプション指定で、OS付属?のBINDを入れ替えることにする。
**rndcの設定 [#n4f2086d]
***rndc用のキーを作る [#q03490d6]
# cd /etc/namedb/
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
***rndcの設定 [#p865b25c]
# mv /etc/namedb/named.conf /etc/namedb/named.conf.org
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
# cat /etc/namedb/rndc.key > /etc/namedb/named.conf
# rm /etc/namedb/rndc.key
# vi /etc/namedb/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Server 127.0.0.1 {
key "rndc-key";
};
# chmod 400 /etc/namedb/rndc.conf
# chmod 600 /etc/namedb/named.conf
# chown bind:wheel /etc/namedb/named.conf
**named.conf編集 [#td0e82c5]
***named.conf編集 [#k5deb086]
# vi /etc/namedb/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓続きに下記を記入
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
version "unknown";
directory "/etc/namedb";
// forward only; // スレーブ DNSにする場合コメントアウト
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on-v6 { none; };
// listen-on { localhost; localnets; };
// allow-query { localhost; localnets; };
allow-recursion { localhost; localnets; };
allow-transfer { localhost; localnets; };
// forwarders { xxx.xxx.xxx.xx1; xxx.xxx.xxx.xx2; };// 利用できる上位 DNSサーバを指定
};
view "external"{
match-clients { any; };
recursion no;
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa";
};
zone "kuji-clinic.net" {
type master;
file "kuji-clinic.net.zone";
notify yes;
// allow-transfer { yyy.yyy.yyy.yyy; }; //セカンダリDNSサーバーのIPアドレスです。
};
zone "208h.122.255.210.in-addr.arpa" in {
type master;
file "kuji-clinic.net.rev";
};
};
**ゾーンファイル・逆引きファイルの設定 [#mea98dad]
***localhost逆引き [#o26bc4c0]
# vi /etc/namedb/0.0.127.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.kuji-clinic.net. root.kuji-clinic.net. (
@ IN SOA ns.kuji-clinic.net. root.kuji-clinic.net. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.kuji-clinic.net.
IN NS ns.kuji-clinic.net.
1 IN PTR localhost.
***外部正引き (固定IPの場合) [#qed4d02c]
# vi /etc/namedb/freebsd.orz.zone
↓下記を記入
$TTL 86400 ; 1 day
@ IN SOA ns.kuji-clinic.net. root.kuji-clinic.net. (
2008100303 ; Serial
3600 ;refresh (1houre)
900 ;retry (15min)
3600000 ; expire (1 week)
3600 ; minimum (1 day)
)
IN NS ns1.kuji-clinic.net.
IN NS ns.kuji-clinic.net.
IN NS ns3.smb.net.
IN MX 10 mail.kuji-clinic.net.
kuji-clinic.net. IN TXT "v=spf1 a mx ~all"
IN MX 150 210.255.122.222.
IN MX 200 mail.smb.net.
; IN PTR kuji-clinic.net.
localhost IN A 127.0.0.1
;
;Network 210.255.122.208
gw IN A 210.255.122.209
ns IN A 210.255.122.210
ns1 IN A 210.255.122.211
;
k212 IN A 210.255.122.212
k213 IN A 210.255.122.213
k214 IN A 210.255.122.214
k215 IN A 210.255.122.215
k216 IN A 210.255.122.216
k217 IN A 210.255.122.217
k218 IN A 210.255.122.218
k219 IN A 210.255.122.219
k220 IN A 210.255.122.220
;tfc.thousand-winds.jp IN A 210.255.122.221
k221 IN A 210.255.122.221
k222 IN A 210.255.122.222
;Broadcast 210.255.122.223
; aliases
;
mail IN CNAME k213.kuji-clinic.net.
www IN CNAME k213.kuji-clinic.net.
**外部逆引きファイル [#vab5555a]
; XXXXXXXXXXX Serial No.is not DATE XXXXXXXXX
; file "kuji-clinic.net.rev"
;
$TTL 86400
@ IN SOA ns.kuji-clinic.net. hostmaster.kuji-clinic.net. (
2008091702 ; Serial
10800
3600
604800
86400 )
IN NS ns.kuji-clinic.net.
IN NS ns3.smb.net.
; IN NS ns2.uic.net.
; IN NS ns1.stnet.ad.jp.
;
; IN PTR kuji-clinic.net.
IN A 255.255.255.240
;kuji-clinic.net.
;208 IN PTR kuji-clinic.net.
209 IN PTR gw.kuji-clinic.net.
210 IN PTR ns.kuji-clinic.net.
211 IN PTR ns1.kuji-clinic.net.
212 IN PTR k212.kuji-clinic.net.
213 IN PTR k213.kuji-clinic.net.
214 IN PTR k214.kuji-clinic.net.
215 IN PTR k215.kuji-clinic.net.
216 IN PTR k216.kuji-clinic.net.
217 IN PTR k217.kuji-clinic.net.
218 IN PTR k218.kuji-clinic.net.
219 IN PTR k219.kuji-clinic.net.
220 IN PTR k220.kuji-clinic.net.
221 IN PTR k221.kuji-clinic.net.
222 IN PTR k222.kuji-clinic.net.
;223 for broadchast
;END OF FILE
**TIPs [#v4cd43fa]
***ルートゾーン最新化 [#x053be63]
# dig . ns @128.63.2.53 > /etc/namedb/named.ca
***vi /etc/resolv.conf [#wb77038d]
domain kuji-clinic.net
nameserver 210.255.122.211
nameserver 210.255.122.210
nameserver 127.0.0.1
***BIND起動 [#z827f684]
# vi /etc/rc.conf
named_enable="YES" ←追加(named起動)
# /etc/rc.d/named start
**Junk [#h316ee2f]
Oct 8 07:05:37 vaio_ns1 kernel: Oct 8 07:05:37 vaio_ns1 named[1075]: isc_log_open '/var/log/named/named.log' failed: file not found
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or directory
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or directory
vaio_ns1# mkdir /var/log/named
vaio_ns1# chown bind:bind /var/log/named
http://hazyinfo.net/wiki/index.php?FreeBSD%2FBIND9
http://www.kishiro.com/FreeBSD/bind.html
http://freebsd.server-manual.com/bind.html
https://www.dns-oarc.net/oarc/services/dnsentropy
http://www.kncn.net/FreeBSD/router/dns.html
----
#counter([total|today|yesterday]);
&lastmod;
----
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
