Last active
August 29, 2015 14:14
-
-
Save na0AaooQ/fc3cd6007701b640a1f8 to your computer and use it in GitHub Desktop.
DNSサーバ構築手順(ソースからBIND 9.10.1-P1をインストール + 内部向け権威DNSサーバ構築) ref: http://qiita.com/na0AaooQ/items/9ed548dd6db2a0c911c4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$TTL 3600 ; 1 hour | |
@ IN SOA ns1.test.example.com. postmaster.test.example.com. ( | |
2015012904 ; serial | |
3600 ; refresh (1 hour) | |
1200 ; retry (20 min.) | |
1209600 ; expire (2 weeks) | |
900 ; minimum (15 min.) | |
) | |
@ IN NS ns1.test.example.com. | |
@ IN NS ns2.test.example.com. | |
6 IN PTR ns1.test.example.com. | |
7 IN PTR ns2.test.example.com. | |
8 IN PTR mail.test.example.com. | |
9 IN PTR host1.test.example.com. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# cp -p /etc/sysconfig/network /etc/sysconfig/network.ORG | |
# | |
# sed -i 's/^HOSTNAME=localhost.localdomain/HOSTNAME=dns-bind-server/' /etc/sysconfig/network |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# cat /etc/sysconfig/network | |
NETWORKING=yes | |
HOSTNAME=dns-bind-server | |
NOZEROCONF=yes | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server bind-9.10.1-P1]# ll /var/named | |
ls: cannot access /var/named: No such file or directory | |
[root@dns-bind-server bind-9.10.1-P1]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# date | |
Wed Feb 4 22:28:14 JST 2015 | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# tail -1 /var/named/chroot/var/log/query.log | |
04-Feb-2015 13:28:35.565 queries: info: client XXX.XXX.XX.XXX#17428 (web-001.aokinao.asia): query: host1.test.example.com IN AAAA -EDC (XXX.XX.XX.XXX) | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/etc/localtime | |
ls: cannot access /var/named/chroot/etc/localtime: No such file or directory | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# cp -p /etc/localtime /var/named/chroot/etc/ | |
[root@dns-bind-server ~]# diff /etc/localtime /var/named/chroot/etc/localtime | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# tail -1 /var/named/chroot/var/log/query.log | |
04-Feb-2015 22:33:01.035 queries: info: client XXX.XXX.XX.XXX#17428 (web-001.aokinao.asia): query: host1.test.example.com IN AAAA -EDC (XXX.XX.XX.XXX) | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ls -lrta /var/log/named | |
ls: cannot access /var/log/named: No such file or directory | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ln -s /var/named/chroot/var/log /var/log/named | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ls -lrta /var/log/named | |
lrwxrwxrwx. 1 root root 25 Feb 4 22:53 /var/log/named -> /var/named/chroot/var/log | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ls -lrta /var/log/named/*log | |
-rw-r--r--. 1 bind bind 171096 Feb 4 XX:XX /var/log/named/alert.log | |
-rw-r--r--. 1 bind bind 197309 Feb 4 XX:XX /var/log/named/query.log | |
-rw-r--r--. 1 bind bind 5591 Feb 4 XX:XX /var/log/named/named.log | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# tail -f /var/log/named/*log | |
==> /var/named/chroot/var/log/query.log <== | |
04-Feb-2015 22:56:22.XXX queries: info: client XXX.XXX.XX.XXX#7766 (XXXXXXXXXXX): query: XXXXXXXXXX IN SOA -E (XXX.XXX.XX.XXX) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# curl --location-trusted http://www.openresolver.jp/cli/check.html | |
Configured DNS server: [NOT open] XXX.XXX.XXX.XXX(**********************) | |
Source IP address: [NOT open] XXX.XXX.XXX.XXX(**********************) | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# dig -x dig +short porttest.dns-oarc.net TXT | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# dig +short txidtest.dns-oarc.net TXT | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server bind-9.10.1-P1]# pwd | |
/usr/local/src/bind-9.10.1-P1 | |
[root@dns-bind-server bind-9.10.1-P1]# ./configure --prefix=/var/named/chroot --enable-threads --with-openssl=yes --enable-openssl-version-check --disable-ipv6 | |
[root@dns-bind-server bind-9.10.1-P1]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server bind-9.10.1-P1]# pwd | |
/usr/local/src/bind-9.10.1-P1 | |
[root@dns-bind-server bind-9.10.1-P1]# make | |
[root@dns-bind-server bind-9.10.1-P1]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server bind-9.10.1-P1]# pwd | |
/usr/local/src/bind-9.10.1-P1 | |
[root@dns-bind-server bind-9.10.1-P1]# ll bin/tests/system/ifconfig.sh | |
-rwxr-xr-x. 1 10292 9901 5760 Nov 21 08:56 bin/tests/system/ifconfig.sh | |
[root@dns-bind-server bind-9.10.1-P1]# | |
[root@dns-bind-server bind-9.10.1-P1]# bin/tests/system/ifconfig.sh up | |
[root@dns-bind-server bind-9.10.1-P1]# | |
[root@dns-bind-server bind-9.10.1-P1]# pwd | |
/usr/local/src/bind-9.10.1-P1 | |
[root@dns-bind-server bind-9.10.1-P1]# make test | |
(長いので途中省略) | |
I:System test result summary: | |
I: 44 FAIL | |
I: X PASS | |
I: X SKIPPED |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server bind-9.10.1-P1]# chown -R root /usr/local/src/bind-9.10.1-P1 | |
[root@dns-bind-server bind-9.10.1-P1]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server bind-9.10.1-P1]# pwd | |
/usr/local/src/bind-9.10.1-P1 | |
[root@dns-bind-server bind-9.10.1-P1]# make test | |
(長いので途中省略) | |
I:exit status: 0 | |
R:PASS | |
E:zonechecks:Fri Jan 29 XX:XX:XX JST 2015 | |
I:System test result summary: | |
I: 63 PASS | |
I: 6 SKIPPED | |
make[3]: Leaving directory `/usr/local/src/bind-9.10.1-P1/bin/tests/system' | |
make[2]: Leaving directory `/usr/local/src/bind-9.10.1-P1/bin/tests' | |
make[1]: Leaving directory `/usr/local/src/bind-9.10.1-P1' | |
[root@dns-bind-server bind-9.10.1-P1]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server bind-9.10.1-P1]# pwd | |
/usr/local/src/bind-9.10.1-P1 | |
[root@dns-bind-server bind-9.10.1-P1]# make install | |
(長いので途中省略) | |
ln /var/named/chroot/share/man/man1/isc-config.sh.1 /var/named/chroot/share/man/man1/bind9-config.1 | |
/usr/bin/install -c -m 644 ./bind.keys /var/named/chroot/etc | |
[root@dns-bind-server bind-9.10.1-P1]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server bind-9.10.1-P1]# ls -lrta /var/named/ | |
total 12 | |
drwxr-xr-x. 18 root root 4096 Jan 29 01:06 .. | |
drwxr-xr-x. 3 root root 4096 Jan 29 01:06 . | |
drwxr-xr-x. 9 root root 4096 Jan 29 01:22 chroot | |
[root@dns-bind-server bind-9.10.1-P1]# | |
[root@dns-bind-server bind-9.10.1-P1]# ls -lrta /var/named/chroot/ | |
total 36 | |
drwxr-xr-x. 3 root root 4096 Jan 29 01:06 var | |
drwxr-xr-x. 3 root root 4096 Jan 29 01:06 .. | |
drwxr-xr-x. 3 root root 4096 Jan 29 01:22 share | |
drwxr-xr-x. 12 root root 4096 Jan 29 01:22 include | |
drwxr-xr-x. 2 root root 4096 Jan 29 01:22 lib | |
drwxr-xr-x. 2 root root 4096 Jan 29 01:22 sbin | |
drwxr-xr-x. 9 root root 4096 Jan 29 01:22 . | |
drwxr-xr-x. 2 root root 4096 Jan 29 01:22 bin | |
drwxr-xr-x. 2 root root 4096 Jan 29 01:22 etc | |
[root@dns-bind-server bind-9.10.1-P1]# | |
[root@dns-bind-server bind-9.10.1-P1]# ls -lrta /var/named/chroot/sbin/named | |
-rwxr-xr-x. 2 root root 9974284 Jan 29 01:22 /var/named/chroot/sbin/named | |
[root@dns-bind-server bind-9.10.1-P1]# | |
[root@dns-bind-server bind-9.10.1-P1]# /var/named/chroot/sbin/named -v | |
BIND 9.10.1-P1 | |
[root@dns-bind-server bind-9.10.1-P1]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server bind-9.10.1-P1]# cd ~ | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# cp -p /etc/group /etc/group.ORG | |
[root@dns-bind-server ~]# cp -p /etc/passwd /etc/passwd.ORG | |
[root@dns-bind-server ~]# cp -p /etc/shadow /etc/shadow.ORG | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# groupadd -g 25 bind | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# useradd -u 25 -g bind -d /var/named -c "DNS BIND Named User" -s /sbin/nologin bind | |
useradd: warning: the home directory already exists. | |
Not copying any file from skel directory into it. | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yum update |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# id bind | |
uid=25(bind) gid=25(bind) groups=25(bind) | |
[root@dns-bind-server ~]# su - bind | |
This account is currently not available. | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# mkdir /var/named/chroot/dev | |
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/dev/ | |
total 8 | |
drwxr-xr-x. 10 root root 4096 Jan 29 01:39 .. | |
drwxr-xr-x. 2 root root 4096 Jan 29 01:39 . | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# mknod -m 666 /var/named/chroot/dev/null c 1 3 | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/dev/null | |
crw-rw-rw-. 1 root root 1, 3 Jan 29 01:40 /var/named/chroot/dev/null | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# mknod -m 666 /var/named/chroot/dev/random c 1 8 | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /var/named/chroot/sbin/rndc-confgen -a | |
wrote key file "/var/named/chroot/etc/rndc.key" | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /var/named/chroot/etc/rndc.key | |
key "rndc-key" { | |
algorithm hmac-md5; | |
secret "XXXXXXXXXXXXXXXXXXXXX"; | |
}; | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/sbin/rndc | |
-rwxr-xr-x. 1 root root 1452030 Jan 29 01:22 /var/named/chroot/sbin/rndc | |
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/sbin/named-checkconf | |
-rwxr-xr-x. 1 root root 7450523 Jan 29 01:22 /var/named/chroot/sbin/named-checkconf | |
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/sbin/named-checkzone | |
-rwxr-xr-x. 1 root root 7088076 Jan 29 01:22 /var/named/chroot/sbin/named-checkzone | |
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/bin/dig | |
-rwxr-xr-x. 1 root root 7556449 Jan 29 01:22 /var/named/chroot/bin/dig | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ll /usr/local/sbin/rndc | |
ls: cannot access /usr/local/sbin/rndc: No such file or directory | |
[root@dns-bind-server ~]# ll /usr/local/sbin/*named* | |
ls: cannot access /usr/local/sbin/*named*: No such file or directory | |
[root@dns-bind-server ~]# ll /usr/local/bin/dig | |
ls: cannot access /usr/local/bin/dig: No such file or directory | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ln -s /var/named/chroot/sbin/rndc /usr/local/sbin/rndc | |
[root@dns-bind-server ~]# ln -s /var/named/chroot/sbin/named-checkconf /usr/local/sbin/named-checkconf | |
[root@dns-bind-server ~]# ln -s /var/named/chroot/sbin/named-checkzone /usr/local/sbin/named-checkzone | |
[root@dns-bind-server ~]# ln -s /var/named/chroot/bin/dig /usr/local/bin/dig | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/var/ | |
total 12 | |
drwxr-xr-x. 3 root root 4096 Jan 29 01:06 run | |
drwxr-xr-x. 3 root root 4096 Jan 29 01:06 . | |
drwxr-xr-x. 10 root root 4096 Jan 29 01:39 .. | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# mkdir /var/named/chroot/var/named | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# dig @a.root-servers.net . ns > /var/named/chroot/var/named/named.root | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/var/named/named.root | |
-rw-r--r--. 1 root root 2196 Jan 29 01:47 /var/named/chroot/var/named/named.root | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone . /var/named/chroot/var/named/named.root | |
zone ./IN: has 0 SOA records | |
zone ./IN: not loaded due to errors. | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# mkdir /var/named/chroot/data | |
[root@dns-bind-server ~]# mkdir /var/named/chroot/var/log | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ll /var/named/chroot/etc/named.conf | |
ls: cannot access /var/named/chroot/etc/named.conf: No such file or directory | |
[root@dns-bind-server ~]# vi /var/named/chroot/etc/named.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /var/named/chroot/etc/named.conf | |
Controls { | |
inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; | |
}; | |
include "/etc/rndc.key"; | |
acl "internal-network" { | |
localhost; | |
127.0.0.1/32; | |
198.51.100.10/32; | |
198.51.100.11/32; | |
198.51.100.100/32; | |
198.51.100.101/32; | |
}; | |
options { | |
version "unknown"; | |
hostname "ns1.test.example.com"; | |
// /var/named/chrootを基点としてパスを指定する | |
// /var/named/chroot/var/named のようなパスを指定する場合は/var/namedと指定する。 | |
directory "/var/named"; | |
dump-file "/data/cache_dump.db"; | |
statistics-file "/data/named_status.dat"; | |
pid-file "/var/run/named/named.pid"; | |
// DNS名前解決要求を受け付けるネットワークやマシンを制限する。 | |
// オープンリゾルバにしないよう制限をかける。 | |
listen-on port 53 { | |
internal-network; | |
}; | |
allow-query { internal-network; }; | |
// 権威DNSサーバとして構築する場合は再帰検索は受け付けないよう制限する | |
recursion no; | |
allow-recursion { none; }; | |
// recursion yes; | |
// allow-recursion { 127.0.0.1; }; | |
notify yes; | |
max-transfer-time-in 60; | |
transfer-format many-answers; | |
transfers-in 10; | |
transfers-per-ns 2; | |
allow-transfer { none; }; | |
allow-update { none; }; | |
}; | |
logging { | |
channel "log_default"{ | |
file "/var/log/named.log" versions 5 size 5m; | |
print-time yes; | |
severity info; | |
print-category yes; | |
}; | |
channel "alert" { | |
file "/var/log/alert.log" versions 8 size 4m; | |
severity info; | |
print-time yes; | |
print-severity yes; | |
print-category yes; | |
}; | |
channel "query" { | |
file "/var/log/query.log" versions 8 size 50m; | |
severity debug; | |
print-time yes; | |
print-severity yes; | |
print-category yes; | |
}; | |
category default {"log_default";}; | |
category security {"alert";}; | |
category queries {"query";}; | |
category lame-servers { null; }; | |
}; | |
zone "." IN { | |
type hint; | |
file "named.root"; | |
}; | |
zone "test.example.com" IN { | |
type master; | |
file "test.example.com.zone"; | |
notify yes; | |
also-notify { | |
198.51.100.100; | |
198.51.100.101; | |
}; | |
allow-update { none; }; | |
}; | |
zone "100.51.192.in-addr.arpa." IN { | |
type master; | |
file "100.51.192.in-addr.arpa.rev"; | |
notify yes; | |
also-notify { | |
198.51.100.100; | |
198.51.100.101; | |
}; | |
allow-update { none; }; | |
}; | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yum -y install gcc | |
# yum -y install make | |
# yum -y install perl-Net-DNS | |
# yum -y install openssl-devel |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /var/named/chroot/etc/named.conf | |
Controls { | |
inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; | |
}; | |
include "/etc/rndc.key"; | |
acl "internal-network" { | |
localhost; | |
127.0.0.1/32; | |
198.51.100.10/32; | |
198.51.100.11/32; | |
198.51.100.100/32; | |
198.51.100.101/32; | |
}; | |
options { | |
version "unknown"; | |
hostname "ns1.test.example.com"; | |
// /var/named/chrootを基点としてパスを指定する | |
// /var/named/chroot/var/named のようなパスを指定する場合は/var/namedと指定する。 | |
directory "/var/named"; | |
dump-file "/data/cache_dump.db"; | |
statistics-file "/data/named_status.dat"; | |
pid-file "/var/run/named/named.pid"; | |
// DNS名前解決要求を受け付けるネットワークやマシンを制限する。 | |
// オープンリゾルバにしないよう制限をかける。 | |
listen-on port 53 { | |
internal-network; | |
}; | |
allow-query { internal-network; }; | |
// 権威DNSサーバとして構築する場合は再帰検索は受け付けないよう制限する | |
recursion no; | |
allow-recursion { none; }; | |
// recursion yes; | |
// allow-recursion { 127.0.0.1; }; | |
notify yes; | |
max-transfer-time-in 60; | |
transfer-format many-answers; | |
transfers-in 10; | |
transfers-per-ns 2; | |
allow-transfer { none; }; | |
allow-update { none; }; | |
}; | |
logging { | |
channel "log_default"{ | |
file "/var/log/named.log" versions 5 size 5m; | |
print-time yes; | |
severity info; | |
print-category yes; | |
}; | |
channel "alert" { | |
file "/var/log/alert.log" versions 8 size 4m; | |
severity info; | |
print-time yes; | |
print-severity yes; | |
print-category yes; | |
}; | |
channel "query" { | |
file "/var/log/query.log" versions 8 size 50m; | |
severity debug; | |
print-time yes; | |
print-severity yes; | |
print-category yes; | |
}; | |
category default {"log_default";}; | |
category security {"alert";}; | |
category queries {"query";}; | |
category lame-servers { null; }; | |
}; | |
zone "." IN { | |
type hint; | |
file "named.root"; | |
}; | |
zone "test.example.com." IN { | |
type master; | |
file "test.example.com.zone"; | |
notify yes; | |
also-notify { | |
198.51.100.100; | |
198.51.100.101; | |
}; | |
allow-update { none; }; | |
}; | |
zone "100.51.192.in-addr.arpa." IN { | |
type master; | |
file "100.51.192.in-addr.arpa.rev"; | |
notify yes; | |
also-notify { | |
198.51.100.100; | |
198.51.100.101; | |
}; | |
allow-update { none; }; | |
}; | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ll /var/named/chroot/etc/rndc.key | |
-rw-------. 1 bind bind 77 Jan 29 01:41 /var/named/chroot/etc/rndc.key | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ln -s /var/named/chroot/etc/rndc.key /etc/rndc.key | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ll /etc/rndc.key | |
lrwxrwxrwx. 1 root root 30 Jan 29 XX:XX /etc/rndc.key -> /var/named/chroot/etc/rndc.key | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ll /var/named/chroot/etc/named.conf | |
-rw-r--r--. 1 bind bind 2226 Jan 29 22:21 /var/named/chroot/etc/named.conf | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ll /etc/named.conf | |
lrwxrwxrwx. 1 root root 32 Jan 29 XX:XX /etc/named.conf -> /var/named/chroot/etc/named.conf | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ll /etc/sysconfig/named | |
ls: cannot access /etc/sysconfig/named: No such file or directory | |
[root@dns-bind-server ~]# vi /etc/sysconfig/named |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ROOTDIR=/var/named/chroot | |
OPTIONS=-4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /etc/sysconfig/named | |
ROOTDIR=/var/named/chroot | |
OPTIONS=-4 | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ll /etc/sysconfig/named | |
-rw-r--r--. 1 root root 37 Jan 29 XX:XX /etc/sysconfig/named | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /usr/local/sbin/named-checkconf /var/named/chroot/etc/named.conf | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# vi /var/named/chroot/var/named/test.example.com.zone |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /var/named/chroot/var/named/test.example.com.zone | |
$ORIGIN test.example.com. | |
$TTL 3600 ; 1 hour | |
@ IN SOA ns1.test.example.com. postmaster.test.example.com. ( | |
2015012902 ; serial | |
3600 ; refresh (1 hour) | |
1200 ; retry (20 min.) | |
1209600 ; expire (2 weeks) | |
900 ; minimum (15 min.) | |
) | |
@ IN NS ns1.test.example.com. | |
@ IN NS ns2.test.example.com. | |
@ IN MX 10 mail.test.example.com. | |
@ IN TXT "v=spf1 mx ~all" ; TXT | |
@ IN SPF "v=spf1 mx ~all" ; SPF | |
ns1 IN A 192.51.100.6 | |
ns2 IN A 192.51.100.7 | |
mail IN A 192.51.100.8 | |
host1 IN A 192.51.100.9 | |
www IN CNAME host1 | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yum -y install wget | |
# yum -y install sysstat | |
# yum -y install ntpdate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /var/named/chroot/var/named/test.example.com.zone | |
$ORIGIN test.example.com. | |
$TTL 3600 ; 1 hour | |
@ IN SOA ns1.test.example.com. postmaster.test.example.com. ( | |
2015012902 ; serial | |
3600 ; refresh (1 hour) | |
1200 ; retry (20 min.) | |
1209600 ; expire (2 weeks) | |
900 ; minimum (15 min.) | |
) | |
@ IN NS ns1.test.example.com. | |
@ IN NS ns2.test.example.com. | |
@ IN MX 10 mail.test.example.com. | |
@ IN TXT "v=spf1 mx ~all" ; TXT | |
@ IN SPF "v=spf1 mx ~all" ; SPF | |
ns1 IN A 192.51.100.6 | |
ns2 IN A 192.51.100.7 | |
mail IN A 192.51.100.8 | |
host1 IN A 192.51.100.9 | |
www IN CNAME host1 | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone test.example.com /var/named/chroot/var/named/test.example.com.zone | |
zone test.example.com/IN: loaded serial 2015012902 | |
OK | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# vi /var/named/chroot/var/named/100.51.192.in-addr.arpa.rev |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /var/named/chroot/var/named/100.51.192.in-addr.arpa.rev | |
$TTL 3600 ; 1 hour | |
@ IN SOA ns1.test.example.com. postmaster.test.example.com. ( | |
2015012904 ; serial | |
3600 ; refresh (1 hour) | |
1200 ; retry (20 min.) | |
1209600 ; expire (2 weeks) | |
900 ; minimum (15 min.) | |
) | |
@ IN NS ns1.test.example.com. | |
@ IN NS ns2.test.example.com. | |
6 IN PTR ns1.test.example.com. | |
7 IN PTR ns2.test.example.com. | |
8 IN PTR mail.test.example.com. | |
9 IN PTR host1.test.example.com. | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /var/named/chroot/var/named/100.51.192.in-addr.arpa.rev | |
$TTL 3600 ; 1 hour | |
@ IN SOA ns1.test.example.com. postmaster.test.example.com. ( | |
2015012904 ; serial | |
3600 ; refresh (1 hour) | |
1200 ; retry (20 min.) | |
1209600 ; expire (2 weeks) | |
900 ; minimum (15 min.) | |
) | |
@ IN NS ns1.test.example.com. | |
@ IN NS ns2.test.example.com. | |
6 IN PTR ns1.test.example.com. | |
7 IN PTR ns2.test.example.com. | |
8 IN PTR mail.test.example.com. | |
9 IN PTR host1.test.example.com. | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone 100.51.192 /var/named/chroot/var/named/100.51.192.in-addr.arpa.rev | |
zone 100.51.192/IN: loaded serial 2015012904 | |
OK | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# chown -R bind:bind /var/named | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cp -p /etc/resolv.conf /etc/resolv.conf.ORG | |
[root@dns-bind-server ~]# diff /etc/resolv.conf /etc/resolv.conf.ORG | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# vi /etc/resolv.conf | |
search test.example.com | |
nameserver 127.0.0.1 | |
nameserver XXX.XXX.XXX.XXX |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /etc/resolv.conf | |
search test.example.com | |
nameserver 127.0.0.1 | |
nameserver XXX.XXX.XXX.XXX | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone test.example.com /var/named/chroot/var/named/test.example.com.zone | |
zone test.example.com/IN: loaded serial 2015012902 | |
OK | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone 100.51.192 /var/named/chroot/var/named/100.51.192.in-addr.arpa.rev | |
zone 100.51.192/IN: loaded serial 2015012904 | |
OK | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# /usr/local/sbin/named-checkconf /var/named/chroot/etc/named.conf | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# rpm -qa | grep bind | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# hostname | |
dns-bind-server | |
[root@dns-bind-server ~]# id | |
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 | |
[root@dns-bind-server ~]# pwd | |
/root | |
[root@dns-bind-server ~]# chown -R bind:bind /var/named | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ps awux | grep -v grep | grep bind | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ps awux | grep -v grep | grep bind | |
bind 6673 1.5 2.7 144024 16808 ? Ssl 03:35 0:00 /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# tail /var/log/messages | |
[root@dns-bind-server ~]# tail /var/named/chroot/var/log/alert.log | |
[root@dns-bind-server ~]# tail /var/named/chroot/var/log/named.log | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cp -p /etc/sysconfig/iptables /etc/sysconfig/iptables.ORG | |
[root@dns-bind-server ~]# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.ORG | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# vi /etc/sysconfig/iptables | |
(省略) | |
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.10/32 --dport 53 -j ACCEPT → UDP53番ポート通信を許可するマシンを追加する。 | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.11/32 --dport 53 -j ACCEPT → UDP53番ポート通信を許可するマシンを追加する。 | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.100/32 --dport 53 -j ACCEPT → UDP53番ポート通信を許可するマシンを追加する。 | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.101/32 --dport 53 -j ACCEPT → UDP53番ポート通信を許可するマシンを追加する。 | |
-A INPUT -j REJECT --reject-with icmp-host-prohibited | |
-A FORWARD -j REJECT --reject-with icmp-host-prohibited | |
COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /etc/sysconfig/iptables | |
# Firewall configuration written by system-config-firewall | |
# Manual customization of this file is not recommended. | |
*filter | |
:INPUT ACCEPT [0:0] | |
:FORWARD ACCEPT [0:0] | |
:OUTPUT ACCEPT [0:0] | |
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
-A INPUT -p icmp -j ACCEPT | |
-A INPUT -i lo -j ACCEPT | |
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.10/32 --dport 53 -j ACCEPT | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.11/32 --dport 53 -j ACCEPT | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.100/32 --dport 53 -j ACCEPT | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.101/32 --dport 53 -j ACCEPT | |
-A INPUT -j REJECT --reject-with icmp-host-prohibited | |
-A FORWARD -j REJECT --reject-with icmp-host-prohibited | |
COMMIT | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.ORG | |
XX,XXdXX | |
< -A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.10/32 --dport 53 -j ACCEPT | |
< -A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.11/32 --dport 53 -j ACCEPT | |
< -A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.100/32 --dport 53 -j ACCEPT | |
< -A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.101/32 --dport 53 -j ACCEPT | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /etc/init.d/iptables restart | |
iptables: Setting chains to policy ACCEPT: filter [ OK ] | |
iptables: Flushing firewall rules: [ OK ] | |
iptables: Unloading modules: [ OK ] | |
iptables: Applying firewall rules: [ OK ] | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# iptables -L | |
Chain INPUT (policy ACCEPT) | |
target prot opt source destination | |
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | |
ACCEPT icmp -- anywhere anywhere | |
ACCEPT all -- anywhere anywhere | |
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh | |
ACCEPT udp -- 198.51.100.10 anywhere state NEW udp dpt:domain | |
ACCEPT udp -- 198.51.100.11 anywhere state NEW udp dpt:domain | |
ACCEPT udp -- 198.51.100.100 anywhere state NEW udp dpt:domain | |
ACCEPT udp -- 198.51.100.101 anywhere state NEW udp dpt:domain | |
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited | |
Chain FORWARD (policy ACCEPT) | |
target prot opt source destination | |
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited | |
Chain OUTPUT (policy ACCEPT) | |
target prot opt source destination | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# chkconfig --list | grep iptables | |
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# getenforce | |
Enforcing | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# reboot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /etc/sysconfig/selinux | |
# This file controls the state of SELinux on the system. | |
# SELINUX= can take one of these three values: | |
# enforcing - SELinux security policy is enforced. | |
# permissive - SELinux prints warnings instead of enforcing. | |
# disabled - No SELinux policy is loaded. | |
SELINUX=enforcing | |
# SELINUXTYPE= can take one of these two values: | |
# targeted - Targeted processes are protected, | |
# mls - Multi Level Security protection. | |
SELINUXTYPE=targeted | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# dig +norec www.test.example.com. @127.0.0.1 | |
; <<>> DiG 9.10.1-P1 <<>> +norec www.test.example.com. @127.0.0.1 | |
;; global options: +cmd | |
;; Got answer: | |
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64336 | |
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 | |
;; OPT PSEUDOSECTION: | |
; EDNS: version: 0, flags:; udp: 4096 | |
;; QUESTION SECTION: | |
;www.test.example.com. IN A | |
;; ANSWER SECTION: | |
www.test.example.com. 3600 IN CNAME host1.test.example.com. | |
host1.test.example.com. 3600 IN A 192.51.100.9 | |
;; AUTHORITY SECTION: | |
test.example.com. 3600 IN NS ns2.test.example.com. | |
test.example.com. 3600 IN NS ns1.test.example.com. | |
;; ADDITIONAL SECTION: | |
ns1.test.example.com. 3600 IN A 192.51.100.6 | |
ns2.test.example.com. 3600 IN A 192.51.100.7 | |
;; Query time: 0 msec | |
;; SERVER: 127.0.0.1#53(127.0.0.1) | |
;; WHEN: Thu Jan 29 04:31:08 JST 2015 | |
;; MSG SIZE rcvd: 153 | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# dig +norec -x 192.51.100.9 @127.0.0.1 | |
; <<>> DiG 9.10.1-P1 <<>> +norec -x 192.51.100.9 @127.0.0.1 | |
;; global options: +cmd | |
;; Got answer: | |
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42822 | |
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 | |
;; OPT PSEUDOSECTION: | |
; EDNS: version: 0, flags:; udp: 4096 | |
;; QUESTION SECTION: | |
;9.100.51.192.in-addr.arpa. IN PTR | |
;; ANSWER SECTION: | |
9.100.51.192.in-addr.arpa. 3600 IN PTR host1.test.example.com. | |
;; AUTHORITY SECTION: | |
100.51.192.in-addr.arpa. 3600 IN NS ns2.test.example.com. | |
100.51.192.in-addr.arpa. 3600 IN NS ns1.test.example.com. | |
;; ADDITIONAL SECTION: | |
ns1.test.example.com. 3600 IN A 192.51.100.6 | |
ns2.test.example.com. 3600 IN A 192.51.100.7 | |
;; Query time: 0 msec | |
;; SERVER: 127.0.0.1#53(127.0.0.1) | |
;; WHEN: Thu Jan 29 XX:XX:XX JST 2015 | |
;; MSG SIZE rcvd: 158 | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# dig www.yahoo.com @127.0.0.1 | |
; <<>> DiG 9.10.1-P1 <<>> www.yahoo.com @127.0.0.1 | |
;; global options: +cmd | |
;; Got answer: | |
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 64318 | |
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 | |
;; WARNING: recursion requested but not available | |
;; OPT PSEUDOSECTION: | |
; EDNS: version: 0, flags:; udp: 4096 | |
;; QUESTION SECTION: | |
;www.yahoo.com. IN A | |
;; Query time: 0 msec | |
;; SERVER: 127.0.0.1#53(127.0.0.1) | |
;; WHEN: Thu Jan 29 04:32:00 JST 2015 | |
;; MSG SIZE rcvd: 42 | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
C:\>nslookup www.test.example.com [今回構築した権威DNSサーバのIPアドレスを指定する] | |
サーバー: UnKnown | |
Address: XXX.XXX.XXX.XXX | |
名前: host1.test.example.com | |
Address: 192.51.100.9 | |
Aliases: www.test.example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
C:\>nslookup 192.51.100.9 54.64.123.138 | |
サーバー: UnKnown | |
Address: XXX.XXX.XXX.XXX | |
名前: host1.test.example.com | |
Address: 192.51.100.9 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
C:\>nslookup www.yahoo.com [今回構築した権威DNSサーバのIPアドレスを指定する] | |
サーバー: UnKnown | |
Address: XXX.XXX.XXX.XXX | |
*** UnKnown が www.yahoo.com を見つけられません: Query refused |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
bind 6673 0.0 2.7 144032 16916 ? Ssl 03:35 0:00 /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# /var/named/chroot/sbin/named -v | |
BIND 9.10.1-P1 | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# dig +noall +ans @127.0.0.1 chaos txt version.bind | |
version.bind. 0 CH TXT "unknown" | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# vi /etc/init.d/named |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# hostname | |
dns-bind-server | |
[root@dns-bind-server ~]# uname -a | |
Linux dns-bind-server 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | |
[root@dns-bind-server ~]# cat /etc/redhat-release | |
CentOS release 6.6 (Final) | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /etc/init.d/named | |
#!/bin/bash | |
# | |
# named This shell script takes care of starting and stopping | |
# named (BIND DNS server). | |
# | |
# chkconfig: 235 23 77 | |
# description: named (BIND) is a Domain Name Server (DNS) \ | |
# that is used to resolve host names to IP addresses. | |
# probe: true | |
# Source function library. | |
. /etc/rc.d/init.d/functions | |
# Source networking configuration. | |
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network | |
RETVAL=0 | |
prog="named" | |
named_user="bind" | |
named_conf="/etc/named.conf" | |
# Check that networking is up. | |
[ "${NETWORKING}" = "no" ] && exit 1 | |
[ -r /etc/sysconfig/named ] && . /etc/sysconfig/named | |
[ -x ${ROOTDIR}/sbin/named ] || exit 1 | |
[ -r ${named_conf} ] || exit 1 | |
PATH=$PATH:/usr/local/sbin | |
start() { | |
# Start daemons. | |
echo -n $"Starting $prog: " | |
if [ -n "`/sbin/pidof named`" ]; then | |
echo -n $"$prog: already running" | |
failure | |
echo | |
return 1 | |
fi | |
ckcf_options='-z'; | |
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then | |
OPTIONS="${OPTIONS} -t ${ROOTDIR}" | |
ckcf_options="$ckcf_options -t ${ROOTDIR}"; | |
fi | |
conf_ok=0; | |
if [ -x /usr/local/sbin/named-checkconf ] && \ | |
echo "named-checkconf $ckcf_options ${named_conf}" | |
named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then | |
conf_ok=1; | |
else | |
RETVAL=$?; | |
fi | |
if [ $conf_ok -eq 1 ]; then | |
echo "daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf}" | |
daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf}; | |
RETVAL=$?; | |
if [ $RETVAL -eq 0 ]; then | |
ln -s $ROOTDIR/var/run/named/named.pid /var/run/named.pid; | |
fi; | |
else | |
echo "named-checkconf $ckcf_options ${named_conf}" | |
named_err="`named-checkconf $ckcf_options ${named_conf} 2>&1`"; | |
echo | |
echo $"Error in named configuration"':'; | |
echo "$named_err"; | |
failure | |
echo | |
if [ -x /usr/bin/logger ]; then | |
echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed | |
fi; | |
return $RETVAL; | |
fi; | |
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named | |
echo | |
return $RETVAL | |
} | |
stop() { | |
# Stop daemons. | |
echo -n $"Stopping $prog: " | |
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1 | |
RETVAL=$? | |
if [ $RETVAL -eq 0 ]; then | |
rm -f /var/lock/subsys/named | |
rm -f /var/run/named.pid | |
elif pidof named >/dev/null; then | |
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1 | |
RETVAL=$? | |
if [ $RETVAL -eq 0 ]; then | |
rm -f /var/lock/subsys/named | |
rm -f /var/run/named.pid | |
fi; | |
fi; | |
if [ $RETVAL -eq 0 ]; then | |
success | |
else | |
failure | |
fi; | |
echo | |
return $RETVAL | |
} | |
rhstatus() { | |
rndc status | |
return $? | |
} | |
restart() { | |
stop | |
sleep 2 | |
start | |
} | |
reload() { | |
echo -n $"Reloading $prog: " | |
p=`/sbin/pidof -o %PPID named` | |
RETVAL=$? | |
if [ "$RETVAL" -eq 0 ]; then | |
rndc reload >/dev/null 2>&1 || /usr/bin/kill -HUP $p; | |
RETVAL=$? | |
fi | |
[ "$RETVAL" -eq 0 ] && success $"$prog reload" || failure $"$prog reload" | |
echo | |
return $? | |
} | |
probe() { | |
rndc reload >/dev/null 2>&1 || echo start | |
return $? | |
} | |
checkconfig() { | |
ckcf_options='-z'; | |
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then | |
OPTIONS="${OPTIONS} -t ${ROOTDIR}" | |
ckcf_options="$ckcf_options -t ${ROOTDIR}"; | |
fi; | |
if [ -x /usr/local/sbin/named-checkconf ] && \ | |
echo "named-checkconf $ckcf_options ${named_conf}" | |
named-checkconf $ckcf_options ${named_conf} ; then | |
return 0; | |
else | |
return 1; | |
fi | |
} | |
case "$1" in | |
start) | |
start | |
;; | |
stop) | |
stop | |
;; | |
status) | |
rhstatus | |
;; | |
restart) | |
restart | |
;; | |
condrestart) | |
if [ -e /var/lock/subsys/named ]; then restart; fi | |
;; | |
reload) | |
reload | |
;; | |
probe) | |
probe | |
;; | |
checkconfig) | |
checkconfig | |
;; | |
*) | |
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|probe|checkconfig}" | |
exit 1 | |
esac | |
exit $? | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /etc/init.d/named | |
#!/bin/bash | |
# | |
# named This shell script takes care of starting and stopping | |
# named (BIND DNS server). | |
# | |
# chkconfig: 235 23 77 | |
# description: named (BIND) is a Domain Name Server (DNS) \ | |
# that is used to resolve host names to IP addresses. | |
# probe: true | |
# Source function library. | |
. /etc/rc.d/init.d/functions | |
# Source networking configuration. | |
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network | |
RETVAL=0 | |
prog="named" | |
named_user="bind" | |
named_conf="/etc/named.conf" | |
# Check that networking is up. | |
[ "${NETWORKING}" = "no" ] && exit 1 | |
[ -r /etc/sysconfig/named ] && . /etc/sysconfig/named | |
[ -x ${ROOTDIR}/sbin/named ] || exit 1 | |
[ -r ${named_conf} ] || exit 1 | |
PATH=$PATH:/usr/local/sbin | |
start() { | |
# Start daemons. | |
echo -n $"Starting $prog: " | |
if [ -n "`/sbin/pidof named`" ]; then | |
echo -n $"$prog: already running" | |
failure | |
echo | |
return 1 | |
fi | |
ckcf_options='-z'; | |
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then | |
OPTIONS="${OPTIONS} -t ${ROOTDIR}" | |
ckcf_options="$ckcf_options -t ${ROOTDIR}"; | |
fi | |
conf_ok=0; | |
if [ -x /usr/local/sbin/named-checkconf ] && \ | |
echo "named-checkconf $ckcf_options ${named_conf}" | |
named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then | |
conf_ok=1; | |
else | |
RETVAL=$?; | |
fi | |
if [ $conf_ok -eq 1 ]; then | |
echo "daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf}" | |
daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf}; | |
RETVAL=$?; | |
if [ $RETVAL -eq 0 ]; then | |
ln -s $ROOTDIR/var/run/named/named.pid /var/run/named.pid; | |
fi; | |
else | |
echo "named-checkconf $ckcf_options ${named_conf}" | |
named_err="`named-checkconf $ckcf_options ${named_conf} 2>&1`"; | |
echo | |
echo $"Error in named configuration"':'; | |
echo "$named_err"; | |
failure | |
echo | |
if [ -x /usr/bin/logger ]; then | |
echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed | |
fi; | |
return $RETVAL; | |
fi; | |
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named | |
echo | |
return $RETVAL | |
} | |
stop() { | |
# Stop daemons. | |
echo -n $"Stopping $prog: " | |
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1 | |
RETVAL=$? | |
if [ $RETVAL -eq 0 ]; then | |
rm -f /var/lock/subsys/named | |
rm -f /var/run/named.pid | |
elif pidof named >/dev/null; then | |
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1 | |
RETVAL=$? | |
if [ $RETVAL -eq 0 ]; then | |
rm -f /var/lock/subsys/named | |
rm -f /var/run/named.pid | |
fi; | |
fi; | |
if [ $RETVAL -eq 0 ]; then | |
success | |
else | |
failure | |
fi; | |
echo | |
return $RETVAL | |
} | |
rhstatus() { | |
rndc status | |
return $? | |
} | |
restart() { | |
stop | |
sleep 2 | |
start | |
} | |
reload() { | |
echo -n $"Reloading $prog: " | |
p=`/sbin/pidof -o %PPID named` | |
RETVAL=$? | |
if [ "$RETVAL" -eq 0 ]; then | |
rndc reload >/dev/null 2>&1 || /usr/bin/kill -HUP $p; | |
RETVAL=$? | |
fi | |
[ "$RETVAL" -eq 0 ] && success $"$prog reload" || failure $"$prog reload" | |
echo | |
return $? | |
} | |
probe() { | |
rndc reload >/dev/null 2>&1 || echo start | |
return $? | |
} | |
checkconfig() { | |
ckcf_options='-z'; | |
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then | |
OPTIONS="${OPTIONS} -t ${ROOTDIR}" | |
ckcf_options="$ckcf_options -t ${ROOTDIR}"; | |
fi; | |
if [ -x /usr/local/sbin/named-checkconf ] && \ | |
echo "named-checkconf $ckcf_options ${named_conf}" | |
named-checkconf $ckcf_options ${named_conf} ; then | |
return 0; | |
else | |
return 1; | |
fi | |
} | |
case "$1" in | |
start) | |
start | |
;; | |
stop) | |
stop | |
;; | |
status) | |
rhstatus | |
;; | |
restart) | |
restart | |
;; | |
condrestart) | |
if [ -e /var/lock/subsys/named ]; then restart; fi | |
;; | |
reload) | |
reload | |
;; | |
probe) | |
probe | |
;; | |
checkconfig) | |
checkconfig | |
;; | |
*) | |
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|probe|checkconfig}" | |
exit 1 | |
esac | |
exit $? | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# chmod 755 /etc/init.d/named | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
bind 6673 0.0 2.7 144032 16916 ? Ssl 03:35 0:00 /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# cat /var/named/chroot/var/run/named/named.pid | |
6673 | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# kill `cat /var/named/chroot/var/run/named/named.pid` | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ps awux | grep -v grep | grep bind | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# hostname | |
dns-bind-server | |
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# id | |
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# /etc/init.d/named checkconfig | |
named-checkconf -z -t /var/named/chroot /etc/named.conf | |
zone test.example.com/IN: loaded serial 2015012904 | |
zone 100.51.192.in-addr.arpa/IN: loaded serial 2015012904 | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /etc/init.d/named start | |
Starting named: named-checkconf -z -t /var/named/chroot /etc/named.conf | |
daemon /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf | |
[ OK ] | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
bind 10162 0.5 1.9 139864 11860 ? Ssl 00:13 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /etc/init.d/named restart | |
Stopping named: [ OK ] | |
Starting named: named-checkconf -z -t /var/named/chroot /etc/named.conf | |
daemon /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf | |
[ OK ] | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
bind 10224 0.6 1.9 139604 11596 ? Ssl 00:15 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
bind 10224 0.0 1.9 139608 11692 ? Ssl 00:15 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# /etc/init.d/named stop | |
Stopping named: [ OK ] | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# chkconfig --list | grep named | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# chkconfig --add named | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# chkconfig named on | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# chkconfig --list | grep named | |
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# reboot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cd /usr/local/src | |
[root@dns-bind-server src]# pwd | |
/usr/local/src | |
[root@dns-bind-server src]# ls -lrta /usr/local/src | |
total 8 | |
drwxr-xr-x. 2 root root 4096 Sep 23 2011 . | |
drwxr-xr-x. 12 root root 4096 Sep 30 07:18 .. | |
[root@dns-bind-server src]# | |
[root@dns-bind-server src]# wget ftp://ftp.isc.org/isc/bind9/9.10.1-P1/bind-9.10.1-P1.tar.gz | |
[root@dns-bind-server src]# ls -lrta /usr/local/src/bind-9.10.1-P1.tar.gz | |
-rw-r--r--. 1 root root 8356463 Jan 28 23:50 /usr/local/src/bind-9.10.1-P1.tar.gz | |
[root@dns-bind-server src]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
bind 743 0.0 1.9 139864 11868 ? Ssl 00:22 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# dig +noall +ans +norec www.test.example.com @127.0.0.1 | |
www.test.example.com. 3600 IN CNAME host1.test.example.com. | |
host1.test.example.com. 3600 IN A 192.51.100.9 | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# dig +noall +ans +norec -x 192.51.100.9 @127.0.0.1 | |
9.100.51.192.in-addr.arpa. 3600 IN PTR host1.test.example.com. | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cat /etc/sysconfig/iptables | |
# Firewall configuration written by system-config-firewall | |
# Manual customization of this file is not recommended. | |
*filter | |
:INPUT ACCEPT [0:0] | |
:FORWARD ACCEPT [0:0] | |
:OUTPUT ACCEPT [0:0] | |
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
##### ICMPを受け付けないようにする | |
##-A INPUT -p icmp -j ACCEPT | |
##### | |
## | |
##### ローカルインターフェースの通信は許可する | |
-A INPUT -i lo -j ACCEPT | |
##### | |
## | |
##### BINDサーバに対するssh接続を許可するマシンやネットワークを指定する | |
##-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | |
-A INPUT -p tcp -s 192.51.100.0/24 --dport 22 -j ACCEPT | |
-A INPUT -p tcp -s 198.51.100.10/32 --dport 22 -j ACCEPT | |
-A INPUT -p tcp -s 198.51.100.11/32 --dport 22 -j ACCEPT | |
-A INPUT -p tcp -s 198.51.100.100/32 --dport 22 -j ACCEPT | |
-A INPUT -p tcp -s 198.51.100.101/32 --dport 22 -j ACCEPT | |
##### | |
## | |
##### BINDサーバに対するDNS通信(UDP53番ポート)を許可するマシンやネットワークを指定する | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.10/32 --dport 53 -j ACCEPT | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.11/32 --dport 53 -j ACCEPT | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.100/32 --dport 53 -j ACCEPT | |
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.101/32 --dport 53 -j ACCEPT | |
##### | |
## | |
-A INPUT -j REJECT --reject-with icmp-host-prohibited | |
-A FORWARD -j REJECT --reject-with icmp-host-prohibited | |
COMMIT | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# iptables -L | |
Chain INPUT (policy ACCEPT) | |
target prot opt source destination | |
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | |
ACCEPT all -- anywhere anywhere | |
ACCEPT tcp -- 192.51.100.0/24 anywhere tcp dpt:ssh | |
ACCEPT tcp -- 198.51.100.10 anywhere tcp dpt:ssh | |
ACCEPT tcp -- 198.51.100.11 anywhere tcp dpt:ssh | |
ACCEPT tcp -- 198.51.100.100 anywhere tcp dpt:ssh | |
ACCEPT tcp -- 198.51.100.101 anywhere tcp dpt:ssh | |
ACCEPT udp -- 198.51.100.10 anywhere state NEW udp dpt:domain | |
ACCEPT udp -- 198.51.100.11 anywhere state NEW udp dpt:domain | |
ACCEPT udp -- 198.51.100.100 anywhere state NEW udp dpt:domain | |
ACCEPT udp -- 198.51.100.101 anywhere state NEW udp dpt:domain | |
ACCEPT udp -- 198.51.100.220 anywhere state NEW udp dpt:domain | |
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited | |
Chain FORWARD (policy ACCEPT) | |
target prot opt source destination | |
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited | |
Chain OUTPUT (policy ACCEPT) | |
target prot opt source destination | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
C:\>nslookup www.test.example.com [今回構築したBINDサーバのIPアドレスを指定] | |
サーバー: UnKnown | |
Address: XX.XX.XXX.XXX | |
名前: host1.test.example.com | |
Address: 192.51.100.9 | |
Aliases: www.test.example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
C:\>nslookup www.test.example.com [今回構築したBINDサーバのIPアドレスを指定] | |
DNS request timed out. | |
timeout was 2 seconds. | |
サーバー: UnKnown | |
Address: XX.XX.XXX.XXX | |
DNS request timed out. | |
timeout was 2 seconds. | |
DNS request timed out. | |
timeout was 2 seconds. | |
DNS request timed out. | |
timeout was 2 seconds. | |
DNS request timed out. | |
timeout was 2 seconds. | |
*** UnKnown への要求がタイムアウトしました |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[user@198.51.2XX.XXX ~]$ ping -c [今回構築したBINDサーバのIPアドレスを指定] | |
PING [今回構築したBINDサーバのIPアドレス] 56(84) bytes of data. | |
From [今回構築したBINDサーバのIPアドレス] icmp_seq=1 Destination Host Prohibited | |
From [今回構築したBINDサーバのIPアドレス] icmp_seq=2 Destination Host Prohibited | |
[user@198.51.2XX.XXX ~]$ | |
[user@198.51.2XX.XXX ~]$ ssh [今回構築したBINDサーバのIPアドレスを指定] | |
ssh: connect to host [今回構築したBINDサーバのIPアドレス] port 22: No route to host | |
[user@198.51.2XX.XXX ~]$ | |
[user@198.51.2XX.XXX ~]$ dig +noall +ans +norec www.test.example.com @[今回構築したBINDサーバのIPアドレスを指定] | |
;; connection timed out; no servers could be reached | |
[user@198.51.2XX.XXX ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /usr/local/sbin/rndc reload | |
server reload successful | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /usr/local/sbin/rndc status | |
version: 9.10.1-P1 (unknown) <id:162bfa62> | |
boot time: Thu, 29 Jan 2015 15:22:07 GMT | |
last configured: Thu, 29 Jan 2015 16:41:06 GMT | |
CPUs found: 1 | |
worker threads: 1 | |
UDP listeners per interface: 1 | |
number of zones: 3 | |
debug level: 0 | |
xfers running: 0 | |
xfers deferred: 0 | |
soa queries in progress: 0 | |
query logging is ON | |
recursive clients: 0/0/1000 | |
tcp clients: 0/100 | |
server is up and running | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /usr/local/sbin/rndc stats | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ll /var/named/chroot/data/named_status.dat | |
-rw-r--r--. 1 bind bind 18745 Jan 30 02:47 /var/named/chroot/data/named_status.dat | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# tail /var/named/chroot/data/named_status.dat | |
3 TCP/IPv4 sockets opened | |
1 Raw sockets opened | |
1 UDP/IPv4 sockets closed | |
11 TCP/IPv4 sockets closed | |
12 TCP/IPv4 connections accepted | |
2 UDP/IPv4 sockets active | |
15 TCP/IPv4 sockets active | |
1 Raw sockets active | |
++ Per Zone Query Statistics ++ | |
--- Statistics Dump --- (1422553640) | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
bind 743 0.0 2.6 139612 16024 ? Ssl 00:22 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# /usr/local/sbin/rndc stop | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server src]# pwd | |
/usr/local/src | |
[root@dns-bind-server src]# tar zxvf /usr/local/src/bind-9.10.1-P1.tar.gz | |
[root@dns-bind-server src]# cd /usr/local/src/bind-9.10.1-P1 | |
[root@dns-bind-server bind-9.10.1-P1]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ntpdate -s -b ntp.jst.mfeed.ad.jp | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# cp -Rp /var/spool/cron /var/spool/cron.ORG | |
[root@dns-bind-server ~]# diff -r /var/spool/cron /var/spool/cron.ORG | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# id | |
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 | |
[root@dns-bind-server ~]# crontab -l | |
no crontab for root | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# crontab -e | |
(以下の設定を追加する) | |
*/5 * * * * /usr/sbin/ntpdate -s -b ntp.jst.mfeed.ad.jp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# crontab -l | |
*/5 * * * * /usr/sbin/ntpdate -s -b ntp.jst.mfeed.ad.jp | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# diff -r /var/spool/cron /var/spool/cron.ORG | |
Only in /var/spool/cron: root | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# date | |
Fri XXX XX XX:XX:XX JST 2015 | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# chkconfig --list | |
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off | |
netfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off | |
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off | |
restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off | |
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off | |
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# chkconfig --list | awk '{printf "%s\t\t%s\n", $1,$5}' | grep 3:on | |
acpid 3:on | |
auditd 3:on | |
crond 3:on | |
ip6tables 3:on | |
iptables 3:on | |
named 3:on | |
netfs 3:on | |
network 3:on | |
postfix 3:on | |
rsyslog 3:on | |
sshd 3:on | |
udev-post 3:on | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# chkconfig udev-post off | |
[root@dns-bind-server ~]# chkconfig postfix off | |
[root@dns-bind-server ~]# chkconfig netfs off | |
[root@dns-bind-server ~]# chkconfig acpid off | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# chkconfig --list | awk '{printf "%s\t\t%s\n", $1,$5}' | grep 3:on | |
auditd 3:on | |
crond 3:on | |
ip6tables 3:on | |
iptables 3:on | |
named 3:on | |
network 3:on | |
rsyslog 3:on | |
sshd 3:on | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# /etc/init.d/named stop | |
Stopping named: [ OK ] | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# reboot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named | |
bind 730 0.0 1.9 139872 11968 ? Ssl 15:07 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf | |
[root@dns-bind-server ~]# ps awux | grep -v grep | sort | |
[root@dns-bind-server ~]# dig +noall +ans +norec www.test.example.com @127.0.0.1 | |
www.test.example.com. 3600 IN CNAME host1.test.example.com. | |
host1.test.example.com. 3600 IN A 192.51.100.9 | |
[root@dns-bind-server ~]# | |
[root@dns-bind-server ~]# dig +noall +ans +norec -x 192.51.100.9 @127.0.0.1 | |
9.100.51.192.in-addr.arpa. 3600 IN PTR host1.test.example.com. | |
[root@dns-bind-server ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# named This shell script takes care of starting and stopping | |
# named (BIND DNS server). | |
# | |
# chkconfig: 235 23 77 | |
# description: named (BIND) is a Domain Name Server (DNS) \ | |
# that is used to resolve host names to IP addresses. | |
# probe: true | |
# Source function library. | |
. /etc/rc.d/init.d/functions | |
# Source networking configuration. | |
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network | |
RETVAL=0 | |
prog="named" | |
named_user="bind" | |
named_conf="/etc/named.conf" | |
# Check that networking is up. | |
[ "${NETWORKING}" = "no" ] && exit 1 | |
[ -r /etc/sysconfig/named ] && . /etc/sysconfig/named | |
[ -x ${ROOTDIR}/sbin/named ] || exit 1 | |
[ -r ${named_conf} ] || exit 1 | |
PATH=$PATH:/usr/local/sbin | |
start() { | |
# Start daemons. | |
echo -n $"Starting $prog: " | |
if [ -n "`/sbin/pidof named`" ]; then | |
echo -n $"$prog: already running" | |
failure | |
echo | |
return 1 | |
fi | |
ckcf_options='-z'; | |
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then | |
OPTIONS="${OPTIONS} -t ${ROOTDIR}" | |
ckcf_options="$ckcf_options -t ${ROOTDIR}"; | |
fi | |
conf_ok=0; | |
if [ -x /usr/local/sbin/named-checkconf ] && \ | |
echo "named-checkconf $ckcf_options ${named_conf}" | |
named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then | |
conf_ok=1; | |
else | |
RETVAL=$?; | |
fi | |
if [ $conf_ok -eq 1 ]; then | |
echo "daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf}" | |
daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf}; | |
RETVAL=$?; | |
if [ $RETVAL -eq 0 ]; then | |
ln -s $ROOTDIR/var/run/named/named.pid /var/run/named.pid; | |
fi; | |
else | |
echo "named-checkconf $ckcf_options ${named_conf}" | |
named_err="`named-checkconf $ckcf_options ${named_conf} 2>&1`"; | |
echo | |
echo $"Error in named configuration"':'; | |
echo "$named_err"; | |
failure | |
echo | |
if [ -x /usr/bin/logger ]; then | |
echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed | |
fi; | |
return $RETVAL; | |
fi; | |
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named | |
echo | |
return $RETVAL | |
} | |
stop() { | |
# Stop daemons. | |
echo -n $"Stopping $prog: " | |
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1 | |
RETVAL=$? | |
if [ $RETVAL -eq 0 ]; then | |
rm -f /var/lock/subsys/named | |
rm -f /var/run/named.pid | |
elif pidof named >/dev/null; then | |
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1 | |
RETVAL=$? | |
if [ $RETVAL -eq 0 ]; then | |
rm -f /var/lock/subsys/named | |
rm -f /var/run/named.pid | |
fi; | |
fi; | |
if [ $RETVAL -eq 0 ]; then | |
success | |
else | |
failure | |
fi; | |
echo | |
return $RETVAL | |
} | |
rhstatus() { | |
rndc status | |
return $? | |
} | |
restart() { | |
stop | |
sleep 2 | |
start | |
} | |
reload() { | |
echo -n $"Reloading $prog: " | |
p=`/sbin/pidof -o %PPID named` | |
RETVAL=$? | |
if [ "$RETVAL" -eq 0 ]; then | |
rndc reload >/dev/null 2>&1 || /usr/bin/kill -HUP $p; | |
RETVAL=$? | |
fi | |
[ "$RETVAL" -eq 0 ] && success $"$prog reload" || failure $"$prog reload" | |
echo | |
return $? | |
} | |
probe() { | |
rndc reload >/dev/null 2>&1 || echo start | |
return $? | |
} | |
checkconfig() { | |
ckcf_options='-z'; | |
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then | |
OPTIONS="${OPTIONS} -t ${ROOTDIR}" | |
ckcf_options="$ckcf_options -t ${ROOTDIR}"; | |
fi; | |
if [ -x /usr/local/sbin/named-checkconf ] && \ | |
echo "named-checkconf $ckcf_options ${named_conf}" | |
named-checkconf $ckcf_options ${named_conf} ; then | |
return 0; | |
else | |
return 1; | |
fi | |
} | |
case "$1" in | |
start) | |
start | |
;; | |
stop) | |
stop | |
;; | |
status) | |
rhstatus | |
;; | |
restart) | |
restart | |
;; | |
condrestart) | |
if [ -e /var/lock/subsys/named ]; then restart; fi | |
;; | |
reload) | |
reload | |
;; | |
probe) | |
probe | |
;; | |
checkconfig) | |
checkconfig | |
;; | |
*) | |
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|probe|checkconfig}" | |
exit 1 | |
esac | |
exit $? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Controls { | |
inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; | |
}; | |
include "/etc/rndc.key"; | |
acl "internal-network" { | |
localhost; | |
127.0.0.1/32; | |
198.51.100.10/32; | |
198.51.100.11/32; | |
198.51.100.100/32; | |
198.51.100.101/32; | |
}; | |
options { | |
version "unknown"; | |
hostname "ns1.test.example.com"; | |
// /var/named/chrootを基点としてパスを指定する | |
// /var/named/chroot/var/named のようなパスを指定する場合は/var/namedと指定する。 | |
directory "/var/named"; | |
dump-file "/data/cache_dump.db"; | |
statistics-file "/data/named_status.dat"; | |
pid-file "/var/run/named/named.pid"; | |
// DNS名前解決要求を受け付けるネットワークやマシンを制限する。 | |
// オープンリゾルバにしないよう制限をかける。 | |
listen-on port 53 { | |
internal-network; | |
}; | |
allow-query { internal-network; }; | |
// 権威DNSサーバとして構築する場合は再帰検索は受け付けないよう制限する | |
recursion no; | |
allow-recursion { none; }; | |
// recursion yes; | |
// allow-recursion { 127.0.0.1; }; | |
notify yes; | |
max-transfer-time-in 60; | |
transfer-format many-answers; | |
transfers-in 10; | |
transfers-per-ns 2; | |
allow-transfer { none; }; | |
allow-update { none; }; | |
}; | |
logging { | |
channel "log_default"{ | |
file "/var/log/named.log" versions 5 size 5m; | |
print-time yes; | |
severity info; | |
print-category yes; | |
}; | |
channel "alert" { | |
file "/var/log/alert.log" versions 8 size 4m; | |
severity info; | |
print-time yes; | |
print-severity yes; | |
print-category yes; | |
}; | |
channel "query" { | |
file "/var/log/query.log" versions 8 size 50m; | |
severity debug; | |
print-time yes; | |
print-severity yes; | |
print-category yes; | |
}; | |
category default {"log_default";}; | |
category security {"alert";}; | |
category queries {"query";}; | |
category lame-servers { null; }; | |
}; | |
zone "." IN { | |
type hint; | |
file "named.root"; | |
}; | |
zone "test.example.com." IN { | |
type master; | |
file "test.example.com.zone"; | |
notify yes; | |
also-notify { | |
198.51.100.100; | |
198.51.100.101; | |
}; | |
allow-update { none; }; | |
}; | |
zone "100.51.192.in-addr.arpa." IN { | |
type master; | |
file "100.51.192.in-addr.arpa.rev"; | |
notify yes; | |
also-notify { | |
198.51.100.100; | |
198.51.100.101; | |
}; | |
allow-update { none; }; | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ORIGIN test.example.com. | |
$TTL 3600 ; 1 hour | |
@ IN SOA ns1.test.example.com. postmaster.test.example.com. ( | |
2015012902 ; serial | |
3600 ; refresh (1 hour) | |
1200 ; retry (20 min.) | |
1209600 ; expire (2 weeks) | |
900 ; minimum (15 min.) | |
) | |
@ IN NS ns1.test.example.com. | |
@ IN NS ns2.test.example.com. | |
@ IN MX 10 mail.test.example.com. | |
@ IN TXT "v=spf1 mx ~all" ; TXT | |
@ IN SPF "v=spf1 mx ~all" ; SPF | |
ns1 IN A 192.51.100.6 | |
ns2 IN A 192.51.100.7 | |
mail IN A 192.51.100.8 | |
host1 IN A 192.51.100.9 | |
www IN CNAME host1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment