Skip to content

Instantly share code, notes, and snippets.

@na0AaooQ

na0AaooQ/100.51.192.in-addr.arpa.rev

Last active August 29, 2015 14:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save na0AaooQ/fc3cd6007701b640a1f8 to your computer and use it in GitHub Desktop.
Save na0AaooQ/fc3cd6007701b640a1f8 to your computer and use it in GitHub Desktop.
Download ZIP
DNSサーバ構築手順(ソースからBIND 9.10.1-P1をインストール + 内部向け権威DNSサーバ構築) ref: http://qiita.com/na0AaooQ/items/9ed548dd6db2a0c911c4
Raw
100.51.192.in-addr.arpa.rev
$TTL 3600 ; 1 hour
@ IN SOA ns1.test.example.com. postmaster.test.example.com. (
2015012904 ; serial
3600 ; refresh (1 hour)
1200 ; retry (20 min.)
1209600 ; expire (2 weeks)
900 ; minimum (15 min.)
)
@ IN NS ns1.test.example.com.
@ IN NS ns2.test.example.com.
6 IN PTR ns1.test.example.com.
7 IN PTR ns2.test.example.com.
8 IN PTR mail.test.example.com.
9 IN PTR host1.test.example.com.
Raw
file0.txt
# cp -p /etc/sysconfig/network /etc/sysconfig/network.ORG
#
# sed -i 's/^HOSTNAME=localhost.localdomain/HOSTNAME=dns-bind-server/' /etc/sysconfig/network
Raw
file1.txt
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=dns-bind-server
NOZEROCONF=yes
#
Raw
file10.txt
[root@dns-bind-server bind-9.10.1-P1]# ll /var/named
ls: cannot access /var/named: No such file or directory
[root@dns-bind-server bind-9.10.1-P1]#
Raw
file100.txt
[root@dns-bind-server ~]# date
Wed Feb 4 22:28:14 JST 2015
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# tail -1 /var/named/chroot/var/log/query.log
04-Feb-2015 13:28:35.565 queries: info: client XXX.XXX.XX.XXX#17428 (web-001.aokinao.asia): query: host1.test.example.com IN AAAA -EDC (XXX.XX.XX.XXX)
[root@dns-bind-server ~]#
Raw
file101.txt
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/etc/localtime
ls: cannot access /var/named/chroot/etc/localtime: No such file or directory
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# cp -p /etc/localtime /var/named/chroot/etc/
[root@dns-bind-server ~]# diff /etc/localtime /var/named/chroot/etc/localtime
[root@dns-bind-server ~]#
Raw
file102.txt
[root@dns-bind-server ~]# tail -1 /var/named/chroot/var/log/query.log
04-Feb-2015 22:33:01.035 queries: info: client XXX.XXX.XX.XXX#17428 (web-001.aokinao.asia): query: host1.test.example.com IN AAAA -EDC (XXX.XX.XX.XXX)
[root@dns-bind-server ~]#
Raw
file103.txt
[root@dns-bind-server ~]# ls -lrta /var/log/named
ls: cannot access /var/log/named: No such file or directory
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ln -s /var/named/chroot/var/log /var/log/named
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ls -lrta /var/log/named
lrwxrwxrwx. 1 root root 25 Feb 4 22:53 /var/log/named -> /var/named/chroot/var/log
[root@dns-bind-server ~]#
Raw
file104.txt
[root@dns-bind-server ~]# ls -lrta /var/log/named/*log
-rw-r--r--. 1 bind bind 171096 Feb 4 XX:XX /var/log/named/alert.log
-rw-r--r--. 1 bind bind 197309 Feb 4 XX:XX /var/log/named/query.log
-rw-r--r--. 1 bind bind 5591 Feb 4 XX:XX /var/log/named/named.log
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# tail -f /var/log/named/*log
==> /var/named/chroot/var/log/query.log <==
04-Feb-2015 22:56:22.XXX queries: info: client XXX.XXX.XX.XXX#7766 (XXXXXXXXXXX): query: XXXXXXXXXX IN SOA -E (XXX.XXX.XX.XXX)
Raw
file105.txt
[root@dns-bind-server ~]# curl --location-trusted http://www.openresolver.jp/cli/check.html
Configured DNS server: [NOT open] XXX.XXX.XXX.XXX(**********************)
Source IP address: [NOT open] XXX.XXX.XXX.XXX(**********************)
[root@dns-bind-server ~]#
Raw
file106.txt
[root@dns-bind-server ~]# dig -x dig +short porttest.dns-oarc.net TXT
[root@dns-bind-server ~]#
Raw
file107.txt
[root@dns-bind-server ~]# dig +short txidtest.dns-oarc.net TXT
[root@dns-bind-server ~]#
Raw
file11.txt
[root@dns-bind-server bind-9.10.1-P1]# pwd
/usr/local/src/bind-9.10.1-P1
[root@dns-bind-server bind-9.10.1-P1]# ./configure --prefix=/var/named/chroot --enable-threads --with-openssl=yes --enable-openssl-version-check --disable-ipv6
[root@dns-bind-server bind-9.10.1-P1]#
Raw
file12.txt
[root@dns-bind-server bind-9.10.1-P1]# pwd
/usr/local/src/bind-9.10.1-P1
[root@dns-bind-server bind-9.10.1-P1]# make
[root@dns-bind-server bind-9.10.1-P1]#
Raw
file13.txt
[root@dns-bind-server bind-9.10.1-P1]# pwd
/usr/local/src/bind-9.10.1-P1
[root@dns-bind-server bind-9.10.1-P1]# ll bin/tests/system/ifconfig.sh
-rwxr-xr-x. 1 10292 9901 5760 Nov 21 08:56 bin/tests/system/ifconfig.sh
[root@dns-bind-server bind-9.10.1-P1]#
[root@dns-bind-server bind-9.10.1-P1]# bin/tests/system/ifconfig.sh up
[root@dns-bind-server bind-9.10.1-P1]#
[root@dns-bind-server bind-9.10.1-P1]# pwd
/usr/local/src/bind-9.10.1-P1
[root@dns-bind-server bind-9.10.1-P1]# make test
 (長いので途中省略)
I:System test result summary:
I: 44 FAIL
I: X PASS
I: X SKIPPED
Raw
file14.txt
[root@dns-bind-server bind-9.10.1-P1]# chown -R root /usr/local/src/bind-9.10.1-P1
[root@dns-bind-server bind-9.10.1-P1]#
Raw
file15.txt
[root@dns-bind-server bind-9.10.1-P1]# pwd
/usr/local/src/bind-9.10.1-P1
[root@dns-bind-server bind-9.10.1-P1]# make test
 (長いので途中省略)
I:exit status: 0
R:PASS
E:zonechecks:Fri Jan 29 XX:XX:XX JST 2015
I:System test result summary:
I: 63 PASS
I: 6 SKIPPED
make[3]: Leaving directory `/usr/local/src/bind-9.10.1-P1/bin/tests/system'
make[2]: Leaving directory `/usr/local/src/bind-9.10.1-P1/bin/tests'
make[1]: Leaving directory `/usr/local/src/bind-9.10.1-P1'
[root@dns-bind-server bind-9.10.1-P1]#
Raw
file16.txt
[root@dns-bind-server bind-9.10.1-P1]# pwd
/usr/local/src/bind-9.10.1-P1
[root@dns-bind-server bind-9.10.1-P1]# make install
 (長いので途中省略)
ln /var/named/chroot/share/man/man1/isc-config.sh.1 /var/named/chroot/share/man/man1/bind9-config.1
/usr/bin/install -c -m 644 ./bind.keys /var/named/chroot/etc
[root@dns-bind-server bind-9.10.1-P1]#
Raw
file17.txt
[root@dns-bind-server bind-9.10.1-P1]# ls -lrta /var/named/
total 12
drwxr-xr-x. 18 root root 4096 Jan 29 01:06 ..
drwxr-xr-x. 3 root root 4096 Jan 29 01:06 .
drwxr-xr-x. 9 root root 4096 Jan 29 01:22 chroot
[root@dns-bind-server bind-9.10.1-P1]#
[root@dns-bind-server bind-9.10.1-P1]# ls -lrta /var/named/chroot/
total 36
drwxr-xr-x. 3 root root 4096 Jan 29 01:06 var
drwxr-xr-x. 3 root root 4096 Jan 29 01:06 ..
drwxr-xr-x. 3 root root 4096 Jan 29 01:22 share
drwxr-xr-x. 12 root root 4096 Jan 29 01:22 include
drwxr-xr-x. 2 root root 4096 Jan 29 01:22 lib
drwxr-xr-x. 2 root root 4096 Jan 29 01:22 sbin
drwxr-xr-x. 9 root root 4096 Jan 29 01:22 .
drwxr-xr-x. 2 root root 4096 Jan 29 01:22 bin
drwxr-xr-x. 2 root root 4096 Jan 29 01:22 etc
[root@dns-bind-server bind-9.10.1-P1]#
[root@dns-bind-server bind-9.10.1-P1]# ls -lrta /var/named/chroot/sbin/named
-rwxr-xr-x. 2 root root 9974284 Jan 29 01:22 /var/named/chroot/sbin/named
[root@dns-bind-server bind-9.10.1-P1]#
[root@dns-bind-server bind-9.10.1-P1]# /var/named/chroot/sbin/named -v
BIND 9.10.1-P1
[root@dns-bind-server bind-9.10.1-P1]#
Raw
file18.txt
[root@dns-bind-server bind-9.10.1-P1]# cd ~
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# cp -p /etc/group /etc/group.ORG
[root@dns-bind-server ~]# cp -p /etc/passwd /etc/passwd.ORG
[root@dns-bind-server ~]# cp -p /etc/shadow /etc/shadow.ORG
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# groupadd -g 25 bind
[root@dns-bind-server ~]#
Raw
file19.txt
[root@dns-bind-server ~]# useradd -u 25 -g bind -d /var/named -c "DNS BIND Named User" -s /sbin/nologin bind
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@dns-bind-server ~]#
Raw
file2.txt
# yum update
Raw
file20.txt
[root@dns-bind-server ~]# id bind
uid=25(bind) gid=25(bind) groups=25(bind)
[root@dns-bind-server ~]# su - bind
This account is currently not available.
[root@dns-bind-server ~]#
Raw
file21.txt
[root@dns-bind-server ~]# mkdir /var/named/chroot/dev
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/dev/
total 8
drwxr-xr-x. 10 root root 4096 Jan 29 01:39 ..
drwxr-xr-x. 2 root root 4096 Jan 29 01:39 .
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# mknod -m 666 /var/named/chroot/dev/null c 1 3
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/dev/null
crw-rw-rw-. 1 root root 1, 3 Jan 29 01:40 /var/named/chroot/dev/null
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# mknod -m 666 /var/named/chroot/dev/random c 1 8
[root@dns-bind-server ~]#
Raw
file22.txt
[root@dns-bind-server ~]# /var/named/chroot/sbin/rndc-confgen -a
wrote key file "/var/named/chroot/etc/rndc.key"
[root@dns-bind-server ~]#
Raw
file23.txt
[root@dns-bind-server ~]# cat /var/named/chroot/etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "XXXXXXXXXXXXXXXXXXXXX";
};
[root@dns-bind-server ~]#
Raw
file24.txt
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/sbin/rndc
-rwxr-xr-x. 1 root root 1452030 Jan 29 01:22 /var/named/chroot/sbin/rndc
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/sbin/named-checkconf
-rwxr-xr-x. 1 root root 7450523 Jan 29 01:22 /var/named/chroot/sbin/named-checkconf
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/sbin/named-checkzone
-rwxr-xr-x. 1 root root 7088076 Jan 29 01:22 /var/named/chroot/sbin/named-checkzone
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/bin/dig
-rwxr-xr-x. 1 root root 7556449 Jan 29 01:22 /var/named/chroot/bin/dig
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ll /usr/local/sbin/rndc
ls: cannot access /usr/local/sbin/rndc: No such file or directory
[root@dns-bind-server ~]# ll /usr/local/sbin/*named*
ls: cannot access /usr/local/sbin/*named*: No such file or directory
[root@dns-bind-server ~]# ll /usr/local/bin/dig
ls: cannot access /usr/local/bin/dig: No such file or directory
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ln -s /var/named/chroot/sbin/rndc /usr/local/sbin/rndc
[root@dns-bind-server ~]# ln -s /var/named/chroot/sbin/named-checkconf /usr/local/sbin/named-checkconf
[root@dns-bind-server ~]# ln -s /var/named/chroot/sbin/named-checkzone /usr/local/sbin/named-checkzone
[root@dns-bind-server ~]# ln -s /var/named/chroot/bin/dig /usr/local/bin/dig
[root@dns-bind-server ~]#
Raw
file25.txt
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/var/
total 12
drwxr-xr-x. 3 root root 4096 Jan 29 01:06 run
drwxr-xr-x. 3 root root 4096 Jan 29 01:06 .
drwxr-xr-x. 10 root root 4096 Jan 29 01:39 ..
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# mkdir /var/named/chroot/var/named
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# dig @a.root-servers.net . ns > /var/named/chroot/var/named/named.root
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/var/named/named.root
-rw-r--r--. 1 root root 2196 Jan 29 01:47 /var/named/chroot/var/named/named.root
[root@dns-bind-server ~]#
Raw
file26.txt
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone . /var/named/chroot/var/named/named.root
zone ./IN: has 0 SOA records
zone ./IN: not loaded due to errors.
[root@dns-bind-server ~]#
Raw
file27.txt
[root@dns-bind-server ~]# mkdir /var/named/chroot/data
[root@dns-bind-server ~]# mkdir /var/named/chroot/var/log
[root@dns-bind-server ~]#
Raw
file28.txt
[root@dns-bind-server ~]# ll /var/named/chroot/etc/named.conf
ls: cannot access /var/named/chroot/etc/named.conf: No such file or directory
[root@dns-bind-server ~]# vi /var/named/chroot/etc/named.conf
Raw
file29.txt
[root@dns-bind-server ~]# cat /var/named/chroot/etc/named.conf
Controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
include "/etc/rndc.key";
acl "internal-network" {
localhost;
127.0.0.1/32;
198.51.100.10/32;
198.51.100.11/32;
198.51.100.100/32;
198.51.100.101/32;
};
options {
version "unknown";
hostname "ns1.test.example.com";
// /var/named/chrootを基点としてパスを指定する
// /var/named/chroot/var/named のようなパスを指定する場合は/var/namedと指定する。
directory "/var/named";
dump-file "/data/cache_dump.db";
statistics-file "/data/named_status.dat";
pid-file "/var/run/named/named.pid";
// DNS名前解決要求を受け付けるネットワークやマシンを制限する。
// オープンリゾルバにしないよう制限をかける。
listen-on port 53 {
internal-network;
};
allow-query { internal-network; };
// 権威DNSサーバとして構築する場合は再帰検索は受け付けないよう制限する
recursion no;
allow-recursion { none; };
// recursion yes;
// allow-recursion { 127.0.0.1; };
notify yes;
max-transfer-time-in 60;
transfer-format many-answers;
transfers-in 10;
transfers-per-ns 2;
allow-transfer { none; };
allow-update { none; };
};
logging {
channel "log_default"{
file "/var/log/named.log" versions 5 size 5m;
print-time yes;
severity info;
print-category yes;
};
channel "alert" {
file "/var/log/alert.log" versions 8 size 4m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "query" {
file "/var/log/query.log" versions 8 size 50m;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default {"log_default";};
category security {"alert";};
category queries {"query";};
category lame-servers { null; };
};
zone "." IN {
type hint;
file "named.root";
};
zone "test.example.com" IN {
type master;
file "test.example.com.zone";
notify yes;
also-notify {
198.51.100.100;
198.51.100.101;
};
allow-update { none; };
};
zone "100.51.192.in-addr.arpa." IN {
type master;
file "100.51.192.in-addr.arpa.rev";
notify yes;
also-notify {
198.51.100.100;
198.51.100.101;
};
allow-update { none; };
};
[root@dns-bind-server ~]#
Raw
file3.txt
# yum -y install gcc
# yum -y install make
# yum -y install perl-Net-DNS
# yum -y install openssl-devel
Raw
file30.txt
[root@dns-bind-server ~]# cat /var/named/chroot/etc/named.conf
Controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
include "/etc/rndc.key";
acl "internal-network" {
localhost;
127.0.0.1/32;
198.51.100.10/32;
198.51.100.11/32;
198.51.100.100/32;
198.51.100.101/32;
};
options {
version "unknown";
hostname "ns1.test.example.com";
// /var/named/chrootを基点としてパスを指定する
// /var/named/chroot/var/named のようなパスを指定する場合は/var/namedと指定する。
directory "/var/named";
dump-file "/data/cache_dump.db";
statistics-file "/data/named_status.dat";
pid-file "/var/run/named/named.pid";
// DNS名前解決要求を受け付けるネットワークやマシンを制限する。
// オープンリゾルバにしないよう制限をかける。
listen-on port 53 {
internal-network;
};
allow-query { internal-network; };
// 権威DNSサーバとして構築する場合は再帰検索は受け付けないよう制限する
recursion no;
allow-recursion { none; };
// recursion yes;
// allow-recursion { 127.0.0.1; };
notify yes;
max-transfer-time-in 60;
transfer-format many-answers;
transfers-in 10;
transfers-per-ns 2;
allow-transfer { none; };
allow-update { none; };
};
logging {
channel "log_default"{
file "/var/log/named.log" versions 5 size 5m;
print-time yes;
severity info;
print-category yes;
};
channel "alert" {
file "/var/log/alert.log" versions 8 size 4m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "query" {
file "/var/log/query.log" versions 8 size 50m;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default {"log_default";};
category security {"alert";};
category queries {"query";};
category lame-servers { null; };
};
zone "." IN {
type hint;
file "named.root";
};
zone "test.example.com." IN {
type master;
file "test.example.com.zone";
notify yes;
also-notify {
198.51.100.100;
198.51.100.101;
};
allow-update { none; };
};
zone "100.51.192.in-addr.arpa." IN {
type master;
file "100.51.192.in-addr.arpa.rev";
notify yes;
also-notify {
198.51.100.100;
198.51.100.101;
};
allow-update { none; };
};
[root@dns-bind-server ~]#
Raw
file31.txt
[root@dns-bind-server ~]# ll /var/named/chroot/etc/rndc.key
-rw-------. 1 bind bind 77 Jan 29 01:41 /var/named/chroot/etc/rndc.key
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ln -s /var/named/chroot/etc/rndc.key /etc/rndc.key
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ll /etc/rndc.key
lrwxrwxrwx. 1 root root 30 Jan 29 XX:XX /etc/rndc.key -> /var/named/chroot/etc/rndc.key
[root@dns-bind-server ~]#
Raw
file32.txt
[root@dns-bind-server ~]# ll /var/named/chroot/etc/named.conf
-rw-r--r--. 1 bind bind 2226 Jan 29 22:21 /var/named/chroot/etc/named.conf
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ll /etc/named.conf
lrwxrwxrwx. 1 root root 32 Jan 29 XX:XX /etc/named.conf -> /var/named/chroot/etc/named.conf
[root@dns-bind-server ~]#
Raw
file33.txt
[root@dns-bind-server ~]# ll /etc/sysconfig/named
ls: cannot access /etc/sysconfig/named: No such file or directory
[root@dns-bind-server ~]# vi /etc/sysconfig/named
Raw
file34.txt
ROOTDIR=/var/named/chroot
OPTIONS=-4
Raw
file35.txt
[root@dns-bind-server ~]# cat /etc/sysconfig/named
ROOTDIR=/var/named/chroot
OPTIONS=-4
[root@dns-bind-server ~]#
Raw
file36.txt
[root@dns-bind-server ~]# ll /etc/sysconfig/named
-rw-r--r--. 1 root root 37 Jan 29 XX:XX /etc/sysconfig/named
[root@dns-bind-server ~]#
Raw
file37.txt
[root@dns-bind-server ~]# /usr/local/sbin/named-checkconf /var/named/chroot/etc/named.conf
[root@dns-bind-server ~]#
Raw
file38.txt
[root@dns-bind-server ~]# vi /var/named/chroot/var/named/test.example.com.zone
Raw
file39.txt
[root@dns-bind-server ~]# cat /var/named/chroot/var/named/test.example.com.zone
$ORIGIN test.example.com.
$TTL 3600 ; 1 hour
@ IN SOA ns1.test.example.com. postmaster.test.example.com. (
2015012902 ; serial
3600 ; refresh (1 hour)
1200 ; retry (20 min.)
1209600 ; expire (2 weeks)
900 ; minimum (15 min.)
)
@ IN NS ns1.test.example.com.
@ IN NS ns2.test.example.com.
@ IN MX 10 mail.test.example.com.
@ IN TXT "v=spf1 mx ~all" ; TXT
@ IN SPF "v=spf1 mx ~all" ; SPF
ns1 IN A 192.51.100.6
ns2 IN A 192.51.100.7
mail IN A 192.51.100.8
host1 IN A 192.51.100.9
www IN CNAME host1
[root@dns-bind-server ~]#
Raw
file4.txt
# yum -y install wget
# yum -y install sysstat
# yum -y install ntpdate
Raw
file40.txt
[root@dns-bind-server ~]# cat /var/named/chroot/var/named/test.example.com.zone
$ORIGIN test.example.com.
$TTL 3600 ; 1 hour
@ IN SOA ns1.test.example.com. postmaster.test.example.com. (
2015012902 ; serial
3600 ; refresh (1 hour)
1200 ; retry (20 min.)
1209600 ; expire (2 weeks)
900 ; minimum (15 min.)
)
@ IN NS ns1.test.example.com.
@ IN NS ns2.test.example.com.
@ IN MX 10 mail.test.example.com.
@ IN TXT "v=spf1 mx ~all" ; TXT
@ IN SPF "v=spf1 mx ~all" ; SPF
ns1 IN A 192.51.100.6
ns2 IN A 192.51.100.7
mail IN A 192.51.100.8
host1 IN A 192.51.100.9
www IN CNAME host1
[root@dns-bind-server ~]#
Raw
file41.txt
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone test.example.com /var/named/chroot/var/named/test.example.com.zone
zone test.example.com/IN: loaded serial 2015012902
OK
[root@dns-bind-server ~]#
Raw
file42.txt
[root@dns-bind-server ~]# vi /var/named/chroot/var/named/100.51.192.in-addr.arpa.rev
Raw
file43.txt
[root@dns-bind-server ~]# cat /var/named/chroot/var/named/100.51.192.in-addr.arpa.rev
$TTL 3600 ; 1 hour
@ IN SOA ns1.test.example.com. postmaster.test.example.com. (
2015012904 ; serial
3600 ; refresh (1 hour)
1200 ; retry (20 min.)
1209600 ; expire (2 weeks)
900 ; minimum (15 min.)
)
@ IN NS ns1.test.example.com.
@ IN NS ns2.test.example.com.
6 IN PTR ns1.test.example.com.
7 IN PTR ns2.test.example.com.
8 IN PTR mail.test.example.com.
9 IN PTR host1.test.example.com.
[root@dns-bind-server ~]#
Raw
file44.txt
[root@dns-bind-server ~]# cat /var/named/chroot/var/named/100.51.192.in-addr.arpa.rev
$TTL 3600 ; 1 hour
@ IN SOA ns1.test.example.com. postmaster.test.example.com. (
2015012904 ; serial
3600 ; refresh (1 hour)
1200 ; retry (20 min.)
1209600 ; expire (2 weeks)
900 ; minimum (15 min.)
)
@ IN NS ns1.test.example.com.
@ IN NS ns2.test.example.com.
6 IN PTR ns1.test.example.com.
7 IN PTR ns2.test.example.com.
8 IN PTR mail.test.example.com.
9 IN PTR host1.test.example.com.
[root@dns-bind-server ~]#
Raw
file45.txt
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone 100.51.192 /var/named/chroot/var/named/100.51.192.in-addr.arpa.rev
zone 100.51.192/IN: loaded serial 2015012904
OK
[root@dns-bind-server ~]#
Raw
file46.txt
[root@dns-bind-server ~]# chown -R bind:bind /var/named
[root@dns-bind-server ~]#
Raw
file47.txt
[root@dns-bind-server ~]# cp -p /etc/resolv.conf /etc/resolv.conf.ORG
[root@dns-bind-server ~]# diff /etc/resolv.conf /etc/resolv.conf.ORG
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# vi /etc/resolv.conf
search test.example.com
nameserver 127.0.0.1
nameserver XXX.XXX.XXX.XXX
Raw
file48.txt
[root@dns-bind-server ~]# cat /etc/resolv.conf
search test.example.com
nameserver 127.0.0.1
nameserver XXX.XXX.XXX.XXX
[root@dns-bind-server ~]#
Raw
file49.txt
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone test.example.com /var/named/chroot/var/named/test.example.com.zone
zone test.example.com/IN: loaded serial 2015012902
OK
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone 100.51.192 /var/named/chroot/var/named/100.51.192.in-addr.arpa.rev
zone 100.51.192/IN: loaded serial 2015012904
OK
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# /usr/local/sbin/named-checkconf /var/named/chroot/etc/named.conf
[root@dns-bind-server ~]#
Raw
file5.txt
# rpm -qa | grep bind
#
Raw
file50.txt
[root@dns-bind-server ~]# hostname
dns-bind-server
[root@dns-bind-server ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@dns-bind-server ~]# pwd
/root
[root@dns-bind-server ~]# chown -R bind:bind /var/named
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ps awux | grep -v grep | grep bind
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ps awux | grep -v grep | grep bind
bind 6673 1.5 2.7 144024 16808 ? Ssl 03:35 0:00 /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]#
Raw
file51.txt
[root@dns-bind-server ~]# tail /var/log/messages
[root@dns-bind-server ~]# tail /var/named/chroot/var/log/alert.log
[root@dns-bind-server ~]# tail /var/named/chroot/var/log/named.log
[root@dns-bind-server ~]#
Raw
file52.txt
[root@dns-bind-server ~]# cp -p /etc/sysconfig/iptables /etc/sysconfig/iptables.ORG
[root@dns-bind-server ~]# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.ORG
[root@dns-bind-server ~]#
Raw
file53.txt
[root@dns-bind-server ~]# vi /etc/sysconfig/iptables
(省略)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.10/32 --dport 53 -j ACCEPT → UDP53番ポート通信を許可するマシンを追加する。
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.11/32 --dport 53 -j ACCEPT → UDP53番ポート通信を許可するマシンを追加する。
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.100/32 --dport 53 -j ACCEPT → UDP53番ポート通信を許可するマシンを追加する。
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.101/32 --dport 53 -j ACCEPT → UDP53番ポート通信を許可するマシンを追加する。
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Raw
file54.txt
[root@dns-bind-server ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.10/32 --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.11/32 --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.100/32 --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.101/32 --dport 53 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@dns-bind-server ~]#
Raw
file55.txt
[root@dns-bind-server ~]# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.ORG
XX,XXdXX
< -A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.10/32 --dport 53 -j ACCEPT
< -A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.11/32 --dport 53 -j ACCEPT
< -A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.100/32 --dport 53 -j ACCEPT
< -A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.101/32 --dport 53 -j ACCEPT
[root@dns-bind-server ~]#
Raw
file56.txt
[root@dns-bind-server ~]# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@dns-bind-server ~]#
Raw
file57.txt
[root@dns-bind-server ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- 198.51.100.10 anywhere state NEW udp dpt:domain
ACCEPT udp -- 198.51.100.11 anywhere state NEW udp dpt:domain
ACCEPT udp -- 198.51.100.100 anywhere state NEW udp dpt:domain
ACCEPT udp -- 198.51.100.101 anywhere state NEW udp dpt:domain
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@dns-bind-server ~]#
Raw
file58.txt
[root@dns-bind-server ~]# chkconfig --list | grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@dns-bind-server ~]#
Raw
file59.txt
[root@dns-bind-server ~]# getenforce
Enforcing
[root@dns-bind-server ~]#
Raw
file60.txt
[root@dns-bind-server ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@dns-bind-server ~]#
Raw
file61.txt
[root@dns-bind-server ~]# dig +norec www.test.example.com. @127.0.0.1
; <<>> DiG 9.10.1-P1 <<>> +norec www.test.example.com. @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64336
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.example.com. IN A
;; ANSWER SECTION:
www.test.example.com. 3600 IN CNAME host1.test.example.com.
host1.test.example.com. 3600 IN A 192.51.100.9
;; AUTHORITY SECTION:
test.example.com. 3600 IN NS ns2.test.example.com.
test.example.com. 3600 IN NS ns1.test.example.com.
;; ADDITIONAL SECTION:
ns1.test.example.com. 3600 IN A 192.51.100.6
ns2.test.example.com. 3600 IN A 192.51.100.7
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 29 04:31:08 JST 2015
;; MSG SIZE rcvd: 153
[root@dns-bind-server ~]#
Raw
file62.txt
[root@dns-bind-server ~]# dig +norec -x 192.51.100.9 @127.0.0.1
; <<>> DiG 9.10.1-P1 <<>> +norec -x 192.51.100.9 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42822
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;9.100.51.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
9.100.51.192.in-addr.arpa. 3600 IN PTR host1.test.example.com.
;; AUTHORITY SECTION:
100.51.192.in-addr.arpa. 3600 IN NS ns2.test.example.com.
100.51.192.in-addr.arpa. 3600 IN NS ns1.test.example.com.
;; ADDITIONAL SECTION:
ns1.test.example.com. 3600 IN A 192.51.100.6
ns2.test.example.com. 3600 IN A 192.51.100.7
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 29 XX:XX:XX JST 2015
;; MSG SIZE rcvd: 158
[root@dns-bind-server ~]#
Raw
file63.txt
[root@dns-bind-server ~]# dig www.yahoo.com @127.0.0.1
; <<>> DiG 9.10.1-P1 <<>> www.yahoo.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 64318
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yahoo.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 29 04:32:00 JST 2015
;; MSG SIZE rcvd: 42
[root@dns-bind-server ~]#
Raw
file64.txt
C:\>nslookup www.test.example.com [今回構築した権威DNSサーバのIPアドレスを指定する]
サーバー: UnKnown
Address: XXX.XXX.XXX.XXX
名前: host1.test.example.com
Address: 192.51.100.9
Aliases: www.test.example.com
Raw
file65.txt
C:\>nslookup 192.51.100.9 54.64.123.138
サーバー: UnKnown
Address: XXX.XXX.XXX.XXX
名前: host1.test.example.com
Address: 192.51.100.9
Raw
file66.txt
C:\>nslookup www.yahoo.com [今回構築した権威DNSサーバのIPアドレスを指定する]
サーバー: UnKnown
Address: XXX.XXX.XXX.XXX
*** UnKnown が www.yahoo.com を見つけられません: Query refused
Raw
file67.txt
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 6673 0.0 2.7 144032 16916 ? Ssl 03:35 0:00 /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# /var/named/chroot/sbin/named -v
BIND 9.10.1-P1
[root@dns-bind-server ~]#
Raw
file68.txt
[root@dns-bind-server ~]# dig +noall +ans @127.0.0.1 chaos txt version.bind
version.bind. 0 CH TXT "unknown"
[root@dns-bind-server ~]#
Raw
file69.txt
[root@dns-bind-server ~]# vi /etc/init.d/named
Raw
file7.txt
[root@dns-bind-server ~]# hostname
dns-bind-server
[root@dns-bind-server ~]# uname -a
Linux dns-bind-server 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@dns-bind-server ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
[root@dns-bind-server ~]#
Raw
file70.txt
[root@dns-bind-server ~]# cat /etc/init.d/named
#!/bin/bash
#
# named This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: 235 23 77
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
RETVAL=0
prog="named"
named_user="bind"
named_conf="/etc/named.conf"
# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 1
[ -r /etc/sysconfig/named ] && . /etc/sysconfig/named
[ -x ${ROOTDIR}/sbin/named ] || exit 1
[ -r ${named_conf} ] || exit 1
PATH=$PATH:/usr/local/sbin
start() {
# Start daemons.
echo -n $"Starting $prog: "
if [ -n "`/sbin/pidof named`" ]; then
echo -n $"$prog: already running"
failure
echo
return 1
fi
ckcf_options='-z';
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
ckcf_options="$ckcf_options -t ${ROOTDIR}";
fi
conf_ok=0;
if [ -x /usr/local/sbin/named-checkconf ] && \
echo "named-checkconf $ckcf_options ${named_conf}"
named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then
conf_ok=1;
else
RETVAL=$?;
fi
if [ $conf_ok -eq 1 ]; then
echo "daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf}"
daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf};
RETVAL=$?;
if [ $RETVAL -eq 0 ]; then
ln -s $ROOTDIR/var/run/named/named.pid /var/run/named.pid;
fi;
else
echo "named-checkconf $ckcf_options ${named_conf}"
named_err="`named-checkconf $ckcf_options ${named_conf} 2>&1`";
echo
echo $"Error in named configuration"':';
echo "$named_err";
failure
echo
if [ -x /usr/bin/logger ]; then
echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed
fi;
return $RETVAL;
fi;
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Stopping $prog: "
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/named
rm -f /var/run/named.pid
elif pidof named >/dev/null; then
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/named
rm -f /var/run/named.pid
fi;
fi;
if [ $RETVAL -eq 0 ]; then
success
else
failure
fi;
echo
return $RETVAL
}
rhstatus() {
rndc status
return $?
}
restart() {
stop
sleep 2
start
}
reload() {
echo -n $"Reloading $prog: "
p=`/sbin/pidof -o %PPID named`
RETVAL=$?
if [ "$RETVAL" -eq 0 ]; then
rndc reload >/dev/null 2>&1 || /usr/bin/kill -HUP $p;
RETVAL=$?
fi
[ "$RETVAL" -eq 0 ] && success $"$prog reload" || failure $"$prog reload"
echo
return $?
}
probe() {
rndc reload >/dev/null 2>&1 || echo start
return $?
}
checkconfig() {
ckcf_options='-z';
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
ckcf_options="$ckcf_options -t ${ROOTDIR}";
fi;
if [ -x /usr/local/sbin/named-checkconf ] && \
echo "named-checkconf $ckcf_options ${named_conf}"
named-checkconf $ckcf_options ${named_conf} ; then
return 0;
else
return 1;
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart)
restart
;;
condrestart)
if [ -e /var/lock/subsys/named ]; then restart; fi
;;
reload)
reload
;;
probe)
probe
;;
checkconfig)
checkconfig
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|probe|checkconfig}"
exit 1
esac
exit $?
[root@dns-bind-server ~]#
Raw
file71.txt
[root@dns-bind-server ~]# cat /etc/init.d/named
#!/bin/bash
#
# named This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: 235 23 77
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
RETVAL=0
prog="named"
named_user="bind"
named_conf="/etc/named.conf"
# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 1
[ -r /etc/sysconfig/named ] && . /etc/sysconfig/named
[ -x ${ROOTDIR}/sbin/named ] || exit 1
[ -r ${named_conf} ] || exit 1
PATH=$PATH:/usr/local/sbin
start() {
# Start daemons.
echo -n $"Starting $prog: "
if [ -n "`/sbin/pidof named`" ]; then
echo -n $"$prog: already running"
failure
echo
return 1
fi
ckcf_options='-z';
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
ckcf_options="$ckcf_options -t ${ROOTDIR}";
fi
conf_ok=0;
if [ -x /usr/local/sbin/named-checkconf ] && \
echo "named-checkconf $ckcf_options ${named_conf}"
named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then
conf_ok=1;
else
RETVAL=$?;
fi
if [ $conf_ok -eq 1 ]; then
echo "daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf}"
daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf};
RETVAL=$?;
if [ $RETVAL -eq 0 ]; then
ln -s $ROOTDIR/var/run/named/named.pid /var/run/named.pid;
fi;
else
echo "named-checkconf $ckcf_options ${named_conf}"
named_err="`named-checkconf $ckcf_options ${named_conf} 2>&1`";
echo
echo $"Error in named configuration"':';
echo "$named_err";
failure
echo
if [ -x /usr/bin/logger ]; then
echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed
fi;
return $RETVAL;
fi;
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Stopping $prog: "
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/named
rm -f /var/run/named.pid
elif pidof named >/dev/null; then
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/named
rm -f /var/run/named.pid
fi;
fi;
if [ $RETVAL -eq 0 ]; then
success
else
failure
fi;
echo
return $RETVAL
}
rhstatus() {
rndc status
return $?
}
restart() {
stop
sleep 2
start
}
reload() {
echo -n $"Reloading $prog: "
p=`/sbin/pidof -o %PPID named`
RETVAL=$?
if [ "$RETVAL" -eq 0 ]; then
rndc reload >/dev/null 2>&1 || /usr/bin/kill -HUP $p;
RETVAL=$?
fi
[ "$RETVAL" -eq 0 ] && success $"$prog reload" || failure $"$prog reload"
echo
return $?
}
probe() {
rndc reload >/dev/null 2>&1 || echo start
return $?
}
checkconfig() {
ckcf_options='-z';
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
ckcf_options="$ckcf_options -t ${ROOTDIR}";
fi;
if [ -x /usr/local/sbin/named-checkconf ] && \
echo "named-checkconf $ckcf_options ${named_conf}"
named-checkconf $ckcf_options ${named_conf} ; then
return 0;
else
return 1;
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart)
restart
;;
condrestart)
if [ -e /var/lock/subsys/named ]; then restart; fi
;;
reload)
reload
;;
probe)
probe
;;
checkconfig)
checkconfig
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|probe|checkconfig}"
exit 1
esac
exit $?
[root@dns-bind-server ~]#
Raw
file72.txt
[root@dns-bind-server ~]# chmod 755 /etc/init.d/named
[root@dns-bind-server ~]#
Raw
file73.txt
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 6673 0.0 2.7 144032 16916 ? Ssl 03:35 0:00 /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# cat /var/named/chroot/var/run/named/named.pid
6673
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# kill `cat /var/named/chroot/var/run/named/named.pid`
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ps awux | grep -v grep | grep bind
[root@dns-bind-server ~]#
Raw
file74.txt
[root@dns-bind-server ~]# hostname
dns-bind-server
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# /etc/init.d/named checkconfig
named-checkconf -z -t /var/named/chroot /etc/named.conf
zone test.example.com/IN: loaded serial 2015012904
zone 100.51.192.in-addr.arpa/IN: loaded serial 2015012904
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
[root@dns-bind-server ~]#
Raw
file75.txt
[root@dns-bind-server ~]# /etc/init.d/named start
Starting named: named-checkconf -z -t /var/named/chroot /etc/named.conf
daemon /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[ OK ]
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 10162 0.5 1.9 139864 11860 ? Ssl 00:13 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]#
Raw
file76.txt
[root@dns-bind-server ~]# /etc/init.d/named restart
Stopping named: [ OK ]
Starting named: named-checkconf -z -t /var/named/chroot /etc/named.conf
daemon /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[ OK ]
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 10224 0.6 1.9 139604 11596 ? Ssl 00:15 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]#
Raw
file77.txt
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 10224 0.0 1.9 139608 11692 ? Ssl 00:15 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# /etc/init.d/named stop
Stopping named: [ OK ]
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
[root@dns-bind-server ~]#
Raw
file78.txt
[root@dns-bind-server ~]# chkconfig --list | grep named
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# chkconfig --add named
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# chkconfig named on
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# chkconfig --list | grep named
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@dns-bind-server ~]#
Raw
file79.txt
[root@dns-bind-server ~]# reboot
Raw
file8.txt
[root@dns-bind-server ~]# cd /usr/local/src
[root@dns-bind-server src]# pwd
/usr/local/src
[root@dns-bind-server src]# ls -lrta /usr/local/src
total 8
drwxr-xr-x. 2 root root 4096 Sep 23 2011 .
drwxr-xr-x. 12 root root 4096 Sep 30 07:18 ..
[root@dns-bind-server src]#
[root@dns-bind-server src]# wget ftp://ftp.isc.org/isc/bind9/9.10.1-P1/bind-9.10.1-P1.tar.gz
[root@dns-bind-server src]# ls -lrta /usr/local/src/bind-9.10.1-P1.tar.gz
-rw-r--r--. 1 root root 8356463 Jan 28 23:50 /usr/local/src/bind-9.10.1-P1.tar.gz
[root@dns-bind-server src]#
Raw
file80.txt
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 743 0.0 1.9 139864 11868 ? Ssl 00:22 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# dig +noall +ans +norec www.test.example.com @127.0.0.1
www.test.example.com. 3600 IN CNAME host1.test.example.com.
host1.test.example.com. 3600 IN A 192.51.100.9
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# dig +noall +ans +norec -x 192.51.100.9 @127.0.0.1
9.100.51.192.in-addr.arpa. 3600 IN PTR host1.test.example.com.
[root@dns-bind-server ~]#
Raw
file81.txt
[root@dns-bind-server ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
##### ICMPを受け付けないようにする
##-A INPUT -p icmp -j ACCEPT
#####
##
##### ローカルインターフェースの通信は許可する
-A INPUT -i lo -j ACCEPT
#####
##
##### BINDサーバに対するssh接続を許可するマシンやネットワークを指定する
##-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -s 192.51.100.0/24 --dport 22 -j ACCEPT
-A INPUT -p tcp -s 198.51.100.10/32 --dport 22 -j ACCEPT
-A INPUT -p tcp -s 198.51.100.11/32 --dport 22 -j ACCEPT
-A INPUT -p tcp -s 198.51.100.100/32 --dport 22 -j ACCEPT
-A INPUT -p tcp -s 198.51.100.101/32 --dport 22 -j ACCEPT
#####
##
##### BINDサーバに対するDNS通信(UDP53番ポート)を許可するマシンやネットワークを指定する
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.10/32 --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.11/32 --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.100/32 --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp -s 198.51.100.101/32 --dport 53 -j ACCEPT
#####
##
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@dns-bind-server ~]#
Raw
file82.txt
[root@dns-bind-server ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- 192.51.100.0/24 anywhere tcp dpt:ssh
ACCEPT tcp -- 198.51.100.10 anywhere tcp dpt:ssh
ACCEPT tcp -- 198.51.100.11 anywhere tcp dpt:ssh
ACCEPT tcp -- 198.51.100.100 anywhere tcp dpt:ssh
ACCEPT tcp -- 198.51.100.101 anywhere tcp dpt:ssh
ACCEPT udp -- 198.51.100.10 anywhere state NEW udp dpt:domain
ACCEPT udp -- 198.51.100.11 anywhere state NEW udp dpt:domain
ACCEPT udp -- 198.51.100.100 anywhere state NEW udp dpt:domain
ACCEPT udp -- 198.51.100.101 anywhere state NEW udp dpt:domain
ACCEPT udp -- 198.51.100.220 anywhere state NEW udp dpt:domain
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@dns-bind-server ~]#
Raw
file83.txt
C:\>nslookup www.test.example.com [今回構築したBINDサーバのIPアドレスを指定]
サーバー: UnKnown
Address: XX.XX.XXX.XXX
名前: host1.test.example.com
Address: 192.51.100.9
Aliases: www.test.example.com
Raw
file84.txt
C:\>nslookup www.test.example.com [今回構築したBINDサーバのIPアドレスを指定]
DNS request timed out.
timeout was 2 seconds.
サーバー: UnKnown
Address: XX.XX.XXX.XXX
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** UnKnown への要求がタイムアウトしました
Raw
file85.txt
[user@198.51.2XX.XXX ~]$ ping -c [今回構築したBINDサーバのIPアドレスを指定]
PING [今回構築したBINDサーバのIPアドレス] 56(84) bytes of data.
From [今回構築したBINDサーバのIPアドレス] icmp_seq=1 Destination Host Prohibited
From [今回構築したBINDサーバのIPアドレス] icmp_seq=2 Destination Host Prohibited
[user@198.51.2XX.XXX ~]$
[user@198.51.2XX.XXX ~]$ ssh [今回構築したBINDサーバのIPアドレスを指定]
ssh: connect to host [今回構築したBINDサーバのIPアドレス] port 22: No route to host
[user@198.51.2XX.XXX ~]$
[user@198.51.2XX.XXX ~]$ dig +noall +ans +norec www.test.example.com @[今回構築したBINDサーバのIPアドレスを指定]
;; connection timed out; no servers could be reached
[user@198.51.2XX.XXX ~]$
Raw
file86.txt
[root@dns-bind-server ~]# /usr/local/sbin/rndc reload
server reload successful
[root@dns-bind-server ~]#
Raw
file87.txt
[root@dns-bind-server ~]# /usr/local/sbin/rndc status
version: 9.10.1-P1 (unknown) <id:162bfa62>
boot time: Thu, 29 Jan 2015 15:22:07 GMT
last configured: Thu, 29 Jan 2015 16:41:06 GMT
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 3
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@dns-bind-server ~]#
Raw
file88.txt
[root@dns-bind-server ~]# /usr/local/sbin/rndc stats
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ll /var/named/chroot/data/named_status.dat
-rw-r--r--. 1 bind bind 18745 Jan 30 02:47 /var/named/chroot/data/named_status.dat
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# tail /var/named/chroot/data/named_status.dat
3 TCP/IPv4 sockets opened
1 Raw sockets opened
1 UDP/IPv4 sockets closed
11 TCP/IPv4 sockets closed
12 TCP/IPv4 connections accepted
2 UDP/IPv4 sockets active
15 TCP/IPv4 sockets active
1 Raw sockets active
++ Per Zone Query Statistics ++
--- Statistics Dump --- (1422553640)
[root@dns-bind-server ~]#
Raw
file89.txt
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 743 0.0 2.6 139612 16024 ? Ssl 00:22 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# /usr/local/sbin/rndc stop
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
[root@dns-bind-server ~]#
Raw
file9.txt
[root@dns-bind-server src]# pwd
/usr/local/src
[root@dns-bind-server src]# tar zxvf /usr/local/src/bind-9.10.1-P1.tar.gz
[root@dns-bind-server src]# cd /usr/local/src/bind-9.10.1-P1
[root@dns-bind-server bind-9.10.1-P1]#
Raw
file90.txt
[root@dns-bind-server ~]# ntpdate -s -b ntp.jst.mfeed.ad.jp
[root@dns-bind-server ~]#
Raw
file91.txt
[root@dns-bind-server ~]# cp -Rp /var/spool/cron /var/spool/cron.ORG
[root@dns-bind-server ~]# diff -r /var/spool/cron /var/spool/cron.ORG
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@dns-bind-server ~]# crontab -l
no crontab for root
[root@dns-bind-server ~]#
Raw
file92.txt
[root@dns-bind-server ~]# crontab -e
 (以下の設定を追加する)
*/5 * * * * /usr/sbin/ntpdate -s -b ntp.jst.mfeed.ad.jp
Raw
file93.txt
[root@dns-bind-server ~]# crontab -l
*/5 * * * * /usr/sbin/ntpdate -s -b ntp.jst.mfeed.ad.jp
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# diff -r /var/spool/cron /var/spool/cron.ORG
Only in /var/spool/cron: root
[root@dns-bind-server ~]#
Raw
file94.txt
[root@dns-bind-server ~]# date
Fri XXX XX XX:XX:XX JST 2015
[root@dns-bind-server ~]#
Raw
file95.txt
[root@dns-bind-server ~]# chkconfig --list
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# chkconfig --list | awk '{printf "%s\t\t%s\n", $1,$5}' | grep 3:on
acpid 3:on
auditd 3:on
crond 3:on
ip6tables 3:on
iptables 3:on
named 3:on
netfs 3:on
network 3:on
postfix 3:on
rsyslog 3:on
sshd 3:on
udev-post 3:on
[root@dns-bind-server ~]#
Raw
file96.txt
[root@dns-bind-server ~]# chkconfig udev-post off
[root@dns-bind-server ~]# chkconfig postfix off
[root@dns-bind-server ~]# chkconfig netfs off
[root@dns-bind-server ~]# chkconfig acpid off
[root@dns-bind-server ~]#
Raw
file97.txt
[root@dns-bind-server ~]# chkconfig --list | awk '{printf "%s\t\t%s\n", $1,$5}' | grep 3:on
auditd 3:on
crond 3:on
ip6tables 3:on
iptables 3:on
named 3:on
network 3:on
rsyslog 3:on
sshd 3:on
[root@dns-bind-server ~]#
Raw
file98.txt
[root@dns-bind-server ~]# /etc/init.d/named stop
Stopping named: [ OK ]
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# reboot
Raw
file99.txt
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 730 0.0 1.9 139872 11968 ? Ssl 15:07 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]# ps awux | grep -v grep | sort
[root@dns-bind-server ~]# dig +noall +ans +norec www.test.example.com @127.0.0.1
www.test.example.com. 3600 IN CNAME host1.test.example.com.
host1.test.example.com. 3600 IN A 192.51.100.9
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# dig +noall +ans +norec -x 192.51.100.9 @127.0.0.1
9.100.51.192.in-addr.arpa. 3600 IN PTR host1.test.example.com.
[root@dns-bind-server ~]#
Raw
named
#!/bin/bash
#
# named This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: 235 23 77
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
RETVAL=0
prog="named"
named_user="bind"
named_conf="/etc/named.conf"
# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 1
[ -r /etc/sysconfig/named ] && . /etc/sysconfig/named
[ -x ${ROOTDIR}/sbin/named ] || exit 1
[ -r ${named_conf} ] || exit 1
PATH=$PATH:/usr/local/sbin
start() {
# Start daemons.
echo -n $"Starting $prog: "
if [ -n "`/sbin/pidof named`" ]; then
echo -n $"$prog: already running"
failure
echo
return 1
fi
ckcf_options='-z';
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
ckcf_options="$ckcf_options -t ${ROOTDIR}";
fi
conf_ok=0;
if [ -x /usr/local/sbin/named-checkconf ] && \
echo "named-checkconf $ckcf_options ${named_conf}"
named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then
conf_ok=1;
else
RETVAL=$?;
fi
if [ $conf_ok -eq 1 ]; then
echo "daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf}"
daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf};
RETVAL=$?;
if [ $RETVAL -eq 0 ]; then
ln -s $ROOTDIR/var/run/named/named.pid /var/run/named.pid;
fi;
else
echo "named-checkconf $ckcf_options ${named_conf}"
named_err="`named-checkconf $ckcf_options ${named_conf} 2>&1`";
echo
echo $"Error in named configuration"':';
echo "$named_err";
failure
echo
if [ -x /usr/bin/logger ]; then
echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed
fi;
return $RETVAL;
fi;
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Stopping $prog: "
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/named
rm -f /var/run/named.pid
elif pidof named >/dev/null; then
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/named
rm -f /var/run/named.pid
fi;
fi;
if [ $RETVAL -eq 0 ]; then
success
else
failure
fi;
echo
return $RETVAL
}
rhstatus() {
rndc status
return $?
}
restart() {
stop
sleep 2
start
}
reload() {
echo -n $"Reloading $prog: "
p=`/sbin/pidof -o %PPID named`
RETVAL=$?
if [ "$RETVAL" -eq 0 ]; then
rndc reload >/dev/null 2>&1 || /usr/bin/kill -HUP $p;
RETVAL=$?
fi
[ "$RETVAL" -eq 0 ] && success $"$prog reload" || failure $"$prog reload"
echo
return $?
}
probe() {
rndc reload >/dev/null 2>&1 || echo start
return $?
}
checkconfig() {
ckcf_options='-z';
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
ckcf_options="$ckcf_options -t ${ROOTDIR}";
fi;
if [ -x /usr/local/sbin/named-checkconf ] && \
echo "named-checkconf $ckcf_options ${named_conf}"
named-checkconf $ckcf_options ${named_conf} ; then
return 0;
else
return 1;
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart)
restart
;;
condrestart)
if [ -e /var/lock/subsys/named ]; then restart; fi
;;
reload)
reload
;;
probe)
probe
;;
checkconfig)
checkconfig
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|probe|checkconfig}"
exit 1
esac
exit $?
Raw
named.conf
Controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
include "/etc/rndc.key";
acl "internal-network" {
localhost;
127.0.0.1/32;
198.51.100.10/32;
198.51.100.11/32;
198.51.100.100/32;
198.51.100.101/32;
};
options {
version "unknown";
hostname "ns1.test.example.com";
// /var/named/chrootを基点としてパスを指定する
// /var/named/chroot/var/named のようなパスを指定する場合は/var/namedと指定する。
directory "/var/named";
dump-file "/data/cache_dump.db";
statistics-file "/data/named_status.dat";
pid-file "/var/run/named/named.pid";
// DNS名前解決要求を受け付けるネットワークやマシンを制限する。
// オープンリゾルバにしないよう制限をかける。
listen-on port 53 {
internal-network;
};
allow-query { internal-network; };
// 権威DNSサーバとして構築する場合は再帰検索は受け付けないよう制限する
recursion no;
allow-recursion { none; };
// recursion yes;
// allow-recursion { 127.0.0.1; };
notify yes;
max-transfer-time-in 60;
transfer-format many-answers;
transfers-in 10;
transfers-per-ns 2;
allow-transfer { none; };
allow-update { none; };
};
logging {
channel "log_default"{
file "/var/log/named.log" versions 5 size 5m;
print-time yes;
severity info;
print-category yes;
};
channel "alert" {
file "/var/log/alert.log" versions 8 size 4m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "query" {
file "/var/log/query.log" versions 8 size 50m;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default {"log_default";};
category security {"alert";};
category queries {"query";};
category lame-servers { null; };
};
zone "." IN {
type hint;
file "named.root";
};
zone "test.example.com." IN {
type master;
file "test.example.com.zone";
notify yes;
also-notify {
198.51.100.100;
198.51.100.101;
};
allow-update { none; };
};
zone "100.51.192.in-addr.arpa." IN {
type master;
file "100.51.192.in-addr.arpa.rev";
notify yes;
also-notify {
198.51.100.100;
198.51.100.101;
};
allow-update { none; };
};
Raw
test.example.com.zone
$ORIGIN test.example.com.
$TTL 3600 ; 1 hour
@ IN SOA ns1.test.example.com. postmaster.test.example.com. (
2015012902 ; serial
3600 ; refresh (1 hour)
1200 ; retry (20 min.)
1209600 ; expire (2 weeks)
900 ; minimum (15 min.)
)
@ IN NS ns1.test.example.com.
@ IN NS ns2.test.example.com.
@ IN MX 10 mail.test.example.com.
@ IN TXT "v=spf1 mx ~all" ; TXT
@ IN SPF "v=spf1 mx ~all" ; SPF
ns1 IN A 192.51.100.6
ns2 IN A 192.51.100.7
mail IN A 192.51.100.8
host1 IN A 192.51.100.9
www IN CNAME host1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment