BIND9 インストール

BIND9インストール

[root@freebsd ~]# cd /usr/ports/dns/bind98
[root@freebsd bind9]# make BATCH=yes install clean
[root@freebsd bind9]# cd

rndc設定

[root@freebsd ~]# mv /etc/namedb/named.conf /etc/namedb/named.conf.org
[root@freebsd ~]# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
[root@freebsd ~]# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
[root@freebsd ~]# cat /etc/namedb/rndc.key > /etc/namedb/named.conf
[root@freebsd ~]# rm -f /etc/namedb/rndc.key
[root@freebsd ~]# vi /etc/namedb/rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
options {
	default-key "rndc-key";
	default-server 127.0.0.1;
	default-port 953;
};

Server 127.0.0.1 {
	key "rndc-key";
};[root@freebsd ~]# chmod 400 /etc/namedb/rndc.conf
[root@freebsd ~]# chmod 600 /etc/namedb/named.conf
[root@freebsd ~]# chown bind:wheel /etc/namedb/named.conf

named.conf編集

[root@freebsd ~]# vi /etc/namedb/named.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};

options {
	version	"unknown";
	directory	"/etc/namedb";
	pid-file	"/var/run/named/pid";
	dump-file	"/var/dump/named_dump.db";
	statistics-file	"/var/stats/named.stats";
	listen-on-v6	{ none; };
	listen-on	{ localhost; localnets; };
	allow-query	{ localhost; localnets; };
	allow-recursion	{ localhost; localnets; };
	allow-transfer	{ localhost; localnets; };
	forwarders { xxx.xxx.xxx.xx1; xxx.xxx.xxx.xx2; };
};

view "internal"{
	match-clients { localnets; };
	recursion yes;

	zone "." IN {
		type hint;
		file "named.ca";
	};

	zone "0.0.127.in-addr.arpa" {
		type master;
		file "0.0.127.in-addr.arpa";
	};

	zone "1.168.192.in-addr.arpa" {
		type master;
		file "1.168.192.in-addr.arpa";
	};

	zone "freebsd.orz" {
		type master;
		file "freebsd.orz.local";
	};
};

ヒント

xxx.xxx.xxx.xx1 はプロバイダのプライマリDNSサーバーのIPアドレスです。
xxx.xxx.xxx.xx2 はプロバイダのセカンダリDNSサーバーのIPアドレスです。

named.conf編集 (固定IPの場合)

[root@freebsd ~]# vi /etc/namedb/named.conf
↓最終行に下記を記入
view "external"{
	match-clients { any; };
	recursion no;

	zone "freebsd.orz" {
		type master;
		file "freebsd.orz.zone";
		allow-transfer { yyy.yyy.yyy.yyy; };
	};
};

ヒント

yyy.yyy.yyy.yyy はセカンダリDNSサーバーのIPアドレスです。

localhost逆引き

[root@freebsd ~]# vi /etc/namedb/0.0.127.in-addr.arpa
↓下記を記入
$TTL 86400
@	IN	SOA	ns1.freebsd.orz.	root.freebsd.orz. (
	2010052100	;Serial
	28800		;Refresh
	7200		;Retry
	604800		;Expire	
	86400		;Minimum
)

	IN	NS	ns1.freebsd.orz.
1	IN	PTR	localhost.

内部正引き

[root@freebsd ~]# vi /etc/namedb/freebsd.orz.local
↓下記を記入
$TTL	86400
@	IN	SOA	ns1.freebsd.orz.	root.freebsd.orz. (
	2010052100	;Serial
	28800		;Refresh
	7200		;Retry
	604800		;Expire
	86400		;Minimum
)
	IN	NS	ns1.freebsd.orz.
	IN	MX	10	mail.freebsd.orz.
@	IN	A	192.168.1.10
ns1	IN	A	192.168.1.10
www	IN	A	192.168.1.10
ftp	IN	A	192.168.1.10
mail	IN	A	192.168.1.10

内部逆引き

[root@freebsd ~]# vi /etc/namedb/1.168.192.in-addr.arpa
↓下記を記入
$TTL	86400
@	IN	SOA	ns1.freebsd.orz.	root.freebsd.orz. (
	2010052100	;Serial
	28800		;Refresh
	7200		;Retry
	604800		;Expire
	86400		;Minimum
)
	IN	NS	freebsd.orz.
10	IN	PTR	freebsd.orz.

外部正引き (固定IPの場合)

[root@freebsd ~]# vi /etc/namedb/freebsd.orz.zone
↓下記を記入
$TTL	86400
@	IN	SOA	ns1.freebsd.orz.	root.freebsd.orz.  (
	2010052100	;Serial
	28800		;Refresh
	7200		;Retry
	604800		;Expire
	86400		;Minimum
)
	IN	NS	ns1.freebsd.orz.
	IN	MX	10	mail.freebsd.orz.
@	IN	A	zzz.zzz.zzz.zzz
ns1	IN	A	zzz.zzz.zzz.zzz
www	IN	A	zzz.zzz.zzz.zzz
ftp	IN	A	zzz.zzz.zzz.zzz
mail	IN	A	zzz.zzz.zzz.zzz
freebsd.orz. IN TXT "v=spf1 a mx ~all"

ヒント

zzz.zzz.zzz.zzzは固定IPアドレスです。

ルートゾーン最新化

[root@freebsd ~]# dig . ns @198.41.0.4 > /etc/namedb/named.ca

resolv.conf編集

[root@freebsd ~]# echo 'nameserver 127.0.0.1' > /etc/resolv.conf

BIND起動

[root@freebsd ~]# vi /etc/rc.conf
named_enable="YES" ←追加(named起動設定)[root@freebsd ~]# /etc/rc.d/named start
Starting named.

BIND動作確認

[root@freebsd ~]# dig @127.0.0.1 freebsd.orz soa ←SOAレコード確認
; <<>> DiG 9.6.1-P1 <<>> @127.0.0.1 freebsd.orz soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65353
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;freebsd.orz.                   IN      SOA

;; ANSWER SECTION:
freebsd.orz.            86400   IN      SOA     freebsd.freebsd.orz. root.freebsd.orz. 2010052100 28800 7200 604800 86400

;; AUTHORITY SECTION:
freebsd.orz.            86400   IN      NS      freebsd.freebsd.orz.

;; ADDITIONAL SECTION:
freebsd.freebsd.orz.        86400   IN      A       192.168.1.10

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 28 23:14:47 2010
;; MSG SIZE  rcvd: 104
[root@freebsd ~]# dig @127.0.0.1 freebsd.orz ns ←NSレコード確認
; <<>> DiG 9.6.1-P1 <<>> @127.0.0.1 freebsd.orz ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20853
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;freebsd.orz.                   IN      NS

;; ANSWER SECTION:
freebsd.orz.            86400   IN      NS      freebsd.freebsd.orz.

;; ADDITIONAL SECTION:
freebsd.freebsd.orz.        86400   IN      A       192.168.1.10

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 28 23:15:08 2010
;; MSG SIZE  rcvd: 63
[root@freebsd ~]# dig @127.0.0.1 freebsd.freebsd.orz ←Aレコード確認
; <<>> DiG 9.6.1-P1 <<>> @127.0.0.1 freebsd.freebsd.orz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21547
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;freebsd.freebsd.orz.               IN      A

;; ANSWER SECTION:
freebsd.freebsd.orz.        86400   IN      A       192.168.1.10

;; AUTHORITY SECTION:
freebsd.orz.            86400   IN      NS      freebsd.freebsd.orz.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 28 23:15:27 2010
;; MSG SIZE  rcvd: 63
[root@freebsd ~]# dig @127.0.0.1 -x 192.168.1.10 ←逆引き確認
; <<>> DiG 9.6.1-P1 <<>> @127.0.0.1 -x 192.168.1.10
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63965
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;10.1.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
10.1.168.192.in-addr.arpa. 86400 IN     PTR     freebsd.orz.

;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400   IN      NS      freebsd.orz.

;; ADDITIONAL SECTION:
freebsd.orz.            86400   IN      A       192.168.1.10

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 28 23:15:51 2010
;; MSG SIZE  rcvd: 98
[root@freebsd ~]# dig @127.0.0.1 www.freebsd.org ←外部ホスト確認
; <<>> DiG 9.6.1-P1 <<>> @127.0.0.1 www.freebsd.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61299
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1

;; QUESTION SECTION:
;www.freebsd.org.               IN      A

;; ANSWER SECTION:
www.freebsd.org.        3600    IN      A       69.147.83.33

;; AUTHORITY SECTION:
freebsd.org.            3600    IN      NS      ns2.isc-sns.com.
freebsd.org.            3600    IN      NS      ns1.isc-sns.net.
freebsd.org.            3600    IN      NS      ns3.isc-sns.info.

;; ADDITIONAL SECTION:
ns2.isc-sns.com.        172800  IN      A       38.103.2.1

;; Query time: 301 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 28 23:16:10 2010
;; MSG SIZE  rcvd: 153

外部に公開する場合

プロトコル(TCP/UDP)ポート53番(DNS)を開放。