内部用bind設定メモ

◻️bindの設定

vi /var/named/chroot/etc/named.conf

================================

/

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

// See the BIND Administrator's Reference Manual (ARM) for details about the

// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {

        listen-on port 53 { any; };

//      listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { localhost; };

        forwarders { 192.168.1.200; };

        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to enable

           recursion.

         - If your recursive DNS server has a public IP address, you MUST enable access

           control to limit queries to your legitimate users. Failing to do so will

           cause your server to become part of large scale DNS amplification

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface

        */

        recursion yes;

        //dnssec-enable no;

        //dnssec-validation no;

        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";

//      managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

        type hint;

        file "named.ca";

};

zone "digihide.local" IN {

        type master;

        file "digihide.local.zone";

        allow-query { any; };

};

zone "1.168.192.in-addr.arpa" IN {

        type master;

        file "1.168.192.in-addr.arpa.zone";

        allow-query { any; };

};

//include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

==================================

vi /var/named/chroot/var/named/1.168.192.in-addr.arpa.zone

===============================

$TTL 1D

@       IN SOA  digihide.local. root.digihide.local. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

                NS      ns.digihide.local.

111     IN      PTR     digihide.local.

=================================

vi /var/named/chroot/var/named/digihide.local.zone

=================================

$TTL 1D

@       IN SOA  digihide.local. root.digihide.local. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

             IN NS      ns.digihide.local.

             IN MX 10   mail.digihide.local.

@       IN      A       192.168.1.111

*       IN      A       192.168.1.111

==================================

注意：mail.digihide.local.は、postfixの/etc/postfix/main.cfのhostnameに記載した内容に合わせること！

例：myhostname = mail.digihide.local