◻️環境:
ドメイン:digihide.local
bindサーバー:192.168.1.111
◻️必要なファイル類:
/var/named/chroot/var/named/named.ca
/var/named/chroot/var/named/1.168.192.in-addr.arpa.zone
/var/named/chroot/var/named/digihide.local.zone
/var/named/chroot/var/named/digihide.local.zone
1)named.confを編集する。
vi /var/named/chroot/etc/named.conf
**********************************************************************************************
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
// dnssec-enable no;
// dnssec-validation no;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
// session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "digihide.local" IN {
type master;
file "digihide.local.zone";
allow-query { any; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.in-addr.arpa.zone";
allow-query { any; };
};
//include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
**********************************************
2)正引きファイルので作成を行う。
vi /var/named/chroot/var/named/1.168.192.in-addr.arpa.zone
***************** 1.168.192.in-addr.arpa.zone *************
$TTL 1D
@ IN SOA digihide.local. root.digihide.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.digihide.local.
111 IN PTR digihide.local.
**********************************************************
3)逆引きファイルのを作成する。
vi /var/named/chroot/var/named/digihide.local.zone
************ digihide.local.zone *************************
$TTL 1D
@ IN SOA digihide.local. root.digihide.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.digihide.local.
@ IN A 192.168.1.111
ns IN A 192.168.1.111
**********************************************************
4)以下、フォルダーの作成を行っておくこと。
mkdir -p /var/named/chroot/var/named/data/
mkdir -p /var/named/chroot/var/named/dynamic/
mkdir -p /var/named/chroot/var/named/slaves/
chgrp named /var/named/chroot/var/named/data/
chgrp named /var/named/chroot/var/named/dynamic/
chgrp named /var/named/chroot/var/named/slaves/
chmod 770 /var/named/chroot/var/named/data/
chmod 770 /var/named/chroot/var/named/dynamic/
chmod 770 /var/named/chroot/var/named/slaves/
5)cd /var/named/に移動する。
6)以下、コピーを行う。
cp named.loopback /var/named/chroot/var/named
cp named.empty /var/named/chroot/var/named
cp named.localhost /var/named/chroot/var/named
cp -r data /var/named/chroot/var/named
7)resolv.confを編集
vi /etc/resolv.conf
************************
nameserver 192.168.1.111
************************
8)サービスを起動する。
systemctl start named-chroot
0 件のコメント:
コメントを投稿