{"id":190,"date":"2026-04-05T22:49:13","date_gmt":"2026-04-05T13:49:13","guid":{"rendered":"https:\/\/falcon21.space\/kazuya\/work\/?page_id=190"},"modified":"2026-04-15T11:07:54","modified_gmt":"2026-04-15T02:07:54","slug":"dns%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc%e6%a7%8b%e7%af%89","status":"publish","type":"page","link":"https:\/\/falcon21.space\/kazuya\/work\/?page_id=190","title":{"rendered":"DNS\u30b5\u30fc\u30d0\u30fc\u69cb\u7bc9"},"content":{"rendered":"\n

BIND\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/p>\n\n\n\n

[root@falcon21 ~]# dnf -y install bind\u3000<\/p>\n\n\n\n

IND\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u7de8\u96c6
[root@falcon21 ~]# vi \/etc\/named.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory “\/var\/named”;
dump-file “\/var\/named\/data\/cache_dump.db”;
statistics-file “\/var\/named\/data\/named_stats.txt”;
memstatistics-file “\/var\/named\/data\/named_mem_stats.txt”;
secroots-file “\/var\/named\/data\/named.secroots”;
recursing-file “\/var\/named\/data\/named.recursing”;
allow-query { localhost; };<\/p>\n\n\n\n

    \/*\n     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.\n     - If you are building a RECURSIVE (caching) DNS server, you need to enable\n       recursion.\n     - If your recursive DNS server has a public IP address, you MUST enable access\n       control to limit queries to your legitimate users. Failing to do so will\n       cause your server to become part of large scale DNS amplification\n       attacks. Implementing BCP38 within your network would greatly\n       reduce such attack surface\n    *\/\n    recursion yes;\n\n    dnssec-validation yes;\n\n    managed-keys-directory \"\/var\/named\/dynamic\";\n    geoip-directory \"\/usr\/share\/GeoIP\";\n\n    pid-file \"\/run\/named\/named.pid\";\n    session-keyfile \"\/run\/named\/session.key\";\n\n    \/* https:\/\/fedoraproject.org\/wiki\/Changes\/CryptoPolicy *\/\n    include \"\/etc\/crypto-policies\/back-ends\/bind.config\";<\/code><\/pre>\n\n\n\n
};<\/p>\n\n\n\n
logging {
channel default_debug {
file “data\/named.run”;
severity dynamic;
};
};<\/p>\n\n\n\n
zone “.” IN {
type hint;
file “named.ca”;
};<\/p>\n\n\n\n
include “\/etc\/named.rfc1912.zones”;
include “\/etc\/named.root.key”;<\/p>\n\n\n\n
************************************************************************************************************<\/p>\n\n\n\n
\n\n\n\n
falcon21.space\u306e\u5185\u90e8\u5411\u3051\u30be\u30fc\u30f3\u5b9a\u7fa9\u30d5\u30a1\u30a4\u30eb\u4f5c\u6210
[root@falcon21 ~]# vi \/etc\/named\/named.falcon21.space.zone
zone “falcon21.space” {
type master;
file “falcon21.space.db”;
};
zone “10.168.192.in-addr.arpa” {
type master;
file “10.168.192.in-addr.arpa.db”;
};<\/p>\n\n\n\n
\n\n\n\n
\u5916\u90e8\u5411\u3051\u30be\u30fc\u30f3\u5b9a\u7fa9\u30d5\u30a1\u30a4\u30eb\u4f5c\u6210\u3000\u3000\u3000
[root@falcon21 ~]# vi \/etc\/named\/named.falcon21.space.zone.wan
\/\/ \u6b63\u5f15\u304d\u8a2d\u5b9a
zone “falcon21.space” {
type master;
file “falcon21.space.db.wan”;
allow-query { any; };
};<\/p>\n\n\n\n
\/\/ \u9006\u5f15\u304d\u8a2d\u5b9a
zone “94.3.181.203.in-addr.arpa” {
type master;
file “94.3.181.203.in-addr.arpa.db.wan”;
};<\/p>\n\n\n\n
\n\n\n\n
IPv4\u306e\u307f\u6709\u52b9\u306b\u3059\u308b(error (network unreachable) resolving\u3068\u3044\u3046\u30a8\u30e9\u30fc\u30ed\u30b0\u306e\u51fa\u529b\u6291\u6b62)
[root@falcon21 ~]# echo OPTIONS=”-4″ >> \/etc\/sysconfig\/named<\/p>\n\n\n\n
\n\n\n\n
\u30eb\u30fc\u30c8\u30be\u30fc\u30f3(named.ca)\u6700\u65b0\u5316
[root@falcon21 ~]# dig . ns @198.41.0.4 +bufsize=1024 > \/var\/named\/named.ca\u3000<\/p>\n\n\n\n
\u30eb\u30fc\u30c8\u30be\u30fc\u30f3\u81ea\u52d5\u66f4\u65b0\u8a2d\u5b9a
1\u30f6\u6708\u306b\u4e00\u5ea6\u3001\u30eb\u30fc\u30c8\u30be\u30fc\u30f3\u304c\u6700\u65b0\u304b\u30c1\u30a7\u30c3\u30af\u3057\u3001\u66f4\u65b0\u3055\u308c\u3066\u3044\u308c\u3070\u30eb\u30fc\u30c8\u30be\u30fc\u30f3\u306e\u6700\u65b0\u5316\u53ca\u3073\u3001BIND\u306e
\u518d\u8d77\u52d5\u3092\u81ea\u52d5\u7684\u306b\u884c\u3046\u3088\u3046\u306b\u3059\u308b\u3002
\u203b\u30eb\u30fc\u30c8\u30be\u30fc\u30f3\u304c\u66f4\u65b0\u3055\u308c\u3066\u3044\u305f\u5834\u5408\u306e\u307f\u3001\u65b0\u65e7\u30eb\u30fc\u30c8\u30be\u30fc\u30f3\u60c5\u5831\u53ca\u3073\u3001\u65b0\u65e7\u30eb\u30fc\u30c8\u30be\u30fc\u30f3\u306e
\u5dee\u5206\u60c5\u5831\u3092root\u5b9b\u306b\u30e1\u30fc\u30eb\u3059\u308b<\/p>\n\n\n\n
\u30eb\u30fc\u30c8\u30be\u30fc\u30f3\u6708\u6b21\u81ea\u52d5\u6700\u65b0\u5316\u30b9\u30af\u30ea\u30d7\u30c8\u4f5c\u6210
[root@falcon21 ~]# vi \/etc\/cron.monthly\/named.root_update<\/p>\n\n\n\n
!\/bin\/bash<\/h1>\n\n\n\n
new=mktemp<\/code>
errors=mktemp<\/code><\/p>\n\n\n\n
dig . ns @198.41.0.4 +bufsize=1024 > $new 2> $errors<\/p>\n\n\n\n
if [ $? -eq 0 ]; then
sort_new=mktemp<\/code>
sort_old=mktemp<\/code>
diff_out=mktemp<\/code>
sort $new > $sort_new
sort \/var\/named\/named.ca > $sort_old
diff –ignore-matching-lines=^\\; $sort_new $sort_old > $diff_out
if [ $? -ne 0 ]; then
(
echo ‘——————– old named.root ——————–‘
cat \/var\/named\/named.ca
echo
echo ‘——————– new named.root ——————–‘
cat $new
echo ‘———————- difference ———————-‘
cat $diff_out
) | mail -s ‘named.root updated’ root
cp -f $new \/var\/named\/named.ca
chown named. \/var\/named\/named.ca
chmod 644 \/var\/named\/named.ca
which systemctl > \/dev\/null 2>&1
systemctl restart named-chroot > \/dev\/null
fi
rm -f $sort_new $sort_old $diff_out
else
cat $errors | mail -s ‘named.root update check error’ root
fi
rm -f $new $errors<\/p>\n\n\n\n
\n\n\n\n
\u30eb\u30fc\u30c8\u30be\u30fc\u30f3\u6708\u6b21\u81ea\u52d5\u6700\u65b0\u5316\u30b9\u30af\u30ea\u30d7\u30c8\u3078\u5b9f\u884c\u6a29\u9650\u4ed8\u52a0
[root@falcon21 ~]# chmod 700 \/etc\/cron.monthly\/named.root_update<\/p>\n\n\n\n
\u5185\u90e8\u5411\u3051\u6b63\u5f15\u304d\u30be\u30fc\u30f3\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9(\u30c9\u30e1\u30a4\u30f3\u540d\u21d2IP\u30a2\u30c9\u30ec\u30b9)\u4f5c\u6210\u3000\u3000\u3000<\/p>\n\n\n\n
\u6b63\u5f15\u304d\u30be\u30fc\u30f3\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u4f5c\u6210
[root@falcon21 ~]# vi \/var\/named\/falcon21.space.db
$TTL 86400
@ IN SOA ns1.falcon21.space. root.falcon21.space. (
2025111012 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.falcon21.space.
IN MX 10 falcon21.space.
@ IN A 192.168.10.3<\/p>\n\n\n\n
    \n
  • IN A 192.168.10.3<\/li>\n<\/ul>\n\n\n\n
    \u5185\u90e8\u5411\u3051\u9006\u5f15\u304d\u30be\u30fc\u30f3\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9(IP\u30a2\u30c9\u30ec\u30b9\u21d2\u30c9\u30e1\u30a4\u30f3\u540d)\u4f5c\u6210\u3000\u3000
    \u9006\u5f15\u304d\u30be\u30fc\u30f3\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u4f5c\u6210
    [root@falcon21 ~]# vi \/var\/named\/10.168.192.in-addr.arpa.db
    $TTL 86400
    @ IN SOA falcon21.space. root.falcon21.space.(
    2025103101 ; Serial
    28800 ; Refresh
    14400 ; Retry
    3600000 ; Expire
    86400 ) ; Minimum
    IN NS falcon21.space.
    3 IN PTR falcon21.space.<\/p>\n\n\n\n
    \u5916\u90e8\u5411\u3051\u6b63\u5f15\u304d\u30be\u30fc\u30f3\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9(\u30c9\u30e1\u30a4\u30f3\u540d\u21d2IP\u30a2\u30c9\u30ec\u30b9)\u4f5c\u6210 \u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000
    \u5916\u90e8\u5411\u3051\u6b63\u5f15\u304d\u30be\u30fc\u30f3\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u4f5c\u6210
    [root@falcon21 ~]# vi \/var\/named\/falcon21.space.db.wan
    $TTL 86400
    @ IN SOA ns1.falcon21.space. root.falcon21.space.(
    2025103101 ; Serial
    7200 ; Refresh
    7200 ; Retry
    2419200 ; Expire
    86400 ) ; Minimum<\/p>\n\n\n\n
    IN NS    ns1.falcon21.space.
        IN MX 10 falcon21.space.<\/p>\n\n\n\n
    ns1 IN A 203.181.3.94
    @ IN A 203.181.3.94
    www IN A 203.181.3.94
    mail IN A 203.181.3.94
    falcon21.space. IN TXT “v=spf1 ip4:203.181.3.94 ~all”<\/p>\n\n\n\n
    \n\n\n\n
    \u5916\u90e8\u5411\u3051\u9006\u5f15\u304d\u30be\u30fc\u30f3\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u4f5c\u6210
    [root@falcon21 ~]# vi \/var\/named\/94.3.181.203.in-addr.arpa.db.wan\u3000\u3000
    $TTL 86400
    @ IN SOA ns1.falcon21.space. root.falcon21.space.(
    2025103101 ; Serial
    7200 ; Refresh
    7200 ; Retry
    2419200 ; Expire
    86400 ) ; Minimum
    IN NS ns1.falcon21.space.
    94 IN PTR falcon21.space.<\/p>\n\n\n\n
    \n\n\n\n
    BIND\u8d77\u52d5<\/p>\n\n\n\n
    root@falcon21:~# systemctl enable named
    Created symlink ‘\/etc\/systemd\/system\/multi-user.target.wants\/named.service’ \u2192 ‘\/usr\/lib\/systemd\/system\/named.service’.<\/p>\n\n\n\n
    root@falcon21:~# systemctl restart named
    Created symlink ‘\/etc\/systemd\/system\/multi-user.target.wants\/named.service’ \u2192 ‘\/usr\/lib\/systemd\/system\/named.service’.
    Job for named.service failed because the control process exited with error code.
    See “systemctl status named.service” and “journalctl -xeu named.service” for details.<\/p>\n\n\n\n
    \n\n\n\n
    BIND\u8d77\u52d5\u30a8\u30e9\u30fc\u3000\u5bfe\u51e6<\/p>\n\n\n\n
    named.conf\u30c1\u30a7\u30c3\u30af
    [root@falcon21 ~]# named-checkconf -z \/etc\/named.conf<\/p>\n\n\n\n
    \u30be\u30fc\u30f3\u5b9a\u7fa9\u30d5\u30a1\u30a4\u30eb\u306e\u30c1\u30a7\u30c3\u30af
    [root@falcon21 ~]# named-checkzone falcon21.space<\/p>\n\n\n\n
    \u30be\u30fc\u30f3\u30d5\u30a1\u30a4\u30eb\u30c1\u30a7\u30c3\u30af
    [root@falcon21 ~]# named-checkzone falcon21.space \/var\/named\/10.168.192.in-addr.arpa.db<\/p>\n\n\n\n
    [root@falcon21 ~]# named-checkzone falcon21.space \/var\/named\/falcon21.space.db<\/p>\n\n\n\n
    [root@falcon21 ~]# named-checkzone falcon21.space \/var\/named\/falcon21.space.db.wan<\/p>\n\n\n\n
    [root@falcon21 ~]# named-checkzone falcon21.space \/var\/named\/94.3.181.203.in-addr.arpa.db.wan<\/p>\n\n\n\n
    \n\n\n\n
    BIND\u81ea\u52d5\u8d77\u52d5\u8a2d\u5b9a<\/p>\n\n\n\n
    [root@falcon21 ~]# systemctl start named<\/p>\n\n\n\n
    [root@falcon21 ~]# systemctl enable named<\/p>\n\n\n\n
    \u8d77\u52d5\u78ba\u8a8d
    [root@falcon21 ~]# systemctl restart named<\/p>\n\n\n\n
    \n\n\n\n
    \u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u3000TCP53\u756a\u3001UDP53\u756a\u30dd\u30fc\u30c8\u958b\u653e<\/p>\n\n\n\n
    [root@falcon21 ~]# firewall-cmd –add-service=dns
    success<\/p>\n\n\n\n
    [root@falcon21 ~]# firewall-cmd –runtime-to-permanent
    success<\/p>\n\n\n\n
    <\/p>\n","protected":false},"excerpt":{"rendered":"
    BIND\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb [root@falcon21 ~]# dnf -y install bind\u3000 IND\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u7de8\u96c6[root@falcon21 ~]# vi \/etc\/named.confoptions {li […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-190","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages\/190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=190"}],"version-history":[{"count":3,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages\/190\/revisions"}],"predecessor-version":[{"id":327,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages\/190\/revisions\/327"}],"wp:attachment":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}