bind-chroot作成
[
root@falcon21 ~]#
yum -y install bind bind-chroot[
root@falcon21 ~]#
vi bind-chroot-admin#!/bin/sh
# bind-chroot install check
rpm -q bind-chroot > /dev/null 2>&1
[ $? -ne 0 ] && echo bind-chroot not install && exit 1
# bind-chroot enabled
sed -i '/^ROOTDIR=/d' /etc/sysconfig/named
echo ROOTDIR=/var/named/chroot >> /etc/sysconfig/named
# file copy
filelist=`mktemp`
rpm -ql bind|grep ^/etc >> ${filelist}
rpm -ql bind|grep ^/var >> ${filelist}
for file in `cat ${filelist}`
do
# directory make
if [ -d ${file} ]; then
DIRNAME=/var/named/chroot${file}
[ ! -d ${DIRNAME} ] && mkdir -p ${DIRNAME}
fi
# file copy
if [ -f ${file} ]; then
DIRNAME=/var/named/chroot`dirname ${file}`
[ ! -d ${DIRNAME} ] && mkdir -p ${DIRNAME}
/bin/cp -a ${file} ${DIRNAME}
fi
done
rm -f ${filelist}
chown named:named /var/named/chroot/var/named/data
chmod 770 /var/named/chroot/var/named/data
chown named:named /var/named/chroot/var/named/dynamic
exit
ーーー
[
root@falcon21 ~]#
sh bind-chroot-admin
BIND設定ファイル編集
[root@falcon21 ~]# vi /var/named/chroot/etc/named.conf
1 //
2 // named.conf
3 //
4 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
5 // server as a caching only nameserver (as a localhost DNS resolver only).
6 //
7 // See /usr/share/doc/bind*/sample/ for example named configuration files.
8 //
9
10 options {
11 #listen-on port 53 { 127.0.0.1; };
12 # listen-on port 53 { any; };
13 #listen-on-v6 port 53 { ::1; };
14 version "unknown";
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 memstatistics-file "/var/named/data/named_mem_stats.txt";
18 allow-transfer { none; };
19
20
21
22 recursion yes; 23 allow-query { localhost; localnets; }; 24 allow-recursion { localhost; localnets; }; 25 allow-query-cache { localhost; localnets; }; 26 forwarders{ 202.224.32.1; 202.224.32.2; };
27
28
29 };
30
31 logging {
32 channel default_debug {
33 file "data/named.run";
34 severity dynamic;
35 };
36 category lame-servers { null; };
37
38// channel dnssec_log {
39// file "log/dnssec" size 20m;
40// print-time yes;
41// print-category yes;
42// print-severity yes;
43// severity debug 3;
44// };
45// category dnssec {
46// dnssec_log;
47// };
48
49 };
50
51 view "internal" { 52 match-clients { localnets; }; 53 match-destinations { localnets; };
54
55 zone "." IN {
56 type hint;
57 file "named.ca";
58 };
59
60 include "/etc/named.rfc1912.zones";
61 include "/etc/named.root.key";
62
63 include "/etc/named.falcon21.space.zone";
64 include "/etc/named.anpachi.moe.hm.zone";
65 };
66
67 view "external" { 68 match-clients { any; }; 69 match-destinations { any; }; 70 include "/etc/named.falcon21.space.zone.wan";
71 include "/etc/named.anpachi.moe.hm.zone.wan";
72 };
73
|
内部向けゾーン定義ファイル作成
[root@falcon21 ~]# vi /var/named/chroot/etc/named/named.falcon21.space.zone
1 zone "falcon21.space" {
2 type master;
3 file "falcon21.space.db";
4 };
5
6 zone "suse.falcon21.space" { //内部サーバー設定
7 type master;
8 file "suse.falcon21.space.db";
9 };
10 zone "2.168.192.in-addr.arpa" {
11 type master;
12 file "2.168.192.in-addr.arpa.db";
13 }:
|
外部向けゾーン定義ファイル作成
[root@falcon21 ~]# vi /var/named/chroot/etc/named/named.falcon21.space.zone.wan
zone "falcon21.space" {
type master;
file "falcon21.space.db.wan";
allow-query { any; };
};
|
DDNS 登録のバーチャルホストでは、必要ないかも?
バーチャルホスト内部向けゾーン定義ファイル作成
[root@falcon21 ~]# vi /var/named/chroot/etc/named.anpachi.moe.hm.zone
zone "anpachi.moe.hm" {
type master;
file "anpachi.moe.hm.db";
};
|
バーチャルホスト外部向けゾーン定義ファイル作成
[root@falcon21 ~]# vi /var/named/chroot/etc/named.anpachi.moe.hm.zone.wan
zone "anpachi.moe.hm" {
type master;
file "anpachi.moe.hm.db.wan";
allow-query { any; };
};
|
IPv4のみ有効にする
[root@falcon21 ~]# echo OPTIONS="-4" >> /etc/sysconfig/named
ルートゾーン自動更新設定
[root@falcon21 ~]# dig . ns @198.41.0.4 +bufsize=1024 > /var/named/chroot/var/named/named.ca
ルートゾーン最新化スクリプト作成
[root@falcon21 ~]# vi named.root_update
#!/bin/bash
new=`mktemp`
errors=`mktemp`
dig . ns @198.41.0.4 +bufsize=1024 > $new 2> $errors
if [ $? -eq 0 ]; then
sort_new=`mktemp`
sort_old=`mktemp`
diff_out=`mktemp`
sort $new > $sort_new
sort /var/named/chroot/var/named/named.ca > $sort_old
diff --ignore-matching-lines=^\; $sort_new $sort_old > $diff_out
if [ $? -ne 0 ]; then
(
echo '-------------------- old named.root --------------------'
cat /var/named/chroot/var/named/named.ca
echo
echo '-------------------- new named.root --------------------'
cat $new
echo '---------------------- difference ----------------------'
cat $diff_out
) | mail -s 'named.root updated' root
cp -f $new /var/named/chroot/var/named/named.ca
chown named. /var/named/chroot/var/named/named.ca
chmod 644 /var/named/chroot/var/named/named.ca
which systemctl > /dev/null 2>&1
if [ $? -eq 0 ]; then
systemctl restart named-chroot > /dev/null
else
/etc/rc.d/init.d/named restart > /dev/null
fi
fi
rm -f $sort_new $sort_old $diff_out
else
cat $errors | mail -s 'named.root update check error' root
fi
rm -f $new $errors
---------------
[root@falcon21 ~]# chmod 700 named.root_update
[root@falcon21 ~]# mv named.root_update /etc/cron.monthly/
|
内部向け正引きゾーンデータベース作成
[root@falcon21 ~]# vi /var/named/chroot/var/named/falcon21.space.db
$TTL 86400
@ IN SOA ns1.falcon21.space. root.falcon21.space.(
2017042222 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.falcon21.space.
IN MX 10 falcon21.space.
@ IN A 192.168.2.103
* IN A 192.168.2.103
|
内部向け逆引きゾーンデータベース作成
[root@falcon21 ~]# vi /var/named/chroot/var/named/2.168.192.in-addr.arpa.db
$TTL 86400
@ IN SOA ns1.falcon21.space. root.falcon21.space.(
2017042123 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.falcon21.space.
IN PTR falcon21.space.
103 IN PTR ns1.falcon21.space.
|
外部向け正引きゾーンデータベース作成
[root@falcon21 ~]# vi /var/named/chroot/var/named/falcon21.space.db.wan
$TTL 86400
@ IN SOA ns1.falcon21.space. root.falcon21.space.(
2017041021 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
86400 ) ; Minimum
IN NS ns1.falcon21.space.
IN MX 10 falcon21.space.
ns1 IN A 203.181.3.94
@ IN A 203.181.3.94
www IN A 203.181.3.94
ftp IN A 203.181.3.94
mail IN A 203.181.3.94
falcon21.space. IN TXT "v=spf1 ip4:203.181.3.94 ~all"
|
バーチャルホスト設定
[root@falcon21 ~]# vi /var/named/chroot/var/named/anpachi.moe.hm.db
$TTL 86400
@ IN SOA ns1.anpachi.moe.hm. root.anpachi.moe.hm.(
2017042222 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.anpachi.moe.hm.
IN MX 10 anpachi.moe.hm.
@ IN A 192.168.2.103
* IN A 192.168.2.103
[root@falcon21 ~]# vi /var/named/chroot/var/named/anpachi.moe.hm.db.wan
$TTL 86400
@ IN SOA ns1.anpachi.moe.hm. root.anpachi.moe.hm.(
2017042222 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
86400 ) ; Minimum
IN NS ns1.anpachi.moe.hm.
IN MX 10 anpachi.moe.hm.
ns1 IN A 203.181.3.94
@ IN A 203.181.3.94
www IN A 203.181.3.94
ftp IN A 203.181.3.94
mail IN A 203.181.3.94
anpachi.moe.hm. IN TXT "v=spf1 ip4:203.181.3.94 ~all"
[root@falcon21 ~]# vi /var/named/chroot/var/named/2.168.192.in-addr.arpa.db
$TTL 86400
@ IN SOA ns1.falcon21.space. root.falcon21.space.(
2017042123 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.falcon21.space.
IN PTR falcon21.space.
IN PTR anpachi.moe.hm.
103 IN PTR ns1.falcon21.space.
|
BIND起動
[root@falcon21 ~]# /etc/rc.d/init.d/named start
named を起動中: [ OK ]
[root@falcon21 ~]# chkconfig named on
ポートTCP53番、UDP53番のOPEN |
サーバー自身の問合せ先DNSサーバーを自分自身に変更
[root@falcon21 ~]# sed -i 's/DNS1=.*/DNS1=127.0.0.1/g' /etc/sysconfig/network-scripts/ifcfg-eth0
[root@falcon21 ~]# /etc/rc.d/init.d/network restart
インターフェース eth0 を終了中: デバイスの状態: 3 (切断済み)
[ OK ]
ループバックインターフェースを終了中 [ OK ]
ループバックインターフェイスを呼び込み中 [ OK ]
インターフェース eth0 を活性化中: アクティブ接続の状態: アクティベート中
アクティブ接続のパス: /org/freedesktop/NetworkManager/ActiveConnection/2
状態: アクティベート済み
接続はアクティベート済み
[ OK ]
オープンリゾルバ確認 DNSサーバーを無断使用されてないか確認
[root@falcon21 ~]# wget -qO - http://www.openresolver.jp/cli/check.html
Configured DNS server: [NOT open] 202.224.32.174(eagle12.asahi-net.or.jp)
Source IP address: [NOT open] 203.181.3.94(q003094.ppp.asahi-net.or.jp)
ネームサーバー情報確認
NS records lookup
Domain name tested: |
falcon21.space |
Test performed from: |
New York, NY |
Test performed at: |
2017-05-06 04:48:06 (GMT +00:00) |
Known NS records: |
|
ns1.value-domain.com |
54.65.150.1 |
ns2.value-domain.com |
54.64.110.166 |
|