- 論壇徽章:
- 0
|
TITLE: BIND
LFS VERSION: 3.0-pre4
AUTHOR: Michenaud Laurent <lmichenaud@free.fr>;
SYNOPSIS:
How to set up a simple dns server with bind
HINT:
version 1.0beta1
This hint explains how to set up bind on your lfs.
I am not a bind specialist, what is written is what i
have understood. Don\\\'t hesitate to correct it if you
see mistakes or have optimizations.
------------------------------------------------
1) Installation of bind
tar zxvf bind-9.1.3.tar.gz
cd bind-9.1.3
./configure
make
make install
cp doc/man/bin/*.1 /usr/man/man1
cp doc/man/bin/*.5 /usr/man/man5
cp doc/man/bin/*.8 /usr/man/man8
The following configuration files are very simple. It allows you to have
a dns server for your local network and allows you to use the dns
server of your FAI when you\\\'re connected to internet.
On this example,
network address : 192.168.0.0
domain name : zerezo.org
machine host name : zarba
machine ip : 192.168.0.51
---------------------------------------------------
2) The main configuration file : /etc/named.conf
;; Begin of file
; General options
options {
auth-nxdomain yes;
directory \\"/var/named\\";
forward first;
forwarders {
212.47.227.206; DNS of your FAI here
212.47.227.207;
};
};
; How to log
logging {
channel warning
{
file \\"/var/log/dns_warnings\\" versions 3 size 100k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns
{
file \\"/var/log/dns_logs\\" versions 3 size 100k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; } ;
category queries { general_dns; } ;
};
; zone for access to Internet
zone \\".\\" {
type hint;
file \\"named.ca\\";
};
; zone for access to localhost
zone \\"0.0.127.in-addr.arpa\\" {
type master;
file \\"named.local\\";
};
; zone for access to your domain
zone \\"zerezo.org\\" in {
type master;
notify no;
file \\"zerezo.org\\";
};
; zone for access to your domain using ip
zone \\"0.168.192.in-addr.arpa\\" in {
type master;
notify no;
file \\"db.192.168.0\\";
};
;; End of file
------------------------------------
3) Configuration files for each zone
There is a configuration file of each zone defined in named.conf.
These files are in /var/named . You have to create this directory.
a) /var/named/named.ca
This file is used when you are connected to internet.
I got this file on internet. It seems rather old, maybe you
can have a more recent one.
; Begin of file
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the \\"cache . <file>;\\"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC registration services
; under anonymous FTP as
; file /domain/named.root
; on server FTP.RS.INTERNIC.NET
; -OR- under Gopher at RS.INTERNIC.NET
; under menu InterNIC Registration Services (NSI)
; submenu InterNIC Registration Archives
; file named.root
;
; last update: Aug 22, 1997
; related version of root zone: 1997082200
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; temporarily housed at NSI (InterNIC)
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; temporarily housed at ISI (IANA)
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
b) /var/named/named.local
You must have an alias postmaster that points to the user root
or another one.
; Begin of file
$TTL 3D
@ IN SOA zarba.zerezo.org. postmaster.zarba.zerezo.org. (
1999112002 ;
28800 ;
14400 ;
604800 ;
86400 );
NS zarba.zerezo.org.
1 PTR localhost. ; Adresse IP reverse
; End of file
c) /var/named/zerezo.org
; Begin of file
$TTL 3D
@ IN SOA zarba.zerezo.org. postmaster.zarba.zerezo.org. (
1999112002 ; numero de serie
28800 ; rafraichissement
14400 ; nouvel essais
604800 ; expiration
86400 ); temps de vie minimum
; NS = server de nom de domaine
@ IN NS zarba
@ IN NS zarba.zerezo.org.
; MX = server de mail, numero = priorite
@ IN MX 10 zarba
@ IN MX 20 zarba.zerezo.org.
; localt dns server
@ IN A 127.0.0.1
@ IN A 192.168.0.51
; server IP
localhost IN A 127.0.0.1
zarba IN A 192.168.0.51
; IP of others machines of the network
karine IN A 192.168.0.52
yaf IN A 192.168.0.7
; aliases
www IN CNAME zarba
ftp IN CNAME zarba
mail IN CNAME zarba
; End of file
d) /var/named/db.192.168.0
; Begin of file
$TTL 3D
@ IN SOA zarba.zerezo.org. postmaster.zarba.zerezo.org. (
1999112002 ; numero de serie
28800 ; rafraichissement
14400 ; nouvel essais
604800 ; expiration
86400 ); temps de vie
; nameserver
IN NS zarba.zerezo.org.
; IP Reverses adresses
1 IN PTR zarba.zerezo.org.
2 IN PTR karine.zerezo.org.
3 IN PTR yaf.zerezo.org.
; End of file
------------------------
4) Configuration of rndc
rndc is used to administrate bind. His developpment is not
fisnished but i prefer to put it in this hint rather than
the obsolete nslookup utility.
a) Creation of a key
You have to get a key so rndc can communicate with bind :
dnssec-keygen -a hmac-md5 -b 128 -n user rndc
It will create you two files. Get the value of the key in the .key one.
b) /etc/rdnc.conf
Create the file and edit the key please.
; Begin of file
options {
default-server localhost;
default-key rndc_key;
};
server localhost {
key rndc_key;
};
key rndc_key {
algorithm hmac-md5;
secret \\"Xd3zz2FgxvkML4V/BlVG8Q==\\";
};
; End of file
c) Edit again /etc/named.conf and add the following lines :
key rndc_key {
algorithm hmac-md5;
secret
\\"Xd3zz2FgxvkML4V/BlVG8Q==\\";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
---------------
5) /etc/init.d/named
a) Here is the boot scripts
#!/bin/sh
# Begin /etc/init.d/
#
# Include the functions declared in the /etc/init.d/functions file
#
source /etc/init.d/functions
case \\"$1\\" in
start)
echo -n \\"Starting dns server...\\"
loadproc /usr/sbin/named
;;
stop)
echo -n \\"Stopping dns server...\\"
/usr/sbin/rndc stop
evaluate_retval
;;
reload)
echo -n \\"Reloading dns server...\\"
/usr/sbin/rndc reload
evaluate_retval
;;
restart)
$0 stop
/usr/sbin/sleep 1
$0 start
;;
status)
/usr/sbin/rndc status
evalute_retval
;;
*)
echo \\"Usage: $0 {start|stop|reload|restart|status}\\"
exit 1
;;
esac
# End /etc/init.d/
b) Create the links
cd /etc/rc0.d
ln -s ../init.d/named K600named
cd /etc/rc1.d
ln -s ../init.d/named K600named
cd /etc/rc6.d
ln -s ../init.d/named K600named
cd /etc/rc3.d
ln -s ../init.d/named S300named
cd /etc/rc5.d
ln -s ../init.d/named S300named
--------------------------
6) Edit /etc/resolv.conf so it use your dns server
search zerezo.org
nameserver 192.168.0.51
--------------------------
6) Test your configuration
Some tests :
dig -x 127.0.0.1
if you have a ftp server :
ftp ftp.zerezo.org
ftp zarba.zerezo.org
if you have apache, launch your browser and use as url :
http://www.zerezo.org
http://zarba.zerezo.org
If problems, look at the logs /var/log/dns* and /var/log/sys.log
|
|
免費(fèi)注冊
發(fā)表于 2002-06-14 11:39
