Debian 5.0
Sponsored Link

BINDインストール2009/04/18

  名前解決を行ってくれる DNS (Domain Name System) サーバーを構築します。 DNSサーバーとして BIND 9 を使います。 ルーターの設定で、TCP と UDP の 53番ポート宛てを通す設定もしておきます。

[1] まずは BIND 9 のインストールです。
dlp:~#
aptitude -y install bind9

Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Reading task descriptions... Done
The following NEW packages will be installed:
  bind9 bind9utils{a}
0 packages upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 354kB of archives. After unpacking 1065kB will be used.
Do you want to continue? [Y/n/?] y
Writing extended state information... Done
Get:1 http://ftp.jp.debian.org lenny/main bind9utils 1:9.5.1.dfsg.P1-1 [99.6kB]
Get:2 http://ftp.jp.debian.org lenny/main bind9 1:9.5.1.dfsg.P1-1 [254kB]
Fetched 354kB in 0s (455kB/s)
Preconfiguring packages ...
Selecting previously deselected package bind9utils.
(Reading database ... 19225 files and directories currently installed.)
Unpacking bind9utils (from .../bind9utils_1%3a9.5.1.dfsg.P1-1_amd64.deb) ...
Selecting previously deselected package bind9.
Unpacking bind9 (from .../bind9_1%3a9.5.1.dfsg.P1-1_amd64.deb) ...
Processing triggers for man-db ...
Setting up bind9utils (1:9.5.1.dfsg.P1-1) ...
Setting up bind9 (1:9.5.1.dfsg.P1-1) ...
Adding group `bind' (GID 107) ...
Done.
Adding system user `bind' (UID 105) ...
Adding new user `bind' (UID 105) with group `bind' ...
Not creating home directory `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
#
Starting domain name service...: bind9.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
Reading task descriptions... Done
[2] BIND 9 の設定です。 以下での設定は、グローバルアドレス[172.16.0.80/29], プライベートアドレス[192.168.0.0/24], ドメイン名[srv.world]と仮定した場合のものですので、自分の環境に合わせて置き換えて設定してください。 (172.16.0.80/29 は実際にはプライベート用のアドレスですが)
dlp:~#
vi /etc/bind/named.conf

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

# 以下全行変更

# 以下より、内部向けの定義を記述

view "internal" {
# 指定範囲内のホストが内部向けの定義を参照

match-clients {

localhost;

192.168.0.0/24;

};

zone "." IN {

type hint;

file "/etc/bind/db.root";

};

# 内部向け正引き情報を定義

zone "srv.world" IN {

type master;

file "/etc/bind/srv.world.lan";

allow-update { none; };

};

# 内部向け逆引き情報を定義 *注

zone "0.168.192.in-addr.arpa" IN {

type master;

file "/etc/bind/0.168.192.db";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "/etc/bind/db.local";

};

zone "127.in-addr.arpa" IN {

type master;

file "/etc/bind/db.127";

};

zone "0.in-addr.arpa" IN {

type master;

file "/etc/bind/db.0";

};

zone "255.in-addr.arpa" IN {

type master;

file "/etc/bind/db.255";

};

};
# 以下より、外部向けの定義を記述

view "external" {
# 内部向け範囲以外のホストが参照

match-clients {

any;

};

zone "." IN {

type hint;

file "/etc/bind/db.root";

};

# 外部向け正引き情報を定義

zone "srv.world" IN {

type master;

file "/etc/bind/srv.world.wan";

allow-update { none; };

};

# 外部向け正引き情報を定義 *注

zone "80.0.16.172.in-addr.arpa" IN {

type master;

file "/etc/bind/80.0.16.172.db";

allow-update { none; };

};

};
include "/etc/bind/named.conf.local";


# *注:「*.*.*.*.in-addr.arpa」と指定するところはネットワークアドレスを逆にしたものを入力

192.168.0.0/24 の場合
ネットワークアドレス
→ 192.168.0.0

ネットワークの範囲
→ 192.168.0.0 - 192.168.0.255

指定方法
→ 0.168.192.in-addr.arpa


172.16.0.80/29 の場合
ネットワークアドレス
→ 172.16.0.80

ネットワークの範囲
→ 172.16.0.80 - 172.16.0.87

指定方法
→ 80.0.16.172.in-addr.arpa
[3] 名前解決の問い合わせ等を許可する範囲等を限定しておきます。
dlp:~#
vi /etc/bind/named.conf.options


options {
directory "/var/cache/bind";


// If there is a firewall between you and nameservers you want

// to talk to, you might need to uncomment the query-source

// directive below. Previous versions of BIND always asked

// questions using port 53, but BIND 8.1 and later use an unprivileged

// port by default.


// query-source address * port 53;


// If your ISP provided one or more IP addresses for stable

// nameservers, you probably want to use them as forwarders.

// Uncomment the following block, and insert the addresses replacing

// the all-0's placeholder.


// forwarders {

// 0.0.0.0;

// };


# 問い合わせを許可する範囲

allow-query { localhost; 192.168.0.0/24; };

# ゾーン情報の転送を許可する範囲

allow-transfer { localhost; 192.168.0.0/24; };

# 再帰検索を許可する範囲

allow-recursion { localhost; 192.168.0.0/24; };


auth-nxdomain no; # conform to RFC1035

listen-on-v6 { any; };

};
関連コンテンツ