2020/8/8
apt-get install bind9 bind9utils -y
// This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; #include "/etc/bind/named.conf.default-zones"; #このnamed.conf.internal-zonesを追記 include "/etc/bind/named.conf.internal-zones"; #include "/etc/bind/named.conf.external-zones";
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
// dnssec-validation auto;
// auth-nxdomain no; # conform to RFC1035
// listen-on-v6 { any; };
# 問い合わせを許可する範囲
allow-query { localhost; 192.168.xxx.0/24; };
# ゾーン情報の転送を許可する範囲 ( セカンダリDNSがいる場合は、その場所/範囲 )
#allow-transfer { localhost; 10.0.0.0/24; };
# 再帰検索を許可する範囲
allow-recursion { localhost; 192.168.xxx.0/24; };
//dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
# IPV6を使わないならば変更
#listen-on-v6 { none; };
#statusをIPv6で名前解決できていない旨のエラーが出る。
use-v6-udp-ports{};
};
# 内部向けの定義を記述
view "internal" {
# 指定範囲内のホストが内部向けの定義を参照
match-clients {
localhost;
192.168.xxx.0/24;
};
# 内部向け正引き情報を定義
zone "takahashi.lab" {
type master;
file "/etc/bind/takahashi.lab.zone";
allow-update { none; };
};
# 内部向け逆引き情報を定義
zone "xxx.168.192.in-addr.arpa" {
type master;
file "/etc/bind/192.168.xxx.rev";
allow-update { none; };
};
include "/etc/bind/named.conf.default-zones";
};
$TTL 86400
@ IN SOA He.takahashi.lab. takahasi.hakodate-ct.ac.jp. (
9 ; Serial 2015/08/18 15:00 サーバ交換
; 8 ; Serial 2015/05/15 10:00 Cn,Fl,Lv
; 7 ; Serial 2012/11/17 16:30 www.takahashi.labをNe.takahashi.labに変更
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS He.takahashi.lab.
dns IN CNAME He ; 192.168.xxx.2
H IN A 192.168.xxx.1
He IN A 192.168.xxx.2
;以下省略
$TTL 86400
@ IN SOA He.takahashi.lab. takahasi.hakodate-ct.ac.jp. (
5 ; Serial 2015/08/18 15:00 サーバ交換
; 4 ; Serial 2015/05/15 10:00 Cn,Fl,Lv
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS He.takahashi.lab.
1 IN PTR H.takahashi.lab. ; 192.168.xxx.1
2 IN PTR He.takahashi.lab.
3 IN PTR Li.takahashi.lab.
4 IN PTR Be.takahashi.lab.
5 IN PTR B.takahashi.lab.
6 IN PTR C.takahashi.lab.
7 IN PTR N.takahashi.lab.
8 IN PTR O.takahashi.lab.
9 IN PTR F.takahashi.lab.
10 IN PTR Ne.takahashi.lab.
11 IN PTR Na.takahashi.lab.
;以下省略
$ cat /etc/resolv.conf # Generated by NetworkManager search takahashi.lab nameserver 192.168.70.2
systemctl restart bind9statusをみるとエラーが出ている。IPv6で名前解決できていない。 named.conf.optionsにuse-v6-udp-ports{};を追加して、IPv6応答をやめます。
# systemctl status bind9
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-08-08 16:44:09 JST; 7min ago
Docs: man:named(8)
Process: 4477 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 4479 (named)
Tasks: 5 (limit: 4915)
Memory: 12.1M
CGroup: /system.slice/bind9.service
└─4479 /usr/sbin/named -u bind
8月 08 16:44:09 Pm named[4479]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
8月 08 16:44:09 Pm named[4479]: network unreachable resolving './NS/IN': 2001:500:200::b#53
8月 08 16:44:09 Pm named[4479]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
8月 08 16:44:09 Pm named[4479]: network unreachable resolving './NS/IN': 2001:7fd::1#53
8月 08 16:44:09 Pm named[4479]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
8月 08 16:44:09 Pm named[4479]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
8月 08 16:44:09 Pm named[4479]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
8月 08 16:44:09 Pm named[4479]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
8月 08 16:44:10 Pm named[4479]: managed-keys-zone/internal: Key 20326 for zone . acceptance timer complete: key now trusted
8月 08 16:44:10 Pm named[4479]: resolver priming query complete
$ dig H.takahashi.lab ; <<>> DiG 9.9.5-9+deb8u2-Debian <<>> H.takahashi.lab ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11609 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;H.takahashi.lab. IN A ;; ANSWER SECTION: H.takahashi.lab. 86400 IN A 192.168.xxx.1 ;; AUTHORITY SECTION: takahashi.lab. 86400 IN NS He.takahashi.lab. ;; ADDITIONAL SECTION: He.takahashi.lab. 86400 IN A 192.168.xxx.2 ;; Query time: 0 msec ;; SERVER: 192.168.70.2#53(192.168.70.2) ;; WHEN: Fri Aug 21 16:33:11 JST 2015 ;; MSG SIZE rcvd: 93