BIND Nameserver unter CentOS 6

Mit BIND1) des Internet Systems Consortium richten wir uns für unser SOHO2)-LAN ein Domain-Name-System-Server oder kurz DNS3)ein.

DNS wurde in den beiden RFC 1034 und RFC 1035 definiert und bekam von der Internet Assigned Numbers Authority die beiden Ports 53/UDP und 53/TCP.

Zu erst installieren wir uns die beiden Pakete bind und bind-chroot. Letzters hilft uns, unseren DNS in einem chroot4)-Umgebung laufen zu lassen.

 # yum install bind bind-chroot -y

Als erstes sehen uns wir mal an, was die beiden Pakete alles an Dateien mitbringen und vor allem wohin diese gespeichert worden sind.

bind

 # rpm -qil bind 
Name        : bind                         Relocations: (not relocatable)
Version     : 9.7.0                             Vendor: CentOS
Release     : 5.P2.el6_0.1                  Build Date: Sat 25 Jun 2011 05:48:43 AM CEST
Install Date: Mon 22 Aug 2011 01:33:07 PM CEST      Build Host: c6b6.bsys.dev.centos.org
Group       : System Environment/Daemons    Source RPM: bind-9.7.0-5.P2.el6_0.1.src.rpm
Size        : 6695969                          License: ISC
Signature   : RSA/8, Wed 06 Jul 2011 03:37:08 AM CEST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://www.isc.org/products/BIND/
Summary     : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
/etc/NetworkManager/dispatcher.d/13-named
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/rc.d/init.d/named
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/usr/lib64/bind
/usr/sbin/arpaname
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/share/doc/bind-9.7.0
/usr/share/doc/bind-9.7.0/CHANGES
/usr/share/doc/bind-9.7.0/COPYRIGHT
/usr/share/doc/bind-9.7.0/Copyright
/usr/share/doc/bind-9.7.0/README
/usr/share/doc/bind-9.7.0/arm
/usr/share/doc/bind-9.7.0/arm/Bv9ARM-book.xml
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch01.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch02.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch03.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch04.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch05.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch06.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch07.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch08.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch09.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch10.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.html
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.pdf
/usr/share/doc/bind-9.7.0/arm/Makefile
/usr/share/doc/bind-9.7.0/arm/Makefile.in
/usr/share/doc/bind-9.7.0/arm/README-SGML
/usr/share/doc/bind-9.7.0/arm/dnssec.xml
/usr/share/doc/bind-9.7.0/arm/isc-logo.eps
/usr/share/doc/bind-9.7.0/arm/isc-logo.pdf
/usr/share/doc/bind-9.7.0/arm/latex-fixup.pl
/usr/share/doc/bind-9.7.0/arm/libdns.xml
/usr/share/doc/bind-9.7.0/arm/man.arpaname.html
/usr/share/doc/bind-9.7.0/arm/man.ddns-confgen.html
/usr/share/doc/bind-9.7.0/arm/man.dig.html
/usr/share/doc/bind-9.7.0/arm/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.7.0/arm/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.7.0/arm/man.dnssec-keygen.html
/usr/share/doc/bind-9.7.0/arm/man.dnssec-revoke.html
/usr/share/doc/bind-9.7.0/arm/man.dnssec-settime.html
/usr/share/doc/bind-9.7.0/arm/man.dnssec-signzone.html
/usr/share/doc/bind-9.7.0/arm/man.genrandom.html
/usr/share/doc/bind-9.7.0/arm/man.host.html
/usr/share/doc/bind-9.7.0/arm/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.7.0/arm/man.named-checkconf.html
/usr/share/doc/bind-9.7.0/arm/man.named-checkzone.html
/usr/share/doc/bind-9.7.0/arm/man.named-journalprint.html
/usr/share/doc/bind-9.7.0/arm/man.named.html
/usr/share/doc/bind-9.7.0/arm/man.nsec3hash.html
/usr/share/doc/bind-9.7.0/arm/man.nsupdate.html
/usr/share/doc/bind-9.7.0/arm/man.rndc-confgen.html
/usr/share/doc/bind-9.7.0/arm/man.rndc.conf.html
/usr/share/doc/bind-9.7.0/arm/man.rndc.html
/usr/share/doc/bind-9.7.0/arm/managed-keys.xml
/usr/share/doc/bind-9.7.0/arm/pkcs11.xml
/usr/share/doc/bind-9.7.0/draft
/usr/share/doc/bind-9.7.0/draft/draft-ietf-6man-text-addr-representation-01.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-behave-dns64-01.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-axfr-clarify-13.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-dns-tcp-requirements-02.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-dnssec-bis-updates-09.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-dnssec-gost-06.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-ecc-key-07.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-interop3597-02.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-rfc2671bis-edns0-02.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-rfc2672bis-dname-18.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-rfc3597-bis-00.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-tsig-md5-deprecated-03.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-bad-dns-res-05.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-default-local-zones-09.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-inaddr-required-07.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-name-server-management-reqs-02.txt
/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-respsize-06.txt
/usr/share/doc/bind-9.7.0/draft/draft-kato-dnsop-local-zones-00.txt
/usr/share/doc/bind-9.7.0/draft/update
/usr/share/doc/bind-9.7.0/misc
/usr/share/doc/bind-9.7.0/misc/Makefile
/usr/share/doc/bind-9.7.0/misc/Makefile.in
/usr/share/doc/bind-9.7.0/misc/dnssec
/usr/share/doc/bind-9.7.0/misc/format-options.pl
/usr/share/doc/bind-9.7.0/misc/ipv6
/usr/share/doc/bind-9.7.0/misc/migration
/usr/share/doc/bind-9.7.0/misc/migration-4to9
/usr/share/doc/bind-9.7.0/misc/options
/usr/share/doc/bind-9.7.0/misc/rfc-compliance
/usr/share/doc/bind-9.7.0/misc/roadmap
/usr/share/doc/bind-9.7.0/misc/sdb
/usr/share/doc/bind-9.7.0/misc/sort-options.pl
/usr/share/doc/bind-9.7.0/named.conf.default
/usr/share/doc/bind-9.7.0/rfc
/usr/share/doc/bind-9.7.0/rfc/index.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1032.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1033.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1034.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1035.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1101.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1122.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1123.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1183.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1348.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1535.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1536.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1537.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1591.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1611.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1612.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1706.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1712.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1750.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1876.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1886.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1912.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1982.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1995.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc1996.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2052.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2104.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2119.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2133.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2136.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2137.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2163.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2168.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2181.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2230.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2308.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2317.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2373.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2374.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2375.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2418.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2535.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2536.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2537.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2538.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2539.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2540.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2541.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2553.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2671.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2672.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2673.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2782.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2825.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2826.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2845.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2874.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2915.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2929.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2930.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc2931.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3007.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3008.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3071.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3090.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3110.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3123.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3152.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3197.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3225.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3226.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3258.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3363.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3364.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3425.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3445.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3467.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3490.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3491.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3492.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3493.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3513.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3596.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3597.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3645.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3655.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3658.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3755.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3757.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3833.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3845.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc3901.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4025.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4033.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4034.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4035.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4074.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4159.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4193.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4255.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4294.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4339.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4343.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4367.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4398.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4408.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4431.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4470.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4471.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4472.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4509.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4634.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4635.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4641.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4648.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4697.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4701.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4892.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4955.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc4956.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc5001.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc5011.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc5155.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc5205.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc5452.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc5507.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc5625.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc5702.txt.gz
/usr/share/doc/bind-9.7.0/rfc/rfc952.txt.gz
/usr/share/doc/bind-9.7.0/rfc1912.txt
/usr/share/doc/bind-9.7.0/sample
/usr/share/doc/bind-9.7.0/sample/etc
/usr/share/doc/bind-9.7.0/sample/etc/named.conf
/usr/share/doc/bind-9.7.0/sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.7.0/sample/var
/usr/share/doc/bind-9.7.0/sample/var/named
/usr/share/doc/bind-9.7.0/sample/var/named/data
/usr/share/doc/bind-9.7.0/sample/var/named/my.external.zone.db
/usr/share/doc/bind-9.7.0/sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.7.0/sample/var/named/named.ca
/usr/share/doc/bind-9.7.0/sample/var/named/named.empty
/usr/share/doc/bind-9.7.0/sample/var/named/named.localhost
/usr/share/doc/bind-9.7.0/sample/var/named/named.loopback
/usr/share/doc/bind-9.7.0/sample/var/named/slaves
/usr/share/doc/bind-9.7.0/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind-9.7.0/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
/var/run/named

bind-chroot

 # rpm -qil bind-chroot
Name        : bind-chroot                  Relocations: /var/named/chroot 
Version     : 9.7.0                             Vendor: CentOS
Release     : 5.P2.el6_0.1                  Build Date: Sat 25 Jun 2011 05:48:43 AM CEST
Install Date: Mon 22 Aug 2011 01:33:10 PM CEST      Build Host: c6b6.bsys.dev.centos.org
Group       : System Environment/Daemons    Source RPM: bind-9.7.0-5.P2.el6_0.1.src.rpm
Size        : 0                                License: ISC
Signature   : RSA/8, Wed 06 Jul 2011 03:37:09 AM CEST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://www.isc.org/products/BIND/
Summary     : A chroot runtime environment for the ISC BIND DNS server, named(8)
Description :
This package contains a tree of files which can be used as a
chroot(2) jail for the named(8) program from the BIND package.
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
/var/named/chroot
/var/named/chroot/dev
/var/named/chroot/dev/null
/var/named/chroot/dev/random
/var/named/chroot/dev/zero
/var/named/chroot/etc
/var/named/chroot/etc/localtime
/var/named/chroot/etc/named
/var/named/chroot/etc/named.conf
/var/named/chroot/etc/pki/dnssec-keys
/var/named/chroot/usr/lib64/bind
/var/named/chroot/var
/var/named/chroot/var/log
/var/named/chroot/var/named
/var/named/chroot/var/run
/var/named/chroot/var/run/named
/var/named/chroot/var/tmp

Bei der Installation unserer chroot-Umgebung wurde automatisch die Konfigurationsdatei /etc/sysconfig/named entsprechend angepasst, in dem die Konfigurationsoption

ROOTDIR=/var/named/chroot

aktiviert wird.

In der Konfigurationsdatei /etc/sysconfig/named finden wir darüber hinaus noch weitere Angaben, wie die chroot-Umgebung für bind unter CentOS 6 realisiert wird, und welche Konfigurationsdateien beim Starten des Daemon in die chroot-Umgebung gemountet werden.

/etc/sysconfig/named
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
# Currently, you can use the following options:
#
# ROOTDIR="/var/named/chroot"  --  will run named in a chroot environment.
#                            you must set up the chroot environment 
#                            (install the bind-chroot package) before
#                            doing this.
#	NOTE:
#         Those directories are automatically mounted to chroot if they are
#         empty in the ROOTDIR directory. It will simplify maintenance of your
#         chroot environment.
#          - /var/named
#          - /etc/pki/dnssec-keys
#          - /etc/named
#          - /usr/lib64/bind or /usr/lib/bind (architecture dependent)
#
#	  Those files are mounted as well if target file doesn't exist in
#	  chroot.
#          - /etc/named.conf
#          - /etc/rndc.conf
#          - /etc/rndc.key
#          - /etc/named.rfc1912.zones
#          - /etc/named.dnssec.keys
#	   - /etc/named.iscdlv.key
#
#	Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
#	line to your /etc/rsyslog.conf file. Otherwise your logging becomes
#	broken when rsyslogd daemon is restarted (due update, for example).
#
# OPTIONS="whatever"     --  These additional options will be passed to named
#                            at startup. Don't add -t here, use ROOTDIR instead.
#
# KEYTAB_FILE="/dir/file"    --  Specify named service keytab file (for GSS-TSIG)
ROOTDIR=/var/named/chroot

Beim Starten des named Daemon werden die betreffenden Konfigurationsdateien gemountet. Bei laufendem Daemon können wir uns ganz einfach überzeugen, wohin diese gemountet wurden.

 # df -ah | grep named
/etc/named            7.2G  941M  6.0G  14% /var/named/chroot/etc/named
/var/named            7.2G  941M  6.0G  14% /var/named/chroot/var/named
/etc/named.conf       7.2G  941M  6.0G  14% /var/named/chroot/etc/named.conf
/etc/named.rfc1912.zones
                      7.2G  941M  6.0G  14% /var/named/chroot/etc/named.rfc1912.zones
/etc/rndc.key         7.2G  941M  6.0G  14% /var/named/chroot/etc/rndc.key
/usr/lib64/bind       7.2G  941M  6.0G  14% /var/named/chroot/usr/lib64/bind
/etc/named.iscdlv.key
                      7.2G  941M  6.0G  14% /var/named/chroot/etc/named.iscdlv.key

Beenden wir den Daemon erfolgt automatisch das Unmounten der betreffenden Konfigurationsverzeichnisse.

 # service named stop && df -ah | grep named
 Stopping named:                                            [  OK  ]

Wir können also bei der weiteren Konfiguration unser Augenmerk auf die Konfigurationsdatei named.conf im Verzeichnis /etc richten.

Darüber hinaus erfolgt hier auch ein Hinweis zum Anpassen des rsyslogd Daemon. Wie in den Bemerkungen in der /etc/sysconfig/named angegeben, werden wir nun noch die rsyslogd Daemon anpassen. Hierzu öffnen wir mit dem Editor unserer Wahl die Konfigurationsdatei /etc/rsyslog.conf.

 # vim /etc/rsyslog.conf
/etc/rsyslog.conf
#rsyslog v3 config file

# if you experience problems, check
# http://www.rsyslog.com/troubleshoot for assistance

#### MODULES ####

$ModLoad imuxsock.so	# provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
#$ModLoad immark.so	# provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp.so
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp.so  
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required, 
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Django: 2011-08-22
# Erweiterung für die chroot-Umgebung des bind Nameservers eingetragen
$AddUnixListenSocket /var/named/chroot/dev/log


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log



# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/spppl/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###

Zur Aktivierung unserer Änderung bedarf es nur noch eines Restarts des rsyslogd Daemon.

 # service rsyslog restart
 Shutting down system logger:                               [  OK  ]
 Starting system logger:                                    [  OK  ]

In aller Regel werden wir auf die Dienste von SELinux in unserer vHOST-Installation verzichten können. Wir deaktivieren also, wenn noch nicht bereits bei der Erstinstallation erfolgt, SELinux komplett, indem wir in der Konfigurationsdatei unter /etc/sysconfig das Thema SELinux deaktivieren.

 # vim /etc/sysconfig/selinux
/etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# Django : 2011-08-22 SELinux deaktiviert
# default : SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Bei unserer Musterinstallation begnügen wir uns mit einer IPv4-Inststallation. In der Grundkonfiguration unseres bind Daemon sehen wir im Syslog, dass versucht wird auch jedesmal via IPv6 eine Anfrage zu starten.

 Aug 22 14:45:30 vml000020 named[3376]: error (network unreachable) resolving 'heise.de.dlv.isc.org/DLV/IN': 2001:500:71::29#53

Da wir aber (noch) keine IPv6-Anbindung haben, werden wir die IPv6 lookups einfach abstellen. In unserer bind-Konfigurationsdatei /etc/named.conf deaktivieren wir einfach die betreffende Zeile durch Voranstellen von zwei Schrägstriche „/„.

 # vim /var/named/chroot/etc/named/named.conf
         //listen-on-v6 port 53 { ::1; };                          // Django: 2011-08-22 IPv6 deaktiviert

In der Datei /etc/sysconfig/named vermerken wir ferner, dass wir lediglich die IPv4-Unterstützung nutzen wollen.

 # vim /etc/sysconfig/named
 # Django : 2011-08-22 nur die IPv4-Unterstützung aktivieren
 OPTIONS="-4"

Anschließend starten wir den Nameserver einmal durch, damit die Konfigurationsänderunegn auch greifen. # service named restart

Nach dem Starten unseres named Daemon können wir mit Hilfe vonnetstat überprüfen, ob der Daemon auf den gewünschten Ports lauscht.

 # netstat -tulpen | grep named
tcp        0      0 10.0.0.20:53                0.0.0.0:*                   LISTEN      25         12850      4010/named          
tcp        0      0 10.0.10.1:53                0.0.0.0:*                   LISTEN      25         12848      4010/named          
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      25         12846      4010/named          
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      25         12853      4010/named          
udp        0      0 10.0.0.20:53                0.0.0.0:*                               25         12849      4010/named          
udp        0      0 10.0.10.1:53                0.0.0.0:*                               25         12847      4010/named          
udp        0      0 127.0.0.1:53                0.0.0.0:*                               25         12845      4010/named

Damit der Zugriff auf den Port 53 (TCP/UDP) auch erfolgen kann, müssen wir noch unseren Paketfilter i.d.R. erweitern. Wir tragen hierzu in der Konfigurationsdatei /etc/sysconfig/iptables hierzu die folgenden Zeilen am Ende der INPUT-Regeln nach.

# Django : 2011-08-22 DNS freigeschaltet
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
# Django : 2011-08-22 bei Bedarf Logging aktivieren
#-A INPUT -j LOG
# Django : end

Anschließend aktivieren wir die Änderungen an unserem Paketfilter, indem wir den Daemon durchstarten.

 # service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter nat      [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

Im ersten Schritt wollen wir erst einmal einen caching-only Nameserver aufsetzen. Die mitgelieferte Konfigurationsdate /etc/named.conf des RPM-Pakets bind passen wir unseren Gegebenheiten an.

 # vim /etc/named.conf
/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
	listen-on port 53 { 127.0.0.1; 10.0.0.0; 10.0.10.0 };     // Django : 2011-08-22 unsere Netzwerk-
								  // interfaces definiert
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; 10.0.0.0/24; 10.0.10.0/26 }; // Django : 2011-08-22 unsere Netzwerke
								  // die unseren Nameserver befragen dürfen
	recursion yes;

	// Django : 2011-08-22 dnssec erst einmal deaktiviert für den caching-only Betrieb
	// dnssec-enable yes;
	// dnssec-validation yes;
	// dnssec-lookaside auto;

	/* Path to ISC DLV key */
	// Django : 2011-08-22 bindkeys-file erst einmal deaktiviert für den caching-only Betrieb
	// bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";

Nach der Bearbeitung startetn wir nun unseren Nameserver das erste mal.

 # service named start
 Starting named:                                            [  OK  ]

Sollte wider Erwarten beim Starten etwas schief gelaufen sein, so ist der Syslog die Anlaufstelle für weitere Fehlermeldungen. Im Regelfall wird der erfolgreiche Start entsprechend quittiert.

Oct  6 11:16:08 vml000020 named[4010]: starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 -u named -4 -t /var/named/chroot
Oct  6 11:16:08 vml000020 named[4010]: built with '--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu' '--tar
get=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbi
n' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '
--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--e
nable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--wit
h-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alia
s=x86_64-unknown-linux-gnu' 'host_alias=x86_64-unknown-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pip
e -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDI
G_SIGCHASE'
Oct  6 11:16:08 vml000020 named[4010]: adjusted limit on open files from 1024 to 1048576
Oct  6 11:16:08 vml000020 named[4010]: found 1 CPU, using 1 worker thread
Oct  6 11:16:08 vml000020 named[4010]: using up to 4096 sockets
Oct  6 11:16:08 vml000020 named[4010]: loading configuration from '/etc/named.conf'
Oct  6 11:16:08 vml000020 named[4010]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Oct  6 11:16:08 vml000020 named[4010]: using default UDP/IPv4 port range: [1024, 65535]
Oct  6 11:16:08 vml000020 named[4010]: using default UDP/IPv6 port range: [1024, 65535]
Oct  6 11:16:08 vml000020 named[4010]: no IPv6 interfaces found
Oct  6 11:16:08 vml000020 named[4010]: listening on IPv4 interface lo, 127.0.0.1#53
Oct  6 11:16:08 vml000020 named[4010]: listening on IPv4 interface eth0, 10.0.10.1#53
Oct  6 11:16:08 vml000020 named[4010]: listening on IPv4 interface eth1, 10.0.0.20#53
Oct  6 11:16:08 vml000020 named[4010]: generating session key for dynamic DNS
Oct  6 11:16:08 vml000020 named[4010]: using built-in trusted-keys for view _default
Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 127.IN-ADDR.ARPA
Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 254.169.IN-ADDR.ARPA
Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: D.F.IP6.ARPA
Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 8.E.F.IP6.ARPA
Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 9.E.F.IP6.ARPA
Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: A.E.F.IP6.ARPA
Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: B.E.F.IP6.ARPA
Oct  6 11:16:08 vml000020 named[4010]: using built-in trusted-keys for view _meta
Oct  6 11:16:08 vml000020 named[4010]: set up managed-keys.bind meta-zone
Oct  6 11:16:08 vml000020 named[4010]: command channel listening on 127.0.0.1#953
Oct  6 11:16:08 vml000020 named[4010]: the working directory is not writable
Oct  6 11:16:08 vml000020 named[4010]: zone 0.in-addr.arpa/IN: loaded serial 0
Oct  6 11:16:08 vml000020 named[4010]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Oct  6 11:16:08 vml000020 named[4010]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Oct  6 11:16:08 vml000020 named[4010]: zone localhost.localdomain/IN: loaded serial 0
Oct  6 11:16:08 vml000020 named[4010]: zone localhost/IN: loaded serial 0
Oct  6 11:16:08 vml000020 named[4010]: zone managed-keys.bind/IN/_meta: loaded serial 12
Oct  6 11:16:08 vml000020 named[4010]: running
<code>

In der named-eigenen Logdatei //**/var/named/data/named.run**// wird außerdem der Start mit Angabe der geladenen Zonen dokumentiert.

   # less /var/named/data/named.run
<code>zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone managed-keys.bind/IN/_meta: loaded serial 12
running

Nach dem Starten unseres named Daemon können wir mit Hilfe vonnetstat überprüfen, ob der Daemon auf den gewünschten Ports lauscht.

 # netstat -tulpen | grep named
tcp        0      0 10.0.0.20:53                0.0.0.0:*                   LISTEN      25         12850      4010/named          
tcp        0      0 10.0.10.1:53                0.0.0.0:*                   LISTEN      25         12848      4010/named          
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      25         12846      4010/named          
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      25         12853      4010/named          
udp        0      0 10.0.0.20:53                0.0.0.0:*                               25         12849      4010/named          
udp        0      0 10.0.10.1:53                0.0.0.0:*                               25         12847      4010/named          
udp        0      0 127.0.0.1:53                0.0.0.0:*                               25         12845      4010/named

Dass der Daemon in einer chroot-Umgebung gestartet wurde sehen wir anhand folgender Ausgabe:

 # ps aux | grep named
 named     4010  0.0  1.4 161628 15300 ?        Ssl  11:16   0:00 /usr/sbin/named -u named -4 -t /var/named/chroot
 root      4042  0.0  0.0 103148   828 pts/0    S+   11:36   0:00 grep named

Nachdem unser nameserver nun läuft werden wir auch gleich mal unsere erste Abfrage tätigen

 #  dig @localhost heise.de
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> @localhost heise.de
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50804
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
;heise.de.			IN	A

;; ANSWER SECTION:
heise.de.		3600	IN	A	193.99.144.80

;; AUTHORITY SECTION:
heise.de.		86400	IN	NS	ns.s.plusline.de.
heise.de.		86400	IN	NS	ns.pop-hannover.de.
heise.de.		86400	IN	NS	ns2.pop-hannover.net.
heise.de.		86400	IN	NS	ns.plusline.de.
heise.de.		86400	IN	NS	ns.heise.de.

;; Query time: 86 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 22 14:52:07 2011
;; MSG SIZE  rcvd: 168

Die gleiche Abfrage mit Hilfe von nslookup sieht wie folgt aus:

 # nslookup heise
Server:		10.0.0.20
Address:	10.0.0.20#53

Non-authoritative answer:
Name:	heise.dmz.nausch.org
Address: 88.217.187.21

Im folgenden Beispiel erweitern wir unsere ersten Konfigurationsschritt ein wenig, denn schließlich möchten wir ja nicht nur Anfragen nach öffentlichen IP-Adressen beantworten, sondern auch für unser privates Netzwerk im SOHO mit den folgenden zwei Zonen:

  • DMZ : dmz.nausch.org mit Netz: 10.0.0.0/24
  • Intranet : intra.nausch.org mit Netz: 10.0.10.0/26

bind Konfiguration

named.conf

Basierend auf den Rahmenbedingungen erweitern wir als erstes die Hauptkonfigurationsdatei unseres Nameservers bind. Hierzu bemühen wir wieder den Editor unserer Wahl vim. Die entsprechenden Optionen sind im nachfolgenden Beispiel entsprechend beschrieben.

 # vim /etc/named.conf
named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

acl dmz   { 10.0.0.0/24; };						// Django : 2011-10-05 Variablendefinition
acl intra { 10.0.10.0/26; };						// Django : 2011-10-05 Variablendefinition

options {
	listen-on port 53 { 127.0.0.1; 10.0.0.20; 10.0.10.1; };		// Django : 2011-08-22 unsere Netzwerk-
								  	// interfaces definiert
	// listen-on-v6 port 53 { ::1; };                          	// IPv6 deaktiviert
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; dmz; intra; };			// Django : 2011-08-22 unsere Netzwerke
        allow-recursion { localhost; dmz; intra; };			// die unseren Nameserver befragen dürfen
	recursion yes;

	query-source address * port *;					// Django : 2011-10-05 
									// unpriviligierten Port nutzen, wenn Anfragen
									// nach extern gestellt werden 

	check-names master warn;					// Django : 2011-10-05
									// Der Nameserver soll nur warnen und nicht
									// abbrechen, wenn er eine Anfrage nicht 
									// beantworten kann. (Bsp. DKIM-keys)

	auth-nxdomain no;						// Django : 2011-10-05
									// RFC1035 Konforme Arbeit (keine alten
									// Anfragen und Konfigurationen nutzen)

	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";

zone "dmz.nausch.org" IN {
        type master;
        file "dynamic/dmz-forward";
	allow-update { none; };
};

zone "0.0.10.in-addr.arpa" IN {
        type master;
        file "dynamic/dmz-reverse";
        allow-update { none; };
};

zone "intra.nausch.org" IN {
        type master;
        file "dynamic/intra-forward";
	allow-update { none; };
};

zone "10.0.10.in-addr.arpa" IN {
        type master;
        file "dynamic/intra-reverse";
        allow-update { none; };
};

zone "nausch.org" IN {
        type master;
        file "dynamic/domain-forward";
        allow-update { none; };
};

zone "187.217.88.in-addr.arpa" IN {
        type master;
        file "dynamic/domain-reverse";
        allow-update { none; };
};

Die einzelnen Zonen-Dateien legen wir im Verzeichnis /var/named/dynamic/ ab.

  • dmz-forward
  • dmz-reverse
  • intra-forward
  • intra-reverse
  • domain-forward
  • domain-reverse
dmz-forward

Für die forward-Auflösung des Subnetzes DMZ legen wir uns eine Konfigurationsdatei nach folgendem Muster an.

/var/named/dynamic/dmz-forward
$ORIGIN dmz.nausch.org.
$TTL    86400
@			IN	SOA	vml000020.dmz.nausch.org. root.nausch.org. (
			2011100501	; serial
			3H		; refresh
			15M		; retry
			1W		; expiry
			1D )		; minimum
;
				IN      NS      vml000020.dmz.nausch.org.
;
fwe		IN	CNAME	vml000010
fwi		IN	CNAME	vml000020
time		IN	CNAME	vml000020
dns		IN	CNAME	vml000020
dhcp		IN	CNAME	vml000020
;
localhost			IN	A	127.0.0.1
;
vml000010	IN	A	10.0.0.10
vml000020	IN 	A	10.0.0.20
vml000030	IN	A	10.0.0.30
dmz-reverse

Für die reverse-Auflösung des Subnetzes DMZ legen wir uns eine Konfigurationsdatei nach folgendem Muster an.

/var/named/dynamic/dmz-reverse
$ORIGIN 0.0.10.in-addr.arpa.
$TTL 86400
@	IN SOA		vml000020.dmz.nausch.org. root.nss.nausch.org. (
	2011100501	; serial
	3H		; refresh
	1H		; retry
	1W		; expiry
	1D )		; minimum
;
@	IN NS		vml000020.dmz.nausch.org.
;
10	IN PTR		vml000010.dmz.nausch.org.
20	IN PTR		vml000020.dmz.nausch.org.
30	IN PTR		vml000030.dmz.nausch.org.
intra-forward

Für die forward-Auflösung des Subnetzes intra legen wir uns eine Konfigurationsdatei nach folgendem Muster an.

/var/named/dynamic/intra-forward
$ORIGIN intra.nausch.org.
$TTL    86400
@			IN	SOA	vml000020.dmz.nausch.org. root.nausch.org. (
			2011100501	; serial
			3H		; refresh
			15M		; retry
			1W		; expiry
			1D )		; minimum
;
			IN	NS	vml000020.dmz.nausch.org.
;
proton			IN	CNAME	pml010051
;
pml010001		IN	A	10.0.10.1
pml010051		IN	A	10.0.10.51
intra-reverse

Für die reverse-Auflösung des Subnetzes intra legen wir uns eine Konfigurationsdatei nach folgendem Muster an.

/var/named/dynamic/intra-reverse
$ORIGIN 10.0.10.in-addr.arpa.
$TTL 86400
@	IN SOA		vml000020.dmz.nausch.org. root.nss.nausch.org. (
	2011100501	; serial
	3H		; refresh
	1H		; retry
	1W		; expiry
	1D )		; minimum
;
@	IN NS		pml010001.intra.nausch.org.
;
1	IN PTR		pml010001.intra.nausch.org.
51	IN PTR		pml010051.intra.nausch.org.
domain-forward

Für die forward-Auflösung unserer eigenen Domäne nausch.org legen wir uns eine Konfigurationsdatei nach folgendem Muster an.

/var/named/dynamic/domain-forward
$ORIGIN nausch.org.
$TTL    86400
@			IN	SOA	ns1.dmz.nausch.org. root.nausch.org. (
			2011100501	; serial
			3H		; refresh
			15M		; retry
			1W		; expiry
			1D )		; minimum
;
			IN      NS      ns1.dmz.nausch.org.
;
ns1.dmz.nausch.org	IN	A	88.217.187.21
;
nausch.org.		IN      A       88.217.187.21
*.nausch.org.		IN      A       88.217.187.21
domain-reverse

Für die reverse-Auflösung unserer eigenen Domäne nausch.org legen wir uns eine Konfigurationsdatei nach folgendem Muster an.

/var/named/dynamic/domain-reverse
$ORIGIN 187.217.88.in-addr.arpa.
$TTL 86400
@	IN SOA		vml000020.dmz.nausch.org. root.nss.nausch.org. (
	2011100501	; serial
	3H		; refresh
	1H		; retry
	1W		; expiry
	1D )		; minimum
;
@	IN NS		ns1.dmz.nausch.org.
;
21	IN PTR		mx1.nausch.org.

Möchte man die Konfiguration(sdatei) seinen bind-Nameservers überprüfen so nutzt man den Befehl named-checkconf

 # named-checkconf

Benutzt man hierbei die Option -p wird, sofern keine Fehler existieren, die Konfigurationsdatei named.conf ohne Kommentare auf der Konsole ausgegeben.

 # named-checkconf -p
options {
	bindkeys-file "/etc/named.iscdlv.key";
	directory "/var/named";
	dump-file "/var/named/data/cache_dump.db";
	listen-on port 53 {
		127.0.0.1/32;
		10.0.0.20/32;
		10.0.10.1/32;
	};
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	statistics-file "/var/named/data/named_stats.txt";
	allow-recursion {
		"localhost";
		"dmz";
		"intra";
	};
	auth-nxdomain no;
	check-names master warn;
	dnssec-enable yes;
	dnssec-lookaside "auto" ;
	dnssec-validation yes;
	query-source address 0.0.0.0 port 0;
	recursion yes;
	allow-query {
		"localhost";
		"dmz";
		"intra";
	};
};
acl "dmz" {
	10.0.0.0/24;
};
acl "intra" {
	10.0.10.0/26;
};
logging {
	channel "default_debug" {
		file "data/named.run";
		severity dynamic;
	};
};
zone "." IN {
	type hint;
	file "named.ca";
};
zone "localhost.localdomain" IN {
	type master;
	file "named.localhost";
	allow-update {
		"none";
	};
};
zone "localhost" IN {
	type master;
	file "named.localhost";
	allow-update {
		"none";
	};
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
	type master;
	file "named.loopback";
	allow-update {
		"none";
	};
};
zone "1.0.0.127.in-addr.arpa" IN {
	type master;
	file "named.loopback";
	allow-update {
		"none";
	};
};
zone "0.in-addr.arpa" IN {
	type master;
	file "named.empty";
	allow-update {
		"none";
	};
};
zone "dmz.nausch.org" IN {
	type master;
	file "dynamic/dmz-forward";
	allow-update {
		"none";
	};
};
zone "0.0.10.in-addr.arpa" IN {
	type master;
	file "dynamic/dmz-reverse";
	allow-update {
		"none";
	};
};
zone "intra.nausch.org" IN {
	type master;
	file "dynamic/intra-forward";
	allow-update {
		"none";
	};
};
zone "10.0.10.in-addr.arpa" IN {
	type master;
	file "dynamic/intra-reverse";
	allow-update {
		"none";
	};
};
zone "nausch.org" IN {
	type master;
	file "dynamic/domain-forward";
	allow-update {
		"none";
	};
};
zone "187.217.88.in-addr.arpa" IN {
	type master;
	file "dynamic/domain-reverse";
	allow-update {
		"none";
	};
};

Will man die Version eines Namservers abfragen, so kann man dies mit Hilfe folgenden Befehls erreichen.

 # dig txt chaos version.bind
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> txt chaos version.bind
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18905
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;version.bind.			CH	TXT

;; ANSWER SECTION:
version.bind.		0	CH	TXT	"9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1"

;; AUTHORITY SECTION:
version.bind.		0	CH	NS	version.bind.

;; Query time: 1 msec
;; SERVER: 10.0.0.20#53(10.0.0.20)
;; WHEN: Thu Oct  6 14:50:47 2011
;; MSG SIZE  rcvd: 91

Will man (s)ein Zonenfile überprüfen und/oder die verwendete Seriennummer ausgeben, so nutz man den Befehl named-checkzone

 # named-checkzone dmz.nausch.org /var/named/dynamic/dmz-forward 
 zone dmz.nausch.org/IN: loaded serial 2011100601
 OK

Das Neuladen der Zonenkonfigurationsdateien eines DNS-Server, ohne den DNS-Server neu starten zu müssen, erreicht man mit:

 # rndc reload
 # yum install dnssec-tools
 # rpm -qil dnssec-tools
Name        : dnssec-tools                 Relocations: (not relocatable)
Version     : 1.13                              Vendor: Fedora Project
Release     : 12.el6                        Build Date: Fri 24 May 2013 01:05:40 AM CEST
Install Date: Sat 24 May 2014 08:44:32 PM CEST      Build Host: buildvm-24.phx2.fedoraproject.org
Group       : System Environment/Base       Source RPM: dnssec-tools-1.13-12.el6.src.rpm
Size        : 2004766                          License: BSD
Signature   : RSA/8, Fri 24 May 2013 06:56:53 PM CEST, Key ID 3b49df2a0608b895
Packager    : Fedora Project
URL         : http://www.dnssec-tools.org/
Summary     : A suite of tools for managing dnssec aware DNS usage
Description :

The goal of the DNSSEC-Tools project is to create a set of tools,
patches, applications, wrappers, extensions, and plugins that will
help ease the deployment of DNSSEC-related technologies.
/etc/dnssec-tools
/etc/dnssec-tools/dnssec-tools.conf
/usr/bin/blinkenlights
/usr/bin/bubbles
/usr/bin/buildrealms
/usr/bin/check-zone-expiration
/usr/bin/cleanarch
/usr/bin/cleankrf
/usr/bin/convertar
/usr/bin/dnspktflow
/usr/bin/donuts
/usr/bin/donutsd
/usr/bin/drawvalmap
/usr/bin/dt-getaddr
/usr/bin/dt-gethost
/usr/bin/dt-getname
/usr/bin/dt-getquery
/usr/bin/dt-getrrset
/usr/bin/dt-validate
/usr/bin/dtck
/usr/bin/dtconf
/usr/bin/dtconfchk
/usr/bin/dtdefs
/usr/bin/dtinitconf
/usr/bin/dtrealms
/usr/bin/expchk
/usr/bin/fixkrf
/usr/bin/genkrf
/usr/bin/getdnskeys
/usr/bin/getds
/usr/bin/grandvizier
/usr/bin/keyarch
/usr/bin/keymod
/usr/bin/krfcheck
/usr/bin/libval_check_conf
/usr/bin/lights
/usr/bin/lsdnssec
/usr/bin/lskrf
/usr/bin/lsrealm
/usr/bin/lsroll
/usr/bin/maketestzone
/usr/bin/mapper
/usr/bin/realmchk
/usr/bin/realmctl
/usr/bin/realminit
/usr/bin/realmset
/usr/bin/rollchk
/usr/bin/rollctl
/usr/bin/rollerd
/usr/bin/rollinit
/usr/bin/rolllog
/usr/bin/rollrec-editor
/usr/bin/rollset
/usr/bin/signset-editor
/usr/bin/tachk
/usr/bin/timetrans
/usr/bin/trustman
/usr/bin/zonesigner
/usr/share/dnssec-tools
/usr/share/dnssec-tools/donuts
/usr/share/dnssec-tools/donuts/rules
/usr/share/dnssec-tools/donuts/rules/check_nameservers.txt
/usr/share/dnssec-tools/donuts/rules/dns.errors.txt
/usr/share/dnssec-tools/donuts/rules/dnssec.rules.txt
/usr/share/dnssec-tools/donuts/rules/nsec_check.rules.txt
/usr/share/dnssec-tools/donuts/rules/parent_child.rules.txt
/usr/share/dnssec-tools/donuts/rules/recommendations.rules.txt
/usr/share/dnssec-tools/validator-testcases
/usr/share/doc/dnssec-tools-1.13
/usr/share/doc/dnssec-tools-1.13/COPYING
/usr/share/doc/dnssec-tools-1.13/INSTALL
/usr/share/doc/dnssec-tools-1.13/README
/usr/share/man/man1/blinkenlights.1.gz
/usr/share/man/man1/bubbles.1.gz
/usr/share/man/man1/buildrealms.1.gz
/usr/share/man/man1/check-zone-expiration.1.gz
/usr/share/man/man1/cleanarch.1.gz
/usr/share/man/man1/cleankrf.1.gz
/usr/share/man/man1/convertar.1.gz
/usr/share/man/man1/dnspktflow.1.gz
/usr/share/man/man1/dnssec-tools.1.gz
/usr/share/man/man1/donuts.1.gz
/usr/share/man/man1/donutsd.1.gz
/usr/share/man/man1/drawvalmap.1.gz
/usr/share/man/man1/dt-getaddr.1.gz
/usr/share/man/man1/dt-gethost.1.gz
/usr/share/man/man1/dt-getname.1.gz
/usr/share/man/man1/dt-getquery.1.gz
/usr/share/man/man1/dt-getrrset.1.gz
/usr/share/man/man1/dt-libval_check_conf.1.gz
/usr/share/man/man1/dt-validate.1.gz
/usr/share/man/man1/dtck.1.gz
/usr/share/man/man1/dtconf.1.gz
/usr/share/man/man1/dtconfchk.1.gz
/usr/share/man/man1/dtdefs.1.gz
/usr/share/man/man1/dtinitconf.1.gz
/usr/share/man/man1/dtrealms.1.gz
/usr/share/man/man1/expchk.1.gz
/usr/share/man/man1/fixkrf.1.gz
/usr/share/man/man1/genkrf.1.gz
/usr/share/man/man1/getdnskeys.1.gz
/usr/share/man/man1/getds.1.gz
/usr/share/man/man1/grandvizier.1.gz
/usr/share/man/man1/keyarch.1.gz
/usr/share/man/man1/keymod.1.gz
/usr/share/man/man1/krfcheck.1.gz
/usr/share/man/man1/lights.1.gz
/usr/share/man/man1/lsdnssec.1.gz
/usr/share/man/man1/lskrf.1.gz
/usr/share/man/man1/lsrealm.1.gz
/usr/share/man/man1/lsroll.1.gz
/usr/share/man/man1/maketestzone.1.gz
/usr/share/man/man1/mapper.1.gz
/usr/share/man/man1/realmchk.1.gz
/usr/share/man/man1/realmctl.1.gz
/usr/share/man/man1/realminit.1.gz
/usr/share/man/man1/realmset.1.gz
/usr/share/man/man1/rollchk.1.gz
/usr/share/man/man1/rollctl.1.gz
/usr/share/man/man1/rollerd.1.gz
/usr/share/man/man1/rollinit.1.gz
/usr/share/man/man1/rolllog.1.gz
/usr/share/man/man1/rollrec-editor.1.gz
/usr/share/man/man1/rollset.1.gz
/usr/share/man/man1/signset-editor.1.gz
/usr/share/man/man1/tachk.1.gz
/usr/share/man/man1/timetrans.1.gz
/usr/share/man/man1/trustman.1.gz
/usr/share/man/man1/zonesigner.1.gz
/usr/share/man/man3/Net::DNS::SEC::Tools::realm.3pm.gz
/usr/share/man/man3/Net::DNS::SEC::Tools::realmmgr.3pm.gz
/usr/share/man/man3/p_ac_status.3.gz
/usr/share/man/man3/p_val_status.3.gz
 # yum install zone-check -y
 # rpm -qil zonecheck
Name        : zonecheck                    Relocations: (not relocatable)
Version     : 2.0.4                             Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
Release     : 1.2.el6.rf                    Build Date: Fri 12 Nov 2010 10:58:44 AM CET
Install Date: Sat 24 May 2014 11:00:03 PM CEST      Build Host: lisse.hasselt.wieers.com
Group       : Applications/Internet         Source RPM: zonecheck-2.0.4-1.2.el6.rf.src.rpm
Size        : 792719                           License: GPL
Signature   : DSA/SHA1, Sat 13 Nov 2010 12:05:24 AM CET, Key ID a20e52146b8d79e6
Packager    : Dag Wieers <dag@wieers.com>
URL         : http://www.zonecheck.fr/
Summary     : Perform consistency checks on DNS zones
Description :
ZoneCheck is intended to help solve DNS misconfigurations or
inconsistencies that are usually revealed by an increase in
the latency of the application. The DNS is a critical resource
for every network application, so it is quite important to
ensure that a zone or domain name is correctly configured in
the DNS.
/etc/zonecheck
/etc/zonecheck/afnic.profile
/etc/zonecheck/de.profile
/etc/zonecheck/default.profile
/etc/zonecheck/reverse.profile
/etc/zonecheck/rootservers
/etc/zonecheck/zc.conf
/usr/bin/zonecheck
/usr/lib/zonecheck
/usr/lib/zonecheck/cgi-bin
/usr/lib/zonecheck/cgi-bin/zc.cgi
/usr/lib/zonecheck/lib
/usr/lib/zonecheck/lib/address
/usr/lib/zonecheck/lib/address.rb
/usr/lib/zonecheck/lib/address/common.rb
/usr/lib/zonecheck/lib/address/ipv4.rb
/usr/lib/zonecheck/lib/address/ipv6.rb
/usr/lib/zonecheck/lib/nresolv
/usr/lib/zonecheck/lib/nresolv.rb
/usr/lib/zonecheck/lib/nresolv/compatibility.rb
/usr/lib/zonecheck/lib/nresolv/config.rb
/usr/lib/zonecheck/lib/nresolv/constants.rb
/usr/lib/zonecheck/lib/nresolv/dbg.rb
/usr/lib/zonecheck/lib/nresolv/dig_output.rb
/usr/lib/zonecheck/lib/nresolv/dns.rb
/usr/lib/zonecheck/lib/nresolv/dns_message.rb
/usr/lib/zonecheck/lib/nresolv/dns_name.rb
/usr/lib/zonecheck/lib/nresolv/dns_resource.rb
/usr/lib/zonecheck/lib/nresolv/host.rb
/usr/lib/zonecheck/lib/nresolv/resolver.rb
/usr/lib/zonecheck/lib/nresolv/transport.rb
/usr/lib/zonecheck/lib/nresolv/wire.rb
/usr/lib/zonecheck/lib/textfmt.rb
/usr/lib/zonecheck/lib/whois.rb
/usr/lib/zonecheck/locale
/usr/lib/zonecheck/locale/cgi.en
/usr/lib/zonecheck/locale/cgi.fr
/usr/lib/zonecheck/locale/cli.en
/usr/lib/zonecheck/locale/cli.fr
/usr/lib/zonecheck/locale/gtk.en
/usr/lib/zonecheck/locale/gtk.fr
/usr/lib/zonecheck/locale/inetd.en
/usr/lib/zonecheck/locale/inetd.fr
/usr/lib/zonecheck/locale/test
/usr/lib/zonecheck/locale/test/axfr.en
/usr/lib/zonecheck/locale/test/axfr.fr
/usr/lib/zonecheck/locale/test/connectivity.en
/usr/lib/zonecheck/locale/test/connectivity.fr
/usr/lib/zonecheck/locale/test/generic.en
/usr/lib/zonecheck/locale/test/generic.fr
/usr/lib/zonecheck/locale/test/interop.en
/usr/lib/zonecheck/locale/test/interop.fr
/usr/lib/zonecheck/locale/test/loopback.en
/usr/lib/zonecheck/locale/test/loopback.fr
/usr/lib/zonecheck/locale/test/mail.en
/usr/lib/zonecheck/locale/test/mail.fr
/usr/lib/zonecheck/locale/test/misc.en
/usr/lib/zonecheck/locale/test/misc.fr
/usr/lib/zonecheck/locale/test/mx.en
/usr/lib/zonecheck/locale/test/mx.fr
/usr/lib/zonecheck/locale/test/nameserver.en
/usr/lib/zonecheck/locale/test/nameserver.fr
/usr/lib/zonecheck/locale/test/ns.en
/usr/lib/zonecheck/locale/test/ns.fr
/usr/lib/zonecheck/locale/test/rootserver.en
/usr/lib/zonecheck/locale/test/rootserver.fr
/usr/lib/zonecheck/locale/test/soa.en
/usr/lib/zonecheck/locale/test/soa.fr
/usr/lib/zonecheck/locale/zc.en
/usr/lib/zonecheck/locale/zc.fr
/usr/lib/zonecheck/test
/usr/lib/zonecheck/test/axfr.rb
/usr/lib/zonecheck/test/connectivity.rb
/usr/lib/zonecheck/test/generic.rb
/usr/lib/zonecheck/test/interop.rb
/usr/lib/zonecheck/test/loopback.rb
/usr/lib/zonecheck/test/mail.rb
/usr/lib/zonecheck/test/misc.rb
/usr/lib/zonecheck/test/mx.rb
/usr/lib/zonecheck/test/nameserver.rb
/usr/lib/zonecheck/test/ns.rb
/usr/lib/zonecheck/test/rootserver.rb
/usr/lib/zonecheck/test/soa.rb
/usr/lib/zonecheck/www
/usr/lib/zonecheck/www/html
/usr/lib/zonecheck/www/html/batch.html.en
/usr/lib/zonecheck/www/html/batch.html.fr
/usr/lib/zonecheck/www/html/form.html.en
/usr/lib/zonecheck/www/html/form.html.fr
/usr/lib/zonecheck/www/img
/usr/lib/zonecheck/www/img/details.png
/usr/lib/zonecheck/www/img/element.png
/usr/lib/zonecheck/www/img/fatal.png
/usr/lib/zonecheck/www/img/gear.png
/usr/lib/zonecheck/www/img/info.png
/usr/lib/zonecheck/www/img/light.png
/usr/lib/zonecheck/www/img/logo.png
/usr/lib/zonecheck/www/img/loupe.png
/usr/lib/zonecheck/www/img/notepad.png
/usr/lib/zonecheck/www/img/ok.png
/usr/lib/zonecheck/www/img/primary.png
/usr/lib/zonecheck/www/img/ref.png
/usr/lib/zonecheck/www/img/secondary.png
/usr/lib/zonecheck/www/img/warning.png
/usr/lib/zonecheck/www/img/zc-fav.png
/usr/lib/zonecheck/www/img/zone.png
/usr/lib/zonecheck/www/js
/usr/lib/zonecheck/www/js/formvalidation.js
/usr/lib/zonecheck/www/js/popupmenu.js
/usr/lib/zonecheck/www/js/progress.js
/usr/lib/zonecheck/www/style
/usr/lib/zonecheck/www/style/zc.css
/usr/lib/zonecheck/www/zonecheck.conf.in
/usr/lib/zonecheck/zc
/usr/lib/zonecheck/zc/cache.rb
/usr/lib/zonecheck/zc/cachemanager.rb
/usr/lib/zonecheck/zc/config.rb
/usr/lib/zonecheck/zc/console.rb
/usr/lib/zonecheck/zc/data
/usr/lib/zonecheck/zc/data/catalog.xml
/usr/lib/zonecheck/zc/data/config.dtd
/usr/lib/zonecheck/zc/data/logo.rb
/usr/lib/zonecheck/zc/data/msgcat.dtd
/usr/lib/zonecheck/zc/data/xpm.rb
/usr/lib/zonecheck/zc/data/zonecheck.dtd
/usr/lib/zonecheck/zc/dbg.rb
/usr/lib/zonecheck/zc/ext
/usr/lib/zonecheck/zc/ext/array.rb
/usr/lib/zonecheck/zc/ext/file.rb
/usr/lib/zonecheck/zc/ext/gtk.rb
/usr/lib/zonecheck/zc/ext/myxml.rb
/usr/lib/zonecheck/zc/framework.rb
/usr/lib/zonecheck/zc/input
/usr/lib/zonecheck/zc/input/cgi.rb
/usr/lib/zonecheck/zc/input/cli.rb
/usr/lib/zonecheck/zc/input/gtk.rb
/usr/lib/zonecheck/zc/input/inetd.rb
/usr/lib/zonecheck/zc/instructions.rb
/usr/lib/zonecheck/zc/locale.rb
/usr/lib/zonecheck/zc/mail.rb
/usr/lib/zonecheck/zc/msgcat.rb
/usr/lib/zonecheck/zc/param.rb
/usr/lib/zonecheck/zc/publisher
/usr/lib/zonecheck/zc/publisher.rb
/usr/lib/zonecheck/zc/publisher/gtk.rb
/usr/lib/zonecheck/zc/publisher/html.rb
/usr/lib/zonecheck/zc/publisher/text.rb
/usr/lib/zonecheck/zc/publisher/xml.rb
/usr/lib/zonecheck/zc/report
/usr/lib/zonecheck/zc/report.rb
/usr/lib/zonecheck/zc/report/byhost.rb
/usr/lib/zonecheck/zc/report/byseverity.rb
/usr/lib/zonecheck/zc/testmanager.rb
/usr/lib/zonecheck/zc/zc.rb
/usr/lib/zonecheck/zc/zonecheck.rb
/usr/share/doc/zonecheck-2.0.4
/usr/share/doc/zonecheck-2.0.4/BUGS
/usr/share/doc/zonecheck-2.0.4/COPYING
/usr/share/doc/zonecheck-2.0.4/CREDITS
/usr/share/doc/zonecheck-2.0.4/ChangeLog
/usr/share/doc/zonecheck-2.0.4/GPL
/usr/share/doc/zonecheck-2.0.4/HISTORY
/usr/share/doc/zonecheck-2.0.4/README
/usr/share/doc/zonecheck-2.0.4/TODO
/usr/share/doc/zonecheck-2.0.4/html
/usr/share/doc/zonecheck-2.0.4/html/FAQ.html
/usr/share/doc/zonecheck-2.0.4/html/apa.html
/usr/share/doc/zonecheck-2.0.4/html/ch01.html
/usr/share/doc/zonecheck-2.0.4/html/ch01s02.html
/usr/share/doc/zonecheck-2.0.4/html/ch01s03.html
/usr/share/doc/zonecheck-2.0.4/html/ch01s04.html
/usr/share/doc/zonecheck-2.0.4/html/ch02.html
/usr/share/doc/zonecheck-2.0.4/html/ch02s02.html
/usr/share/doc/zonecheck-2.0.4/html/ch02s03.html
/usr/share/doc/zonecheck-2.0.4/html/ch03.html
/usr/share/doc/zonecheck-2.0.4/html/ch04.html
/usr/share/doc/zonecheck-2.0.4/html/ch05.html
/usr/share/doc/zonecheck-2.0.4/html/ch05s02.html
/usr/share/doc/zonecheck-2.0.4/html/ch06.html
/usr/share/doc/zonecheck-2.0.4/html/ch07.html
/usr/share/doc/zonecheck-2.0.4/html/ch07s02.html
/usr/share/doc/zonecheck-2.0.4/html/ch07s03.html
/usr/share/doc/zonecheck-2.0.4/html/ch08.html
/usr/share/doc/zonecheck-2.0.4/html/ch08s02.html
/usr/share/doc/zonecheck-2.0.4/html/index-toc.html
/usr/share/doc/zonecheck-2.0.4/html/index.html
/usr/share/man/man1/zonecheck.1.gz

FIXME

Links


1)
Berkeley Internet Name Domain
2)
SmallOfficeHomeOffice
3)
Domain Name System
4)
change root
Cookies helfen bei der Bereitstellung von Inhalten. Durch die Nutzung dieser Seiten erklären Sie sich damit einverstanden, dass Cookies auf Ihrem Rechner gespeichert werden. Weitere Information
  • centos/bind_c6.txt
  • Zuletzt geändert: 20.04.2018 10:26.
  • (Externe Bearbeitung)