Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- centos:bind_c6 [22.08.2011 13:30. ] – django
+++ centos:bind_c6 [20.04.2018 10:26. ] (aktuell) – Externe Bearbeitung 127.0.0.1
@@ Zeile 1: / Zeile 1: @@
+====== BIND Nameserver unter CentOS 6 ======
+Mit BIND((Berkeley Internet Name Domain)) des [[http://www.isc.org/|Internet Systems Consortium]] richten wir uns für unser SOHO((SmallOfficeHomeOffice))-LAN ein Domain-Name-System-Server oder kurz DNS((Domain Name System))ein.
+DNS wurde in den beiden RFC 1034 und RFC 1035 definiert und bekam von der Internet Assigned Numbers Authority die beiden Ports 53/UDP und 53/TCP.
+===== Installation =====
+Zu erst installieren wir uns die beiden Pakete **bind** und **bind-chroot**. Letzters hilft uns, unseren DNS in einem chroot((change root))-Umgebung laufen zu lassen.
+   # yum install bind bind-chroot -y
+===== Grund-Konfiguration =====
+==== RPM-Pakete ====
+Als erstes sehen uns wir mal an, was die beiden Pakete alles an Dateien mitbringen und vor allem wohin diese gespeichert worden sind.
+=== bind ===
+   # rpm -qil bind
+<code>Name        : bind                         Relocations: (not relocatable)
+Version     : 9.7.0                             Vendor: CentOS
+Release     : 5.P2.el6_0.1                  Build Date: Sat 25 Jun 2011 05:48:43 AM CEST
+Install Date: Mon 22 Aug 2011 01:33:07 PM CEST      Build Host: c6b6.bsys.dev.centos.org
+Group       : System Environment/Daemons    Source RPM: bind-9.7.0-5.P2.el6_0.1.src.rpm
+Size        : 6695969                          License: ISC
+Signature   : RSA/8, Wed 06 Jul 2011 03:37:08 AM CEST, Key ID 0946fca2c105b9de
+Packager    : CentOS BuildSystem <http://bugs.centos.org>
+URL         : http://www.isc.org/products/BIND/
+Summary     : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
+Description :
+BIND (Berkeley Internet Name Domain) is an implementation of the DNS
+(Domain Name System) protocols. BIND includes a DNS server (named),
+which resolves host names to IP addresses; a resolver library
+(routines for applications to use when interfacing with DNS); and
+tools for verifying that the DNS server is operating properly.
+/etc/NetworkManager/dispatcher.d/13-named
+/etc/logrotate.d/named
+/etc/named
+/etc/named.conf
+/etc/named.iscdlv.key
+/etc/named.rfc1912.zones
+/etc/rc.d/init.d/named
+/etc/rndc.conf
+/etc/rndc.key
+/etc/sysconfig/named
+/usr/lib64/bind
+/usr/sbin/arpaname
+/usr/sbin/ddns-confgen
+/usr/sbin/dnssec-dsfromkey
+/usr/sbin/dnssec-keyfromlabel
+/usr/sbin/dnssec-keygen
+/usr/sbin/dnssec-revoke
+/usr/sbin/dnssec-settime
+/usr/sbin/dnssec-signzone
+/usr/sbin/genrandom
+/usr/sbin/isc-hmac-fixup
+/usr/sbin/lwresd
+/usr/sbin/named
+/usr/sbin/named-checkconf
+/usr/sbin/named-checkzone
+/usr/sbin/named-compilezone
+/usr/sbin/named-journalprint
+/usr/sbin/nsec3hash
+/usr/sbin/rndc
+/usr/sbin/rndc-confgen
+/usr/share/doc/bind-9.7.0
+/usr/share/doc/bind-9.7.0/CHANGES
+/usr/share/doc/bind-9.7.0/COPYRIGHT
+/usr/share/doc/bind-9.7.0/Copyright
+/usr/share/doc/bind-9.7.0/README
+/usr/share/doc/bind-9.7.0/arm
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM-book.xml
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch01.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch02.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch03.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch04.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch05.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch06.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch07.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch08.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch09.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch10.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.html
+/usr/share/doc/bind-9.7.0/arm/Bv9ARM.pdf
+/usr/share/doc/bind-9.7.0/arm/Makefile
+/usr/share/doc/bind-9.7.0/arm/Makefile.in
+/usr/share/doc/bind-9.7.0/arm/README-SGML
+/usr/share/doc/bind-9.7.0/arm/dnssec.xml
+/usr/share/doc/bind-9.7.0/arm/isc-logo.eps
+/usr/share/doc/bind-9.7.0/arm/isc-logo.pdf
+/usr/share/doc/bind-9.7.0/arm/latex-fixup.pl
+/usr/share/doc/bind-9.7.0/arm/libdns.xml
+/usr/share/doc/bind-9.7.0/arm/man.arpaname.html
+/usr/share/doc/bind-9.7.0/arm/man.ddns-confgen.html
+/usr/share/doc/bind-9.7.0/arm/man.dig.html
+/usr/share/doc/bind-9.7.0/arm/man.dnssec-dsfromkey.html
+/usr/share/doc/bind-9.7.0/arm/man.dnssec-keyfromlabel.html
+/usr/share/doc/bind-9.7.0/arm/man.dnssec-keygen.html
+/usr/share/doc/bind-9.7.0/arm/man.dnssec-revoke.html
+/usr/share/doc/bind-9.7.0/arm/man.dnssec-settime.html
+/usr/share/doc/bind-9.7.0/arm/man.dnssec-signzone.html
+/usr/share/doc/bind-9.7.0/arm/man.genrandom.html
+/usr/share/doc/bind-9.7.0/arm/man.host.html
+/usr/share/doc/bind-9.7.0/arm/man.isc-hmac-fixup.html
+/usr/share/doc/bind-9.7.0/arm/man.named-checkconf.html
+/usr/share/doc/bind-9.7.0/arm/man.named-checkzone.html
+/usr/share/doc/bind-9.7.0/arm/man.named-journalprint.html
+/usr/share/doc/bind-9.7.0/arm/man.named.html
+/usr/share/doc/bind-9.7.0/arm/man.nsec3hash.html
+/usr/share/doc/bind-9.7.0/arm/man.nsupdate.html
+/usr/share/doc/bind-9.7.0/arm/man.rndc-confgen.html
+/usr/share/doc/bind-9.7.0/arm/man.rndc.conf.html
+/usr/share/doc/bind-9.7.0/arm/man.rndc.html
+/usr/share/doc/bind-9.7.0/arm/managed-keys.xml
+/usr/share/doc/bind-9.7.0/arm/pkcs11.xml
+/usr/share/doc/bind-9.7.0/draft
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-6man-text-addr-representation-01.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-behave-dns64-01.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-axfr-clarify-13.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-dns-tcp-requirements-02.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-dnssec-bis-updates-09.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-dnssec-gost-06.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-ecc-key-07.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-interop3597-02.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-rfc2671bis-edns0-02.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-rfc2672bis-dname-18.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-rfc3597-bis-00.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-tsig-md5-deprecated-03.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-bad-dns-res-05.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-default-local-zones-09.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-inaddr-required-07.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-name-server-management-reqs-02.txt
+/usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-respsize-06.txt
+/usr/share/doc/bind-9.7.0/draft/draft-kato-dnsop-local-zones-00.txt
+/usr/share/doc/bind-9.7.0/draft/update
+/usr/share/doc/bind-9.7.0/misc
+/usr/share/doc/bind-9.7.0/misc/Makefile
+/usr/share/doc/bind-9.7.0/misc/Makefile.in
+/usr/share/doc/bind-9.7.0/misc/dnssec
+/usr/share/doc/bind-9.7.0/misc/format-options.pl
+/usr/share/doc/bind-9.7.0/misc/ipv6
+/usr/share/doc/bind-9.7.0/misc/migration
+/usr/share/doc/bind-9.7.0/misc/migration-4to9
+/usr/share/doc/bind-9.7.0/misc/options
+/usr/share/doc/bind-9.7.0/misc/rfc-compliance
+/usr/share/doc/bind-9.7.0/misc/roadmap
+/usr/share/doc/bind-9.7.0/misc/sdb
+/usr/share/doc/bind-9.7.0/misc/sort-options.pl
+/usr/share/doc/bind-9.7.0/named.conf.default
+/usr/share/doc/bind-9.7.0/rfc
+/usr/share/doc/bind-9.7.0/rfc/index.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1032.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1033.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1034.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1035.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1101.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1122.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1123.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1183.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1348.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1535.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1536.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1537.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1591.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1611.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1612.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1706.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1712.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1750.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1876.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1886.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1912.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1982.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1995.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc1996.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2052.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2104.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2119.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2133.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2136.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2137.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2163.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2168.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2181.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2230.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2308.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2317.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2373.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2374.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2375.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2418.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2535.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2536.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2537.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2538.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2539.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2540.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2541.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2553.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2671.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2672.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2673.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2782.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2825.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2826.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2845.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2874.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2915.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2929.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2930.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc2931.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3007.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3008.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3071.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3090.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3110.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3123.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3152.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3197.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3225.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3226.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3258.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3363.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3364.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3425.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3445.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3467.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3490.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3491.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3492.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3493.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3513.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3596.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3597.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3645.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3655.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3658.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3755.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3757.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3833.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3845.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc3901.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4025.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4033.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4034.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4035.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4074.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4159.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4193.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4255.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4294.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4339.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4343.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4367.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4398.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4408.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4431.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4470.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4471.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4472.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4509.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4634.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4635.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4641.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4648.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4697.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4701.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4892.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4955.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc4956.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc5001.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc5011.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc5155.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc5205.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc5452.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc5507.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc5625.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc5702.txt.gz
+/usr/share/doc/bind-9.7.0/rfc/rfc952.txt.gz
+/usr/share/doc/bind-9.7.0/rfc1912.txt
+/usr/share/doc/bind-9.7.0/sample
+/usr/share/doc/bind-9.7.0/sample/etc
+/usr/share/doc/bind-9.7.0/sample/etc/named.conf
+/usr/share/doc/bind-9.7.0/sample/etc/named.rfc1912.zones
+/usr/share/doc/bind-9.7.0/sample/var
+/usr/share/doc/bind-9.7.0/sample/var/named
+/usr/share/doc/bind-9.7.0/sample/var/named/data
+/usr/share/doc/bind-9.7.0/sample/var/named/my.external.zone.db
+/usr/share/doc/bind-9.7.0/sample/var/named/my.internal.zone.db
+/usr/share/doc/bind-9.7.0/sample/var/named/named.ca
+/usr/share/doc/bind-9.7.0/sample/var/named/named.empty
+/usr/share/doc/bind-9.7.0/sample/var/named/named.localhost
+/usr/share/doc/bind-9.7.0/sample/var/named/named.loopback
+/usr/share/doc/bind-9.7.0/sample/var/named/slaves
+/usr/share/doc/bind-9.7.0/sample/var/named/slaves/my.ddns.internal.zone.db
+/usr/share/doc/bind-9.7.0/sample/var/named/slaves/my.slave.internal.zone.db
+/usr/share/man/man1/arpaname.1.gz
+/usr/share/man/man5/named.conf.5.gz
+/usr/share/man/man5/rndc.conf.5.gz
+/usr/share/man/man8/ddns-confgen.8.gz
+/usr/share/man/man8/dnssec-dsfromkey.8.gz
+/usr/share/man/man8/dnssec-keyfromlabel.8.gz
+/usr/share/man/man8/dnssec-keygen.8.gz
+/usr/share/man/man8/dnssec-revoke.8.gz
+/usr/share/man/man8/dnssec-settime.8.gz
+/usr/share/man/man8/dnssec-signzone.8.gz
+/usr/share/man/man8/genrandom.8.gz
+/usr/share/man/man8/isc-hmac-fixup.8.gz
+/usr/share/man/man8/lwresd.8.gz
+/usr/share/man/man8/named-checkconf.8.gz
+/usr/share/man/man8/named-checkzone.8.gz
+/usr/share/man/man8/named-compilezone.8.gz
+/usr/share/man/man8/named-journalprint.8.gz
+/usr/share/man/man8/named.8.gz
+/usr/share/man/man8/nsec3hash.8.gz
+/usr/share/man/man8/rndc-confgen.8.gz
+/usr/share/man/man8/rndc.8.gz
+/var/log/named.log
+/var/named
+/var/named/data
+/var/named/dynamic
+/var/named/named.ca
+/var/named/named.empty
+/var/named/named.localhost
+/var/named/named.loopback
+/var/named/slaves
+/var/run/named
+</code>
+=== bind-chroot ===
+   # rpm -qil bind-chroot
+<code>Name        : bind-chroot                  Relocations: /var/named/chroot
+Version     : 9.7.0                             Vendor: CentOS
+Release     : 5.P2.el6_0.1                  Build Date: Sat 25 Jun 2011 05:48:43 AM CEST
+Install Date: Mon 22 Aug 2011 01:33:10 PM CEST      Build Host: c6b6.bsys.dev.centos.org
+Group       : System Environment/Daemons    Source RPM: bind-9.7.0-5.P2.el6_0.1.src.rpm
+Size        : 0                                License: ISC
+Signature   : RSA/8, Wed 06 Jul 2011 03:37:09 AM CEST, Key ID 0946fca2c105b9de
+Packager    : CentOS BuildSystem <http://bugs.centos.org>
+URL         : http://www.isc.org/products/BIND/
+Summary     : A chroot runtime environment for the ISC BIND DNS server, named(8)
+Description :
+This package contains a tree of files which can be used as a
+chroot(2) jail for the named(8) program from the BIND package.
+Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
+/var/named/chroot
+/var/named/chroot/dev
+/var/named/chroot/dev/null
+/var/named/chroot/dev/random
+/var/named/chroot/dev/zero
+/var/named/chroot/etc
+/var/named/chroot/etc/localtime
+/var/named/chroot/etc/named
+/var/named/chroot/etc/named.conf
+/var/named/chroot/etc/pki/dnssec-keys
+/var/named/chroot/usr/lib64/bind
+/var/named/chroot/var
+/var/named/chroot/var/log
+/var/named/chroot/var/named
+/var/named/chroot/var/run
+/var/named/chroot/var/run/named
+/var/named/chroot/var/tmp
+</code>
+==== change root - Umgebung  ====
+Bei der Installation unserer **chroot**-Umgebung wurde automatisch die Konfigurationsdatei //**/etc/sysconfig/named**// entsprechend angepasst, in dem die Konfigurationsoption <code>ROOTDIR=/var/named/chroot</code> aktiviert wird.
+In der Konfigurationsdatei //**/etc/sysconfig/named**// finden wir darüber hinaus noch weitere Angaben, wie die chroot-Umgebung für bind unter CentOS 6 realisiert wird, und welche Konfigurationsdateien beim Starten des Daemon in die chroot-Umgebung gemountet werden.
+<file | /etc/sysconfig/named># BIND named process options
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~
+# Currently, you can use the following options:
+#
+# ROOTDIR="/var/named/chroot"  --  will run named in a chroot environment.
+#                            you must set up the chroot environment
+#                            (install the bind-chroot package) before
+#                            doing this.
+#	NOTE:
+#         Those directories are automatically mounted to chroot if they are
+#         empty in the ROOTDIR directory. It will simplify maintenance of your
+#         chroot environment.
+#          - /var/named
+#          - /etc/pki/dnssec-keys
+#          - /etc/named
+#          - /usr/lib64/bind or /usr/lib/bind (architecture dependent)
+#
+#	  Those files are mounted as well if target file doesn't exist in
+#	  chroot.
+#          - /etc/named.conf
+#          - /etc/rndc.conf
+#          - /etc/rndc.key
+#          - /etc/named.rfc1912.zones
+#          - /etc/named.dnssec.keys
+#	   - /etc/named.iscdlv.key
+#
+#	Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
+#	line to your /etc/rsyslog.conf file. Otherwise your logging becomes
+#	broken when rsyslogd daemon is restarted (due update, for example).
+#
+# OPTIONS="whatever"     --  These additional options will be passed to named
+#                            at startup. Don't add -t here, use ROOTDIR instead.
+#
+# KEYTAB_FILE="/dir/file"    --  Specify named service keytab file (for GSS-TSIG)
+ROOTDIR=/var/named/chroot
+</file>
+Beim Starten des named Daemon werden die betreffenden Konfigurationsdateien gemountet. Bei laufendem Daemon können wir uns ganz einfach überzeugen, wohin diese gemountet wurden.
+   # df -ah | grep named
+<code>/etc/named            7.2G  941M  6.0G  14% /var/named/chroot/etc/named
+/var/named            7.2G  941M  6.0G  14% /var/named/chroot/var/named
+/etc/named.conf       7.2G  941M  6.0G  14% /var/named/chroot/etc/named.conf
+/etc/named.rfc1912.zones
+.2G  941M  6.0G  14% /var/named/chroot/etc/named.rfc1912.zones
+/etc/rndc.key         7.2G  941M  6.0G  14% /var/named/chroot/etc/rndc.key
+/usr/lib64/bind       7.2G  941M  6.0G  14% /var/named/chroot/usr/lib64/bind
+/etc/named.iscdlv.key
+.2G  941M  6.0G  14% /var/named/chroot/etc/named.iscdlv.key
+</code>
+Beenden wir den Daemon erfolgt automatisch das Unmounten der betreffenden Konfigurationsverzeichnisse.
+   # service named stop && df -ah | grep named
+   Stopping named:                                            [  OK  ]
+Wir können also bei der weiteren Konfiguration unser Augenmerk auf die Konfigurationsdatei **named.conf** im Verzeichnis **/etc** richten.
+==== rsyslogd  ====
+Darüber hinaus erfolgt hier auch ein Hinweis zum Anpassen des rsyslogd Daemon.
+Wie in den Bemerkungen in der //**/etc/sysconfig/named**// angegeben, werden wir nun noch die rsyslogd Daemon anpassen.
+Hierzu öffnen wir mit dem Editor unserer Wahl die Konfigurationsdatei //**/etc/rsyslog.conf**//.
+   # vim /etc/rsyslog.conf
+<file | /etc/rsyslog.conf>
+#rsyslog v3 config file
+# if you experience problems, check
+# http://www.rsyslog.com/troubleshoot for assistance
+#### MODULES ####
+$ModLoad imuxsock.so	# provides support for local system logging (e.g. via logger command)
+$ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
+#$ModLoad immark.so	# provides --MARK-- message capability
+# Provides UDP syslog reception
+#$ModLoad imudp.so
+#$UDPServerRun 514
+# Provides TCP syslog reception
+#$ModLoad imtcp.so
+#$InputTCPServerRun 514
+#### GLOBAL DIRECTIVES ####
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+# File syncing capability is disabled by default. This feature is usually not required,
+# not useful and an extreme performance hit
+#$ActionFileEnableSync on
+# Django: 2011-08-22
+# Erweiterung für die chroot-Umgebung des bind Nameservers eingetragen
+$AddUnixListenSocket /var/named/chroot/dev/log
+#### RULES ####
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.*                                                 /dev/console
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
+# The authpriv file has restricted access.
+authpriv.*                                              /var/log/secure
+# Log all the mail messages in one place.
+mail.*                                                  -/var/log/maillog
+# Log cron stuff
+cron.*                                                  /var/log/cron
+# Everybody gets emergency messages
+*.emerg                                                 *
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit                                          /var/log/spooler
+# Save boot messages also to boot.log
+local7.*                                                /var/log/boot.log
+# ### begin forwarding rule ###
+# The statement between the begin ... end define a SINGLE forwarding
+# rule. They belong together, do NOT split them. If you create multiple
+# forwarding rules, duplicate the whole block!
+# Remote Logging (we use TCP for reliable delivery)
+#
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#$WorkDirectory /var/spppl/rsyslog # where to place spool files
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList   # run asynchronously
+#$ActionResumeRetryCount -1    # infinite retries if host is down
+# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
+#*.* @@remote-host:514
+# ### end of the forwarding rule ###
+</file>
+Zur Aktivierung unserer Änderung bedarf es nur noch eines Restarts des rsyslogd Daemon.
+   # service rsyslog restart
+   Shutting down system logger:                               [  OK  ]
+   Starting system logger:                                    [  OK  ]
+==== SELinux ====
+In aller Regel werden wir auf die Dienste von **SELinux** in unserer vHOST-Installation verzichten können. Wir deaktivieren also, wenn noch nicht bereits bei der Erstinstallation erfolgt, SELinux komplett, indem wir in der Konfigurationsdatei unter //**/etc/sysconfig**// das Thema SELinux //deaktivieren//.
+   # vim /etc/sysconfig/selinux
+<file | /etc/sysconfig/selinux># This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#     enforcing - SELinux security policy is enforced.
+#     permissive - SELinux prints warnings instead of enforcing.
+#     disabled - No SELinux policy is loaded.
+# Django : 2011-08-22 SELinux deaktiviert
+# default : SELINUX=enforcing
+SELINUX=disabled
+# SELINUXTYPE= can take one of these two values:
+#     targeted - Targeted processes are protected,
+#     mls - Multi Level Security protection.
+SELINUXTYPE=targeted
+</file>
+==== IPv6 ====
+Bei unserer Musterinstallation begnügen wir uns mit einer IPv4-Inststallation. In der Grundkonfiguration unseres bind Daemon sehen wir im Syslog, dass versucht wird auch jedesmal via IPv6 eine Anfrage zu starten.
+   Aug 22 14:45:30 vml000020 named[3376]: error (network unreachable) resolving 'heise.de.dlv.isc.org/DLV/IN': 2001:500:71::29#53
+Da wir aber (noch) keine IPv6-Anbindung haben, werden wir die IPv6 lookups einfach abstellen.
+In unserer bind-Konfigurationsdatei //**/etc/named.conf**// deaktivieren wir einfach die betreffende Zeile durch Voranstellen von zwei **Schrägstriche "/"**.
+   # vim /var/named/chroot/etc/named/named.conf
+           //listen-on-v6 port 53 { ::1; };                          // Django: 2011-08-22 IPv6 deaktiviert
+In der Datei //**/etc/sysconfig/named**// vermerken wir ferner, dass wir lediglich die IPv4-Unterstützung nutzen wollen.
+   # vim /etc/sysconfig/named
+   # Django : 2011-08-22 nur die IPv4-Unterstützung aktivieren
+   OPTIONS="-4"
+Anschließend starten wir den Nameserver einmal durch, damit die Konfigurationsänderunegn auch greifen.
+# service named restart
+==== iptables Paketfilter ====
+Nach dem Starten unseres named Daemon können wir mit Hilfe von**netstat** überprüfen, ob der Daemon auf den gewünschten Ports lauscht.
+   # netstat -tulpen | grep named
+<code>tcp        0      0 10.0.0.20:53                0.0.0.0:*                   LISTEN      25         12850      4010/named
+tcp        0      0 10.0.10.1:53                0.0.0.0:*                   LISTEN      25         12848      4010/named
+tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      25         12846      4010/named
+tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      25         12853      4010/named
+udp        0      0 10.0.0.20:53                0.0.0.0:*                               25         12849      4010/named
+udp        0      0 10.0.10.1:53                0.0.0.0:*                               25         12847      4010/named
+udp        0      0 127.0.0.1:53                0.0.0.0:*                               25         12845      4010/named
+</code>
+Damit der Zugriff auf den Port 53 (TCP/UDP) auch erfolgen kann, müssen wir noch unseren Paketfilter i.d.R. erweitern.
+Wir tragen hierzu in der Konfigurationsdatei //**/etc/sysconfig/iptables**// hierzu die folgenden Zeilen am Ende der INPUT-Regeln nach.
+<code># Django : 2011-08-22 DNS freigeschaltet
+-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
+-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
+# Django : 2011-08-22 bei Bedarf Logging aktivieren
+#-A INPUT -j LOG
+# Django : end
+</code>
+Anschließend aktivieren wir die Änderungen an unserem Paketfilter, indem wir den Daemon durchstarten.
+   # service iptables restart
+<code>iptables: Flushing firewall rules:                         [  OK  ]
+iptables: Setting chains to policy ACCEPT: filter nat      [  OK  ]
+iptables: Unloading modules:                               [  OK  ]
+iptables: Applying firewall rules:                         [  OK  ]
+</code>
+===== erweiterte Konfigurationen =====
+==== caching-only Nameserver ====
+Im ersten Schritt wollen wir erst einmal einen caching-only Nameserver aufsetzen. Die mitgelieferte Konfigurationsdate //**/etc/named.conf**// des RPM-Pakets **bind** passen wir unseren Gegebenheiten an.
+   # vim /etc/named.conf
+<file | /etc/named.conf>//
+// named.conf
+//
+// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
+// server as a caching only nameserver (as a localhost DNS resolver only).
+//
+// See /usr/share/doc/bind*/sample/ for example named configuration files.
+//
+options {
+	listen-on port 53 { 127.0.0.1; 10.0.0.0; 10.0.10.0 };     // Django : 2011-08-22 unsere Netzwerk-
+								  // interfaces definiert
+	listen-on-v6 port 53 { ::1; };
+	directory 	"/var/named";
+	dump-file 	"/var/named/data/cache_dump.db";
+        statistics-file "/var/named/data/named_stats.txt";
+        memstatistics-file "/var/named/data/named_mem_stats.txt";
+	allow-query     { localhost; 10.0.0.0/24; 10.0.10.0/26 }; // Django : 2011-08-22 unsere Netzwerke
+								  // die unseren Nameserver befragen dürfen
+	recursion yes;
+	// Django : 2011-08-22 dnssec erst einmal deaktiviert für den caching-only Betrieb
+	// dnssec-enable yes;
+	// dnssec-validation yes;
+	// dnssec-lookaside auto;
+	/* Path to ISC DLV key */
+	// Django : 2011-08-22 bindkeys-file erst einmal deaktiviert für den caching-only Betrieb
+	// bindkeys-file "/etc/named.iscdlv.key";
+};
+logging {
+        channel default_debug {
+                file "data/named.run";
+                severity dynamic;
+        };
+};
+zone "." IN {
+	type hint;
+	file "named.ca";
+};
+include "/etc/named.rfc1912.zones";
+</file>
+Nach der Bearbeitung startetn wir nun unseren Nameserver das erste mal.
+   # service named start
+   Starting named:                                            [  OK  ]
+Sollte wider Erwarten beim Starten etwas schief gelaufen sein, so ist der Syslog die Anlaufstelle für weitere Fehlermeldungen. Im Regelfall wird der erfolgreiche Start entsprechend quittiert.
+<code>Oct  6 11:16:08 vml000020 named[4010]: starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 -u named -4 -t /var/named/chroot
+Oct  6 11:16:08 vml000020 named[4010]: built with '--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu' '--tar
+get=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbi
+n' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '
+--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--e
+nable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--wit
+h-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alia
+s=x86_64-unknown-linux-gnu' 'host_alias=x86_64-unknown-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pip
+e -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDI
+G_SIGCHASE'
+Oct  6 11:16:08 vml000020 named[4010]: adjusted limit on open files from 1024 to 1048576
+Oct  6 11:16:08 vml000020 named[4010]: found 1 CPU, using 1 worker thread
+Oct  6 11:16:08 vml000020 named[4010]: using up to 4096 sockets
+Oct  6 11:16:08 vml000020 named[4010]: loading configuration from '/etc/named.conf'
+Oct  6 11:16:08 vml000020 named[4010]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
+Oct  6 11:16:08 vml000020 named[4010]: using default UDP/IPv4 port range: [1024, 65535]
+Oct  6 11:16:08 vml000020 named[4010]: using default UDP/IPv6 port range: [1024, 65535]
+Oct  6 11:16:08 vml000020 named[4010]: no IPv6 interfaces found
+Oct  6 11:16:08 vml000020 named[4010]: listening on IPv4 interface lo, 127.0.0.1#53
+Oct  6 11:16:08 vml000020 named[4010]: listening on IPv4 interface eth0, 10.0.10.1#53
+Oct  6 11:16:08 vml000020 named[4010]: listening on IPv4 interface eth1, 10.0.0.20#53
+Oct  6 11:16:08 vml000020 named[4010]: generating session key for dynamic DNS
+Oct  6 11:16:08 vml000020 named[4010]: using built-in trusted-keys for view _default
+Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 127.IN-ADDR.ARPA
+Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 254.169.IN-ADDR.ARPA
+Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
+Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
+Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
+Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: D.F.IP6.ARPA
+Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 8.E.F.IP6.ARPA
+Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: 9.E.F.IP6.ARPA
+Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: A.E.F.IP6.ARPA
+Oct  6 11:16:08 vml000020 named[4010]: automatic empty zone: B.E.F.IP6.ARPA
+Oct  6 11:16:08 vml000020 named[4010]: using built-in trusted-keys for view _meta
+Oct  6 11:16:08 vml000020 named[4010]: set up managed-keys.bind meta-zone
+Oct  6 11:16:08 vml000020 named[4010]: command channel listening on 127.0.0.1#953
+Oct  6 11:16:08 vml000020 named[4010]: the working directory is not writable
+Oct  6 11:16:08 vml000020 named[4010]: zone 0.in-addr.arpa/IN: loaded serial 0
+Oct  6 11:16:08 vml000020 named[4010]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
+Oct  6 11:16:08 vml000020 named[4010]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
+Oct  6 11:16:08 vml000020 named[4010]: zone localhost.localdomain/IN: loaded serial 0
+Oct  6 11:16:08 vml000020 named[4010]: zone localhost/IN: loaded serial 0
+Oct  6 11:16:08 vml000020 named[4010]: zone managed-keys.bind/IN/_meta: loaded serial 12
+Oct  6 11:16:08 vml000020 named[4010]: running
+<code>
+In der named-eigenen Logdatei //**/var/named/data/named.run**// wird außerdem der Start mit Angabe der geladenen Zonen dokumentiert.
+   # less /var/named/data/named.run
+<code>zone 0.in-addr.arpa/IN: loaded serial 0
+zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
+zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
+zone localhost.localdomain/IN: loaded serial 0
+zone localhost/IN: loaded serial 0
+zone managed-keys.bind/IN/_meta: loaded serial 12
+running
+</code>
+Nach dem Starten unseres named Daemon können wir mit Hilfe von**netstat** überprüfen, ob der Daemon auf den gewünschten Ports lauscht.
+   # netstat -tulpen | grep named
+<code>tcp        0      0 10.0.0.20:53                0.0.0.0:*                   LISTEN      25         12850      4010/named
+tcp        0      0 10.0.10.1:53                0.0.0.0:*                   LISTEN      25         12848      4010/named
+tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      25         12846      4010/named
+tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      25         12853      4010/named
+udp        0      0 10.0.0.20:53                0.0.0.0:*                               25         12849      4010/named
+udp        0      0 10.0.10.1:53                0.0.0.0:*                               25         12847      4010/named
+udp        0      0 127.0.0.1:53                0.0.0.0:*                               25         12845      4010/named
+</code>
+Dass der Daemon in einer chroot-Umgebung gestartet wurde sehen wir anhand folgender Ausgabe:
+   # ps aux | grep named
+   named     4010  0.0  1.4 161628 15300 ?        Ssl  11:16   0:00 /usr/sbin/named -u named -4 -t /var/named/chroot
+   root      4042  0.0  0.0 103148   828 pts/0    S+   11:36   0:00 grep named
+Nachdem unser nameserver nun läuft werden wir auch gleich mal unsere erste Abfrage tätigen
+   #  dig @localhost heise.de
+<code>; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> @localhost heise.de
+; (2 servers found)
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50804
+;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0
+;; QUESTION SECTION:
+;heise.de.			IN	A
+;; ANSWER SECTION:
+heise.de.		3600	IN	A	193.99.144.80
+;; AUTHORITY SECTION:
+heise.de.		86400	IN	NS	ns.s.plusline.de.
+heise.de.		86400	IN	NS	ns.pop-hannover.de.
+heise.de.		86400	IN	NS	ns2.pop-hannover.net.
+heise.de.		86400	IN	NS	ns.plusline.de.
+heise.de.		86400	IN	NS	ns.heise.de.
+;; Query time: 86 msec
+;; SERVER: 127.0.0.1#53(127.0.0.1)
+;; WHEN: Mon Aug 22 14:52:07 2011
+;; MSG SIZE  rcvd: 168
+</code>
+Die gleiche Abfrage mit Hilfe von **nslookup** sieht wie folgt aus:
+   # nslookup heise
+<code>Server:		10.0.0.20
+Address:	10.0.0.20#53
+Non-authoritative answer:
+Name:	heise.dmz.nausch.org
+Address: 88.217.187.21</code>
+==== Nameserver für Intranet und Demilitarized Zone ====
+Im folgenden Beispiel erweitern wir unsere [[centos:bind_c6#caching-only_nameserver|ersten Konfigurationsschritt]] ein wenig, denn schließlich möchten wir ja nicht nur Anfragen nach //öffentlichen IP-Adressen// beantworten, sondern auch für unser privates Netzwerk im SOHO mit den folgenden zwei Zonen:
+  * DMZ : dmz.nausch.org mit Netz: 10.0.0.0/24
+  * Intranet : intra.nausch.org mit Netz: 10.0.10.0/26
+=== bind Konfiguration ===
+== named.conf ==
+Basierend auf den [[centos:bind_c6?&#nameserver_fuer_intranet_und_demilitarized_zone|Rahmenbedingungen]] erweitern wir als erstes die Hauptkonfigurationsdatei unseres Nameservers bind. Hierzu bemühen wir wieder den Editor unserer Wahl **vim**. Die entsprechenden Optionen sind im nachfolgenden Beispiel entsprechend beschrieben.
+   # vim /etc/named.conf
+<file | named.conf>
+//
+// named.conf
+//
+// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
+// server as a caching only nameserver (as a localhost DNS resolver only).
+//
+// See /usr/share/doc/bind*/sample/ for example named configuration files.
+//
+acl dmz   { 10.0.0.0/24; };						// Django : 2011-10-05 Variablendefinition
+acl intra { 10.0.10.0/26; };						// Django : 2011-10-05 Variablendefinition
+options {
+	listen-on port 53 { 127.0.0.1; 10.0.0.20; 10.0.10.1; };		// Django : 2011-08-22 unsere Netzwerk-
+								  	// interfaces definiert
+	// listen-on-v6 port 53 { ::1; };                          	// IPv6 deaktiviert
+	directory 	"/var/named";
+	dump-file 	"/var/named/data/cache_dump.db";
+        statistics-file "/var/named/data/named_stats.txt";
+        memstatistics-file "/var/named/data/named_mem_stats.txt";
+	allow-query     { localhost; dmz; intra; };			// Django : 2011-08-22 unsere Netzwerke
+        allow-recursion { localhost; dmz; intra; };			// die unseren Nameserver befragen dürfen
+	recursion yes;
+	query-source address * port *;					// Django : 2011-10-05
+									// unpriviligierten Port nutzen, wenn Anfragen
+									// nach extern gestellt werden
+	check-names master warn;					// Django : 2011-10-05
+									// Der Nameserver soll nur warnen und nicht
+									// abbrechen, wenn er eine Anfrage nicht
+									// beantworten kann. (Bsp. DKIM-keys)
+	auth-nxdomain no;						// Django : 2011-10-05
+									// RFC1035 Konforme Arbeit (keine alten
+									// Anfragen und Konfigurationen nutzen)
+	dnssec-enable yes;
+	dnssec-validation yes;
+	dnssec-lookaside auto;
+	/* Path to ISC DLV key */
+	bindkeys-file "/etc/named.iscdlv.key";
+};
+logging {
+        channel default_debug {
+                file "data/named.run";
+                severity dynamic;
+        };
+};
+zone "." IN {
+	type hint;
+	file "named.ca";
+};
+include "/etc/named.rfc1912.zones";
+zone "dmz.nausch.org" IN {
+        type master;
+        file "dynamic/dmz-forward";
+	allow-update { none; };
+};
+zone "0.0.10.in-addr.arpa" IN {
+        type master;
+        file "dynamic/dmz-reverse";
+        allow-update { none; };
+};
+zone "intra.nausch.org" IN {
+        type master;
+        file "dynamic/intra-forward";
+	allow-update { none; };
+};
+zone "10.0.10.in-addr.arpa" IN {
+        type master;
+        file "dynamic/intra-reverse";
+        allow-update { none; };
+};
+zone "nausch.org" IN {
+        type master;
+        file "dynamic/domain-forward";
+        allow-update { none; };
+};
+zone "187.217.88.in-addr.arpa" IN {
+        type master;
+        file "dynamic/domain-reverse";
+        allow-update { none; };
+};
+</file>
+Die einzelnen Zonen-Dateien legen wir im Verzeichnis //**/var/named/dynamic/**// ab.
+  * dmz-forward
+  * dmz-reverse
+  * intra-forward
+  * intra-reverse
+  * domain-forward
+  * domain-reverse
+== dmz-forward ==
+Für die forward-Auflösung des Subnetzes **DMZ** legen wir uns eine Konfigurationsdatei nach folgendem Muster an.
+<file | /var/named/dynamic/dmz-forward>
+$ORIGIN dmz.nausch.org.
+$TTL    86400
+@			IN	SOA	vml000020.dmz.nausch.org. root.nausch.org. (
+			2011100501	; serial
+H		; refresh
+M		; retry
+W		; expiry
+D )		; minimum
+;
+				IN      NS      vml000020.dmz.nausch.org.
+;
+fwe		IN	CNAME	vml000010
+fwi		IN	CNAME	vml000020
+time		IN	CNAME	vml000020
+dns		IN	CNAME	vml000020
+dhcp		IN	CNAME	vml000020
+;
+localhost			IN	A	127.0.0.1
+;
+vml000010	IN	A	10.0.0.10
+vml000020	IN 	A	10.0.0.20
+vml000030	IN	A	10.0.0.30
+</file>
+== dmz-reverse ==
+Für die reverse-Auflösung des Subnetzes **DMZ** legen wir uns eine Konfigurationsdatei nach folgendem Muster an.
+<file | /var/named/dynamic/dmz-reverse>
+$ORIGIN 0.0.10.in-addr.arpa.
+$TTL 86400
+@	IN SOA		vml000020.dmz.nausch.org. root.nss.nausch.org. (
+	2011100501	; serial
+H		; refresh
+H		; retry
+W		; expiry
+D )		; minimum
+;
+@	IN NS		vml000020.dmz.nausch.org.
+;
+	IN PTR		vml000010.dmz.nausch.org.
+	IN PTR		vml000020.dmz.nausch.org.
+	IN PTR		vml000030.dmz.nausch.org.
+</file>
+== intra-forward ==
+Für die forward-Auflösung des Subnetzes **intra** legen wir uns eine Konfigurationsdatei nach folgendem Muster an.
+<file | /var/named/dynamic/intra-forward>
+$ORIGIN intra.nausch.org.
+$TTL    86400
+@			IN	SOA	vml000020.dmz.nausch.org. root.nausch.org. (
+			2011100501	; serial
+H		; refresh
+M		; retry
+W		; expiry
+D )		; minimum
+;
+			IN	NS	vml000020.dmz.nausch.org.
+;
+proton			IN	CNAME	pml010051
+;
+pml010001		IN	A	10.0.10.1
+pml010051		IN	A	10.0.10.51
+</file>
+== intra-reverse ==
+Für die reverse-Auflösung des Subnetzes **intra** legen wir uns eine Konfigurationsdatei nach folgendem Muster an.
+<file | /var/named/dynamic/intra-reverse>
+$ORIGIN 10.0.10.in-addr.arpa.
+$TTL 86400
+@	IN SOA		vml000020.dmz.nausch.org. root.nss.nausch.org. (
+	2011100501	; serial
+H		; refresh
+H		; retry
+W		; expiry
+D )		; minimum
+;
+@	IN NS		pml010001.intra.nausch.org.
+;
+	IN PTR		pml010001.intra.nausch.org.
+	IN PTR		pml010051.intra.nausch.org.
+</file>
+== domain-forward ==
+Für die forward-Auflösung unserer eigenen Domäne **nausch.org** legen wir uns eine Konfigurationsdatei nach folgendem Muster an.
+<file | /var/named/dynamic/domain-forward>
+$ORIGIN nausch.org.
+$TTL    86400
+@			IN	SOA	ns1.dmz.nausch.org. root.nausch.org. (
+			2011100501	; serial
+H		; refresh
+M		; retry
+W		; expiry
+D )		; minimum
+;
+			IN      NS      ns1.dmz.nausch.org.
+;
+ns1.dmz.nausch.org	IN	A	88.217.187.21
+;
+nausch.org.		IN      A       88.217.187.21
+*.nausch.org.		IN      A       88.217.187.21
+</file>
+== domain-reverse ==
+Für die reverse-Auflösung unserer eigenen Domäne **nausch.org** legen wir uns eine Konfigurationsdatei nach folgendem Muster an.
+<file | /var/named/dynamic/domain-reverse>
+$ORIGIN 187.217.88.in-addr.arpa.
+$TTL 86400
+@	IN SOA		vml000020.dmz.nausch.org. root.nss.nausch.org. (
+	2011100501	; serial
+H		; refresh
+H		; retry
+W		; expiry
+D )		; minimum
+;
+@	IN NS		ns1.dmz.nausch.org.
+;
+	IN PTR		mx1.nausch.org.
+</file>
+===== Utilities rund um den Nameserver bind =====
+==== Konfiguration überprüfen ====
+Möchte man die Konfiguration(sdatei) seinen bind-Nameservers überprüfen so nutzt man den Befehl **named-checkconf**
+   # named-checkconf
+Benutzt man hierbei die Option //-p// wird, sofern keine Fehler existieren, die Konfigurationsdatei **named.conf** ohne Kommentare auf der Konsole ausgegeben.
+   # named-checkconf -p
+<code>options {
+	bindkeys-file "/etc/named.iscdlv.key";
+	directory "/var/named";
+	dump-file "/var/named/data/cache_dump.db";
+	listen-on port 53 {
+.0.0.1/32;
+.0.0.20/32;
+.0.10.1/32;
+	};
+	memstatistics-file "/var/named/data/named_mem_stats.txt";
+	statistics-file "/var/named/data/named_stats.txt";
+	allow-recursion {
+		"localhost";
+		"dmz";
+		"intra";
+	};
+	auth-nxdomain no;
+	check-names master warn;
+	dnssec-enable yes;
+	dnssec-lookaside "auto" ;
+	dnssec-validation yes;
+	query-source address 0.0.0.0 port 0;
+	recursion yes;
+	allow-query {
+		"localhost";
+		"dmz";
+		"intra";
+	};
+};
+acl "dmz" {
+.0.0.0/24;
+};
+acl "intra" {
+.0.10.0/26;
+};
+logging {
+	channel "default_debug" {
+		file "data/named.run";
+		severity dynamic;
+	};
+};
+zone "." IN {
+	type hint;
+	file "named.ca";
+};
+zone "localhost.localdomain" IN {
+	type master;
+	file "named.localhost";
+	allow-update {
+		"none";
+	};
+};
+zone "localhost" IN {
+	type master;
+	file "named.localhost";
+	allow-update {
+		"none";
+	};
+};
+zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
+	type master;
+	file "named.loopback";
+	allow-update {
+		"none";
+	};
+};
+zone "1.0.0.127.in-addr.arpa" IN {
+	type master;
+	file "named.loopback";
+	allow-update {
+		"none";
+	};
+};
+zone "0.in-addr.arpa" IN {
+	type master;
+	file "named.empty";
+	allow-update {
+		"none";
+	};
+};
+zone "dmz.nausch.org" IN {
+	type master;
+	file "dynamic/dmz-forward";
+	allow-update {
+		"none";
+	};
+};
+zone "0.0.10.in-addr.arpa" IN {
+	type master;
+	file "dynamic/dmz-reverse";
+	allow-update {
+		"none";
+	};
+};
+zone "intra.nausch.org" IN {
+	type master;
+	file "dynamic/intra-forward";
+	allow-update {
+		"none";
+	};
+};
+zone "10.0.10.in-addr.arpa" IN {
+	type master;
+	file "dynamic/intra-reverse";
+	allow-update {
+		"none";
+	};
+};
+zone "nausch.org" IN {
+	type master;
+	file "dynamic/domain-forward";
+	allow-update {
+		"none";
+	};
+};
+zone "187.217.88.in-addr.arpa" IN {
+	type master;
+	file "dynamic/domain-reverse";
+	allow-update {
+		"none";
+	};
+};
+</code>
+==== Versionsabfrage ====
+Will man die Version eines Namservers abfragen, so kann man dies mit Hilfe folgenden Befehls erreichen.
+   # dig txt chaos version.bind
+<code>; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> txt chaos version.bind
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18905
+;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
+;; WARNING: recursion requested but not available
+;; QUESTION SECTION:
+;version.bind.			CH	TXT
+;; ANSWER SECTION:
+version.bind.		0	CH	TXT	"9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1"
+;; AUTHORITY SECTION:
+version.bind.		0	CH	NS	version.bind.
+;; Query time: 1 msec
+;; SERVER: 10.0.0.20#53(10.0.0.20)
+;; WHEN: Thu Oct  6 14:50:47 2011
+;; MSG SIZE  rcvd: 91
+</code>
+==== Zonenfiles überprüfen ====
+Will man (s)ein Zonenfile überprüfen und/oder die verwendete Seriennummer ausgeben, so nutz man den Befehl **named-checkzone**
+   # named-checkzone dmz.nausch.org /var/named/dynamic/dmz-forward
+   zone dmz.nausch.org/IN: loaded serial 2011100601
+   OK
+==== Zonenfiles neu laden ====
+Das Neuladen der Zonenkonfigurationsdateien eines DNS-Server, ohne den DNS-Server neu starten zu müssen, erreicht man mit:
+   # rndc reload
+==== dnssec-tools ====
+   # yum install dnssec-tools
+   # rpm -qil dnssec-tools
+<code>Name        : dnssec-tools                 Relocations: (not relocatable)
+Version     : 1.13                              Vendor: Fedora Project
+Release     : 12.el6                        Build Date: Fri 24 May 2013 01:05:40 AM CEST
+Install Date: Sat 24 May 2014 08:44:32 PM CEST      Build Host: buildvm-24.phx2.fedoraproject.org
+Group       : System Environment/Base       Source RPM: dnssec-tools-1.13-12.el6.src.rpm
+Size        : 2004766                          License: BSD
+Signature   : RSA/8, Fri 24 May 2013 06:56:53 PM CEST, Key ID 3b49df2a0608b895
+Packager    : Fedora Project
+URL         : http://www.dnssec-tools.org/
+Summary     : A suite of tools for managing dnssec aware DNS usage
+Description :
+The goal of the DNSSEC-Tools project is to create a set of tools,
+patches, applications, wrappers, extensions, and plugins that will
+help ease the deployment of DNSSEC-related technologies.
+/etc/dnssec-tools
+/etc/dnssec-tools/dnssec-tools.conf
+/usr/bin/blinkenlights
+/usr/bin/bubbles
+/usr/bin/buildrealms
+/usr/bin/check-zone-expiration
+/usr/bin/cleanarch
+/usr/bin/cleankrf
+/usr/bin/convertar
+/usr/bin/dnspktflow
+/usr/bin/donuts
+/usr/bin/donutsd
+/usr/bin/drawvalmap
+/usr/bin/dt-getaddr
+/usr/bin/dt-gethost
+/usr/bin/dt-getname
+/usr/bin/dt-getquery
+/usr/bin/dt-getrrset
+/usr/bin/dt-validate
+/usr/bin/dtck
+/usr/bin/dtconf
+/usr/bin/dtconfchk
+/usr/bin/dtdefs
+/usr/bin/dtinitconf
+/usr/bin/dtrealms
+/usr/bin/expchk
+/usr/bin/fixkrf
+/usr/bin/genkrf
+/usr/bin/getdnskeys
+/usr/bin/getds
+/usr/bin/grandvizier
+/usr/bin/keyarch
+/usr/bin/keymod
+/usr/bin/krfcheck
+/usr/bin/libval_check_conf
+/usr/bin/lights
+/usr/bin/lsdnssec
+/usr/bin/lskrf
+/usr/bin/lsrealm
+/usr/bin/lsroll
+/usr/bin/maketestzone
+/usr/bin/mapper
+/usr/bin/realmchk
+/usr/bin/realmctl
+/usr/bin/realminit
+/usr/bin/realmset
+/usr/bin/rollchk
+/usr/bin/rollctl
+/usr/bin/rollerd
+/usr/bin/rollinit
+/usr/bin/rolllog
+/usr/bin/rollrec-editor
+/usr/bin/rollset
+/usr/bin/signset-editor
+/usr/bin/tachk
+/usr/bin/timetrans
+/usr/bin/trustman
+/usr/bin/zonesigner
+/usr/share/dnssec-tools
+/usr/share/dnssec-tools/donuts
+/usr/share/dnssec-tools/donuts/rules
+/usr/share/dnssec-tools/donuts/rules/check_nameservers.txt
+/usr/share/dnssec-tools/donuts/rules/dns.errors.txt
+/usr/share/dnssec-tools/donuts/rules/dnssec.rules.txt
+/usr/share/dnssec-tools/donuts/rules/nsec_check.rules.txt
+/usr/share/dnssec-tools/donuts/rules/parent_child.rules.txt
+/usr/share/dnssec-tools/donuts/rules/recommendations.rules.txt
+/usr/share/dnssec-tools/validator-testcases
+/usr/share/doc/dnssec-tools-1.13
+/usr/share/doc/dnssec-tools-1.13/COPYING
+/usr/share/doc/dnssec-tools-1.13/INSTALL
+/usr/share/doc/dnssec-tools-1.13/README
+/usr/share/man/man1/blinkenlights.1.gz
+/usr/share/man/man1/bubbles.1.gz
+/usr/share/man/man1/buildrealms.1.gz
+/usr/share/man/man1/check-zone-expiration.1.gz
+/usr/share/man/man1/cleanarch.1.gz
+/usr/share/man/man1/cleankrf.1.gz
+/usr/share/man/man1/convertar.1.gz
+/usr/share/man/man1/dnspktflow.1.gz
+/usr/share/man/man1/dnssec-tools.1.gz
+/usr/share/man/man1/donuts.1.gz
+/usr/share/man/man1/donutsd.1.gz
+/usr/share/man/man1/drawvalmap.1.gz
+/usr/share/man/man1/dt-getaddr.1.gz
+/usr/share/man/man1/dt-gethost.1.gz
+/usr/share/man/man1/dt-getname.1.gz
+/usr/share/man/man1/dt-getquery.1.gz
+/usr/share/man/man1/dt-getrrset.1.gz
+/usr/share/man/man1/dt-libval_check_conf.1.gz
+/usr/share/man/man1/dt-validate.1.gz
+/usr/share/man/man1/dtck.1.gz
+/usr/share/man/man1/dtconf.1.gz
+/usr/share/man/man1/dtconfchk.1.gz
+/usr/share/man/man1/dtdefs.1.gz
+/usr/share/man/man1/dtinitconf.1.gz
+/usr/share/man/man1/dtrealms.1.gz
+/usr/share/man/man1/expchk.1.gz
+/usr/share/man/man1/fixkrf.1.gz
+/usr/share/man/man1/genkrf.1.gz
+/usr/share/man/man1/getdnskeys.1.gz
+/usr/share/man/man1/getds.1.gz
+/usr/share/man/man1/grandvizier.1.gz
+/usr/share/man/man1/keyarch.1.gz
+/usr/share/man/man1/keymod.1.gz
+/usr/share/man/man1/krfcheck.1.gz
+/usr/share/man/man1/lights.1.gz
+/usr/share/man/man1/lsdnssec.1.gz
+/usr/share/man/man1/lskrf.1.gz
+/usr/share/man/man1/lsrealm.1.gz
+/usr/share/man/man1/lsroll.1.gz
+/usr/share/man/man1/maketestzone.1.gz
+/usr/share/man/man1/mapper.1.gz
+/usr/share/man/man1/realmchk.1.gz
+/usr/share/man/man1/realmctl.1.gz
+/usr/share/man/man1/realminit.1.gz
+/usr/share/man/man1/realmset.1.gz
+/usr/share/man/man1/rollchk.1.gz
+/usr/share/man/man1/rollctl.1.gz
+/usr/share/man/man1/rollerd.1.gz
+/usr/share/man/man1/rollinit.1.gz
+/usr/share/man/man1/rolllog.1.gz
+/usr/share/man/man1/rollrec-editor.1.gz
+/usr/share/man/man1/rollset.1.gz
+/usr/share/man/man1/signset-editor.1.gz
+/usr/share/man/man1/tachk.1.gz
+/usr/share/man/man1/timetrans.1.gz
+/usr/share/man/man1/trustman.1.gz
+/usr/share/man/man1/zonesigner.1.gz
+/usr/share/man/man3/Net::DNS::SEC::Tools::realm.3pm.gz
+/usr/share/man/man3/Net::DNS::SEC::Tools::realmmgr.3pm.gz
+/usr/share/man/man3/p_ac_status.3.gz
+/usr/share/man/man3/p_val_status.3.gz
+</code>
+==== zone-check ====
+   # yum install zone-check -y
+   # rpm -qil zonecheck
+<code>Name        : zonecheck                    Relocations: (not relocatable)
+Version     : 2.0.4                             Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
+Release     : 1.2.el6.rf                    Build Date: Fri 12 Nov 2010 10:58:44 AM CET
+Install Date: Sat 24 May 2014 11:00:03 PM CEST      Build Host: lisse.hasselt.wieers.com
+Group       : Applications/Internet         Source RPM: zonecheck-2.0.4-1.2.el6.rf.src.rpm
+Size        : 792719                           License: GPL
+Signature   : DSA/SHA1, Sat 13 Nov 2010 12:05:24 AM CET, Key ID a20e52146b8d79e6
+Packager    : Dag Wieers <dag@wieers.com>
+URL         : http://www.zonecheck.fr/
+Summary     : Perform consistency checks on DNS zones
+Description :
+ZoneCheck is intended to help solve DNS misconfigurations or
+inconsistencies that are usually revealed by an increase in
+the latency of the application. The DNS is a critical resource
+for every network application, so it is quite important to
+ensure that a zone or domain name is correctly configured in
+the DNS.
+/etc/zonecheck
+/etc/zonecheck/afnic.profile
+/etc/zonecheck/de.profile
+/etc/zonecheck/default.profile
+/etc/zonecheck/reverse.profile
+/etc/zonecheck/rootservers
+/etc/zonecheck/zc.conf
+/usr/bin/zonecheck
+/usr/lib/zonecheck
+/usr/lib/zonecheck/cgi-bin
+/usr/lib/zonecheck/cgi-bin/zc.cgi
+/usr/lib/zonecheck/lib
+/usr/lib/zonecheck/lib/address
+/usr/lib/zonecheck/lib/address.rb
+/usr/lib/zonecheck/lib/address/common.rb
+/usr/lib/zonecheck/lib/address/ipv4.rb
+/usr/lib/zonecheck/lib/address/ipv6.rb
+/usr/lib/zonecheck/lib/nresolv
+/usr/lib/zonecheck/lib/nresolv.rb
+/usr/lib/zonecheck/lib/nresolv/compatibility.rb
+/usr/lib/zonecheck/lib/nresolv/config.rb
+/usr/lib/zonecheck/lib/nresolv/constants.rb
+/usr/lib/zonecheck/lib/nresolv/dbg.rb
+/usr/lib/zonecheck/lib/nresolv/dig_output.rb
+/usr/lib/zonecheck/lib/nresolv/dns.rb
+/usr/lib/zonecheck/lib/nresolv/dns_message.rb
+/usr/lib/zonecheck/lib/nresolv/dns_name.rb
+/usr/lib/zonecheck/lib/nresolv/dns_resource.rb
+/usr/lib/zonecheck/lib/nresolv/host.rb
+/usr/lib/zonecheck/lib/nresolv/resolver.rb
+/usr/lib/zonecheck/lib/nresolv/transport.rb
+/usr/lib/zonecheck/lib/nresolv/wire.rb
+/usr/lib/zonecheck/lib/textfmt.rb
+/usr/lib/zonecheck/lib/whois.rb
+/usr/lib/zonecheck/locale
+/usr/lib/zonecheck/locale/cgi.en
+/usr/lib/zonecheck/locale/cgi.fr
+/usr/lib/zonecheck/locale/cli.en
+/usr/lib/zonecheck/locale/cli.fr
+/usr/lib/zonecheck/locale/gtk.en
+/usr/lib/zonecheck/locale/gtk.fr
+/usr/lib/zonecheck/locale/inetd.en
+/usr/lib/zonecheck/locale/inetd.fr
+/usr/lib/zonecheck/locale/test
+/usr/lib/zonecheck/locale/test/axfr.en
+/usr/lib/zonecheck/locale/test/axfr.fr
+/usr/lib/zonecheck/locale/test/connectivity.en
+/usr/lib/zonecheck/locale/test/connectivity.fr
+/usr/lib/zonecheck/locale/test/generic.en
+/usr/lib/zonecheck/locale/test/generic.fr
+/usr/lib/zonecheck/locale/test/interop.en
+/usr/lib/zonecheck/locale/test/interop.fr
+/usr/lib/zonecheck/locale/test/loopback.en
+/usr/lib/zonecheck/locale/test/loopback.fr
+/usr/lib/zonecheck/locale/test/mail.en
+/usr/lib/zonecheck/locale/test/mail.fr
+/usr/lib/zonecheck/locale/test/misc.en
+/usr/lib/zonecheck/locale/test/misc.fr
+/usr/lib/zonecheck/locale/test/mx.en
+/usr/lib/zonecheck/locale/test/mx.fr
+/usr/lib/zonecheck/locale/test/nameserver.en
+/usr/lib/zonecheck/locale/test/nameserver.fr
+/usr/lib/zonecheck/locale/test/ns.en
+/usr/lib/zonecheck/locale/test/ns.fr
+/usr/lib/zonecheck/locale/test/rootserver.en
+/usr/lib/zonecheck/locale/test/rootserver.fr
+/usr/lib/zonecheck/locale/test/soa.en
+/usr/lib/zonecheck/locale/test/soa.fr
+/usr/lib/zonecheck/locale/zc.en
+/usr/lib/zonecheck/locale/zc.fr
+/usr/lib/zonecheck/test
+/usr/lib/zonecheck/test/axfr.rb
+/usr/lib/zonecheck/test/connectivity.rb
+/usr/lib/zonecheck/test/generic.rb
+/usr/lib/zonecheck/test/interop.rb
+/usr/lib/zonecheck/test/loopback.rb
+/usr/lib/zonecheck/test/mail.rb
+/usr/lib/zonecheck/test/misc.rb
+/usr/lib/zonecheck/test/mx.rb
+/usr/lib/zonecheck/test/nameserver.rb
+/usr/lib/zonecheck/test/ns.rb
+/usr/lib/zonecheck/test/rootserver.rb
+/usr/lib/zonecheck/test/soa.rb
+/usr/lib/zonecheck/www
+/usr/lib/zonecheck/www/html
+/usr/lib/zonecheck/www/html/batch.html.en
+/usr/lib/zonecheck/www/html/batch.html.fr
+/usr/lib/zonecheck/www/html/form.html.en
+/usr/lib/zonecheck/www/html/form.html.fr
+/usr/lib/zonecheck/www/img
+/usr/lib/zonecheck/www/img/details.png
+/usr/lib/zonecheck/www/img/element.png
+/usr/lib/zonecheck/www/img/fatal.png
+/usr/lib/zonecheck/www/img/gear.png
+/usr/lib/zonecheck/www/img/info.png
+/usr/lib/zonecheck/www/img/light.png
+/usr/lib/zonecheck/www/img/logo.png
+/usr/lib/zonecheck/www/img/loupe.png
+/usr/lib/zonecheck/www/img/notepad.png
+/usr/lib/zonecheck/www/img/ok.png
+/usr/lib/zonecheck/www/img/primary.png
+/usr/lib/zonecheck/www/img/ref.png
+/usr/lib/zonecheck/www/img/secondary.png
+/usr/lib/zonecheck/www/img/warning.png
+/usr/lib/zonecheck/www/img/zc-fav.png
+/usr/lib/zonecheck/www/img/zone.png
+/usr/lib/zonecheck/www/js
+/usr/lib/zonecheck/www/js/formvalidation.js
+/usr/lib/zonecheck/www/js/popupmenu.js
+/usr/lib/zonecheck/www/js/progress.js
+/usr/lib/zonecheck/www/style
+/usr/lib/zonecheck/www/style/zc.css
+/usr/lib/zonecheck/www/zonecheck.conf.in
+/usr/lib/zonecheck/zc
+/usr/lib/zonecheck/zc/cache.rb
+/usr/lib/zonecheck/zc/cachemanager.rb
+/usr/lib/zonecheck/zc/config.rb
+/usr/lib/zonecheck/zc/console.rb
+/usr/lib/zonecheck/zc/data
+/usr/lib/zonecheck/zc/data/catalog.xml
+/usr/lib/zonecheck/zc/data/config.dtd
+/usr/lib/zonecheck/zc/data/logo.rb
+/usr/lib/zonecheck/zc/data/msgcat.dtd
+/usr/lib/zonecheck/zc/data/xpm.rb
+/usr/lib/zonecheck/zc/data/zonecheck.dtd
+/usr/lib/zonecheck/zc/dbg.rb
+/usr/lib/zonecheck/zc/ext
+/usr/lib/zonecheck/zc/ext/array.rb
+/usr/lib/zonecheck/zc/ext/file.rb
+/usr/lib/zonecheck/zc/ext/gtk.rb
+/usr/lib/zonecheck/zc/ext/myxml.rb
+/usr/lib/zonecheck/zc/framework.rb
+/usr/lib/zonecheck/zc/input
+/usr/lib/zonecheck/zc/input/cgi.rb
+/usr/lib/zonecheck/zc/input/cli.rb
+/usr/lib/zonecheck/zc/input/gtk.rb
+/usr/lib/zonecheck/zc/input/inetd.rb
+/usr/lib/zonecheck/zc/instructions.rb
+/usr/lib/zonecheck/zc/locale.rb
+/usr/lib/zonecheck/zc/mail.rb
+/usr/lib/zonecheck/zc/msgcat.rb
+/usr/lib/zonecheck/zc/param.rb
+/usr/lib/zonecheck/zc/publisher
+/usr/lib/zonecheck/zc/publisher.rb
+/usr/lib/zonecheck/zc/publisher/gtk.rb
+/usr/lib/zonecheck/zc/publisher/html.rb
+/usr/lib/zonecheck/zc/publisher/text.rb
+/usr/lib/zonecheck/zc/publisher/xml.rb
+/usr/lib/zonecheck/zc/report
+/usr/lib/zonecheck/zc/report.rb
+/usr/lib/zonecheck/zc/report/byhost.rb
+/usr/lib/zonecheck/zc/report/byseverity.rb
+/usr/lib/zonecheck/zc/testmanager.rb
+/usr/lib/zonecheck/zc/zc.rb
+/usr/lib/zonecheck/zc/zonecheck.rb
+/usr/share/doc/zonecheck-2.0.4
+/usr/share/doc/zonecheck-2.0.4/BUGS
+/usr/share/doc/zonecheck-2.0.4/COPYING
+/usr/share/doc/zonecheck-2.0.4/CREDITS
+/usr/share/doc/zonecheck-2.0.4/ChangeLog
+/usr/share/doc/zonecheck-2.0.4/GPL
+/usr/share/doc/zonecheck-2.0.4/HISTORY
+/usr/share/doc/zonecheck-2.0.4/README
+/usr/share/doc/zonecheck-2.0.4/TODO
+/usr/share/doc/zonecheck-2.0.4/html
+/usr/share/doc/zonecheck-2.0.4/html/FAQ.html
+/usr/share/doc/zonecheck-2.0.4/html/apa.html
+/usr/share/doc/zonecheck-2.0.4/html/ch01.html
+/usr/share/doc/zonecheck-2.0.4/html/ch01s02.html
+/usr/share/doc/zonecheck-2.0.4/html/ch01s03.html
+/usr/share/doc/zonecheck-2.0.4/html/ch01s04.html
+/usr/share/doc/zonecheck-2.0.4/html/ch02.html
+/usr/share/doc/zonecheck-2.0.4/html/ch02s02.html
+/usr/share/doc/zonecheck-2.0.4/html/ch02s03.html
+/usr/share/doc/zonecheck-2.0.4/html/ch03.html
+/usr/share/doc/zonecheck-2.0.4/html/ch04.html
+/usr/share/doc/zonecheck-2.0.4/html/ch05.html
+/usr/share/doc/zonecheck-2.0.4/html/ch05s02.html
+/usr/share/doc/zonecheck-2.0.4/html/ch06.html
+/usr/share/doc/zonecheck-2.0.4/html/ch07.html
+/usr/share/doc/zonecheck-2.0.4/html/ch07s02.html
+/usr/share/doc/zonecheck-2.0.4/html/ch07s03.html
+/usr/share/doc/zonecheck-2.0.4/html/ch08.html
+/usr/share/doc/zonecheck-2.0.4/html/ch08s02.html
+/usr/share/doc/zonecheck-2.0.4/html/index-toc.html
+/usr/share/doc/zonecheck-2.0.4/html/index.html
+/usr/share/man/man1/zonecheck.1.gz
+</code>
+FIXME
+====== Links ======
+  * **[[wiki:start|Zurück zu Projekte und Themenkapitel]]**
+  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**