Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung |
centos:bind_c6 [06.10.2011 13:21. ] – links und Diskussion eingetragen django | centos:bind_c6 [20.04.2018 10:26. ] (aktuell) – Externe Bearbeitung 127.0.0.1 |
---|
| ====== BIND Nameserver unter CentOS 6 ====== |
| Mit BIND((Berkeley Internet Name Domain)) des [[http://www.isc.org/|Internet Systems Consortium]] richten wir uns für unser SOHO((SmallOfficeHomeOffice))-LAN ein Domain-Name-System-Server oder kurz DNS((Domain Name System))ein. |
| |
| DNS wurde in den beiden RFC 1034 und RFC 1035 definiert und bekam von der Internet Assigned Numbers Authority die beiden Ports 53/UDP und 53/TCP. |
| ===== Installation ===== |
| Zu erst installieren wir uns die beiden Pakete **bind** und **bind-chroot**. Letzters hilft uns, unseren DNS in einem chroot((change root))-Umgebung laufen zu lassen. |
| # yum install bind bind-chroot -y |
| ===== Grund-Konfiguration ===== |
| ==== RPM-Pakete ==== |
| Als erstes sehen uns wir mal an, was die beiden Pakete alles an Dateien mitbringen und vor allem wohin diese gespeichert worden sind. |
| === bind === |
| # rpm -qil bind |
| <code>Name : bind Relocations: (not relocatable) |
| Version : 9.7.0 Vendor: CentOS |
| Release : 5.P2.el6_0.1 Build Date: Sat 25 Jun 2011 05:48:43 AM CEST |
| Install Date: Mon 22 Aug 2011 01:33:07 PM CEST Build Host: c6b6.bsys.dev.centos.org |
| Group : System Environment/Daemons Source RPM: bind-9.7.0-5.P2.el6_0.1.src.rpm |
| Size : 6695969 License: ISC |
| Signature : RSA/8, Wed 06 Jul 2011 03:37:08 AM CEST, Key ID 0946fca2c105b9de |
| Packager : CentOS BuildSystem <http://bugs.centos.org> |
| URL : http://www.isc.org/products/BIND/ |
| Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server |
| Description : |
| BIND (Berkeley Internet Name Domain) is an implementation of the DNS |
| (Domain Name System) protocols. BIND includes a DNS server (named), |
| which resolves host names to IP addresses; a resolver library |
| (routines for applications to use when interfacing with DNS); and |
| tools for verifying that the DNS server is operating properly. |
| /etc/NetworkManager/dispatcher.d/13-named |
| /etc/logrotate.d/named |
| /etc/named |
| /etc/named.conf |
| /etc/named.iscdlv.key |
| /etc/named.rfc1912.zones |
| /etc/rc.d/init.d/named |
| /etc/rndc.conf |
| /etc/rndc.key |
| /etc/sysconfig/named |
| /usr/lib64/bind |
| /usr/sbin/arpaname |
| /usr/sbin/ddns-confgen |
| /usr/sbin/dnssec-dsfromkey |
| /usr/sbin/dnssec-keyfromlabel |
| /usr/sbin/dnssec-keygen |
| /usr/sbin/dnssec-revoke |
| /usr/sbin/dnssec-settime |
| /usr/sbin/dnssec-signzone |
| /usr/sbin/genrandom |
| /usr/sbin/isc-hmac-fixup |
| /usr/sbin/lwresd |
| /usr/sbin/named |
| /usr/sbin/named-checkconf |
| /usr/sbin/named-checkzone |
| /usr/sbin/named-compilezone |
| /usr/sbin/named-journalprint |
| /usr/sbin/nsec3hash |
| /usr/sbin/rndc |
| /usr/sbin/rndc-confgen |
| /usr/share/doc/bind-9.7.0 |
| /usr/share/doc/bind-9.7.0/CHANGES |
| /usr/share/doc/bind-9.7.0/COPYRIGHT |
| /usr/share/doc/bind-9.7.0/Copyright |
| /usr/share/doc/bind-9.7.0/README |
| /usr/share/doc/bind-9.7.0/arm |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM-book.xml |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch01.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch02.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch03.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch04.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch05.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch06.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch07.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch08.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch09.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.ch10.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.html |
| /usr/share/doc/bind-9.7.0/arm/Bv9ARM.pdf |
| /usr/share/doc/bind-9.7.0/arm/Makefile |
| /usr/share/doc/bind-9.7.0/arm/Makefile.in |
| /usr/share/doc/bind-9.7.0/arm/README-SGML |
| /usr/share/doc/bind-9.7.0/arm/dnssec.xml |
| /usr/share/doc/bind-9.7.0/arm/isc-logo.eps |
| /usr/share/doc/bind-9.7.0/arm/isc-logo.pdf |
| /usr/share/doc/bind-9.7.0/arm/latex-fixup.pl |
| /usr/share/doc/bind-9.7.0/arm/libdns.xml |
| /usr/share/doc/bind-9.7.0/arm/man.arpaname.html |
| /usr/share/doc/bind-9.7.0/arm/man.ddns-confgen.html |
| /usr/share/doc/bind-9.7.0/arm/man.dig.html |
| /usr/share/doc/bind-9.7.0/arm/man.dnssec-dsfromkey.html |
| /usr/share/doc/bind-9.7.0/arm/man.dnssec-keyfromlabel.html |
| /usr/share/doc/bind-9.7.0/arm/man.dnssec-keygen.html |
| /usr/share/doc/bind-9.7.0/arm/man.dnssec-revoke.html |
| /usr/share/doc/bind-9.7.0/arm/man.dnssec-settime.html |
| /usr/share/doc/bind-9.7.0/arm/man.dnssec-signzone.html |
| /usr/share/doc/bind-9.7.0/arm/man.genrandom.html |
| /usr/share/doc/bind-9.7.0/arm/man.host.html |
| /usr/share/doc/bind-9.7.0/arm/man.isc-hmac-fixup.html |
| /usr/share/doc/bind-9.7.0/arm/man.named-checkconf.html |
| /usr/share/doc/bind-9.7.0/arm/man.named-checkzone.html |
| /usr/share/doc/bind-9.7.0/arm/man.named-journalprint.html |
| /usr/share/doc/bind-9.7.0/arm/man.named.html |
| /usr/share/doc/bind-9.7.0/arm/man.nsec3hash.html |
| /usr/share/doc/bind-9.7.0/arm/man.nsupdate.html |
| /usr/share/doc/bind-9.7.0/arm/man.rndc-confgen.html |
| /usr/share/doc/bind-9.7.0/arm/man.rndc.conf.html |
| /usr/share/doc/bind-9.7.0/arm/man.rndc.html |
| /usr/share/doc/bind-9.7.0/arm/managed-keys.xml |
| /usr/share/doc/bind-9.7.0/arm/pkcs11.xml |
| /usr/share/doc/bind-9.7.0/draft |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-6man-text-addr-representation-01.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-behave-dns64-01.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-axfr-clarify-13.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-dns-tcp-requirements-02.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-dnssec-bis-updates-09.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-dnssec-gost-06.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-ecc-key-07.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-interop3597-02.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-rfc2671bis-edns0-02.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-rfc2672bis-dname-18.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-rfc3597-bis-00.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsext-tsig-md5-deprecated-03.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-bad-dns-res-05.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-default-local-zones-09.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-inaddr-required-07.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-name-server-management-reqs-02.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-ietf-dnsop-respsize-06.txt |
| /usr/share/doc/bind-9.7.0/draft/draft-kato-dnsop-local-zones-00.txt |
| /usr/share/doc/bind-9.7.0/draft/update |
| /usr/share/doc/bind-9.7.0/misc |
| /usr/share/doc/bind-9.7.0/misc/Makefile |
| /usr/share/doc/bind-9.7.0/misc/Makefile.in |
| /usr/share/doc/bind-9.7.0/misc/dnssec |
| /usr/share/doc/bind-9.7.0/misc/format-options.pl |
| /usr/share/doc/bind-9.7.0/misc/ipv6 |
| /usr/share/doc/bind-9.7.0/misc/migration |
| /usr/share/doc/bind-9.7.0/misc/migration-4to9 |
| /usr/share/doc/bind-9.7.0/misc/options |
| /usr/share/doc/bind-9.7.0/misc/rfc-compliance |
| /usr/share/doc/bind-9.7.0/misc/roadmap |
| /usr/share/doc/bind-9.7.0/misc/sdb |
| /usr/share/doc/bind-9.7.0/misc/sort-options.pl |
| /usr/share/doc/bind-9.7.0/named.conf.default |
| /usr/share/doc/bind-9.7.0/rfc |
| /usr/share/doc/bind-9.7.0/rfc/index.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1032.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1033.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1034.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1035.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1101.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1122.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1123.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1183.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1348.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1535.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1536.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1537.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1591.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1611.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1612.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1706.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1712.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1750.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1876.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1886.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1912.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1982.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1995.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc1996.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2052.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2104.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2119.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2133.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2136.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2137.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2163.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2168.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2181.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2230.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2308.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2317.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2373.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2374.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2375.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2418.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2535.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2536.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2537.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2538.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2539.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2540.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2541.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2553.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2671.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2672.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2673.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2782.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2825.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2826.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2845.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2874.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2915.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2929.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2930.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc2931.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3007.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3008.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3071.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3090.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3110.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3123.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3152.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3197.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3225.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3226.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3258.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3363.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3364.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3425.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3445.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3467.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3490.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3491.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3492.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3493.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3513.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3596.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3597.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3645.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3655.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3658.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3755.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3757.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3833.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3845.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc3901.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4025.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4033.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4034.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4035.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4074.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4159.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4193.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4255.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4294.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4339.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4343.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4367.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4398.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4408.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4431.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4470.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4471.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4472.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4509.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4634.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4635.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4641.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4648.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4697.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4701.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4892.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4955.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc4956.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc5001.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc5011.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc5155.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc5205.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc5452.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc5507.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc5625.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc5702.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc/rfc952.txt.gz |
| /usr/share/doc/bind-9.7.0/rfc1912.txt |
| /usr/share/doc/bind-9.7.0/sample |
| /usr/share/doc/bind-9.7.0/sample/etc |
| /usr/share/doc/bind-9.7.0/sample/etc/named.conf |
| /usr/share/doc/bind-9.7.0/sample/etc/named.rfc1912.zones |
| /usr/share/doc/bind-9.7.0/sample/var |
| /usr/share/doc/bind-9.7.0/sample/var/named |
| /usr/share/doc/bind-9.7.0/sample/var/named/data |
| /usr/share/doc/bind-9.7.0/sample/var/named/my.external.zone.db |
| /usr/share/doc/bind-9.7.0/sample/var/named/my.internal.zone.db |
| /usr/share/doc/bind-9.7.0/sample/var/named/named.ca |
| /usr/share/doc/bind-9.7.0/sample/var/named/named.empty |
| /usr/share/doc/bind-9.7.0/sample/var/named/named.localhost |
| /usr/share/doc/bind-9.7.0/sample/var/named/named.loopback |
| /usr/share/doc/bind-9.7.0/sample/var/named/slaves |
| /usr/share/doc/bind-9.7.0/sample/var/named/slaves/my.ddns.internal.zone.db |
| /usr/share/doc/bind-9.7.0/sample/var/named/slaves/my.slave.internal.zone.db |
| /usr/share/man/man1/arpaname.1.gz |
| /usr/share/man/man5/named.conf.5.gz |
| /usr/share/man/man5/rndc.conf.5.gz |
| /usr/share/man/man8/ddns-confgen.8.gz |
| /usr/share/man/man8/dnssec-dsfromkey.8.gz |
| /usr/share/man/man8/dnssec-keyfromlabel.8.gz |
| /usr/share/man/man8/dnssec-keygen.8.gz |
| /usr/share/man/man8/dnssec-revoke.8.gz |
| /usr/share/man/man8/dnssec-settime.8.gz |
| /usr/share/man/man8/dnssec-signzone.8.gz |
| /usr/share/man/man8/genrandom.8.gz |
| /usr/share/man/man8/isc-hmac-fixup.8.gz |
| /usr/share/man/man8/lwresd.8.gz |
| /usr/share/man/man8/named-checkconf.8.gz |
| /usr/share/man/man8/named-checkzone.8.gz |
| /usr/share/man/man8/named-compilezone.8.gz |
| /usr/share/man/man8/named-journalprint.8.gz |
| /usr/share/man/man8/named.8.gz |
| /usr/share/man/man8/nsec3hash.8.gz |
| /usr/share/man/man8/rndc-confgen.8.gz |
| /usr/share/man/man8/rndc.8.gz |
| /var/log/named.log |
| /var/named |
| /var/named/data |
| /var/named/dynamic |
| /var/named/named.ca |
| /var/named/named.empty |
| /var/named/named.localhost |
| /var/named/named.loopback |
| /var/named/slaves |
| /var/run/named |
| </code> |
| === bind-chroot === |
| # rpm -qil bind-chroot |
| <code>Name : bind-chroot Relocations: /var/named/chroot |
| Version : 9.7.0 Vendor: CentOS |
| Release : 5.P2.el6_0.1 Build Date: Sat 25 Jun 2011 05:48:43 AM CEST |
| Install Date: Mon 22 Aug 2011 01:33:10 PM CEST Build Host: c6b6.bsys.dev.centos.org |
| Group : System Environment/Daemons Source RPM: bind-9.7.0-5.P2.el6_0.1.src.rpm |
| Size : 0 License: ISC |
| Signature : RSA/8, Wed 06 Jul 2011 03:37:09 AM CEST, Key ID 0946fca2c105b9de |
| Packager : CentOS BuildSystem <http://bugs.centos.org> |
| URL : http://www.isc.org/products/BIND/ |
| Summary : A chroot runtime environment for the ISC BIND DNS server, named(8) |
| Description : |
| This package contains a tree of files which can be used as a |
| chroot(2) jail for the named(8) program from the BIND package. |
| Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz> |
| /var/named/chroot |
| /var/named/chroot/dev |
| /var/named/chroot/dev/null |
| /var/named/chroot/dev/random |
| /var/named/chroot/dev/zero |
| /var/named/chroot/etc |
| /var/named/chroot/etc/localtime |
| /var/named/chroot/etc/named |
| /var/named/chroot/etc/named.conf |
| /var/named/chroot/etc/pki/dnssec-keys |
| /var/named/chroot/usr/lib64/bind |
| /var/named/chroot/var |
| /var/named/chroot/var/log |
| /var/named/chroot/var/named |
| /var/named/chroot/var/run |
| /var/named/chroot/var/run/named |
| /var/named/chroot/var/tmp |
| </code> |
| ==== change root - Umgebung ==== |
| Bei der Installation unserer **chroot**-Umgebung wurde automatisch die Konfigurationsdatei //**/etc/sysconfig/named**// entsprechend angepasst, in dem die Konfigurationsoption <code>ROOTDIR=/var/named/chroot</code> aktiviert wird. |
| |
| In der Konfigurationsdatei //**/etc/sysconfig/named**// finden wir darüber hinaus noch weitere Angaben, wie die chroot-Umgebung für bind unter CentOS 6 realisiert wird, und welche Konfigurationsdateien beim Starten des Daemon in die chroot-Umgebung gemountet werden. |
| |
| <file | /etc/sysconfig/named># BIND named process options |
| # ~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| # Currently, you can use the following options: |
| # |
| # ROOTDIR="/var/named/chroot" -- will run named in a chroot environment. |
| # you must set up the chroot environment |
| # (install the bind-chroot package) before |
| # doing this. |
| # NOTE: |
| # Those directories are automatically mounted to chroot if they are |
| # empty in the ROOTDIR directory. It will simplify maintenance of your |
| # chroot environment. |
| # - /var/named |
| # - /etc/pki/dnssec-keys |
| # - /etc/named |
| # - /usr/lib64/bind or /usr/lib/bind (architecture dependent) |
| # |
| # Those files are mounted as well if target file doesn't exist in |
| # chroot. |
| # - /etc/named.conf |
| # - /etc/rndc.conf |
| # - /etc/rndc.key |
| # - /etc/named.rfc1912.zones |
| # - /etc/named.dnssec.keys |
| # - /etc/named.iscdlv.key |
| # |
| # Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log" |
| # line to your /etc/rsyslog.conf file. Otherwise your logging becomes |
| # broken when rsyslogd daemon is restarted (due update, for example). |
| # |
| # OPTIONS="whatever" -- These additional options will be passed to named |
| # at startup. Don't add -t here, use ROOTDIR instead. |
| # |
| # KEYTAB_FILE="/dir/file" -- Specify named service keytab file (for GSS-TSIG) |
| ROOTDIR=/var/named/chroot |
| </file> |
| Beim Starten des named Daemon werden die betreffenden Konfigurationsdateien gemountet. Bei laufendem Daemon können wir uns ganz einfach überzeugen, wohin diese gemountet wurden. |
| # df -ah | grep named |
| <code>/etc/named 7.2G 941M 6.0G 14% /var/named/chroot/etc/named |
| /var/named 7.2G 941M 6.0G 14% /var/named/chroot/var/named |
| /etc/named.conf 7.2G 941M 6.0G 14% /var/named/chroot/etc/named.conf |
| /etc/named.rfc1912.zones |
| 7.2G 941M 6.0G 14% /var/named/chroot/etc/named.rfc1912.zones |
| /etc/rndc.key 7.2G 941M 6.0G 14% /var/named/chroot/etc/rndc.key |
| /usr/lib64/bind 7.2G 941M 6.0G 14% /var/named/chroot/usr/lib64/bind |
| /etc/named.iscdlv.key |
| 7.2G 941M 6.0G 14% /var/named/chroot/etc/named.iscdlv.key |
| </code> |
| Beenden wir den Daemon erfolgt automatisch das Unmounten der betreffenden Konfigurationsverzeichnisse. |
| # service named stop && df -ah | grep named |
| |
| Stopping named: [ OK ] |
| Wir können also bei der weiteren Konfiguration unser Augenmerk auf die Konfigurationsdatei **named.conf** im Verzeichnis **/etc** richten. |
| ==== rsyslogd ==== |
| Darüber hinaus erfolgt hier auch ein Hinweis zum Anpassen des rsyslogd Daemon. |
| Wie in den Bemerkungen in der //**/etc/sysconfig/named**// angegeben, werden wir nun noch die rsyslogd Daemon anpassen. |
| Hierzu öffnen wir mit dem Editor unserer Wahl die Konfigurationsdatei //**/etc/rsyslog.conf**//. |
| # vim /etc/rsyslog.conf |
| <file | /etc/rsyslog.conf> |
| #rsyslog v3 config file |
| |
| # if you experience problems, check |
| # http://www.rsyslog.com/troubleshoot for assistance |
| |
| #### MODULES #### |
| |
| $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) |
| $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) |
| #$ModLoad immark.so # provides --MARK-- message capability |
| |
| # Provides UDP syslog reception |
| #$ModLoad imudp.so |
| #$UDPServerRun 514 |
| |
| # Provides TCP syslog reception |
| #$ModLoad imtcp.so |
| #$InputTCPServerRun 514 |
| |
| |
| #### GLOBAL DIRECTIVES #### |
| |
| # Use default timestamp format |
| $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat |
| |
| # File syncing capability is disabled by default. This feature is usually not required, |
| # not useful and an extreme performance hit |
| #$ActionFileEnableSync on |
| |
| # Django: 2011-08-22 |
| # Erweiterung für die chroot-Umgebung des bind Nameservers eingetragen |
| $AddUnixListenSocket /var/named/chroot/dev/log |
| |
| |
| #### RULES #### |
| |
| # Log all kernel messages to the console. |
| # Logging much else clutters up the screen. |
| #kern.* /dev/console |
| |
| # Log anything (except mail) of level info or higher. |
| # Don't log private authentication messages! |
| *.info;mail.none;authpriv.none;cron.none /var/log/messages |
| |
| # The authpriv file has restricted access. |
| authpriv.* /var/log/secure |
| |
| # Log all the mail messages in one place. |
| mail.* -/var/log/maillog |
| |
| |
| # Log cron stuff |
| cron.* /var/log/cron |
| |
| # Everybody gets emergency messages |
| *.emerg * |
| |
| # Save news errors of level crit and higher in a special file. |
| uucp,news.crit /var/log/spooler |
| |
| # Save boot messages also to boot.log |
| local7.* /var/log/boot.log |
| |
| |
| |
| # ### begin forwarding rule ### |
| # The statement between the begin ... end define a SINGLE forwarding |
| # rule. They belong together, do NOT split them. If you create multiple |
| # forwarding rules, duplicate the whole block! |
| # Remote Logging (we use TCP for reliable delivery) |
| # |
| # An on-disk queue is created for this action. If the remote host is |
| # down, messages are spooled to disk and sent when it is up again. |
| #$WorkDirectory /var/spppl/rsyslog # where to place spool files |
| #$ActionQueueFileName fwdRule1 # unique name prefix for spool files |
| #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) |
| #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown |
| #$ActionQueueType LinkedList # run asynchronously |
| #$ActionResumeRetryCount -1 # infinite retries if host is down |
| # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional |
| #*.* @@remote-host:514 |
| # ### end of the forwarding rule ### |
| </file> |
| |
| Zur Aktivierung unserer Änderung bedarf es nur noch eines Restarts des rsyslogd Daemon. |
| # service rsyslog restart |
| |
| Shutting down system logger: [ OK ] |
| Starting system logger: [ OK ] |
| ==== SELinux ==== |
| In aller Regel werden wir auf die Dienste von **SELinux** in unserer vHOST-Installation verzichten können. Wir deaktivieren also, wenn noch nicht bereits bei der Erstinstallation erfolgt, SELinux komplett, indem wir in der Konfigurationsdatei unter //**/etc/sysconfig**// das Thema SELinux //deaktivieren//. |
| |
| # vim /etc/sysconfig/selinux |
| <file | /etc/sysconfig/selinux># This file controls the state of SELinux on the system. |
| # SELINUX= can take one of these three values: |
| # enforcing - SELinux security policy is enforced. |
| # permissive - SELinux prints warnings instead of enforcing. |
| # disabled - No SELinux policy is loaded. |
| # Django : 2011-08-22 SELinux deaktiviert |
| # default : SELINUX=enforcing |
| SELINUX=disabled |
| # SELINUXTYPE= can take one of these two values: |
| # targeted - Targeted processes are protected, |
| # mls - Multi Level Security protection. |
| SELINUXTYPE=targeted |
| </file> |
| ==== IPv6 ==== |
| Bei unserer Musterinstallation begnügen wir uns mit einer IPv4-Inststallation. In der Grundkonfiguration unseres bind Daemon sehen wir im Syslog, dass versucht wird auch jedesmal via IPv6 eine Anfrage zu starten. |
| Aug 22 14:45:30 vml000020 named[3376]: error (network unreachable) resolving 'heise.de.dlv.isc.org/DLV/IN': 2001:500:71::29#53 |
| Da wir aber (noch) keine IPv6-Anbindung haben, werden wir die IPv6 lookups einfach abstellen. |
| In unserer bind-Konfigurationsdatei //**/etc/named.conf**// deaktivieren wir einfach die betreffende Zeile durch Voranstellen von zwei **Schrägstriche "/"**. |
| # vim /var/named/chroot/etc/named/named.conf |
| |
| //listen-on-v6 port 53 { ::1; }; // Django: 2011-08-22 IPv6 deaktiviert |
| In der Datei //**/etc/sysconfig/named**// vermerken wir ferner, dass wir lediglich die IPv4-Unterstützung nutzen wollen. |
| # vim /etc/sysconfig/named |
| |
| # Django : 2011-08-22 nur die IPv4-Unterstützung aktivieren |
| OPTIONS="-4" |
| |
| Anschließend starten wir den Nameserver einmal durch, damit die Konfigurationsänderunegn auch greifen. |
| # service named restart |
| ==== iptables Paketfilter ==== |
| Nach dem Starten unseres named Daemon können wir mit Hilfe von**netstat** überprüfen, ob der Daemon auf den gewünschten Ports lauscht. |
| # netstat -tulpen | grep named |
| <code>tcp 0 0 10.0.0.20:53 0.0.0.0:* LISTEN 25 12850 4010/named |
| tcp 0 0 10.0.10.1:53 0.0.0.0:* LISTEN 25 12848 4010/named |
| tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 12846 4010/named |
| tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 12853 4010/named |
| udp 0 0 10.0.0.20:53 0.0.0.0:* 25 12849 4010/named |
| udp 0 0 10.0.10.1:53 0.0.0.0:* 25 12847 4010/named |
| udp 0 0 127.0.0.1:53 0.0.0.0:* 25 12845 4010/named |
| </code> |
| Damit der Zugriff auf den Port 53 (TCP/UDP) auch erfolgen kann, müssen wir noch unseren Paketfilter i.d.R. erweitern. |
| Wir tragen hierzu in der Konfigurationsdatei //**/etc/sysconfig/iptables**// hierzu die folgenden Zeilen am Ende der INPUT-Regeln nach. |
| |
| <code># Django : 2011-08-22 DNS freigeschaltet |
| -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT |
| -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT |
| # Django : 2011-08-22 bei Bedarf Logging aktivieren |
| #-A INPUT -j LOG |
| # Django : end |
| </code> |
| |
| Anschließend aktivieren wir die Änderungen an unserem Paketfilter, indem wir den Daemon durchstarten. |
| # service iptables restart |
| <code>iptables: Flushing firewall rules: [ OK ] |
| iptables: Setting chains to policy ACCEPT: filter nat [ OK ] |
| iptables: Unloading modules: [ OK ] |
| iptables: Applying firewall rules: [ OK ] |
| </code> |
| ===== erweiterte Konfigurationen ===== |
| ==== caching-only Nameserver ==== |
| Im ersten Schritt wollen wir erst einmal einen caching-only Nameserver aufsetzen. Die mitgelieferte Konfigurationsdate //**/etc/named.conf**// des RPM-Pakets **bind** passen wir unseren Gegebenheiten an. |
| # vim /etc/named.conf |
| <file | /etc/named.conf>// |
| // named.conf |
| // |
| // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS |
| // server as a caching only nameserver (as a localhost DNS resolver only). |
| // |
| // See /usr/share/doc/bind*/sample/ for example named configuration files. |
| // |
| |
| options { |
| listen-on port 53 { 127.0.0.1; 10.0.0.0; 10.0.10.0 }; // Django : 2011-08-22 unsere Netzwerk- |
| // interfaces definiert |
| listen-on-v6 port 53 { ::1; }; |
| directory "/var/named"; |
| dump-file "/var/named/data/cache_dump.db"; |
| statistics-file "/var/named/data/named_stats.txt"; |
| memstatistics-file "/var/named/data/named_mem_stats.txt"; |
| allow-query { localhost; 10.0.0.0/24; 10.0.10.0/26 }; // Django : 2011-08-22 unsere Netzwerke |
| // die unseren Nameserver befragen dürfen |
| recursion yes; |
| |
| // Django : 2011-08-22 dnssec erst einmal deaktiviert für den caching-only Betrieb |
| // dnssec-enable yes; |
| // dnssec-validation yes; |
| // dnssec-lookaside auto; |
| |
| /* Path to ISC DLV key */ |
| // Django : 2011-08-22 bindkeys-file erst einmal deaktiviert für den caching-only Betrieb |
| // bindkeys-file "/etc/named.iscdlv.key"; |
| }; |
| |
| logging { |
| channel default_debug { |
| file "data/named.run"; |
| severity dynamic; |
| }; |
| }; |
| |
| zone "." IN { |
| type hint; |
| file "named.ca"; |
| }; |
| |
| include "/etc/named.rfc1912.zones"; |
| |
| </file> |
| |
| Nach der Bearbeitung startetn wir nun unseren Nameserver das erste mal. |
| # service named start |
| |
| Starting named: [ OK ] |
| Sollte wider Erwarten beim Starten etwas schief gelaufen sein, so ist der Syslog die Anlaufstelle für weitere Fehlermeldungen. Im Regelfall wird der erfolgreiche Start entsprechend quittiert. |
| <code>Oct 6 11:16:08 vml000020 named[4010]: starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 -u named -4 -t /var/named/chroot |
| Oct 6 11:16:08 vml000020 named[4010]: built with '--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu' '--tar |
| get=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbi |
| n' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' ' |
| --sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--e |
| nable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--wit |
| h-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alia |
| s=x86_64-unknown-linux-gnu' 'host_alias=x86_64-unknown-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pip |
| e -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDI |
| G_SIGCHASE' |
| Oct 6 11:16:08 vml000020 named[4010]: adjusted limit on open files from 1024 to 1048576 |
| Oct 6 11:16:08 vml000020 named[4010]: found 1 CPU, using 1 worker thread |
| Oct 6 11:16:08 vml000020 named[4010]: using up to 4096 sockets |
| Oct 6 11:16:08 vml000020 named[4010]: loading configuration from '/etc/named.conf' |
| Oct 6 11:16:08 vml000020 named[4010]: reading built-in trusted keys from file '/etc/named.iscdlv.key' |
| Oct 6 11:16:08 vml000020 named[4010]: using default UDP/IPv4 port range: [1024, 65535] |
| Oct 6 11:16:08 vml000020 named[4010]: using default UDP/IPv6 port range: [1024, 65535] |
| Oct 6 11:16:08 vml000020 named[4010]: no IPv6 interfaces found |
| Oct 6 11:16:08 vml000020 named[4010]: listening on IPv4 interface lo, 127.0.0.1#53 |
| Oct 6 11:16:08 vml000020 named[4010]: listening on IPv4 interface eth0, 10.0.10.1#53 |
| Oct 6 11:16:08 vml000020 named[4010]: listening on IPv4 interface eth1, 10.0.0.20#53 |
| Oct 6 11:16:08 vml000020 named[4010]: generating session key for dynamic DNS |
| Oct 6 11:16:08 vml000020 named[4010]: using built-in trusted-keys for view _default |
| Oct 6 11:16:08 vml000020 named[4010]: automatic empty zone: 127.IN-ADDR.ARPA |
| Oct 6 11:16:08 vml000020 named[4010]: automatic empty zone: 254.169.IN-ADDR.ARPA |
| Oct 6 11:16:08 vml000020 named[4010]: automatic empty zone: 2.0.192.IN-ADDR.ARPA |
| Oct 6 11:16:08 vml000020 named[4010]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA |
| Oct 6 11:16:08 vml000020 named[4010]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA |
| Oct 6 11:16:08 vml000020 named[4010]: automatic empty zone: D.F.IP6.ARPA |
| Oct 6 11:16:08 vml000020 named[4010]: automatic empty zone: 8.E.F.IP6.ARPA |
| Oct 6 11:16:08 vml000020 named[4010]: automatic empty zone: 9.E.F.IP6.ARPA |
| Oct 6 11:16:08 vml000020 named[4010]: automatic empty zone: A.E.F.IP6.ARPA |
| Oct 6 11:16:08 vml000020 named[4010]: automatic empty zone: B.E.F.IP6.ARPA |
| Oct 6 11:16:08 vml000020 named[4010]: using built-in trusted-keys for view _meta |
| Oct 6 11:16:08 vml000020 named[4010]: set up managed-keys.bind meta-zone |
| Oct 6 11:16:08 vml000020 named[4010]: command channel listening on 127.0.0.1#953 |
| Oct 6 11:16:08 vml000020 named[4010]: the working directory is not writable |
| Oct 6 11:16:08 vml000020 named[4010]: zone 0.in-addr.arpa/IN: loaded serial 0 |
| Oct 6 11:16:08 vml000020 named[4010]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 |
| Oct 6 11:16:08 vml000020 named[4010]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 |
| Oct 6 11:16:08 vml000020 named[4010]: zone localhost.localdomain/IN: loaded serial 0 |
| Oct 6 11:16:08 vml000020 named[4010]: zone localhost/IN: loaded serial 0 |
| Oct 6 11:16:08 vml000020 named[4010]: zone managed-keys.bind/IN/_meta: loaded serial 12 |
| Oct 6 11:16:08 vml000020 named[4010]: running |
| <code> |
| |
| In der named-eigenen Logdatei //**/var/named/data/named.run**// wird außerdem der Start mit Angabe der geladenen Zonen dokumentiert. |
| |
| # less /var/named/data/named.run |
| <code>zone 0.in-addr.arpa/IN: loaded serial 0 |
| zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 |
| zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 |
| zone localhost.localdomain/IN: loaded serial 0 |
| zone localhost/IN: loaded serial 0 |
| zone managed-keys.bind/IN/_meta: loaded serial 12 |
| running |
| </code> |
| |
| Nach dem Starten unseres named Daemon können wir mit Hilfe von**netstat** überprüfen, ob der Daemon auf den gewünschten Ports lauscht. |
| # netstat -tulpen | grep named |
| <code>tcp 0 0 10.0.0.20:53 0.0.0.0:* LISTEN 25 12850 4010/named |
| tcp 0 0 10.0.10.1:53 0.0.0.0:* LISTEN 25 12848 4010/named |
| tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 12846 4010/named |
| tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 12853 4010/named |
| udp 0 0 10.0.0.20:53 0.0.0.0:* 25 12849 4010/named |
| udp 0 0 10.0.10.1:53 0.0.0.0:* 25 12847 4010/named |
| udp 0 0 127.0.0.1:53 0.0.0.0:* 25 12845 4010/named |
| </code> |
| |
| Dass der Daemon in einer chroot-Umgebung gestartet wurde sehen wir anhand folgender Ausgabe: |
| # ps aux | grep named |
| |
| named 4010 0.0 1.4 161628 15300 ? Ssl 11:16 0:00 /usr/sbin/named -u named -4 -t /var/named/chroot |
| root 4042 0.0 0.0 103148 828 pts/0 S+ 11:36 0:00 grep named |
| |
| |
| |
| Nachdem unser nameserver nun läuft werden wir auch gleich mal unsere erste Abfrage tätigen |
| # dig @localhost heise.de |
| <code>; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> @localhost heise.de |
| ; (2 servers found) |
| ;; global options: +cmd |
| ;; Got answer: |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50804 |
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0 |
| |
| ;; QUESTION SECTION: |
| ;heise.de. IN A |
| |
| ;; ANSWER SECTION: |
| heise.de. 3600 IN A 193.99.144.80 |
| |
| ;; AUTHORITY SECTION: |
| heise.de. 86400 IN NS ns.s.plusline.de. |
| heise.de. 86400 IN NS ns.pop-hannover.de. |
| heise.de. 86400 IN NS ns2.pop-hannover.net. |
| heise.de. 86400 IN NS ns.plusline.de. |
| heise.de. 86400 IN NS ns.heise.de. |
| |
| ;; Query time: 86 msec |
| ;; SERVER: 127.0.0.1#53(127.0.0.1) |
| ;; WHEN: Mon Aug 22 14:52:07 2011 |
| ;; MSG SIZE rcvd: 168 |
| </code> |
| Die gleiche Abfrage mit Hilfe von **nslookup** sieht wie folgt aus: |
| # nslookup heise |
| <code>Server: 10.0.0.20 |
| Address: 10.0.0.20#53 |
| |
| Non-authoritative answer: |
| Name: heise.dmz.nausch.org |
| Address: 88.217.187.21</code> |
| ==== Nameserver für Intranet und Demilitarized Zone ==== |
| Im folgenden Beispiel erweitern wir unsere [[centos:bind_c6#caching-only_nameserver|ersten Konfigurationsschritt]] ein wenig, denn schließlich möchten wir ja nicht nur Anfragen nach //öffentlichen IP-Adressen// beantworten, sondern auch für unser privates Netzwerk im SOHO mit den folgenden zwei Zonen: |
| * DMZ : dmz.nausch.org mit Netz: 10.0.0.0/24 |
| * Intranet : intra.nausch.org mit Netz: 10.0.10.0/26 |
| === bind Konfiguration === |
| == named.conf == |
| Basierend auf den [[centos:bind_c6?&#nameserver_fuer_intranet_und_demilitarized_zone|Rahmenbedingungen]] erweitern wir als erstes die Hauptkonfigurationsdatei unseres Nameservers bind. Hierzu bemühen wir wieder den Editor unserer Wahl **vim**. Die entsprechenden Optionen sind im nachfolgenden Beispiel entsprechend beschrieben. |
| # vim /etc/named.conf |
| <file | named.conf> |
| // |
| // named.conf |
| // |
| // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS |
| // server as a caching only nameserver (as a localhost DNS resolver only). |
| // |
| // See /usr/share/doc/bind*/sample/ for example named configuration files. |
| // |
| |
| acl dmz { 10.0.0.0/24; }; // Django : 2011-10-05 Variablendefinition |
| acl intra { 10.0.10.0/26; }; // Django : 2011-10-05 Variablendefinition |
| |
| options { |
| listen-on port 53 { 127.0.0.1; 10.0.0.20; 10.0.10.1; }; // Django : 2011-08-22 unsere Netzwerk- |
| // interfaces definiert |
| // listen-on-v6 port 53 { ::1; }; // IPv6 deaktiviert |
| directory "/var/named"; |
| dump-file "/var/named/data/cache_dump.db"; |
| statistics-file "/var/named/data/named_stats.txt"; |
| memstatistics-file "/var/named/data/named_mem_stats.txt"; |
| allow-query { localhost; dmz; intra; }; // Django : 2011-08-22 unsere Netzwerke |
| allow-recursion { localhost; dmz; intra; }; // die unseren Nameserver befragen dürfen |
| recursion yes; |
| |
| query-source address * port *; // Django : 2011-10-05 |
| // unpriviligierten Port nutzen, wenn Anfragen |
| // nach extern gestellt werden |
| |
| check-names master warn; // Django : 2011-10-05 |
| // Der Nameserver soll nur warnen und nicht |
| // abbrechen, wenn er eine Anfrage nicht |
| // beantworten kann. (Bsp. DKIM-keys) |
| |
| auth-nxdomain no; // Django : 2011-10-05 |
| // RFC1035 Konforme Arbeit (keine alten |
| // Anfragen und Konfigurationen nutzen) |
| |
| dnssec-enable yes; |
| dnssec-validation yes; |
| dnssec-lookaside auto; |
| |
| /* Path to ISC DLV key */ |
| bindkeys-file "/etc/named.iscdlv.key"; |
| }; |
| |
| logging { |
| channel default_debug { |
| file "data/named.run"; |
| severity dynamic; |
| }; |
| }; |
| |
| zone "." IN { |
| type hint; |
| file "named.ca"; |
| }; |
| |
| include "/etc/named.rfc1912.zones"; |
| |
| zone "dmz.nausch.org" IN { |
| type master; |
| file "dynamic/dmz-forward"; |
| allow-update { none; }; |
| }; |
| |
| zone "0.0.10.in-addr.arpa" IN { |
| type master; |
| file "dynamic/dmz-reverse"; |
| allow-update { none; }; |
| }; |
| |
| zone "intra.nausch.org" IN { |
| type master; |
| file "dynamic/intra-forward"; |
| allow-update { none; }; |
| }; |
| |
| zone "10.0.10.in-addr.arpa" IN { |
| type master; |
| file "dynamic/intra-reverse"; |
| allow-update { none; }; |
| }; |
| |
| zone "nausch.org" IN { |
| type master; |
| file "dynamic/domain-forward"; |
| allow-update { none; }; |
| }; |
| |
| zone "187.217.88.in-addr.arpa" IN { |
| type master; |
| file "dynamic/domain-reverse"; |
| allow-update { none; }; |
| }; |
| |
| </file> |
| Die einzelnen Zonen-Dateien legen wir im Verzeichnis //**/var/named/dynamic/**// ab. |
| * dmz-forward |
| * dmz-reverse |
| * intra-forward |
| * intra-reverse |
| * domain-forward |
| * domain-reverse |
| == dmz-forward == |
| Für die forward-Auflösung des Subnetzes **DMZ** legen wir uns eine Konfigurationsdatei nach folgendem Muster an. |
| <file | /var/named/dynamic/dmz-forward> |
| $ORIGIN dmz.nausch.org. |
| $TTL 86400 |
| @ IN SOA vml000020.dmz.nausch.org. root.nausch.org. ( |
| 2011100501 ; serial |
| 3H ; refresh |
| 15M ; retry |
| 1W ; expiry |
| 1D ) ; minimum |
| ; |
| IN NS vml000020.dmz.nausch.org. |
| ; |
| fwe IN CNAME vml000010 |
| fwi IN CNAME vml000020 |
| time IN CNAME vml000020 |
| dns IN CNAME vml000020 |
| dhcp IN CNAME vml000020 |
| ; |
| localhost IN A 127.0.0.1 |
| ; |
| vml000010 IN A 10.0.0.10 |
| vml000020 IN A 10.0.0.20 |
| vml000030 IN A 10.0.0.30 |
| </file> |
| == dmz-reverse == |
| Für die reverse-Auflösung des Subnetzes **DMZ** legen wir uns eine Konfigurationsdatei nach folgendem Muster an. |
| <file | /var/named/dynamic/dmz-reverse> |
| $ORIGIN 0.0.10.in-addr.arpa. |
| $TTL 86400 |
| @ IN SOA vml000020.dmz.nausch.org. root.nss.nausch.org. ( |
| 2011100501 ; serial |
| 3H ; refresh |
| 1H ; retry |
| 1W ; expiry |
| 1D ) ; minimum |
| ; |
| @ IN NS vml000020.dmz.nausch.org. |
| ; |
| 10 IN PTR vml000010.dmz.nausch.org. |
| 20 IN PTR vml000020.dmz.nausch.org. |
| 30 IN PTR vml000030.dmz.nausch.org. |
| </file> |
| == intra-forward == |
| Für die forward-Auflösung des Subnetzes **intra** legen wir uns eine Konfigurationsdatei nach folgendem Muster an. |
| <file | /var/named/dynamic/intra-forward> |
| $ORIGIN intra.nausch.org. |
| $TTL 86400 |
| @ IN SOA vml000020.dmz.nausch.org. root.nausch.org. ( |
| 2011100501 ; serial |
| 3H ; refresh |
| 15M ; retry |
| 1W ; expiry |
| 1D ) ; minimum |
| ; |
| IN NS vml000020.dmz.nausch.org. |
| ; |
| proton IN CNAME pml010051 |
| ; |
| pml010001 IN A 10.0.10.1 |
| pml010051 IN A 10.0.10.51 |
| </file> |
| == intra-reverse == |
| Für die reverse-Auflösung des Subnetzes **intra** legen wir uns eine Konfigurationsdatei nach folgendem Muster an. |
| <file | /var/named/dynamic/intra-reverse> |
| $ORIGIN 10.0.10.in-addr.arpa. |
| $TTL 86400 |
| @ IN SOA vml000020.dmz.nausch.org. root.nss.nausch.org. ( |
| 2011100501 ; serial |
| 3H ; refresh |
| 1H ; retry |
| 1W ; expiry |
| 1D ) ; minimum |
| ; |
| @ IN NS pml010001.intra.nausch.org. |
| ; |
| 1 IN PTR pml010001.intra.nausch.org. |
| 51 IN PTR pml010051.intra.nausch.org. |
| </file> |
| == domain-forward == |
| Für die forward-Auflösung unserer eigenen Domäne **nausch.org** legen wir uns eine Konfigurationsdatei nach folgendem Muster an. |
| <file | /var/named/dynamic/domain-forward> |
| $ORIGIN nausch.org. |
| $TTL 86400 |
| @ IN SOA ns1.dmz.nausch.org. root.nausch.org. ( |
| 2011100501 ; serial |
| 3H ; refresh |
| 15M ; retry |
| 1W ; expiry |
| 1D ) ; minimum |
| ; |
| IN NS ns1.dmz.nausch.org. |
| ; |
| ns1.dmz.nausch.org IN A 88.217.187.21 |
| ; |
| nausch.org. IN A 88.217.187.21 |
| *.nausch.org. IN A 88.217.187.21 |
| </file> |
| == domain-reverse == |
| Für die reverse-Auflösung unserer eigenen Domäne **nausch.org** legen wir uns eine Konfigurationsdatei nach folgendem Muster an. |
| <file | /var/named/dynamic/domain-reverse> |
| $ORIGIN 187.217.88.in-addr.arpa. |
| $TTL 86400 |
| @ IN SOA vml000020.dmz.nausch.org. root.nss.nausch.org. ( |
| 2011100501 ; serial |
| 3H ; refresh |
| 1H ; retry |
| 1W ; expiry |
| 1D ) ; minimum |
| ; |
| @ IN NS ns1.dmz.nausch.org. |
| ; |
| 21 IN PTR mx1.nausch.org. |
| </file> |
| ===== Utilities rund um den Nameserver bind ===== |
| ==== Konfiguration überprüfen ==== |
| Möchte man die Konfiguration(sdatei) seinen bind-Nameservers überprüfen so nutzt man den Befehl **named-checkconf** |
| # named-checkconf |
| Benutzt man hierbei die Option //-p// wird, sofern keine Fehler existieren, die Konfigurationsdatei **named.conf** ohne Kommentare auf der Konsole ausgegeben. |
| # named-checkconf -p |
| <code>options { |
| bindkeys-file "/etc/named.iscdlv.key"; |
| directory "/var/named"; |
| dump-file "/var/named/data/cache_dump.db"; |
| listen-on port 53 { |
| 127.0.0.1/32; |
| 10.0.0.20/32; |
| 10.0.10.1/32; |
| }; |
| memstatistics-file "/var/named/data/named_mem_stats.txt"; |
| statistics-file "/var/named/data/named_stats.txt"; |
| allow-recursion { |
| "localhost"; |
| "dmz"; |
| "intra"; |
| }; |
| auth-nxdomain no; |
| check-names master warn; |
| dnssec-enable yes; |
| dnssec-lookaside "auto" ; |
| dnssec-validation yes; |
| query-source address 0.0.0.0 port 0; |
| recursion yes; |
| allow-query { |
| "localhost"; |
| "dmz"; |
| "intra"; |
| }; |
| }; |
| acl "dmz" { |
| 10.0.0.0/24; |
| }; |
| acl "intra" { |
| 10.0.10.0/26; |
| }; |
| logging { |
| channel "default_debug" { |
| file "data/named.run"; |
| severity dynamic; |
| }; |
| }; |
| zone "." IN { |
| type hint; |
| file "named.ca"; |
| }; |
| zone "localhost.localdomain" IN { |
| type master; |
| file "named.localhost"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| zone "localhost" IN { |
| type master; |
| file "named.localhost"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { |
| type master; |
| file "named.loopback"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| zone "1.0.0.127.in-addr.arpa" IN { |
| type master; |
| file "named.loopback"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| zone "0.in-addr.arpa" IN { |
| type master; |
| file "named.empty"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| zone "dmz.nausch.org" IN { |
| type master; |
| file "dynamic/dmz-forward"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| zone "0.0.10.in-addr.arpa" IN { |
| type master; |
| file "dynamic/dmz-reverse"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| zone "intra.nausch.org" IN { |
| type master; |
| file "dynamic/intra-forward"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| zone "10.0.10.in-addr.arpa" IN { |
| type master; |
| file "dynamic/intra-reverse"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| zone "nausch.org" IN { |
| type master; |
| file "dynamic/domain-forward"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| zone "187.217.88.in-addr.arpa" IN { |
| type master; |
| file "dynamic/domain-reverse"; |
| allow-update { |
| "none"; |
| }; |
| }; |
| </code> |
| ==== Versionsabfrage ==== |
| Will man die Version eines Namservers abfragen, so kann man dies mit Hilfe folgenden Befehls erreichen. |
| # dig txt chaos version.bind |
| <code>; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> txt chaos version.bind |
| ;; global options: +cmd |
| ;; Got answer: |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18905 |
| ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 |
| ;; WARNING: recursion requested but not available |
| |
| ;; QUESTION SECTION: |
| ;version.bind. CH TXT |
| |
| ;; ANSWER SECTION: |
| version.bind. 0 CH TXT "9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1" |
| |
| ;; AUTHORITY SECTION: |
| version.bind. 0 CH NS version.bind. |
| |
| ;; Query time: 1 msec |
| ;; SERVER: 10.0.0.20#53(10.0.0.20) |
| ;; WHEN: Thu Oct 6 14:50:47 2011 |
| ;; MSG SIZE rcvd: 91 |
| </code> |
| ==== Zonenfiles überprüfen ==== |
| Will man (s)ein Zonenfile überprüfen und/oder die verwendete Seriennummer ausgeben, so nutz man den Befehl **named-checkzone** |
| # named-checkzone dmz.nausch.org /var/named/dynamic/dmz-forward |
| |
| zone dmz.nausch.org/IN: loaded serial 2011100601 |
| OK |
| ==== Zonenfiles neu laden ==== |
| Das Neuladen der Zonenkonfigurationsdateien eines DNS-Server, ohne den DNS-Server neu starten zu müssen, erreicht man mit: |
| # rndc reload |
| ==== dnssec-tools ==== |
| # yum install dnssec-tools |
| |
| # rpm -qil dnssec-tools |
| <code>Name : dnssec-tools Relocations: (not relocatable) |
| Version : 1.13 Vendor: Fedora Project |
| Release : 12.el6 Build Date: Fri 24 May 2013 01:05:40 AM CEST |
| Install Date: Sat 24 May 2014 08:44:32 PM CEST Build Host: buildvm-24.phx2.fedoraproject.org |
| Group : System Environment/Base Source RPM: dnssec-tools-1.13-12.el6.src.rpm |
| Size : 2004766 License: BSD |
| Signature : RSA/8, Fri 24 May 2013 06:56:53 PM CEST, Key ID 3b49df2a0608b895 |
| Packager : Fedora Project |
| URL : http://www.dnssec-tools.org/ |
| Summary : A suite of tools for managing dnssec aware DNS usage |
| Description : |
| |
| The goal of the DNSSEC-Tools project is to create a set of tools, |
| patches, applications, wrappers, extensions, and plugins that will |
| help ease the deployment of DNSSEC-related technologies. |
| /etc/dnssec-tools |
| /etc/dnssec-tools/dnssec-tools.conf |
| /usr/bin/blinkenlights |
| /usr/bin/bubbles |
| /usr/bin/buildrealms |
| /usr/bin/check-zone-expiration |
| /usr/bin/cleanarch |
| /usr/bin/cleankrf |
| /usr/bin/convertar |
| /usr/bin/dnspktflow |
| /usr/bin/donuts |
| /usr/bin/donutsd |
| /usr/bin/drawvalmap |
| /usr/bin/dt-getaddr |
| /usr/bin/dt-gethost |
| /usr/bin/dt-getname |
| /usr/bin/dt-getquery |
| /usr/bin/dt-getrrset |
| /usr/bin/dt-validate |
| /usr/bin/dtck |
| /usr/bin/dtconf |
| /usr/bin/dtconfchk |
| /usr/bin/dtdefs |
| /usr/bin/dtinitconf |
| /usr/bin/dtrealms |
| /usr/bin/expchk |
| /usr/bin/fixkrf |
| /usr/bin/genkrf |
| /usr/bin/getdnskeys |
| /usr/bin/getds |
| /usr/bin/grandvizier |
| /usr/bin/keyarch |
| /usr/bin/keymod |
| /usr/bin/krfcheck |
| /usr/bin/libval_check_conf |
| /usr/bin/lights |
| /usr/bin/lsdnssec |
| /usr/bin/lskrf |
| /usr/bin/lsrealm |
| /usr/bin/lsroll |
| /usr/bin/maketestzone |
| /usr/bin/mapper |
| /usr/bin/realmchk |
| /usr/bin/realmctl |
| /usr/bin/realminit |
| /usr/bin/realmset |
| /usr/bin/rollchk |
| /usr/bin/rollctl |
| /usr/bin/rollerd |
| /usr/bin/rollinit |
| /usr/bin/rolllog |
| /usr/bin/rollrec-editor |
| /usr/bin/rollset |
| /usr/bin/signset-editor |
| /usr/bin/tachk |
| /usr/bin/timetrans |
| /usr/bin/trustman |
| /usr/bin/zonesigner |
| /usr/share/dnssec-tools |
| /usr/share/dnssec-tools/donuts |
| /usr/share/dnssec-tools/donuts/rules |
| /usr/share/dnssec-tools/donuts/rules/check_nameservers.txt |
| /usr/share/dnssec-tools/donuts/rules/dns.errors.txt |
| /usr/share/dnssec-tools/donuts/rules/dnssec.rules.txt |
| /usr/share/dnssec-tools/donuts/rules/nsec_check.rules.txt |
| /usr/share/dnssec-tools/donuts/rules/parent_child.rules.txt |
| /usr/share/dnssec-tools/donuts/rules/recommendations.rules.txt |
| /usr/share/dnssec-tools/validator-testcases |
| /usr/share/doc/dnssec-tools-1.13 |
| /usr/share/doc/dnssec-tools-1.13/COPYING |
| /usr/share/doc/dnssec-tools-1.13/INSTALL |
| /usr/share/doc/dnssec-tools-1.13/README |
| /usr/share/man/man1/blinkenlights.1.gz |
| /usr/share/man/man1/bubbles.1.gz |
| /usr/share/man/man1/buildrealms.1.gz |
| /usr/share/man/man1/check-zone-expiration.1.gz |
| /usr/share/man/man1/cleanarch.1.gz |
| /usr/share/man/man1/cleankrf.1.gz |
| /usr/share/man/man1/convertar.1.gz |
| /usr/share/man/man1/dnspktflow.1.gz |
| /usr/share/man/man1/dnssec-tools.1.gz |
| /usr/share/man/man1/donuts.1.gz |
| /usr/share/man/man1/donutsd.1.gz |
| /usr/share/man/man1/drawvalmap.1.gz |
| /usr/share/man/man1/dt-getaddr.1.gz |
| /usr/share/man/man1/dt-gethost.1.gz |
| /usr/share/man/man1/dt-getname.1.gz |
| /usr/share/man/man1/dt-getquery.1.gz |
| /usr/share/man/man1/dt-getrrset.1.gz |
| /usr/share/man/man1/dt-libval_check_conf.1.gz |
| /usr/share/man/man1/dt-validate.1.gz |
| /usr/share/man/man1/dtck.1.gz |
| /usr/share/man/man1/dtconf.1.gz |
| /usr/share/man/man1/dtconfchk.1.gz |
| /usr/share/man/man1/dtdefs.1.gz |
| /usr/share/man/man1/dtinitconf.1.gz |
| /usr/share/man/man1/dtrealms.1.gz |
| /usr/share/man/man1/expchk.1.gz |
| /usr/share/man/man1/fixkrf.1.gz |
| /usr/share/man/man1/genkrf.1.gz |
| /usr/share/man/man1/getdnskeys.1.gz |
| /usr/share/man/man1/getds.1.gz |
| /usr/share/man/man1/grandvizier.1.gz |
| /usr/share/man/man1/keyarch.1.gz |
| /usr/share/man/man1/keymod.1.gz |
| /usr/share/man/man1/krfcheck.1.gz |
| /usr/share/man/man1/lights.1.gz |
| /usr/share/man/man1/lsdnssec.1.gz |
| /usr/share/man/man1/lskrf.1.gz |
| /usr/share/man/man1/lsrealm.1.gz |
| /usr/share/man/man1/lsroll.1.gz |
| /usr/share/man/man1/maketestzone.1.gz |
| /usr/share/man/man1/mapper.1.gz |
| /usr/share/man/man1/realmchk.1.gz |
| /usr/share/man/man1/realmctl.1.gz |
| /usr/share/man/man1/realminit.1.gz |
| /usr/share/man/man1/realmset.1.gz |
| /usr/share/man/man1/rollchk.1.gz |
| /usr/share/man/man1/rollctl.1.gz |
| /usr/share/man/man1/rollerd.1.gz |
| /usr/share/man/man1/rollinit.1.gz |
| /usr/share/man/man1/rolllog.1.gz |
| /usr/share/man/man1/rollrec-editor.1.gz |
| /usr/share/man/man1/rollset.1.gz |
| /usr/share/man/man1/signset-editor.1.gz |
| /usr/share/man/man1/tachk.1.gz |
| /usr/share/man/man1/timetrans.1.gz |
| /usr/share/man/man1/trustman.1.gz |
| /usr/share/man/man1/zonesigner.1.gz |
| /usr/share/man/man3/Net::DNS::SEC::Tools::realm.3pm.gz |
| /usr/share/man/man3/Net::DNS::SEC::Tools::realmmgr.3pm.gz |
| /usr/share/man/man3/p_ac_status.3.gz |
| /usr/share/man/man3/p_val_status.3.gz |
| </code> |
| |
| |
| ==== zone-check ==== |
| |
| # yum install zone-check -y |
| |
| # rpm -qil zonecheck |
| <code>Name : zonecheck Relocations: (not relocatable) |
| Version : 2.0.4 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ |
| Release : 1.2.el6.rf Build Date: Fri 12 Nov 2010 10:58:44 AM CET |
| Install Date: Sat 24 May 2014 11:00:03 PM CEST Build Host: lisse.hasselt.wieers.com |
| Group : Applications/Internet Source RPM: zonecheck-2.0.4-1.2.el6.rf.src.rpm |
| Size : 792719 License: GPL |
| Signature : DSA/SHA1, Sat 13 Nov 2010 12:05:24 AM CET, Key ID a20e52146b8d79e6 |
| Packager : Dag Wieers <dag@wieers.com> |
| URL : http://www.zonecheck.fr/ |
| Summary : Perform consistency checks on DNS zones |
| Description : |
| ZoneCheck is intended to help solve DNS misconfigurations or |
| inconsistencies that are usually revealed by an increase in |
| the latency of the application. The DNS is a critical resource |
| for every network application, so it is quite important to |
| ensure that a zone or domain name is correctly configured in |
| the DNS. |
| /etc/zonecheck |
| /etc/zonecheck/afnic.profile |
| /etc/zonecheck/de.profile |
| /etc/zonecheck/default.profile |
| /etc/zonecheck/reverse.profile |
| /etc/zonecheck/rootservers |
| /etc/zonecheck/zc.conf |
| /usr/bin/zonecheck |
| /usr/lib/zonecheck |
| /usr/lib/zonecheck/cgi-bin |
| /usr/lib/zonecheck/cgi-bin/zc.cgi |
| /usr/lib/zonecheck/lib |
| /usr/lib/zonecheck/lib/address |
| /usr/lib/zonecheck/lib/address.rb |
| /usr/lib/zonecheck/lib/address/common.rb |
| /usr/lib/zonecheck/lib/address/ipv4.rb |
| /usr/lib/zonecheck/lib/address/ipv6.rb |
| /usr/lib/zonecheck/lib/nresolv |
| /usr/lib/zonecheck/lib/nresolv.rb |
| /usr/lib/zonecheck/lib/nresolv/compatibility.rb |
| /usr/lib/zonecheck/lib/nresolv/config.rb |
| /usr/lib/zonecheck/lib/nresolv/constants.rb |
| /usr/lib/zonecheck/lib/nresolv/dbg.rb |
| /usr/lib/zonecheck/lib/nresolv/dig_output.rb |
| /usr/lib/zonecheck/lib/nresolv/dns.rb |
| /usr/lib/zonecheck/lib/nresolv/dns_message.rb |
| /usr/lib/zonecheck/lib/nresolv/dns_name.rb |
| /usr/lib/zonecheck/lib/nresolv/dns_resource.rb |
| /usr/lib/zonecheck/lib/nresolv/host.rb |
| /usr/lib/zonecheck/lib/nresolv/resolver.rb |
| /usr/lib/zonecheck/lib/nresolv/transport.rb |
| /usr/lib/zonecheck/lib/nresolv/wire.rb |
| /usr/lib/zonecheck/lib/textfmt.rb |
| /usr/lib/zonecheck/lib/whois.rb |
| /usr/lib/zonecheck/locale |
| /usr/lib/zonecheck/locale/cgi.en |
| /usr/lib/zonecheck/locale/cgi.fr |
| /usr/lib/zonecheck/locale/cli.en |
| /usr/lib/zonecheck/locale/cli.fr |
| /usr/lib/zonecheck/locale/gtk.en |
| /usr/lib/zonecheck/locale/gtk.fr |
| /usr/lib/zonecheck/locale/inetd.en |
| /usr/lib/zonecheck/locale/inetd.fr |
| /usr/lib/zonecheck/locale/test |
| /usr/lib/zonecheck/locale/test/axfr.en |
| /usr/lib/zonecheck/locale/test/axfr.fr |
| /usr/lib/zonecheck/locale/test/connectivity.en |
| /usr/lib/zonecheck/locale/test/connectivity.fr |
| /usr/lib/zonecheck/locale/test/generic.en |
| /usr/lib/zonecheck/locale/test/generic.fr |
| /usr/lib/zonecheck/locale/test/interop.en |
| /usr/lib/zonecheck/locale/test/interop.fr |
| /usr/lib/zonecheck/locale/test/loopback.en |
| /usr/lib/zonecheck/locale/test/loopback.fr |
| /usr/lib/zonecheck/locale/test/mail.en |
| /usr/lib/zonecheck/locale/test/mail.fr |
| /usr/lib/zonecheck/locale/test/misc.en |
| /usr/lib/zonecheck/locale/test/misc.fr |
| /usr/lib/zonecheck/locale/test/mx.en |
| /usr/lib/zonecheck/locale/test/mx.fr |
| /usr/lib/zonecheck/locale/test/nameserver.en |
| /usr/lib/zonecheck/locale/test/nameserver.fr |
| /usr/lib/zonecheck/locale/test/ns.en |
| /usr/lib/zonecheck/locale/test/ns.fr |
| /usr/lib/zonecheck/locale/test/rootserver.en |
| /usr/lib/zonecheck/locale/test/rootserver.fr |
| /usr/lib/zonecheck/locale/test/soa.en |
| /usr/lib/zonecheck/locale/test/soa.fr |
| /usr/lib/zonecheck/locale/zc.en |
| /usr/lib/zonecheck/locale/zc.fr |
| /usr/lib/zonecheck/test |
| /usr/lib/zonecheck/test/axfr.rb |
| /usr/lib/zonecheck/test/connectivity.rb |
| /usr/lib/zonecheck/test/generic.rb |
| /usr/lib/zonecheck/test/interop.rb |
| /usr/lib/zonecheck/test/loopback.rb |
| /usr/lib/zonecheck/test/mail.rb |
| /usr/lib/zonecheck/test/misc.rb |
| /usr/lib/zonecheck/test/mx.rb |
| /usr/lib/zonecheck/test/nameserver.rb |
| /usr/lib/zonecheck/test/ns.rb |
| /usr/lib/zonecheck/test/rootserver.rb |
| /usr/lib/zonecheck/test/soa.rb |
| /usr/lib/zonecheck/www |
| /usr/lib/zonecheck/www/html |
| /usr/lib/zonecheck/www/html/batch.html.en |
| /usr/lib/zonecheck/www/html/batch.html.fr |
| /usr/lib/zonecheck/www/html/form.html.en |
| /usr/lib/zonecheck/www/html/form.html.fr |
| /usr/lib/zonecheck/www/img |
| /usr/lib/zonecheck/www/img/details.png |
| /usr/lib/zonecheck/www/img/element.png |
| /usr/lib/zonecheck/www/img/fatal.png |
| /usr/lib/zonecheck/www/img/gear.png |
| /usr/lib/zonecheck/www/img/info.png |
| /usr/lib/zonecheck/www/img/light.png |
| /usr/lib/zonecheck/www/img/logo.png |
| /usr/lib/zonecheck/www/img/loupe.png |
| /usr/lib/zonecheck/www/img/notepad.png |
| /usr/lib/zonecheck/www/img/ok.png |
| /usr/lib/zonecheck/www/img/primary.png |
| /usr/lib/zonecheck/www/img/ref.png |
| /usr/lib/zonecheck/www/img/secondary.png |
| /usr/lib/zonecheck/www/img/warning.png |
| /usr/lib/zonecheck/www/img/zc-fav.png |
| /usr/lib/zonecheck/www/img/zone.png |
| /usr/lib/zonecheck/www/js |
| /usr/lib/zonecheck/www/js/formvalidation.js |
| /usr/lib/zonecheck/www/js/popupmenu.js |
| /usr/lib/zonecheck/www/js/progress.js |
| /usr/lib/zonecheck/www/style |
| /usr/lib/zonecheck/www/style/zc.css |
| /usr/lib/zonecheck/www/zonecheck.conf.in |
| /usr/lib/zonecheck/zc |
| /usr/lib/zonecheck/zc/cache.rb |
| /usr/lib/zonecheck/zc/cachemanager.rb |
| /usr/lib/zonecheck/zc/config.rb |
| /usr/lib/zonecheck/zc/console.rb |
| /usr/lib/zonecheck/zc/data |
| /usr/lib/zonecheck/zc/data/catalog.xml |
| /usr/lib/zonecheck/zc/data/config.dtd |
| /usr/lib/zonecheck/zc/data/logo.rb |
| /usr/lib/zonecheck/zc/data/msgcat.dtd |
| /usr/lib/zonecheck/zc/data/xpm.rb |
| /usr/lib/zonecheck/zc/data/zonecheck.dtd |
| /usr/lib/zonecheck/zc/dbg.rb |
| /usr/lib/zonecheck/zc/ext |
| /usr/lib/zonecheck/zc/ext/array.rb |
| /usr/lib/zonecheck/zc/ext/file.rb |
| /usr/lib/zonecheck/zc/ext/gtk.rb |
| /usr/lib/zonecheck/zc/ext/myxml.rb |
| /usr/lib/zonecheck/zc/framework.rb |
| /usr/lib/zonecheck/zc/input |
| /usr/lib/zonecheck/zc/input/cgi.rb |
| /usr/lib/zonecheck/zc/input/cli.rb |
| /usr/lib/zonecheck/zc/input/gtk.rb |
| /usr/lib/zonecheck/zc/input/inetd.rb |
| /usr/lib/zonecheck/zc/instructions.rb |
| /usr/lib/zonecheck/zc/locale.rb |
| /usr/lib/zonecheck/zc/mail.rb |
| /usr/lib/zonecheck/zc/msgcat.rb |
| /usr/lib/zonecheck/zc/param.rb |
| /usr/lib/zonecheck/zc/publisher |
| /usr/lib/zonecheck/zc/publisher.rb |
| /usr/lib/zonecheck/zc/publisher/gtk.rb |
| /usr/lib/zonecheck/zc/publisher/html.rb |
| /usr/lib/zonecheck/zc/publisher/text.rb |
| /usr/lib/zonecheck/zc/publisher/xml.rb |
| /usr/lib/zonecheck/zc/report |
| /usr/lib/zonecheck/zc/report.rb |
| /usr/lib/zonecheck/zc/report/byhost.rb |
| /usr/lib/zonecheck/zc/report/byseverity.rb |
| /usr/lib/zonecheck/zc/testmanager.rb |
| /usr/lib/zonecheck/zc/zc.rb |
| /usr/lib/zonecheck/zc/zonecheck.rb |
| /usr/share/doc/zonecheck-2.0.4 |
| /usr/share/doc/zonecheck-2.0.4/BUGS |
| /usr/share/doc/zonecheck-2.0.4/COPYING |
| /usr/share/doc/zonecheck-2.0.4/CREDITS |
| /usr/share/doc/zonecheck-2.0.4/ChangeLog |
| /usr/share/doc/zonecheck-2.0.4/GPL |
| /usr/share/doc/zonecheck-2.0.4/HISTORY |
| /usr/share/doc/zonecheck-2.0.4/README |
| /usr/share/doc/zonecheck-2.0.4/TODO |
| /usr/share/doc/zonecheck-2.0.4/html |
| /usr/share/doc/zonecheck-2.0.4/html/FAQ.html |
| /usr/share/doc/zonecheck-2.0.4/html/apa.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch01.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch01s02.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch01s03.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch01s04.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch02.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch02s02.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch02s03.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch03.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch04.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch05.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch05s02.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch06.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch07.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch07s02.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch07s03.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch08.html |
| /usr/share/doc/zonecheck-2.0.4/html/ch08s02.html |
| /usr/share/doc/zonecheck-2.0.4/html/index-toc.html |
| /usr/share/doc/zonecheck-2.0.4/html/index.html |
| /usr/share/man/man1/zonecheck.1.gz |
| </code> |
| FIXME |
| |
| ====== Links ====== |
| * **[[wiki:start|Zurück zu Projekte und Themenkapitel]]** |
| * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]** |
| |
| |