Mit BIND1) richten wir uns für unser SOHO2)-LAN ein Domain-Name-System-Server oder kurz DNS3)ein.
DNS wurde in den beiden RFC 1034 und RFC 1035 definiert und bekam von der Internet Assigned Numbers Authority die beiden Ports 53/UDP und 53/TCP.
Zu erst installieren wir uns die beiden Pakete bind und bind-chroot. Letzters hilft uns, unseren DNS in einem chroot4)-Umgebung laufen zu lassen. Hierzu reicht quasi die installation von bind-chroot, da bind auf Grund der Abhängigkeiten bei Bedarf automatisch mit installiert wird.
yum install bind-chroot
Als erstes erstellen wir uns unsere Serverkonfigurationsdatei:
# vim /var/named/chroot/etc/named.conf
// Red Hat BIND Configuration Tool
//
// Default initial "Caching Only" name server configuration
//
options {
allow-query {
127.0.0.1;
192.168.100.0/24;
};
query-source address 192.168.100.1 port *
;
forwarders { 212.18.3.5;
212.18.0.5;
};
random-device "/dev/random";
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
zone "." IN {
type hint;
file "named.root";
};
zone "localdomain." IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost." IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa." IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa." IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa." IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "nausch.org" IN {
type master;
file "nausch.org";
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "10.168.192.in-addr.arpa";
};
include "/etc/rndc.key";
Als nächstes legen wir uns für die Forward-Auflösung die entsprechende Konfigurationsdatei passend für unsere Domäne nausch.org an.
vim /var/named/chroot/var/named/nausch.org
$TTL 86400
@ IN SOA nss.nausch.org. root.nausch.org. (
2008110701 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS nss.nausch.org.
IN MX 10 nss
ldap IN CNAME nss
time IN CNAME nss
nausch.org. IN A 192.168.100.1
*.nausch.org. IN A 192.168.100.1
nss IN A 192.168.100.1
GXP-2000 IN A 192.168.100.50
ST-100 IN A 192.168.100.51
SPA-2100-1 IN A 192.168.100.52
SPA-2100-2 IN A 192.168.100.53
snom360 IN A 192.168.100.54
snom320 IN A 192.168.100.55
snom300-1 IN A 192.168.100.56
snom300-2 IN A 192.168.100.57
snom300-3 IN A 192.168.100.58
snom-m3 IN A 192.168.100.59
Für die Reverse-Auflösung, also für die Ermittlung des Namens zu einer vorgegebenen IP-Adresse, legen wird entsprechend unserem IP-Adresspools folgende Konfigurationsdatei 100.168.192.in-addr.arpa an.
vim /var/named/chroot/var/named/10.168.192.in-addr.arpa
$TTL 2D
@ IN SOA nss.nausch.org. root.nss.nausch.org. (
2008110701 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1D ) ; minimum
@ IN NS 1.100.168.192.in-addr.arpa.
1 IN PTR nss.nausch.org.
50 IN PTR GXP-2000.nausch.org.
51 IN PTR ST-100.nausch.org.
52 IN PTR SPA-2100-1.nausch.org.
53 IN PTR SPA-2100-2.nausch.org.
54 IN PTR snom360.nausch.org.
55 IN PTR snom320.nausch.org.
56 IN PTR snom300-1.nausch.org.
57 IN PTR snom300-2.nausch.org.
58 IN PTR snom300-3.nausch.org.
59 IN PTR snom-m3.nausch.org.
Weiter legen wir uns noch folgende Dateien an
$TTL 86400
@ IN SOA localhost root.localhost (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
localhost IN A 127.0.0.1
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS @
IN A 127.0.0.1
IN AAAA ::1
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost.
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
; root "." zone hints file, queried of a.root-servers.net. by system-config-bind ; version of root zone: 2007082400 . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost.
Den ersten Start unseres DNS-Servers nehmen wir wie folgt vor.
service named start named starten: [ OK ]
Im syslog wird der erfolgreiche Start entsprechend quittiert:
Nov 7 21:40:17 mnss named[17041]: starting BIND 9.3.4-P1 -u named -t /var/named/chroot Nov 7 21:40:17 mnss named[17041]: found 2 CPUs, using 2 worker threads Nov 7 21:40:17 mnss named[17041]: loading configuration from '/etc/named.conf' Nov 7 21:40:17 mnss named[17041]: listening on IPv4 interface lo, 127.0.0.1#53 Nov 7 21:40:17 mnss named[17041]: listening on IPv4 interface eth0, 192.168.100.2#53 Nov 7 21:40:17 mnss named[17041]: command channel listening on 127.0.0.1#953 Nov 7 21:40:17 mnss named[17041]: command channel listening on ::1#953 Nov 7 21:40:17 mnss named[17041]: zone 0.in-addr.arpa/IN: loaded serial 42 Nov 7 21:40:17 mnss named[17041]: zone 0.0.127.in-addr.arpa/IN: loaded serial 42 Nov 7 21:40:17 mnss named[17041]: zone 100.168.192.in-addr.arpa/IN: loaded serial 2008110701 Nov 7 21:40:17 mnss named[17041]: zone 255.in-addr.arpa/IN: loaded serial 42 Nov 7 21:40:17 mnss named[17041]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 42 Nov 7 21:40:17 mnss named[17041]: zone localdomain/IN: loaded serial 42 Nov 7 21:40:17 mnss named[17041]: zone localhost/IN: loaded serial 42 Nov 7 21:40:17 mnss named[17041]: zone nausch.org/IN: loaded serial 2008110701 Nov 7 21:40:17 mnss named[17041]: running Nov 7 21:40:17 mnss named[17041]: zone 10.168.192.in-addr.arpa/IN: sending notifies (serial 2008110701)
Damit nun unser DNS-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
chkconfig named on
Anschließend überprüfen wir noch unsere Änderung:
chkconfig --list | grep named named 0:Aus 1:Aus 2:Ein 3:Ein 4:Ein 5:Ein 6:Aus