|
LAN 環境用 DNS の構築 [BIND]LAN 環境内の PC からサーバーへアクセスする際に、IP アドレスではなくホスト名でアクセスできるように DNS を BIND で構築します。 また、MTA で Sender-ID による送信ドメイン認証に対応させるので TXT レコードで SPF の設定も行います。
インストール1. BIND をインストールします。 # yum -y install bind caching-nameserver Loading "fastestmirror" plugin Loading "installonlyn" plugin Setting up Install Process Setting up repositories core 100% |=========================| 1.1 kB 00:00 extras 100% |=========================| 1.1 kB 00:00 updates 100% |=========================| 1.2 kB 00:00 Loading mirror speeds from cached hostfile Reading repository metadata in from local files Excluding Packages in global exclude list Finished Parsing package install arguments Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for caching-nameserver to pack into transaction set. caching-nameserver-9.3.4- 100% |=========================| 41 kB 00:00 ---> Package caching-nameserver.i386 31:9.3.4-5.fc6 set to be updated ---> Downloading header for bind to pack into transaction set. bind-9.3.4-5.fc6.i386.rpm 100% |=========================| 50 kB 00:00 ---> Package bind.i386 31:9.3.4-5.fc6 set to be updated --> Running transaction check --> Processing Dependency: bind-libs = 31:9.3.4-5.fc6 for package: bind --> Restarting Dependency Resolution with new changes. --> Populating transaction set with selected packages. Please wait. ---> Downloading header for bind-libs to pack into transaction set. bind-libs-9.3.4-5.fc6.i38 100% |=========================| 40 kB 00:00 ---> Package bind-libs.i386 31:9.3.4-5.fc6 set to be updated --> Running transaction check --> Processing Dependency: bind-libs = 31:9.3.4-4.fc6 for package: bind-utils --> Restarting Dependency Resolution with new changes. --> Populating transaction set with selected packages. Please wait. ---> Downloading header for bind-utils to pack into transaction set. bind-utils-9.3.4-5.fc6.i3 100% |=========================| 39 kB 00:00 ---> Package bind-utils.i386 31:9.3.4-5.fc6 set to be updated --> Running transaction check Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: bind i386 31:9.3.4-5.fc6 updates 958 k caching-nameserver i386 31:9.3.4-5.fc6 updates 57 k Updating for dependencies: bind-libs i386 31:9.3.4-5.fc6 updates 836 k bind-utils i386 31:9.3.4-5.fc6 updates 163 k Transaction Summary ============================================================================= Install 2 Package(s) Update 2 Package(s) Remove 0 Package(s) Total download size: 2.0 M Downloading Packages: (1/4): bind-utils-9.3.4-5 100% |=========================| 163 kB 00:00 (2/4): caching-nameserver 100% |=========================| 57 kB 00:00 (3/4): bind-9.3.4-5.fc6.i 100% |=========================| 958 kB 00:00 (4/4): bind-libs-9.3.4-5. 100% |=========================| 836 kB 00:00 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : bind-libs ######################### [1/6] Installing: bind ######################### [2/6] Updating : bind-utils ######################### [3/6] Installing: caching-nameserver ######################### [4/6] /usr/sbin/bind-chroot-admin: line 224: [: : unary operator expected Cleanup : bind-utils ######################### [5/6] Cleanup : bind-libs ######################### [6/6] Installed: bind.i386 31:9.3.4-5.fc6 caching-nameserver.i386 31:9.3.4-5.fc6 Dependency Updated: bind-libs.i386 31:9.3.4-5.fc6 bind-utils.i386 31:9.3.4-5.fc6 Complete! 設定2. 自ドメインのゾーンファイルを作成します。
# vi /etc/named.orangesignal.com.zone
zone "orangesignal.com" {
type master;
file "orangesignal.com.db";
};
zone "11.168.192.in-addr.arpa" {
type master;
file "11.168.192.in-addr.arpa.db";
};
3. BIND の設定を行います。
# vi /etc/named.caching-nameserver.conf
options {
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
IPv6 は使用しないのでコメント化します
#query-source-v6 port 53;
allow-query { localhost; localnets; };
ルーターの IP アドレスと ISP の DNS を指定します
forwarders { 192.168.11.1; 133.205.63.153; 133.205.7.228; };
バージョン番号の詳細を返さないようにします
version "unknown";
allow-transfer { none; };
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
include "/etc/named.orangesignal.com.zone";
};
view "internal" {
match-clients { localhost; localnets; };
match-destinations { localnets; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
include "/etc/named.orangesignal.com.zone";
};
4. 正引きゾーンデータベースを作成します。 # vi /var/named/orangesignal.com.db $TTL 86400 @ IN SOA orangesignal.com. root.orangesignal.com.( 42 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS orangesignal.com. IN MX 10 orangesignal.com. @ IN A 192.168.11.100 * IN A 192.168.11.100 orangesignal.com. IN TXT "v=spf1 +mx +ip4:192.168.11.0/24 -all" 5. 逆引きゾーンデータベースを作成します。 # vi /var/named/11.168.192.in-addr.arpa.db $TTL 86400 @ IN SOA orangesignal.com. root.orangesignal.com.( 42 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS orangesignal.com. 100 IN PTR orangesignal.com. 6. ホスト名の問い合わせ設定を変更します。 # echo "nameserver 127.0.0.1" > /etc/resolv.conf 7. bind を起動します。 # service named start 8. bind の自動起動を有効にします。 # chkconfig named on |
|