キャッシュネームサーバ(DNS)
LAN内からインターネット出きるようにするために、Fedora8にBINDをキャッシュネームサーバとしてインストール。
(Linuxをルータとして使用する場合)
まずは、BINDをインストール
# yum install bind bind-chroot caching-nameserver
しかし、caching-nameserverでエラーが、、、
どうもFedora8には、caching-nameserverパッケージが用意されていないようです。
仕方ないので、以下のサイトとFedora7のcaching-nameserverパッケージの内容を参考に手動で設定。
インターネットサーバ構築 講義メモ - ネームサーバの設定
インターネットサーバ構築 講義メモ - キャッシュ専用ネームサーバ
まず、bind-chrootがインストールしている場合、bindの基準フォルダが
/var/named/chroot/
に設定されます。
以下の設定ファイルのパスも、すべて上記フォルダからの相対パスとなります。
1./etc/name.confを以下のように変更
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
allow-query { localnets; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//view localhost_resolver {
// match-clients { localhost; };
// match-destinations { localhost; };
// recursion yes;
// include "/etc/named.rfc1912.zones";
//};
include "/etc/named.rfc1912.zones";
include "/etc/named.rfc3330.zones";
2./etc/named.rfc1912.zonesが、caching-nameserverでの定義と違うため以下のように変更。
// named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; };
3.不必要な問い合わせを行わないように、/etc/named.rfc1912.zonesをベースに/etc/named.rfc3330.zonesを作成
// Private addresses zone "10.in-addr.arpa" IN { type master; file "named.zero"; }; zone "16.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "17.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "18.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "19.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "20.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "21.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "22.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "23.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "24.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "25.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "26.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "27.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "28.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "29.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "30.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "31.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "168.192.in-addr.arpa" IN { type master; file "named.zero"; }; // Loopback addresses zone "127.in-addr.arpa" IN { type master; file "named.zero"; }; // Link local addresses zone "254.169.in-addr.arpa" IN { type master; file "named.zero"; }; // TEST-NET zone "2.0.192.in-addr.arpa" IN { type master; file "named.zero"; }; // 6to4 Relay Anycast (RFC 3068) zone "99.88.192.in-addr.arpa" IN { type master; file "named.zero"; }; // Network Interconnect Device Benchmark Testing zone "18.198.in-addr.arpa" IN { type master; file "named.zero"; }; zone "19.198.in-addr.arpa" IN { type master; file "named.zero"; }; // Multicast addresses zone "224.in-addr.arpa" IN { type master; file "named.zero"; }; zone "225.in-addr.arpa" IN { type master; file "named.zero"; }; zone "226.in-addr.arpa" IN { type master; file "named.zero"; }; zone "227.in-addr.arpa" IN { type master; file "named.zero"; }; zone "228.in-addr.arpa" IN { type master; file "named.zero"; }; zone "229.in-addr.arpa" IN { type master; file "named.zero"; }; zone "230.in-addr.arpa" IN { type master; file "named.zero"; }; zone "231.in-addr.arpa" IN { type master; file "named.zero"; }; zone "232.in-addr.arpa" IN { type master; file "named.zero"; }; zone "233.in-addr.arpa" IN { type master; file "named.zero"; }; zone "234.in-addr.arpa" IN { type master; file "named.zero"; }; zone "235.in-addr.arpa" IN { type master; file "named.zero"; }; zone "236.in-addr.arpa" IN { type master; file "named.zero"; }; zone "237.in-addr.arpa" IN { type master; file "named.zero"; }; zone "238.in-addr.arpa" IN { type master; file "named.zero"; }; zone "239.in-addr.arpa" IN { type master; file "named.zero"; }; // Class-E addresses zone "240.in-addr.arpa" IN { type master; file "named.zero"; }; zone "241.in-addr.arpa" IN { type master; file "named.zero"; }; zone "242.in-addr.arpa" IN { type master; file "named.zero"; }; zone "243.in-addr.arpa" IN { type master; file "named.zero"; }; zone "244.in-addr.arpa" IN { type master; file "named.zero"; }; zone "245.in-addr.arpa" IN { type master; file "named.zero"; }; zone "246.in-addr.arpa" IN { type master; file "named.zero"; }; zone "247.in-addr.arpa" IN { type master; file "named.zero"; }; // Unassigned addresses zone "248.in-addr.arpa" IN { type master; file "named.zero"; }; zone "249.in-addr.arpa" IN { type master; file "named.zero"; }; zone "250.in-addr.arpa" IN { type master; file "named.zero"; }; zone "251.in-addr.arpa" IN { type master; file "named.zero"; }; zone "252.in-addr.arpa" IN { type master; file "named.zero"; }; zone "253.in-addr.arpa" IN { type master; file "named.zero"; }; zone "254.in-addr.arpa" IN { type master; file "named.zero"; };
4.caching-nameserverと同じになるように、/var/named/に以下のファイルを作成
localdomain.zone
$TTL 86400 @ IN SOA localhost root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS localhost localhost IN A 127.0.0.1
localhost.zone
$TTL 86400 @ IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS @ IN A 127.0.0.1 IN AAAA ::1
named.broadcast
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost.
named.zero
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost.
named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
named.ip6.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
5.bindの各設定ファイルは、アクセス権のグループが"named"でないとエラーが発生して起動しないため、グループを変更
# chgrp named /var/named/chroot/var/named/*
異常で、設定は完了。後は、再起動して正常に動作するか確認するだけ。
