Ceci & Tati

Archive for октомври, 2008


100% работещи Master и Salve DNS сървъри, изградени с BIND-9 и Gentoo

by on окт.19, 2008, under Линукс, Мрежата

Преди всичко искам да кажа, че примера ми е доста скромен, но напълно работещ. В него влизат 3 мрежи клас „C“ и един домейн „sharcom.org“ закупен от host.bg.

1. Инсталиране то на BIND-9 в Gentoо е сладко нещо :) .

dns1 ~ # emerge -av bind

These are the packages that would be merged, in order:

Calculating dependencies… done!
[ebuild U ] net-dns/bind-9.4.1_p1 [9.3.4-r3] USE=“berkdb ipv6 ldap mysql postgres ssl -dlz -doc -idn -odbc -resolvconf (-selinux) -threads -urandom%“ 6,193 kB

Total: 1 package (1 upgrade), Size of downloads: 6,193 kB

Would you like to merge these packages? [Yes/No]

2. Master DNS.

След като съм инсталирал BIND-а на master dns и slave dns машините, редактирам „/etc/bind/named.conf“ на master dns машината.

dns1 bind # cat /etc/bind/named.conf
options {
directory „/var/bind“;

// uncomment the following lines to turn on DNS forwarding,
// and change the forwarding ip address(es) :
//forward first;
//forwarders {
// 89.215.250.10;
// 217.9.224.2;
// 89.106.96.4;
//};

// listen-on-v6 { none; };
listen-on { 127.0.0.1;
212.114.121.19;
};

// to allow only specific hosts to use the DNS server:
allow-query {
127.0.0.1;
212.114.121.0/24;
212.114.122.0/24;
212.114.123.0/24;
};

// Zabraniava rekursivnite zaiavki, osven vatre6nite.
allow-recursion {
127.0.0.1;
212.114.121.0/24;
212.114.122.0/24;
212.114.123.0/24;
};

// if you have problems and are behind a firewall:
//query-source address * port 53;
pid-file „/var/run/named/named.pid“;
};

// Briefly, a zone which has been declared delegation-only will be effectively
// limited to containing NS RRs for subdomains, but no actual data beyond its
// own apex (for example, its SOA RR and apex NS RRset). This can be used to
// filter out „wildcard“ or „synthesized“ data from NAT boxes or from
// authoritative name servers whose undelegated (in-zone) data is of no
// interest.
// See http://www.isc.org/products/BIND/delegation-only.html for more info

//zone „COM“ { type delegation-only; };
//zone „NET“ { type delegation-only; };

zone „.“ IN {
type hint;
file „named.ca“;
};

zone „localhost“ IN {
type master;
file „pri/localhost.zone“;
allow-update { none; };
notify no;
};

zone „127.in-addr.arpa“ IN {
type master;
file „pri/127.zone“;
allow-update { none; };
notify no;
};

zone „sharcom.org“ IN {
type master;
file „pri/sharcom.zone“;
allow-update { none; };
allow-transfer { 212.114.121.21; 127.0.0.1; }; //ograni4enie v transfer na zonite
allow-query { any; }; //zashtita ot spufing, zabraniava zaiavkite koito ne sa za nas
notify yes;
};

zone „10.168.192.in-addr.arpa“ {
type master;
file „pri/192.zone“;
allow-update { none; };
allow-query { any; }; //zashtita ot spufing, zabraniava zaiavkite koito ne sa za nas
notify no;
};

zone „121.114.212.in-addr.arpa“ {
type master;
file „pri/212.114.121.zone“;
allow-update { none; };
allow-transfer { 212.114.121.21; 127.0.0.1; 217.19.224.2; 217.19.224.3; }; //ograni4enie v transfer na zonite
allow-query { any; }; //zashtita ot spufing, zabraniava zaiavkite koito ne sa za nas
notify yes;
};

zone „122.114.212.in-addr.arpa“ {
type master;
file „pri/212.114.122.zone“;
allow-update { none; };
allow-transfer { 212.114.121.21; 127.0.0.1; 217.19.224.2; 217.19.224.3; }; //ograni4enie v transfer na zonite
allow-query { any; }; //zashtita ot spufing, zabraniava zaiavkite koito ne sa za nas
notify yes;
};

zone „123.114.212.in-addr.arpa“ {
type master;
file „pri/212.114.123.zone“;
allow-update { none; };
allow-transfer { 212.114.121.21; 127.0.0.1; 217.19.224.2; 217.19.224.3; }; //ograni4enie v transfer na zonite
allow-query { any; }; //zashtita ot spufing, zabraniava zaiavkite koito ne sa za nas
notify yes;
};

logging{
channel info_log {
file „/var/log/named/bind_info.log“ versions 3 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel warning_log {
file „/var/log/named/bind_warning.log“ versions 3 size 5m;
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};

category default{
info_log; warning_log;
};
};

(continue reading…)

въведете коментар прочетете повече...

Нещто не намирате ли?

Потърси в блога ми:

Моля Ви не прекалявайте с информацията!