Outils pour utilisateurs
serveur_install_party:dns
Table des matières
Résolution de noms
Cette partie va nous servir à résoudre les noms de domaine, mais aussi à résoudre chaque nom de machine si le serveur dhcp a pu l'obtenir.
Rappel du réseau
+-----------+
| |
INTERNET ---------- (DHCP) eth0 -| SERVEUR |- eth1 (10.9.0.0/22) --- Réseau local pour les installs
| |
+-----------+
Bind
Installez bind9
aptitude install bind9
Ajoutez les lignes suviantes à votre configuration /etc/bind/named.conf
include "/etc/bind/rndc.key";
Zone locales
/etc/bind/named.conf.local
zone "lq" {
type master;
file "/var/lib/bind/lq.hosts";
allow-update { key "rndc-key"; };
};
zone "9.10.in-addr.arpa" {
type master;
file "/var/lib/bind/10.9.rev";
allow-update { key "rndc-key"; };
};
Créez la zone reverse /var/lib/bind/10.9.rev comme suit
$ttl 38400
9.10.in-addr.arpa. IN SOA billig.lq. root.localhost. (
1341155341
10800
3600
604800
38400 )
9.10.in-addr.arpa. IN NS billig.lq.
Créez la zone .lq. /var/lib/bind/lq.hosts
$ttl 38400
lq. IN SOA billig.lq. root.localhost. (
1341155297
10800
3600
604800
38400 )
lq. IN NS billig.lq.
Configurez le fichier /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
managed-keys-directory "/etc/bind";
recursion yes;
allow-recursion {
127.0.0.1;
10.9.0.0/22;
};
allow-query {
127.0.0.1;
10.9.0.0/22;
};
};
Ajoutez (Si vous le souhaitez), les option de log à la toute fin du fichier named.conf.options. (Pensez à créer le répertoire /var/log/named/ avec les droits d'écriture pour le groupe bind)
logging {
channel default_file {
file "/var/log/named/default.log";
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log";
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log";
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log";
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log";
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log";
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log";
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log";
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log";
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log";
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log";
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log";
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log";
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log";
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log";
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log";
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log";
severity dynamic;
print-time yes;
};
category lame-servers {
lame-servers_file;
};
category dnssec {
dnssec_file;
};
category dispatch {
dispatch_file;
};
category update {
update_file;
};
category network {
network_file;
};
category queries {
queries_file;
};
category unmatched {
unmatched_file;
};
category client {
client_file;
};
category notify {
notify_file;
};
category xfer-out {
xfer-out_file;
};
category xfer-in {
xfer-in_file;
};
category resolver {
resolver_file;
};
category config {
config_file;
};
category security {
security_file;
};
category database {
database_file;
};
category general {
general_file;
};
category default {
default_file;
};
};
Redémarrez votre serveur bind
serveur_install_party/dns.txt · Dernière modification: 2023/07/18 23:11 (modification externe)
Outils de la page
Sauf mention contraire, le contenu de ce wiki est placé sous les termes de la licence suivante : CC0 1.0 Universal
