Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
25 janvier 2010 1 25 /01 /janvier /2010 14:10
our le compte de l'installation de mon domaine SAMBA/LDAP, j'ai besoin d'un DNS

reference: http://doc.ubuntu-fr.org/bind9

Installation de bind9

apt-get install bind9 bind9-doc

Configuration

Fichier de configuration principale: /etc/bind/named.conf

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
          allow-update { none; };
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
          allow-update { none; };
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
          allow-update { none; };

};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
  allow-update { none; };

};

include "/etc/bind/named.conf.local";

Puis les configuration locales: /etc/bind/named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918-192-168";

zone "zalin.org" IN {
  type master;
  file "/var/cache/bind/db.zalin.org";
  ; allow-update { none; }; pas de mise à jour dynamique
  allow-update { 127.0.0.1; }; permet la mise à jour dynamique à partir du DHCP

};

zone "32.168.192.in-addr.arpa" IN {
  type master;
  file "/var/cache/bind/rev.zalin.org";
  // allow-update { none; }; pas de mise à jour dynamique
  allow-update { 127.0.0.1; }; //permet la mise à jour dynamique à partir du DHCP

};
;
L'exclusion des domaine de la rfc 1918 non utlisé:
;

zones.rfc1918-192.168
zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
 
zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };

#zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

;
Configuration des options :

/etc/bind/named.conf.options
options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders. 
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    // forwarders {
    //     0.0.0.0;
    // };
         forward only;
         forwarders { 84.103.237.148; 86.64.145.148; 192.168.1.1; };
         allow-recursion { localnets; };

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

Parametres

zone : 192.168.32.0

fichier : /var/cache/bind/db.zalin.org
;
$ORIGIN .
$TTL 86400    ; 1 day
zalin.org        IN SOA    lilith.zalin.org. root.zalin.org. (
                2008012917 ; serial
                604800     ; refresh (1 week)
                86400      ; retry (1 day)
                2419200    ; expire (4 weeks)
                604800     ; minimum (1 week)
                )
            NS    lilith.zalin.org.
$ORIGIN zalin.org.
dd-wrt            A    192.168.32.1 ; routeur entrée
dd2-wrt            A    192.168.32.2 ; routeur extension+wifi
BEFSR41v3        A    192.168.32.6 ; Linksys BEFSR41v3
laser            A    192.168.32.253 ; serveur d impression
lilith            A    192.168.32.65
maria            A    192.168.32.64
primary            CNAME    lilith
quentin            A    192.168.32.60

;

Zone : reverse

/var/cache/bind/rev.zalin.org
On netera la presence du "." en fin de FQDN

$TTL 86400      ; 1 day
32.168.192.in-addr.arpa IN SOA  lilith.zalin.org. root.zalin.org. (
                                2008012845 ; serial
                                604800     ; refresh (1 week)
                                86400      ; retry (1 day)
                                2419200    ; expire (4 weeks)
                                604800     ; minimum (1 week)
                                )
                        NS      lilith.zalin.org.
1                       PTR     dd-wrt.zalin.org.
2                       PTR     dd-wrt2.zalin.org.
6                       PTR     BEFSR41v3.zalin.org.
253                     PTR     laser.zalin.org.
60                      PTR     quentin.zalin.org.
64                      PTR     maria.zalin.org.
65                      PTR     lilith.zalin.org.
</code>

Droits <code>chgrp bind /var/cache/bind/*


Activation

cat /etc/hosts

127.0.0.1    localhost
192.168.32.65    primary.zalin.org    lilith

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts</code>

/etc/resolv.conf
<code>
domain zalin.org
search zalin.org
nameserver 192.168.32.65
nameserver 192.168.1.1
</code>

/etc/default/bind9

# run resolvconf?
RESOLVCONF=yes
#RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind"


Vérification


Verification de la conf


named-checkconf /etc/bind/named.conf
</code>
Ok si rien n'est retourné

Vérification des zones


cd /var/cache/bind
named-checkzone -d zalin.org db.zalin.org
zone zalin.org/IN: loaded serial 2008012917
OK

named-checkzone -d 192.168.32.1 rev.zalin.org
loading "192.168.32.1" from "rev.zalin.org" class "IN"
zone 192.168.32.1/IN: loaded serial 2008012845
OK


demarrage

on relance bind9:
invoke-rc.d bind9 restart

On peut verifier le /var/log/syslog que l'on a des entrées valides.

Suite dans la configuration du DHCP : http://nitocris.over-blog.net/article-dhcp-sous-ubuntu-43616397.html

Partager cet article

Repost 0
Published by nitocris - dans Linux
commenter cet article

commentaires