DNS sous ubuntu

Publié par nitocris sur 25 Janvier 2010, 14:10pm

Catégories : #Linux

our le compte de l'installation de mon domaine SAMBA/LDAP, j'ai besoin d'un DNS

reference: http://doc.ubuntu-fr.org/bind9

Installation de bind9

apt-get install bind9 bind9-doc

Configuration

Fichier de configuration principale: /etc/bind/named.conf


 // This is the primary configuration file for the BIND DNS server named.
 //
 // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
 // structure of BIND configuration files in Debian, *BEFORE* you customize
 // this configuration file.
 //
 // If you are just adding zones, please do that in /etc/bind/named.conf.local
 
 include "/etc/bind/named.conf.options";
 
 // prime the server with knowledge of the root servers
 zone "." {
         type hint;
         file "/etc/bind/db.root";
 };
 
 // be authoritative for the localhost forward and reverse zones, and for
 // broadcast zones as per RFC 1912
 
 zone "localhost" {
         type master;
         file "/etc/bind/db.local";
           allow-update { none; };
 };
 
 zone "127.in-addr.arpa" {
         type master;
         file "/etc/bind/db.127";
           allow-update { none; };
 };
 
 zone "0.in-addr.arpa" {
         type master;
         file "/etc/bind/db.0";
           allow-update { none; };
 
 };
 
 zone "255.in-addr.arpa" {
         type master;
         file "/etc/bind/db.255";
   allow-update { none; };
 
 };
 
 include "/etc/bind/named.conf.local";

Puis les configuration locales: /etc/bind/named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918-192-168";

zone "zalin.org" IN {
type master;
file "/var/cache/bind/db.zalin.org";
; allow-update { none; }; pas de mise à jour dynamique
allow-update { 127.0.0.1; }; permet la mise à jour dynamique à partir du DHCP

};

zone "32.168.192.in-addr.arpa" IN {
type master;
file "/var/cache/bind/rev.zalin.org";
// allow-update { none; }; pas de mise à jour dynamique
allow-update { 127.0.0.1; }; //permet la mise à jour dynamique à partir du DHCP

};
;
L'exclusion des domaine de la rfc 1918 non utlisé:

;
 
 zones.rfc1918-192.168
 zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
  
 zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 
 #zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

;
Configuration des options :

/etc/bind/named.conf.options
options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk. See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    // forwarders {
    //     0.0.0.0;
    // };
         forward only;
         forwarders { 84.103.237.148; 86.64.145.148; 192.168.1.1; };
         allow-recursion { localnets; };

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

Parametres

zone : 192.168.32.0

fichier : /var/cache/bind/db.zalin.org

;
 $ORIGIN .
 $TTL 86400    ; 1 day
 zalin.org        IN SOA    lilith.zalin.org. root.zalin.org. (
                 2008012917 ; serial
                 604800     ; refresh (1 week)
                 86400      ; retry (1 day)
                 2419200    ; expire (4 weeks)
                 604800     ; minimum (1 week)
                 )
             NS    lilith.zalin.org.
 $ORIGIN zalin.org.
 dd-wrt            A    192.168.32.1 ; routeur entrée
 dd2-wrt            A    192.168.32.2 ; routeur extension+wifi
 BEFSR41v3        A    192.168.32.6 ; Linksys BEFSR41v3
 laser            A    192.168.32.253 ; serveur d impression
 lilith            A    192.168.32.65
 maria            A    192.168.32.64
 primary            CNAME    lilith
 quentin            A    192.168.32.60

;

Zone : reverse

/var/cache/bind/rev.zalin.org
On netera la presence du "." en fin de FQDN


 $TTL 86400      ; 1 day
 32.168.192.in-addr.arpa IN SOA  lilith.zalin.org. root.zalin.org. (
                                 2008012845 ; serial
                                 604800     ; refresh (1 week)
                                 86400      ; retry (1 day)
                                 2419200    ; expire (4 weeks)
                                 604800     ; minimum (1 week)
                                 )
                         NS      lilith.zalin.org.
 1                       PTR     dd-wrt.zalin.org.
 2                       PTR     dd-wrt2.zalin.org.
 6                       PTR     BEFSR41v3.zalin.org.
 253                     PTR     laser.zalin.org.
 60                      PTR     quentin.zalin.org.
 64                      PTR     maria.zalin.org.
 65                      PTR     lilith.zalin.org.
 </code>

Droits <code>chgrp bind /var/cache/bind/*

Activation

cat /etc/hosts


 127.0.0.1    localhost
 192.168.32.65    primary.zalin.org    lilith
 
 # The following lines are desirable for IPv6 capable hosts
 ::1     localhost ip6-localhost ip6-loopback
 fe00::0 ip6-localnet
 ff00::0 ip6-mcastprefix
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
 ff02::3 ip6-allhosts</code>
 
 /etc/resolv.conf
 <code>
 domain zalin.org
 search zalin.org
 nameserver 192.168.32.65
 nameserver 192.168.1.1
 </code>
 
 /etc/default/bind9

# run resolvconf?
RESOLVCONF=yes
#RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind"

Vérification

Verification de la conf


 named-checkconf /etc/bind/named.conf
 </code>
 Ok si rien n'est retourné

Vérification des zones


 cd /var/cache/bind
 named-checkzone -d zalin.org db.zalin.org
 zone zalin.org/IN: loaded serial 2008012917
 OK
 
 named-checkzone -d 192.168.32.1 rev.zalin.org
 loading "192.168.32.1" from "rev.zalin.org" class "IN"
 zone 192.168.32.1/IN: loaded serial 2008012845
 OK

demarrage

on relance bind9:
invoke-rc.d bind9 restart

On peut verifier le /var/log/syslog que l'on a des entrées valides.

Suite dans la configuration du DHCP : http://nitocris.over-blog.net/article-dhcp-sous-ubuntu-43616397.html

Sens et vitesse du fraisage ou du défoncage

DHCP sous Ubuntu

Commenter cet article