reference: http://doc.ubuntu-fr.org/bind9
apt-get install bind9 bind9-doc
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
allow-update { none; };
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
allow-update { none; };
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
allow-update { none; };
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
allow-update { none; };
};
include "/etc/bind/named.conf.local";
Puis les configuration locales: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918-192-168";
zone "zalin.org" IN {
type master;
file "/var/cache/bind/db.zalin.org";
; allow-update { none; }; pas de mise à jour dynamique
allow-update { 127.0.0.1; }; permet la mise à jour dynamique à partir du DHCP
};
zone "32.168.192.in-addr.arpa" IN {
type master;
file "/var/cache/bind/rev.zalin.org";
// allow-update { none; }; pas de mise à jour dynamique
allow-update { 127.0.0.1; }; //permet la mise à jour dynamique à partir du DHCP
};
;
L'exclusion des domaine de la rfc 1918 non utlisé:
;
zones.rfc1918-192.168
zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
#zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
;Configuration des options :
/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
forward only;
forwarders { 84.103.237.148; 86.64.145.148; 192.168.1.1; };
allow-recursion { localnets; };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
;
$ORIGIN .
$TTL 86400 ; 1 day
zalin.org IN SOA lilith.zalin.org. root.zalin.org. (
2008012917 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS lilith.zalin.org.
$ORIGIN zalin.org.
dd-wrt A 192.168.32.1 ; routeur entrée
dd2-wrt A 192.168.32.2 ; routeur extension+wifi
BEFSR41v3 A 192.168.32.6 ; Linksys BEFSR41v3
laser A 192.168.32.253 ; serveur d impression
lilith A 192.168.32.65
maria A 192.168.32.64
primary CNAME lilith
quentin A 192.168.32.60
;On netera la presence du "." en fin de FQDN
$TTL 86400 ; 1 day
32.168.192.in-addr.arpa IN SOA lilith.zalin.org. root.zalin.org. (
2008012845 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS lilith.zalin.org.
1 PTR dd-wrt.zalin.org.
2 PTR dd-wrt2.zalin.org.
6 PTR BEFSR41v3.zalin.org.
253 PTR laser.zalin.org.
60 PTR quentin.zalin.org.
64 PTR maria.zalin.org.
65 PTR lilith.zalin.org.
</code>
Droits <code>chgrp bind /var/cache/bind/*
127.0.0.1 localhost
192.168.32.65 primary.zalin.org lilith
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts</code>
/etc/resolv.conf
<code>
domain zalin.org
search zalin.org
nameserver 192.168.32.65
nameserver 192.168.1.1
</code>
/etc/default/bind9
# run resolvconf?
RESOLVCONF=yes
#RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind"
named-checkconf /etc/bind/named.conf
</code>
Ok si rien n'est retourné
cd /var/cache/bind
named-checkzone -d zalin.org db.zalin.org
zone zalin.org/IN: loaded serial 2008012917
OK
named-checkzone -d 192.168.32.1 rev.zalin.org
loading "192.168.32.1" from "rev.zalin.org" class "IN"
zone 192.168.32.1/IN: loaded serial 2008012845
OK
invoke-rc.d bind9 restart
On peut verifier le /var/log/syslog que l'on a des entrées valides.
Suite dans la configuration du DHCP : http://nitocris.over-blog.net/article-dhcp-sous-ubuntu-43616397.html