DAY1 : 必要最小限の設定

Linux Basic/Master で行った内容の復習となります。
各人のドメインが異なるよう、PCのIPアドレスをもとに la.net 配下のサブドメインを 定義します。

DNS設定ファイル (/etc/named.conf)

インストール直後の named.conf は以下のようになります。 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
	listen-on port 53 { 127.0.0.1; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; };

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
以下が個別に追加した例 
// Generate by ./dnssetup 20160626172736
// Private zone file
// Full domain name
zone	"t020144.la.net"	IN {
	type	master;
	file	"t033030.zone";
};

// Relative domaine name
zone	"ycos.net"	IN {
	type	master;
	file	"ycos.zone";
};

// Slave sampel domain
zone	"la.net"	IN {
	type	slave;
	file	"slaves/lanet.zone";
	masters	{ 10.20.250.1; };
};

// Reverse lookup
zone	"144.20.10.in-addr.arpa" IN {
	type	master;
	file	"ycos.arpa";
};
ゾーン転送で受信したファイルは、パフォーマンスとセキュリティを考慮し バイナリ形式になっている。
テキスト形式にするには当該 zone 句内に以下を追加する。 
	masterfile-format  text;

正引きゾーンファイル (/var/named/t033030.zone)

$TTL	86400
t033030.la.net.		IN SOA ns.t033030.la.net. root.t033030.la.net. (
                                2013062302      ; serial (d. adams)
                                3H              ; refresh
                                15M             ; retry
                                1W              ; expiry
                                1D )            ; minimum
t033030.la.net.		IN	NS	ns.t033030.la.net.
t033030.la.net.		IN	MX	10	smtp.t033030.la.net.
ns.t033030.la.net.	IN	A	10.20.33.30
smtp.t033030.la.net.	IN	A	10.20.33.30
h030.t033030.la.net.	IN	A	10.20.33.30
www.t033030.la.net.	IN	CNAME	h030.t033030.la.net.

関連項目