DNS Bind9 設定教學 首先設定named.conf.options hckao@mail:/etc/bind$ sudo cat named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { any; }; }; 接著設定zone,一個domain還包含正解和反解,所以會有兩個以上的zone。可以把zone的設定寫在named.conf.local底下。 hckao@mail:/etc/bind$ sudo cat named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "laserman.tw" { type master; file "/etc/bind/db.laserman1"; }; zone "209.133.220.in-addr.arpa" { type master; file "/etc/bind/220.133.209.rev"; }; hckao@mail:/etc/bind$ =============================================================== hckao@mail:/etc/bind$ sudo cat db.laserman1 sudo cat db.laserman1 $TTL 120 ; @ IN SOA dns.laserman.tw. hc.kao1.gmail.com. ( 2022081502; 600; 900; 86400; 120); ; @ IN NS dns.laserman.tw.; @ IN NS dns1.laserman.tw.; @ 3600 IN MX 1 mail.laserman.tw.; @ 3600 IN MX 10 mail2.laserman.tw.; dns.laserman.tw. IN A 220.133.209.15; dns1.laserman.tw. IN A 220.134.245.198; www.laserman.tw. IN A 220.134.245.198; mail.laserman.tw. IN A 220.133.209.15; mail2.laserman.tw. IN A 220.134.245.198; =============================================================== hckao@mail:/etc/bind$ sudo cat 220.133.209.rev sudo cat 220.133.209.rev $TTL 120 ;指定SOA紀錄 @ IN SOA dns.laserman.tw. webadmin.laserman.tw. ( 2022081503 1800 900 86400 3600 ) ; ;指定NS紀錄,SOA跟NS的寫法都跟正解一樣 @ IN NS dns.laserman.tw. @ IN NS dns1.laserman.tw. ;指定PTR紀錄,反解裡面就只有PTR紀錄,說明IP要對應到哪個名稱 15.209.133.220.in-addr.arpa. IN PTR dns.laserman.tw. ;注意最前面的IP順序是相反的 15 IN PTR dns.laserman.tw. ;也可以用簡寫,只寫IP最後一碼即可,但注意簡寫後面不可加. =============================================================== 以下是新店機器反查的設定 hckao@sounding:/etc/bind$ sudo cat 220.134.245.rev $TTL 120 ;指定SOA紀錄 @ IN SOA dns.laserman.tw. webadmin.laserman.tw. ( 2022081505 1800 900 86400 3600 ) ; ;指定NS紀錄,SOA跟NS的寫法都跟正解一樣 @ IN NS dns.laserman.tw. @ IN NS dns1.laserman.tw. ;▒▒ 198.245.134.220.in-addr.arpa. IN PTR dns1.laserman.tw. ;注 198 IN PTR dns.laserman.tw. ;▒ hckao@sounding:/etc/bind$ =============================================================== =============================================================== 一些指令 sudo systemctl reload bind9 sudo systemctl status named.service sudo systemctl status bind9 下指令去檢查 db.laserman1 sudo named-checkzone laserman.tw. /etc/bind/db.laserman1 結果如下 zone laserman.tw/IN: loaded serial 2022081505 OK =============================================================== 檢查結果 hckao@sounding:/etc/bind$ sudo systemctl status bind9 * bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2022-08-15 12:10:36 CST; 10min ago Docs: man:named(8) Process: 22213 ExecReload=/usr/sbin/rndc reload (code=exited, status=0/SUCCESS) Main PID: 21966 (named) Tasks: 7 (limit: 1081) CGroup: /system.slice/bind9.service `-21966 /usr/sbin/named -f -u bind Aug 15 12:21:23 sounding named[21966]: configuring command channel from '/etc/bind/rndc.key' Aug 15 12:21:23 sounding named[21966]: reloading configuration succeeded Aug 15 12:21:23 sounding named[21966]: reloading zones succeeded Aug 15 12:21:23 sounding named[21966]: zone 245.134.220.in-addr.arpa/IN: loaded serial 2022081505 Aug 15 12:21:23 sounding named[21966]: zone 245.134.220.in-addr.arpa/IN: sending notifies (serial 2022081505) Aug 15 12:21:23 sounding named[21966]: zone laserman.tw/IN: loaded serial 2022081504 Aug 15 12:21:23 sounding named[21966]: all zones loaded Aug 15 12:21:23 sounding named[21966]: running Aug 15 12:21:23 sounding named[21966]: zone laserman.tw/IN: sending notifies (serial 2022081504) Aug 15 12:21:24 sounding named[21966]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted =============================================================== 2022-08-15下午有修改 named.conf.optionso 內容如下 options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { 8.8.8.8; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { any; }; #####就是 forwareers 後面有改 ===============================================================