BIND 設定

BIND 基本設定ファイル

# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1;
                            192.168.12.240 ; };
// サーバーの該当インターフェースの53番ポートをリスンする

        listen-on-v6 port 53 { none; };
// 変更 ( IPv6を使わない場合 今回は使用しないので、「none」)

        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost;
                          localnets; };
// 問い合わせを許可する範囲 ( 内部ネットワーク等を指定 )

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;
// DNSsecを無効にする場合は、「no」に変更

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";

        forwarders {
                192.168.12.254 ;
        } ;
// 当DNSが名前解決出来ない時に、問い合わせを行うIP-addressを記載
// ルーター経由接続環境の場合はルーターのIPアドレスを指定

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "sjk-00.local" IN {
        type master ;
        file "sjk.local.lan" ;
};

zone "12.168.192.in-addr.arpa" IN {
        type master ;
        file "sjk.local.rev" ;
};
// DNSゾーン情報ファイルの宣言 （正引きと逆引き）

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

#

# vi /etc/named.conf

// named.conf

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

// See /usr/share/doc/bind*/sample/ for example named configuration files.

options {

listen-on port 53 { 127.0.0.1;

192.168.12.240 ; };

// サーバーの該当インターフェースの53番ポートをリスンする

listen-on-v6 port 53 { none; };

// 変更 ( IPv6を使わない場合今回は使用しないので、「none」)

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost;

localnets; };

// 問い合わせを許可する範囲 ( 内部ネットワーク等を指定 )

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

recursion yes;

dnssec-enable no;

dnssec-validation no;

// DNSsecを無効にする場合は、「no」に変更

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

session-keyfile "/run/named/session.key";

forwarders {

192.168.12.254 ;

} ;

// 当DNSが名前解決出来ない時に、問い合わせを行うIP-addressを記載

// ルーター経由接続環境の場合はルーターのIPアドレスを指定

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

zone "sjk-00.local" IN {

type master ;

file "sjk.local.lan" ;

};

zone "12.168.192.in-addr.arpa" IN {

type master ;

file "sjk.local.rev" ;

};

// DNSゾーン情報ファイルの宣言（正引きと逆引き）

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";