Bind検証_master/slave構築
過去にbindでのDNSサーバを構築したことはあったけど、そう頻度が高いわけでもなく、最後に触ったのが5年近く前だったので、「named.confを見れば何とかおぼろげながら思い出せるか」というレベル。
とはいえ、直近で触ることになりそうなので、簡単な動作検証ができるよう準備
上図のDNS1/DNS2を所謂「コンテンツサーバ」、DNS3を「フルサービスリゾルバ」として設定し、まずはDNS1/DNS2でmaster/slaveの関係にする。
DNS1 - /etc/named.conf
# cat /etc/named.conf | grep -v -e "^#" -e "^$" -e "^//"
options {
# listen-on port 53 { 127.0.0.1; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion no;
version "unknown";
/* Path to ISC DLV key */
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view TEST {
match-clients { any; };
allow-transfer { 192.168.1.213; };
recursion no;
zone "test.com" IN {
type master;
file "test.com.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
DNS2 - /etc/named.conf
# cat /etc/named.conf | grep -v -e "^#" -e "^$" -e "^//"
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion no;
version "unknown";
/* Path to ISC DLV key */
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view TEST {
match-clients { any; };
recursion no;
zone "test.com" IN {
type slave;
masters { 192.168.1.212; };
file "slaves/test.com.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
DNS1 - /var/named/
# cat /var/named/test.com.zone
$ORIGIN .
$TTL 10800
test.com IN SOA ns.test.com root.localhost (
2016071001 ; serial
28800 ; refresh(8H)
14400 ; retry(4H)
3600 ; expire(1H)
60 ; minimum(1M)
)NS ns.test.com
$ORIGIN test.com.
www1 CNAME www
www A 192.168.1.212
ns A 192.168.1.212
DNS1のnamed.confのチェック → エラーなし
# named-checkconf /etc/named.conf
#
DNS1のZoneチェック → エラーなし
# named-checkzone test.com /var/named/test.com.zone
zone test.com/IN: loaded serial 2016071001
OK
DNS1/2のbindを起動し、DNS2側で確認
DNS2
# dig @localhost test.com any
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> @localhost test.com any
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26925
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available;; QUESTION SECTION:
;test.com. IN ANY;; ANSWER SECTION:
test.com. 10800 IN SOA ns.test.com. root.localhost. 2016071001 28800 14400 3600 3600
test.com. 10800 IN NS ns.test.com.;; ADDITIONAL SECTION:
ns.test.com. 10800 IN A 192.168.1.212;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul 10 13:13:35 2016
;; MSG SIZE rcvd: 109
とりあえずは最低限のコンテンツサーバとしての設定は終わり。
フルサービスリゾルバを立てての確認は別途
