Posted at

CentOS7にbindをインストールしてDNSサーバーにする※chrootは使わない

More than 1 year has passed since last update.


はじめに

自宅内でサーバーマシンにホスト名でアクセスできるように内部DNSを構築します。

ググるとほとんど、namedとnamed-chrootと一緒に使うよう紹介されていますが、内部向けDNSなのでchrootの意味をなさないため、割愛してみます。

グローバルネットワークに公開するDNSであればchroot意味あると思うんですが、内部向け&個人使用ならchroot要らないよね。


bindをインストールする

# yum -y install bind


設定する

※hogehoge.comは適宜変えてください

※IPアドレスも適宜変えてください


/etc/named.conf

//

// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 192.168.0.10; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; localnets; };
allow-query-cache { localhost; localnets; };
empty-zones-enable no;

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";

forwarders {
192.168.0.9;
};
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

view "internal" {
match-clients { localnets; };
match-destinations { localnets; };

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.suebosoft.com.zone";
};



/etc/named/named.hogehoge.com.zone

zone "hogehoge.com" {

type master;
file "hogehoge.com.db";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "0.168.192.in-addr.arpa.db";
};

※ホスト名やらIPアドレスは適宜(ry


/var/named/hogehoge.com.db

$TTL    86400

@ IN SOA hogehoge.com. root.hogehoge.com.(
2017042001 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS hogehoge.com.
IN MX 10 hogehoge.com.
@ IN A 192.168.0.10
kuroko IN A 192.168.0.10
vm001 IN A 192.168.0.13
gray IN A 192.168.0.51
snow IN A 192.168.0.52


/var/named/0.168.192.in-addr.arpa.db

$TTL    86400

@ IN SOA hogehoge.com. root.hogehoge.com.(
2017042001 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS hogehoge.com.
10 IN PTR hogehoge.com.

最後にbindを起動設定します。

# systemctl enable named

# systemctl start named


動作確認する

ローカルネットワークの他のPCのプライマリDNSに先ほどのDNSサーバーのIPアドレスを設定します。

nslookupコマンドでIPアドレスが取得できるか確認します。

$ nslookup kuroko

Server: 192.168.0.10
Address: 192.168.0.10#53

Name: kuroko.hogehoge.com
Address: 192.168.0.10

取得できました。