読者です 読者をやめる 読者になる 読者になる

computerの日記

Cisco,shell,qt,c++,Linux,ネットワーク,windows scriptなどの発言です

DNSサーバを立ち上げて、家庭内でやってみた

さて、久しぶりにDNSを内向きで立ててみた。

#vim /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
allow-query { 192.168.0.0/24; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
//include "/etc/named.rfc1912.zones";
//match-clients { localhost; localnets; };
//recursion yes;
zone "intrajp-yokosuka.co.jp" IN {
type master;
file "intrajp-yokosuka.co.jp.lan";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.in-addr.arpa.db";
allow-update { none; };
};

include "/etc/named.root.key";

#vim /var/named/chroot/var/named/intrajp-yokosuka.co.jp.lan

$TTL 86400
@ IN SOA intrajp-yokosuka.co.jp. root.intrajp-yokosuka.co.jp.(
2011010100 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; negative (1 day)
)
IN NS intrajp-yokosuka.co.jp.
IN MX 10 intrajp-yokosuka.co.jp.
IN A 192.168.0.38
client1 IN A 192.168.0.2
client2 IN A 192.168.0.3
client3 IN A 192.168.0.4
fedora IN CNAME intrajp-yokosuka.co.jp.
www IN CNAME intrajp-yokosuka.co.jp.

#vim 0.168.192.in-addr.arpa.db

$TTL 86400
@ IN SOA intrajp-yokosuka.co.jp. root.intrajp-yokosuka.co.jp.(
2011010100 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; negative (1 day)
)
IN NS intrajp-yokosuka.co.jp.
38 IN PTR intrajp-yokosuka.co.jp.
2 IN PTR client1.intrajp-yokosuka.co.jp.
3 IN PTR client2.intrajp-yokosuka.co.jp.
4 IN PTR client3.intrajp-yokosuka.co.jp.

#vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
HWADDR=00:1F:C6:A7:48:C3
NM_CONTROLLED=yes
ONBOOT=yes
#BOOTPROTO=dhcp
BOOTPROTO=static
IPADDR=192.168.0.38
BROADCAST=192.168.0.255
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
#DNS1=192.168.0.1
DNS2=192.168.0.38
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
PREFIX=24

#shutdown -r now

# dig intrajp-yokosuka.co.jp

; <<>> DiG 9.7.2-P2-RedHat-9.7.2-2.P2.fc14 <<>> intrajp-yokosuka.co.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 706
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;intrajp-yokosuka.co.jp. IN A

;; ANSWER SECTION:
intrajp-yokosuka.co.jp. 86400 IN A 192.168.0.38

;; AUTHORITY SECTION:
intrajp-yokosuka.co.jp. 86400 IN NS intrajp-yokosuka.co.jp.

;; Query time: 0 msec
;; SERVER: 192.168.0.38#53(192.168.0.38)
;; WHEN: Sat Jan 1 12:02:57 2011
;; MSG SIZE rcvd: 70

#dig google.com

[root@server ~]# dig google.com

; <<>> DiG 9.7.2-P2-RedHat-9.7.2-2.P2.fc14 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38736
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 300 IN A 66.249.89.99
google.com. 300 IN A 66.249.89.104

;; AUTHORITY SECTION:
google.com. 172489 IN NS ns2.google.com.
google.com. 172489 IN NS ns3.google.com.
google.com. 172489 IN NS ns1.google.com.
google.com. 172489 IN NS ns4.google.com.

;; Query time: 48 msec
;; SERVER: 192.168.0.38#53(192.168.0.38)
;; WHEN: Sat Jan 1 12:08:31 2011
;; MSG SIZE rcvd: 132

Windows端末の優先DNSサーバも、Linuxサーバと一緒にする。この場合、192.168.0.38
代替サーバを192.168.0.1にして、ルータからももらえるようにしておく。
Windowsで、
nslookup
すると、サーバがLinuxが出ればよい。
LinuxサーバをDNSにして、インターネットの名前解決ができる。