This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_dns [2018/03/16 16:18] val [Настройка сервера зоны обратного преобразования X.168.192.IN-ADDR.ARPA] |
сервис_dns [2020/12/02 15:21] val [Настройка DNS view] |
||
---|---|---|---|
Line 11: | Line 11: | ||
==== nslookup ==== | ==== nslookup ==== | ||
<code> | <code> | ||
+ | $ nslookup | ||
+ | >ya.ru | ||
+ | |||
$ nslookup mx.bmstu.ru | $ nslookup mx.bmstu.ru | ||
Line 72: | Line 75: | ||
==== Настройка рекурсивного, кэширующего DNS сервера ==== | ==== Настройка рекурсивного, кэширующего DNS сервера ==== | ||
+ | |||
+ | === Debian/Ubuntu === | ||
+ | <code> | ||
+ | root@server:~# apt install bind9 | ||
+ | </code> | ||
+ | |||
+ | === CentOS === | ||
+ | |||
+ | * [[https://habr.com/post/245857/|Установка BIND9 DNS на CentOS]] | ||
+ | |||
+ | <code> | ||
+ | # yum install bind bind-utils -y | ||
+ | |||
+ | # systemctl enable named | ||
+ | </code> | ||
=== FreeBSD === | === FreeBSD === | ||
Line 103: | Line 121: | ||
</code> | </code> | ||
- | === Debian/Ubuntu === | + | |
- | <code> | + | |
- | root@server:~# apt install bind9 | + | |
- | </code> | + | |
==== Настройка сервера перенаправляющего запросы на DNS cервер провайдера ==== | ==== Настройка сервера перенаправляющего запросы на DNS cервер провайдера ==== | ||
- | === FreeBSD === | + | === Debian/Ubuntu === |
<code> | <code> | ||
- | server# cat named.conf | + | root@server:~# cat /etc/bind/named.conf.options |
</code><code> | </code><code> | ||
- | options { | ||
... | ... | ||
forwarders { | forwarders { | ||
Line 120: | Line 134: | ||
}; | }; | ||
... | ... | ||
- | }; | + | // dnssec-validation auto; |
... | ... | ||
+ | }; | ||
</code><code> | </code><code> | ||
- | [server:~] # named-checkconf | + | root@server:~# named-checkconf |
- | [server:~] # service named restart | + | root@server:~# service bind9 restart |
</code> | </code> | ||
- | === Debian/Ubuntu === | + | === FreeBSD === |
<code> | <code> | ||
- | root@server:~# cat /etc/bind/named.conf.options | + | server# cat named.conf |
</code><code> | </code><code> | ||
+ | options { | ||
... | ... | ||
forwarders { | forwarders { | ||
Line 137: | Line 153: | ||
}; | }; | ||
... | ... | ||
- | // dnssec-validation auto; | + | }; |
... | ... | ||
- | }; | ||
</code><code> | </code><code> | ||
- | root@server:~# named-checkconf | + | [server:~] # named-checkconf |
- | root@server:~# service bind9 restart | + | [server:~] # service named restart |
</code> | </code> | ||
- | |||
==== Настройка мастер сервера зоны corpX.un ==== | ==== Настройка мастер сервера зоны corpX.un ==== | ||
- | |||
- | === FreeBSD === | ||
- | <code> | ||
- | [server:~] # cd /usr/local/etc/namedb/master/ | ||
- | </code> | ||
=== Debian/Ubuntu === | === Debian/Ubuntu === | ||
<code> | <code> | ||
- | root@server:~# cd /etc/bind/ | + | server# cat /etc/bind/corpX.un |
- | </code> | + | |
- | + | ||
- | === FreeBSD/Debian/Ubuntu === | + | |
- | <code> | + | |
- | server# cat corpX.un | + | |
</code><code> | </code><code> | ||
$TTL 3h | $TTL 3h | ||
Line 171: | Line 175: | ||
server A 192.168.X.10 | server A 192.168.X.10 | ||
gate A 192.168.X.1 | gate A 192.168.X.1 | ||
+ | |||
+ | ;test 1h IN A 192.168.X.10 | ||
;nfs CNAME server | ;nfs CNAME server | ||
Line 177: | Line 183: | ||
;www CNAME server | ;www CNAME server | ||
;user1 CNAME server | ;user1 CNAME server | ||
- | ;smtp CNAME server | + | ;mail CNAME server |
- | ;imap CNAME server | + | |
- | ;pop3 CNAME server | + | |
- | ;ntp CNAME gate | + | ;ntp CNAME gate |
+ | |||
+ | ;proxy A 172.16.1.X | ||
;_sip._udp SRV 0 0 5060 server | ;_sip._udp SRV 0 0 5060 server | ||
+ | |||
;_xmpp-client._tcp SRV 0 0 5222 server | ;_xmpp-client._tcp SRV 0 0 5222 server | ||
;_kerberos._udp SRV 01 00 88 server | ;_kerberos._udp SRV 01 00 88 server | ||
;_kerberos._tcp SRV 01 00 88 server | ;_kerberos._tcp SRV 01 00 88 server | ||
- | ;_kpasswd._udp SRV 01 00 464 server | ||
- | ;_kerberos-adm._tcp SRV 01 00 749 server | ||
;_kerberos TXT CORPX.UN | ;_kerberos TXT CORPX.UN | ||
</code><code> | </code><code> | ||
- | server# named-checkzone corpX.un corpX.un | + | server# named-checkzone corpX.un /etc/bind/corpX.un |
- | </code> | + | |
- | + | ||
- | === FreeBSD === | + | |
- | <code> | + | |
- | server# cat /usr/local/etc/namedb/named.conf | + | |
- | </code><code> | + | |
- | ... | + | |
- | zone "corpX.un" { | + | |
- | type master; | + | |
- | file "/usr/local/etc/namedb/master/corpX.un"; | + | |
- | }; | + | |
- | </code><code> | + | |
- | [server:~] # named-checkconf -z | + | |
- | + | ||
- | [server:~] # service named restart | + | |
</code> | </code> | ||
Line 222: | Line 212: | ||
root@server:~# named-checkconf -z | root@server:~# named-checkconf -z | ||
- | root@server:~# service bind9 restart | + | root@server:~# rndc reload |
</code> | </code> | ||
- | === Проверки FreeBSD/Debian/Ubuntu === | + | === Проверки Debian/Ubuntu === |
<code> | <code> | ||
server# nslookup -q=A server.corpX.un | server# nslookup -q=A server.corpX.un | ||
Line 234: | Line 224: | ||
=== Настройка списка авторитетных серверов на мастер сервере === | === Настройка списка авторитетных серверов на мастер сервере === | ||
- | == FreeBSD == | ||
<code> | <code> | ||
- | [server:~] # cd /usr/local/etc/namedb/master/ | + | server# cat /etc/bind/corpX.un |
- | </code> | + | |
- | + | ||
- | == Debian/Ubuntu == | + | |
- | <code> | + | |
- | root@server:~# cd /etc/bind/ | + | |
- | </code> | + | |
- | + | ||
- | == FreeBSD/Debian/Ubuntu == | + | |
- | <code> | + | |
- | server# cat corpX.un | + | |
</code><code> | </code><code> | ||
$TTL 3h | $TTL 3h | ||
Line 256: | Line 235: | ||
... | ... | ||
</code><code> | </code><code> | ||
- | server# named-checkzone corpX.un corpX.un | + | server# named-checkzone corpX.un /etc/bind/corpX.un |
server# rndc reload | server# rndc reload | ||
Line 263: | Line 242: | ||
=== Настройка вторичного сервера === | === Настройка вторичного сервера === | ||
- | == FreeBSD/Debian/Ubuntu == | ||
<code> | <code> | ||
server# nslookup -q=AXFR compX.un ns.isp.un | server# nslookup -q=AXFR compX.un ns.isp.un | ||
</code> | </code> | ||
- | == FreeBSD == | ||
- | <code> | ||
- | server# cat /usr/local/etc/namedb/named.conf | ||
- | </code><code> | ||
- | ... | ||
- | zone "compX.un" { | ||
- | type slave; | ||
- | file "/usr/local/etc/namedb/slave/compX.un"; | ||
- | masters { | ||
- | 172.16.1.254; | ||
- | }; | ||
- | }; | ||
- | </code><code> | ||
- | [server:~] # named-checkconf | ||
- | |||
- | [server:~] # service named reload | ||
- | |||
- | [server:~] # ls /usr/local/etc/namedb/slave/ | ||
- | </code> | ||
- | |||
- | == Debian/Ubuntu == | ||
<code> | <code> | ||
root@server:~# cat /etc/bind/named.conf.local | root@server:~# cat /etc/bind/named.conf.local | ||
Line 301: | Line 258: | ||
}; | }; | ||
</code><code> | </code><code> | ||
- | root@server:~# named-checkconf | + | root@server:~# named-checkconf -z |
root@server:~# rndc reload | root@server:~# rndc reload | ||
Line 351: | Line 308: | ||
==== Настройка сервера зоны обратного преобразования X.168.192.IN-ADDR.ARPA ==== | ==== Настройка сервера зоны обратного преобразования X.168.192.IN-ADDR.ARPA ==== | ||
- | |||
- | === FreeBSD === | ||
- | <code> | ||
- | [server:~] # cd /usr/local/etc/namedb/master/ | ||
- | </code> | ||
=== Debian/Ubuntu === | === Debian/Ubuntu === | ||
<code> | <code> | ||
- | root@server:~# cd /etc/bind/ | + | server# cat /etc/bind/corpX.rev |
- | </code> | + | |
- | + | ||
- | === FreeBSD/Debian/Ubuntu === | + | |
- | <code> | + | |
- | server# cat corpX.rev | + | |
</code><code> | </code><code> | ||
$TTL 3h | $TTL 3h | ||
Line 374: | Line 321: | ||
10 PTR server.corpX.un. | 10 PTR server.corpX.un. | ||
</code><code> | </code><code> | ||
- | server# named-checkzone X.168.192.IN-ADDR.ARPA corpX.rev | + | server# named-checkzone X.168.192.IN-ADDR.ARPA /etc/bind/corpX.rev |
- | </code> | + | |
- | + | ||
- | === FreeBSD === | + | |
- | <code> | + | |
- | server# cat named.conf | + | |
- | </code><code> | + | |
- | ... | + | |
- | zone "X.168.192.IN-ADDR.ARPA" { | + | |
- | type master; | + | |
- | file "/usr/local/etc/namedb/master/corpX.rev"; | + | |
- | }; | + | |
- | </code><code> | + | |
- | [server:~] # named-checkconf | + | |
- | + | ||
- | [server:~] # service named reload | + | |
</code> | </code> | ||
Line 402: | Line 334: | ||
}; | }; | ||
</code><code> | </code><code> | ||
- | root@server:~# named-checkconf | + | root@server:~# named-checkconf -z |
root@server:~# service bind9 restart | root@server:~# service bind9 restart | ||
Line 418: | Line 350: | ||
Создание файла зоны corpX.un для внутренних и внешних пользователей | Создание файла зоны corpX.un для внутренних и внешних пользователей | ||
- | === FreeBSD === | + | === Debian/Ubuntu === |
- | <code> | + | |
- | [server:~] # cd /usr/local/etc/namedb/master/ | + | |
- | </code> | + | |
- | + | ||
- | === Ubuntu === | + | |
- | <code> | + | |
- | root@server:~# cd /etc/bind/ | + | |
- | </code> | + | |
- | + | ||
- | === FreeBSD/Ubuntu === | + | |
<code> | <code> | ||
- | server# cat corpX.un | + | server# cat /etc/bind/corpX.un |
</code><code> | </code><code> | ||
$TTL 3h | $TTL 3h | ||
Line 438: | Line 360: | ||
MX 1 server | MX 1 server | ||
+ | | ||
+ | A 192.168.X.10 | ||
ns A 192.168.X.10 | ns A 192.168.X.10 | ||
server A 192.168.X.10 | server A 192.168.X.10 | ||
gate A 192.168.X.1 | gate A 192.168.X.1 | ||
+ | |||
... | ... | ||
</code><code> | </code><code> | ||
- | server# cat corpX.un.out | + | server# cat /etc/bind/corpX.un.out |
</code><code> | </code><code> | ||
$TTL 3h | $TTL 3h | ||
Line 453: | Line 378: | ||
MX 1 server | MX 1 server | ||
- | + | ||
+ | A 172.16.1.X | ||
+ | | ||
ns A 172.16.1.X | ns A 172.16.1.X | ||
server A 172.16.1.X | server A 172.16.1.X | ||
gate A 172.16.1.X | gate A 172.16.1.X | ||
+ | |||
+ | mail CNAME server | ||
... | ... | ||
</code> | </code> | ||
Line 462: | Line 391: | ||
Настройка сервера | Настройка сервера | ||
- | === FreeBSD === | ||
- | <code> | ||
- | server# named.conf | ||
- | </code><code> | ||
- | options { | ||
- | ... | ||
- | }; | ||
- | view "inside" { | ||
- | match-clients { | ||
- | 192.168.X/24; | ||
- | 127/8; | ||
- | }; | ||
- | zone "corpX.un" { | ||
- | type master; | ||
- | file "/usr/local/etc/namedb/master/corpX.un"; | ||
- | }; | ||
- | zone "X.168.192.IN-ADDR.ARPA" { | + | === Debian/Ubuntu === |
- | type master; | + | |
- | file "/usr/local/etc/namedb/master/corpX.rev"; | + | |
- | }; | + | |
- | }; | + | |
- | view "outside" { | + | |
- | zone "corpX.un" { | + | |
- | type master; | + | |
- | file "/usr/local/etc/namedb/master/corpX.un.out"; | + | |
- | }; | + | |
- | }; | + | |
- | </code><code> | + | |
- | [server:~] # service named reload | + | |
- | </code> | + | |
- | + | ||
- | === Ubuntu === | + | |
<code> | <code> | ||
- | root@server:~# cat /etc/bind/named.conf.local | + | root@server:~# less /etc/bind/named.conf.local |
</code><code> | </code><code> | ||
zone "corpX.un" { | zone "corpX.un" { | ||
Line 582: | Line 480: | ||
==== Ограничение доступа к DNS серверу ==== | ==== Ограничение доступа к DNS серверу ==== | ||
- | === Ubuntu === | + | === Debian/Ubuntu === |
<code> | <code> | ||
# cat /etc/bind/named.conf.options | # cat /etc/bind/named.conf.options | ||
- | + | </code><code> | |
- | # cat /etc/bind/named.conf.local | + | |
- | </code> | + | |
- | + | ||
- | === FreeBSD === | + | |
- | <code> | + | |
- | # cat named.conf | + | |
- | </code> | + | |
- | + | ||
- | === Ubuntu/FreeBSD === | + | |
- | <code> | + | |
options { | options { | ||
... | ... | ||
Line 601: | Line 489: | ||
... | ... | ||
}; | }; | ||
- | ... | + | </code><code> |
+ | # cat /etc/bind/named.conf.local | ||
+ | </code><code> | ||
zone "corpX.un" { | zone "corpX.un" { | ||
... | ... | ||
Line 607: | Line 497: | ||
... | ... | ||
}; | }; | ||
- | ... | + | </code><code> |
+ | gate.isp.un$ nslookup -q=AXFR corpX.un 192.168.X.10 | ||
</code> | </code> | ||
+ | |||
==== Мониторинг DNS сервера ==== | ==== Мониторинг DNS сервера ==== |