User Tools
сервис_dns
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
сервис_dns [2018/03/16 16:18] val [Настройка сервера зоны обратного преобразования X.168.192.IN-ADDR.ARPA] |
сервис_dns [2020/11/09 15:04] val [Настройка мастер сервера зоны corpX.un] |
||
|---|---|---|---|
| Line 72: | Line 72: | ||
| ==== Настройка рекурсивного, кэширующего DNS сервера ==== | ==== Настройка рекурсивного, кэширующего DNS сервера ==== | ||
| + | |||
| + | === Debian/Ubuntu === | ||
| + | <code> | ||
| + | root@server:~# apt install bind9 | ||
| + | </code> | ||
| + | |||
| + | === CentOS === | ||
| + | |||
| + | * [[https://habr.com/post/245857/|Установка BIND9 DNS на CentOS]] | ||
| + | |||
| + | <code> | ||
| + | # yum install bind bind-utils -y | ||
| + | |||
| + | # systemctl enable named | ||
| + | </code> | ||
| === FreeBSD === | === FreeBSD === | ||
| Line 103: | Line 118: | ||
| </code> | </code> | ||
| - | === Debian/Ubuntu === | + | |
| - | <code> | + | |
| - | root@server:~# apt install bind9 | + | |
| - | </code> | + | |
| ==== Настройка сервера перенаправляющего запросы на DNS cервер провайдера ==== | ==== Настройка сервера перенаправляющего запросы на DNS cервер провайдера ==== | ||
| - | === FreeBSD === | + | === Debian/Ubuntu === |
| <code> | <code> | ||
| - | server# cat named.conf | + | root@server:~# cat /etc/bind/named.conf.options |
| </code><code> | </code><code> | ||
| - | options { | ||
| ... | ... | ||
| forwarders { | forwarders { | ||
| Line 120: | Line 131: | ||
| }; | }; | ||
| ... | ... | ||
| - | }; | + | // dnssec-validation auto; |
| ... | ... | ||
| + | }; | ||
| </code><code> | </code><code> | ||
| - | [server:~] # named-checkconf | + | root@server:~# named-checkconf |
| - | [server:~] # service named restart | + | root@server:~# service bind9 restart |
| </code> | </code> | ||
| - | === Debian/Ubuntu === | + | === FreeBSD === |
| <code> | <code> | ||
| - | root@server:~# cat /etc/bind/named.conf.options | + | server# cat named.conf |
| </code><code> | </code><code> | ||
| + | options { | ||
| ... | ... | ||
| forwarders { | forwarders { | ||
| Line 137: | Line 150: | ||
| }; | }; | ||
| ... | ... | ||
| - | // dnssec-validation auto; | + | }; |
| ... | ... | ||
| - | }; | ||
| </code><code> | </code><code> | ||
| - | root@server:~# named-checkconf | + | [server:~] # named-checkconf |
| - | root@server:~# service bind9 restart | + | [server:~] # service named restart |
| </code> | </code> | ||
| - | |||
| ==== Настройка мастер сервера зоны corpX.un ==== | ==== Настройка мастер сервера зоны corpX.un ==== | ||
| - | |||
| - | === FreeBSD === | ||
| - | <code> | ||
| - | [server:~] # cd /usr/local/etc/namedb/master/ | ||
| - | </code> | ||
| === Debian/Ubuntu === | === Debian/Ubuntu === | ||
| <code> | <code> | ||
| - | root@server:~# cd /etc/bind/ | + | server# cat /etc/bind/corpX.un |
| - | </code> | + | |
| - | + | ||
| - | === FreeBSD/Debian/Ubuntu === | + | |
| - | <code> | + | |
| - | server# cat corpX.un | + | |
| </code><code> | </code><code> | ||
| $TTL 3h | $TTL 3h | ||
| Line 171: | Line 172: | ||
| server A 192.168.X.10 | server A 192.168.X.10 | ||
| gate A 192.168.X.1 | gate A 192.168.X.1 | ||
| + | |||
| + | ;test 1h IN A 192.168.X.10 | ||
| ;nfs CNAME server | ;nfs CNAME server | ||
| Line 192: | Line 195: | ||
| ;_kerberos TXT CORPX.UN | ;_kerberos TXT CORPX.UN | ||
| </code><code> | </code><code> | ||
| - | server# named-checkzone corpX.un corpX.un | + | server# named-checkzone corpX.un /etc/bind/corpX.un |
| - | </code> | + | |
| - | + | ||
| - | === FreeBSD === | + | |
| - | <code> | + | |
| - | server# cat /usr/local/etc/namedb/named.conf | + | |
| - | </code><code> | + | |
| - | ... | + | |
| - | zone "corpX.un" { | + | |
| - | type master; | + | |
| - | file "/usr/local/etc/namedb/master/corpX.un"; | + | |
| - | }; | + | |
| - | </code><code> | + | |
| - | [server:~] # named-checkconf -z | + | |
| - | + | ||
| - | [server:~] # service named restart | + | |
| </code> | </code> | ||
| Line 222: | Line 210: | ||
| root@server:~# named-checkconf -z | root@server:~# named-checkconf -z | ||
| - | root@server:~# service bind9 restart | + | root@server:~# rndc reload |
| </code> | </code> | ||
| - | === Проверки FreeBSD/Debian/Ubuntu === | + | === Проверки Debian/Ubuntu === |
| <code> | <code> | ||
| server# nslookup -q=A server.corpX.un | server# nslookup -q=A server.corpX.un | ||
| Line 234: | Line 222: | ||
| === Настройка списка авторитетных серверов на мастер сервере === | === Настройка списка авторитетных серверов на мастер сервере === | ||
| - | == FreeBSD == | ||
| - | <code> | ||
| - | [server:~] # cd /usr/local/etc/namedb/master/ | ||
| - | </code> | ||
| - | |||
| - | == Debian/Ubuntu == | ||
| - | <code> | ||
| - | root@server:~# cd /etc/bind/ | ||
| - | </code> | ||
| - | |||
| - | == FreeBSD/Debian/Ubuntu == | ||
| <code> | <code> | ||
| - | server# cat corpX.un | + | server# cat /etc/bind/corpX.un |
| </code><code> | </code><code> | ||
| $TTL 3h | $TTL 3h | ||
| Line 256: | Line 233: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | server# named-checkzone corpX.un corpX.un | + | server# named-checkzone corpX.un /etc/bind/corpX.un |
| server# rndc reload | server# rndc reload | ||
| Line 263: | Line 240: | ||
| === Настройка вторичного сервера === | === Настройка вторичного сервера === | ||
| - | == FreeBSD/Debian/Ubuntu == | ||
| <code> | <code> | ||
| server# nslookup -q=AXFR compX.un ns.isp.un | server# nslookup -q=AXFR compX.un ns.isp.un | ||
| </code> | </code> | ||
| - | == FreeBSD == | ||
| - | <code> | ||
| - | server# cat /usr/local/etc/namedb/named.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | zone "compX.un" { | ||
| - | type slave; | ||
| - | file "/usr/local/etc/namedb/slave/compX.un"; | ||
| - | masters { | ||
| - | 172.16.1.254; | ||
| - | }; | ||
| - | }; | ||
| - | </code><code> | ||
| - | [server:~] # named-checkconf | ||
| - | |||
| - | [server:~] # service named reload | ||
| - | |||
| - | [server:~] # ls /usr/local/etc/namedb/slave/ | ||
| - | </code> | ||
| - | |||
| - | == Debian/Ubuntu == | ||
| <code> | <code> | ||
| root@server:~# cat /etc/bind/named.conf.local | root@server:~# cat /etc/bind/named.conf.local | ||
| Line 301: | Line 256: | ||
| }; | }; | ||
| </code><code> | </code><code> | ||
| - | root@server:~# named-checkconf | + | root@server:~# named-checkconf -z |
| root@server:~# rndc reload | root@server:~# rndc reload | ||
| Line 351: | Line 306: | ||
| ==== Настройка сервера зоны обратного преобразования X.168.192.IN-ADDR.ARPA ==== | ==== Настройка сервера зоны обратного преобразования X.168.192.IN-ADDR.ARPA ==== | ||
| - | |||
| - | === FreeBSD === | ||
| - | <code> | ||
| - | [server:~] # cd /usr/local/etc/namedb/master/ | ||
| - | </code> | ||
| === Debian/Ubuntu === | === Debian/Ubuntu === | ||
| <code> | <code> | ||
| - | root@server:~# cd /etc/bind/ | + | server# cat /etc/bind/corpX.rev |
| - | </code> | + | |
| - | + | ||
| - | === FreeBSD/Debian/Ubuntu === | + | |
| - | <code> | + | |
| - | server# cat corpX.rev | + | |
| </code><code> | </code><code> | ||
| $TTL 3h | $TTL 3h | ||
| Line 374: | Line 319: | ||
| 10 PTR server.corpX.un. | 10 PTR server.corpX.un. | ||
| </code><code> | </code><code> | ||
| - | server# named-checkzone X.168.192.IN-ADDR.ARPA corpX.rev | + | server# named-checkzone X.168.192.IN-ADDR.ARPA /etc/bind/corpX.rev |
| - | </code> | + | |
| - | + | ||
| - | === FreeBSD === | + | |
| - | <code> | + | |
| - | server# cat named.conf | + | |
| - | </code><code> | + | |
| - | ... | + | |
| - | zone "X.168.192.IN-ADDR.ARPA" { | + | |
| - | type master; | + | |
| - | file "/usr/local/etc/namedb/master/corpX.rev"; | + | |
| - | }; | + | |
| - | </code><code> | + | |
| - | [server:~] # named-checkconf | + | |
| - | + | ||
| - | [server:~] # service named reload | + | |
| </code> | </code> | ||
| Line 402: | Line 332: | ||
| }; | }; | ||
| </code><code> | </code><code> | ||
| - | root@server:~# named-checkconf | + | root@server:~# named-checkconf -z |
| root@server:~# service bind9 restart | root@server:~# service bind9 restart | ||
| Line 418: | Line 348: | ||
| Создание файла зоны corpX.un для внутренних и внешних пользователей | Создание файла зоны corpX.un для внутренних и внешних пользователей | ||
| - | === FreeBSD === | + | === Debian/Ubuntu === |
| - | <code> | + | |
| - | [server:~] # cd /usr/local/etc/namedb/master/ | + | |
| - | </code> | + | |
| - | + | ||
| - | === Ubuntu === | + | |
| - | <code> | + | |
| - | root@server:~# cd /etc/bind/ | + | |
| - | </code> | + | |
| - | + | ||
| - | === FreeBSD/Ubuntu === | + | |
| <code> | <code> | ||
| - | server# cat corpX.un | + | server# cat /etc/bind/corpX.un |
| </code><code> | </code><code> | ||
| $TTL 3h | $TTL 3h | ||
| Line 438: | Line 358: | ||
| MX 1 server | MX 1 server | ||
| + | | ||
| + | A 192.168.X.10 | ||
| ns A 192.168.X.10 | ns A 192.168.X.10 | ||
| Line 444: | Line 366: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | server# cat corpX.un.out | + | server# cat /etc/bind/corpX.un.out |
| </code><code> | </code><code> | ||
| $TTL 3h | $TTL 3h | ||
| Line 453: | Line 375: | ||
| MX 1 server | MX 1 server | ||
| - | + | ||
| + | A 172.16.1.X | ||
| + | | ||
| ns A 172.16.1.X | ns A 172.16.1.X | ||
| server A 172.16.1.X | server A 172.16.1.X | ||
| Line 462: | Line 386: | ||
| Настройка сервера | Настройка сервера | ||
| - | === FreeBSD === | ||
| - | <code> | ||
| - | server# named.conf | ||
| - | </code><code> | ||
| - | options { | ||
| - | ... | ||
| - | }; | ||
| - | view "inside" { | ||
| - | match-clients { | ||
| - | 192.168.X/24; | ||
| - | 127/8; | ||
| - | }; | ||
| - | zone "corpX.un" { | ||
| - | type master; | ||
| - | file "/usr/local/etc/namedb/master/corpX.un"; | ||
| - | }; | ||
| - | zone "X.168.192.IN-ADDR.ARPA" { | + | === Debian/Ubuntu === |
| - | type master; | + | |
| - | file "/usr/local/etc/namedb/master/corpX.rev"; | + | |
| - | }; | + | |
| - | }; | + | |
| - | view "outside" { | + | |
| - | zone "corpX.un" { | + | |
| - | type master; | + | |
| - | file "/usr/local/etc/namedb/master/corpX.un.out"; | + | |
| - | }; | + | |
| - | }; | + | |
| - | </code><code> | + | |
| - | [server:~] # service named reload | + | |
| - | </code> | + | |
| - | + | ||
| - | === Ubuntu === | + | |
| <code> | <code> | ||
| - | root@server:~# cat /etc/bind/named.conf.local | + | root@server:~# less /etc/bind/named.conf.local |
| </code><code> | </code><code> | ||
| zone "corpX.un" { | zone "corpX.un" { | ||
| Line 582: | Line 475: | ||
| ==== Ограничение доступа к DNS серверу ==== | ==== Ограничение доступа к DNS серверу ==== | ||
| - | === Ubuntu === | + | === Debian/Ubuntu === |
| <code> | <code> | ||
| # cat /etc/bind/named.conf.options | # cat /etc/bind/named.conf.options | ||
| - | + | </code><code> | |
| - | # cat /etc/bind/named.conf.local | + | |
| - | </code> | + | |
| - | + | ||
| - | === FreeBSD === | + | |
| - | <code> | + | |
| - | # cat named.conf | + | |
| - | </code> | + | |
| - | + | ||
| - | === Ubuntu/FreeBSD === | + | |
| - | <code> | + | |
| options { | options { | ||
| ... | ... | ||
| Line 601: | Line 484: | ||
| ... | ... | ||
| }; | }; | ||
| - | ... | + | </code><code> |
| + | # cat /etc/bind/named.conf.local | ||
| + | </code><code> | ||
| zone "corpX.un" { | zone "corpX.un" { | ||
| ... | ... | ||
| Line 607: | Line 492: | ||
| ... | ... | ||
| }; | }; | ||
| - | ... | + | </code><code> |
| + | gate.isp.un$ nslookup -q=AXFR corpX.un 192.168.X.10 | ||
| </code> | </code> | ||
| + | |||
| ==== Мониторинг DNS сервера ==== | ==== Мониторинг DNS сервера ==== | ||
сервис_dns.txt · Last modified: 2023/10/28 16:07 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
