Bi vit ny gii thiu cch dng bind cu hnh DNS cho my linux. Ch rng cu hnh bind (named.

conf v
zone file) khng ph thuc vo h iu hnh, c th dng nhng file cu hnh ny cho nhng HH khc ngoi linux.
Cu hnh ny c kim tra trnlinux (RH 9, FC 1, TSL 2.1), FreeBSD (R-5.1) v Solaris (8).
Ch : y l cu hnh khng chroot. Xem bind-chroot phn "Tham kho, thng tin thm".
Phn 1: Ci t
Compile t source (xem http://www.isc.org/index.pl?/sw/bind/), hoc dng binary gi sn cho mi distro.
Ring cho ngi dng FC:
Code:
###-------------------------------------------------------------// t RPM
rpm -ivh bind-version***.rpm
rpm -ivh caching-nameserver-version***.rpm

// ang ni internet
yum install bind caching-nameserver
###------------------------------------------------------------Ring cho ngi dng Trustix
swup --install bind caching-nameserver
Phn 2: Caching nameserver
Phn ny ghi cch lm "caching name server", mt kiu DNS n gin, thch hp cho nhng ai tp lm DNS ln u
tin, hoc nhng ai mun lm DNS cho my c nhn. Theo cu hnh ny, mi khi c yu cu (query) v thng tin
DNS, server s tm kim theo th t: 1) d liu trong b m (cache), nu khng c hoc d liu ht hn th 2)
hi DNS cp cao nht (root server).
Nhng file cn thit
1. /etc/named.conf: file cu hnh DNS
2. /var/named/named.ca: danh sch root server
3. /var/named/localhost.zone: localhost zone file
4. /var/named/0.0.127.rev: localhost reverse zone file
Ring cho ngi dng FC: Nhng file ghi trn c trong gi caching-nameserver-***.rpm
Chun b file /etc/named.conf nh sau
Code:
###---------------------------------------------------------------------acl localnet {
127.0.0.1;
};
options {
// ni t zone files
directory "/var/named";

// ch dng trong mng localnet

allow-transfer { localnet; };
allow-query { localnet; };
};
controls {
inet 127.0.0.1
allow { localhost; }
keys { rndckey; };
};
zone "." IN {
// hi root server
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "0.0.127.rev";
allow-update { none; };
};
include "/etc/rndc.key";
###----------------------------------------------------------------tip theo, copy file named.ca vo /var/named. File named.ca l danh sch tt c nhng DNS rootserver, thng
c km sn trong phn mm bind. Ngoi ra, c th download file named.ca http://www.root-servers.org (xem
phn tham kho).
son file localhost.zone v copy vo /var/named

Code:
###----------------------------------------------------------------$TTL

86400

$ORIGIN localhost.

1D IN SOA

@ root (

42

; serial (d. adams)

3H

; refresh

15M

; retry

1W

; expiry

1D )

; minimum

1D IN NS

1D IN A

127.0.0.1

###-------------------------------------------------------------------son file 0.0.127.rev v copy vo /var/named

Code:
###------------------------------------------------------------------$TTL

86400

IN

SOA

localhost. root.localhost.

1997022700

IN
1

IN

; Serial

28800

; Refresh

14400

; Retry

3600000

; Expire

86400 )

; Minimum

NS
PTR

localhost.
localhost.

###-----------------------------------------------------------

xong khi ng DNS daemon.

Cho ngi dng FC:
1. khi ng: /etc/init.d/named start
2. v d v script khi ng c trong gi bind-***.rpm
Cch s dng: son file /etc/resolve.conf c ni dung nh sau
# dng my DNS server, khng cn DNS server ca ISP
Code:
nameserver 127.0.0.1
sau th mt vi query. Nu thy kt qu nh sau y, DNS server ca bn hot ng.
###-----------------------------------------------------// th localhost
$ host localhost.
Code:
localhost has address 127.0.0.1
$ host 127.0.0.1
Code:
1.0.0.127.in-addr.arpa domain name pointer

localhost.

// th internet
$nslookup www.google.com
Code:
Server:
Address:

127.0.0.1
127.0.0.1#53

Non-authoritative answer:
www.google.com
Name:

canonical name = www.google.akadns.net.

www.google.akadns.net

Address: 66.102.9.104
Name:

www.google.akadns.net

Address: 66.102.9.99
###----------------------------------------------------------Phn 3:Authoritative server v zone file
Phn ny ghi cch cu hnh mt DNS server cho domain "domain.name", c th query t bt k my no trong LAN.
Gi s IP ca DNS server l 192.168.1.1, phc v cho LAN 192.168.1.0/24.

Cu hnh ny cng c th dng phc v nhng query t internet, nu DNS server c interface mang a ch global
IP. Do s an ton thng tin v s r rng trong cu hnh c ch trng (c bit s dng "view statement").
Chun b file /etc/named.conf
Code:
###---------------------------------------------------------acl localnet {
127.0.0.1;
192.168.1.0/24; // private IP
};
options {
directory "/var/named";
allow-transfer { localnet; };
allow-query { localnet; };
version ""; // hide the version
};
controls {
inet 127.0.0.1
allow { localhost; }
keys { rndckey; };
};
// khng log nhng lame-server
logging {
category lame-servers { null; };
};

// phc v localnet
// localnet gm nhng my nh ngha bng "acl localnet"
view "internal" {
match-clients { localnet; };
recursion yes;
zone "." IN {

// hi root server
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "0.0.127.rev";
allow-update { none; };
};
zone "domain.name" IN {
type master;
file "internal/domain.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "internal/1.168.192.rev";
allow-update { none; };
};
};

// phc v nhng client khng thuc localnet (v d internet)

view "global" {
match-clients { any; };
allow-query { any; };
// server ny ch tr li query v domain.name
recursion no;
// ---------------------------// nhng dng sau y ch s dng vi "recursion yes;"

// tr li c nhng query v nhng domain khc

// bng cch hi root DNS servers
// zone "." IN {
//
type hint;
//
file "named.ca";
// };
// ---------------------------zone "domain.name" IN {
type master;
file "global/domain.zone";
allow-update { none; };
};
};
###---------------------------------------------------------Nhng zone file cn thit: (/var/named/internal/)mydomain.zone, 1.168.192.rev; (/var/named/global/)mydomain.zone
domain.zone (internal):
Code:
###------------------------------------------------$TTL

86400

$ORIGIN

domain.name.

@ IN SOA ns.domain.name. dnsmaster.domain.name. (

2003051100
3H

; tng (v d +1) khi thay i thng tin

; update thng tin t master server

3600

; lm li, nu khng connect c vi master

1W

; thi hn gi thng tin ca slave

1D )

; thi hn cache ca client, gim -1 mi giy

IN

192.168.1.1

IN

MX

10 mail.domain.name.

IN

NS

ns.domain.name.

localhost

mail

IN

A 127.0.0.1

IN

ntp

IN

www

IN

CNAME

192.168.1.3
192.168.1.10
Chibi.domain.name.

Chibi

IN
IN

HINFO

192.168.1.99
" linux" "P3 500MHz, RAM 128 MB"

Monster

IN
A
192.168.1.100
IN
HINFO
" linux" "Quad Itanium2 1.5G, 32G DDR SDRAM"
###------------------------------------------------------------------

file 1.168.192.rev (internal)

###-------------------------------------------------------------------$TTL
86400
$ORIGIN 1.168.192.IN-ADDR.ARPA.
@ IN
SOA
ns.domain.name. dnsmaster.domain.name. (
2003051500
; Serial
10800
; Refresh after 3 hours
3600
; Retry after 1 hour
604800
; Expire after 1 week
86400 )
; Minimum TTL of 1 day, negative cache
IN

NS

ns.domain.name.

1
IN
PTR
hydro.domain.name.
2
IN
PTR
heli.domain.name.
###---------------------------------------------------------------Nhng zone file th mc global: hon ton tng t.
Cch s dng
// ch nh DNS server: son file /etc/resolve.conf nh sau
Code:
search domain.name
nameserver 192.168.1.1
sau th mt vi query. Nu thy kt qu nh sau y, DNS server ca bn hot ng.
###--------------------------------------------------------------// th localhost
$ host localhost
Code:
localhost.domain.name has address 127.0.0.1
// th zone file
$ host mail
Code:
mail.domain.name has address 192.168.1.3
$ host -t hinfo chibi
chibi.domain.name host information " linux" "P3 500MHz, RAM 128 MB"
// th reverse zone
$ host 192.168.1.2

Code:
2.17.168.192.in-addr.arpa domain name pointer

heli.domain.name.

// th internet
$ dig www.google.com soa
// s thy kt qu
; DiG *.*.* www.google.com soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7662
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com.
IN
;; ANSWER SECTION:
www.google.com.

SOA
820

IN

CNAME

www.google.akadns.net.

;; AUTHORITY SECTION:
google.akadns.net.
821
IN
SOA
asia3.akam.net.
hostmaster.akamai.com. 1091842826 3600 300 172800 900
;; Query time: 7 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: *****
;; MSG SIZE rcvd: 132
###-----------------------------------------------------------Phn 4: Master, slave DNS server
Cu hnh master/slave DNS server thng ch cn thit cho nhng h thng c yu cu v tnh an ton v n nh,
cho nhng h thng c ln.
Ch : phn bit master/slave DNS server vi primary/secondary DNS server!
Code:
Master server (IP 192.168.1.1) ca domain.name

zone "domain.name" IN {
type master;
file "internal/domain.zone";
};

Slave server (IP 192.168.1.2) ca domain.name

zone "domain.name" IN {
type slave;

file "internal/domain.zone";
masters {
192.168.1.1;
}
};
Phn 5: Nhng option thng dng
Tham kho, thng tin thm
1. DNS query s dng port 53, giao thc UDP
2. DNS update (master/slave) s dng port 53, giao thc TCP
3. Danh sch DNS root server: a im, IP, traffic load
4. chroot bind (FC: yum install bind-chroot)
5. reverse DNS delegation (RFC 2317, BCP 0020)
6. DNS for Rocket Scientists
7. DNS and BIND, 3rd ed., NXB O'Reilly.