Introducción

A continuación se muestra el contenido del conjunto de ficheros de configuración que necesita BIND9 para ofrecer las funciones de DNS local sobre una zona de dominios de primer nivel «.dev» y en una red local 192.168.1.0/24, suponiendo que la dirección IP del servidor DNS es 192.168.1.10.

Todos los ficheros se se sitúan en la ruta /etc/bind.

named.conf:

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

named.conf.options:

options {
    // all relative paths use this directory as a base
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable 
    // nameservers, you probably want to use them as forwarders.  
    // Uncomment the following block, and insert the addresses replacing 
    // the all-0's placeholder.

    // forwarders {
    //     0.0.0.0;
    // };

    // By not providing a forwarder, root servers are used.
    //forwarders {
    //      192.168.1.1;
    //};

        //=====================================================================$
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //=====================================================================$
        dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    // To listen only on certain interfaces list them here:
    //listen-on { 127.0.0.1; 10.0.0.1/24; };
    listen-on-v6 { any; };
    listen-on { any; };

    // This prevents bind from serving requests from IPs other than specified:
    allow-query-cache { 127.0.0.0/8; 192.168.1.0/24; };

    // version statement changed for security (to avoid hacking known weaknesses)
    version "not currently available";

    // This prevents bind from serving other than authoritative requests:
//    recursion no;
    // disables all zone transfer requests for performance as well as security reasons
//    allow-transfer { none; }; // The allow-transfer in each zone overrides this
//    dnssec-enable no; // zone not signed - yes by default since BIND 9.5
//    minimal-responses yes; // optional - improved performance
//    additional-from-auth no; // optional - improved performance
//    additional-from-cache no; // optional - minimal performance change
};

// ----------------------- Logging ----------------------- 
// log to /var/log/bind/bind9_info.log all events from info UP in severity (no debug)
// uses 3 files in rotation swaps files when size reaches 250K
// failure messages up to this point are in (syslog) /var/log/messages
logging {
  channel custom_log {
    file "/var/log/bind/bind9_info.log" versions 3 size 250k;
    severity info;
        print-time yes;
        print-category yes;
  };
  category default {
    custom_log;
  };

  // Debugging logging settings
//    category "default" { "debug"; };
    category "general" { "debug"; };
    category "database" { "debug"; };
    category "security" { "debug"; };
    category "config" { "debug"; };
    category "resolver" { "debug"; };
    category "xfer-in" { "debug"; };
    category "xfer-out" { "debug"; };
    category "notify" { "debug"; };
    category "client" { "debug"; };
    category "unmatched" { "debug"; };
    category "network" { "debug"; };
    category "update" { "debug"; };
    category "queries" { "debug"; };
    category "dispatch" { "debug"; };
    category "dnssec" { "debug"; };
    category "lame-servers" { "debug"; };

    channel "debug" {
    file "/var/log/bind/bind-dbg.log" versions 2 size 50m;
        print-time yes;
        print-category yes;
    };

};

named.conf.local:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "dev" {
    type master;
    file "/etc/bind/db.dev";
//    allow-transfer { 10.0.0.1; }; // Slave server for the domain
    allow-update { none; }; // Don't allow updates from other servers
};

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.1.168.192";
};

named.conf.default-zones:

// prime the server with knowledge of the root servers
zone "." {
    // a hint type means that we've got to look elsewhere
    // for authoritative information
    type hint;
    file "/etc/bind/db.root";
    // This file is maintained by InterNIC and made available at:
    // ftp://ftp.internic.net/domain/named.root
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
    // a master type means that this server needn't look
    // anywhere else for information; the localhost buck
    // stops here.
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};

db.dev:

;
; BIND data file for dev local TLD
;
$ORIGIN dev.
$TTL    604800
@    IN    SOA    ns.dev. root.localhost. (
                  3        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
@    IN    NS    ns.dev.
@    IN    A    192.168.1.10
@    IN    AAAA    ::1

ns    IN    A    192.168.1.10
otro  IN    A    192.168.1.100

 

db.1.168.192:

;; db.1.168.192 - Reverse lookup zone for domain-name
$TTL 2D
@    IN    SOA    ns.dev.    root.localhost. (
                  3        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;

@    IN    NS    ns.dev.

10    IN    PTR   ns.dev.        ; The nameserver 192.168.1.10
100   IN    PTR   otro.dev.

 

Referencias:

http://blog.philippklaus.de/2011/04/get-your-own-dns-server-up-and-running-with-bind9-on-ubuntu-or-debian/
http://www.server-world.info/en/note?os=Debian_6.0&p=dns
http://www.cameratim.com/computing/linux/using-bind-as-a-local-dns-server
http://www.zytrax.com/books/dns/ch8/aaaa.html

Dejar una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Puedes utilizar estas etiquetas y atributos HTML:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.