BIND unter Debian 6.0 als Primary und Secondary Nameserver einrichten:
# apt-get install bind9
# /etc/init.d/bind9 stop
# vi /etc/default/bind9 OPTIONS="-u bind -t /var/lib/named -4"
# mkdir -p /var/lib/named/etc # mkdir /var/lib/named/dev # mkdir -p /var/lib/named/var/run # mkdir /var/lib/named/var/cache
# mv /etc/bind /var/lib/named/etc # ln -s /var/lib/named/etc/bind /etc/bind
# cp -a /var/cache/bind /var/lib/named/var/cache # cp -a /var/run/named /var/lib/named/var/run
# mknod /var/lib/named/dev/random c 1 8 # chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
# /etc/init.d/bind9 start
# ps -Naf | grep named [...] /usr/sbin/named -u bind -t /var/lib/named # less /var/log/daemon.log [...] named[xxxx]: starting BIND 9.7.3 -u bind -t /var/lib/named -4 [...] [...] named[xxxx]: running
/dev/null und /dev/log in der Chroot-Umgebung liegen. Der Syslog-Daemon musste umkonfiguriert werden, damit er /dev/log in der Chroot-Umgebung berücksichtigte. Beides ist bei Debian 6.0 nicht mehr notwendig./dev/random auch von außerhalb der Chroot-Umgebung nutzen, es gibt dann eine Warning in der Daemon-Log-Datei.listen-on-v6).listen-on port, unnötig, wenn nur 1 IP-Adresse vorhanden).allow-query und allow-recursion).allow-transfer).# vi /var/lib/named/etc/bind/named.conf.options
options {
[...]
listen-on port 53 { 127.0.0.1; 85.214.92.99; };
listen-on-v6 { none; };
allow-query { 127.0.0.1; };
allow-recursion { 127.0.0.1; };
allow-transfer { none; };
};
# named-checkconf -t /var/lib/named # echo $? 0
# /etc/init.d/bind9 restart
# ps -Naf | grep named [...] /usr/sbin/named -u bind -t /var/lib/named # less /var/log/daemon.log [...] named[xxxx]: starting BIND 9.7.3 -u bind -t /var/lib/named -4 [...] [...] named[xxxx]: listening on IPv4 interface lo, 127.0.0.1#53 [...] named[xxxx]: listening on IPv4 interface venet0:0, 85.214.235.82#53 [...] [...] named[xxxx]: running
# mkdir /var/lib/named/etc/bind/primary # mkdir /var/lib/named/etc/bind/secondary # chown bind:bind /var/lib/named/etc/bind/secondary
# vi /var/lib/named/etc/bind/primary/disorganized.de.zone
# named-checkzone disorganized.de /var/lib/named/etc/bind/primary/disorganized.de.zone zone disorganized.de/IN: loaded serial 2006051700 OK
allow-query).allow-transfer).notify-source, z.B. wenn mehrere IP-Adressen konfiguriert sind).# vi /var/lib/named/etc/bind/named.conf.local
[...]
zone "disorganized.de" in {
type master;
file "/etc/bind/primary/disorganized.de.zone";
allow-query { any; };
allow-transfer { 62.116.163.100; 62.116.162.121; };
notify-source 85.214.92.99;
};
masters).allow-query).transfer-source, z.B. wegen Firewall).# vi /var/lib/named/etc/bind/named.conf.local
[...]
zone "disorganized.de" in {
type slave;
file "/etc/bind/secondary/disorganized.de.zone";
masters { a.b.c.d; };
allow-query { any; };
transfer-source 85.214.92.99 port 53;
};
# named-checkconf -t /var/lib/named # echo $? 0
# /etc/init.d/bind9 restart
# less /var/log/daemon.log
Hier ist ein Beispiel für eine primäre Zonendatei:
# vi /var/lib/named/etc/bind/primary/disorganized.de.zone
$TTL 1d
@ IN SOA ns hostmaster (
2006061200 ; serial
8h ; refresh
2h ; retry
1w ; expiry
1d ) ; minimum
IN NS ns
IN NS ns10.schlundtech.de.
IN A 85.214.92.99
IN MX 10 mx
ns IN A 85.214.92.99
mx IN A 85.214.92.99
www IN A 85.214.92.99
So wird Debug-Logging aktiviert:
# mkdir /var/lib/named/tmp # chown bind:bind /var/lib/named/tmp
# vi /var/lib/named/etc/bind/named.conf.options
[...]
logging {
category default {
default_syslog;
default_debug;
};
channel my_file {
file "/tmp/log.msgs";
severity debug 3;
print-category yes;
print-severity yes;
};
category notify { my_file; };
};
# /etc/init.d/bind9 reload
/var/lib/named/tmp/log.msgs geloggt.Einer der vielen Dienste, um DNS zu testen: http://www.dnssy.com/