Prosim o radu, uz asi tyden se snazim rozvhodit DNS server v siti.
Pouzivam na to Bind9.
Nejaky fora jsem prolezl a pouzil nejaky konfiguraky.
Tady je log pri spusteni bindu:
Nov 28 12:55:31 theos named[24894]: starting BIND 9.6-ESV-R1 -u bind
Nov 28 12:55:31 theos named[24894]: built with '--prefix=/usr' '--build=x86_64-linux-gnu' '--host=x86_64-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var/run/bind' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--enable-ipv6' 'build_alias=x86_64-linux-gnu' 'host_alias=x86_64-linux-gnu' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -DNS_RUN_PID_DIR=0 -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2' 'FFLAGS=-g -O2'
Nov 28 12:55:31 theos named[24894]: adjusted limit on open files from 1024 to 1048576
Nov 28 12:55:31 theos named[24894]: found 1 CPU, using 1 worker thread
Nov 28 12:55:31 theos named[24894]: using up to 4096 sockets
Nov 28 12:55:31 theos named[24894]: loading configuration from '/etc/bind/named.conf'
Nov 28 12:55:31 theos named[24894]: /etc/bind/named.conf:46: unknown option 'view'
Nov 28 12:55:31 theos named[24894]: /etc/bind/named.conf:122: unknown option 'view'
Nov 28 12:55:31 theos named[24894]: /etc/bind/named.conf:154: unknown option 'view'
Nov 28 12:55:31 theos named[24894]: /etc/bind/named.conf:177: '}' expected near end of file
Nov 28 12:55:31 theos named[24894]: loading configuration: unexpected token
Nov 28 12:55:31 theos named[24894]: exiting (due to fatal error)
Tady je konfuguracni soubor named.conf
acl "xfer" {
none;
};
acl "trusted" {
172.22.0.0/16; //povolení pro vnitrni sit
localhost; //povoleni pro localhost
};
acl "bogon" {
//seznam siti ktere jsou experimental a zakazane atp.
};
logging {
channel default_syslog {
//vetsina zprav se posila do syslogu
syslog local2;
severity debug;
};
channel audit_log {
file "/var/log/named.log";
severity debug;
print-time yes;
};
category default { default_syslog; };
category general { default_syslog; };
category security {audit_log; default_syslog; };
category config { default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
include "/etc/bind/named.conf.options";
//Definice view
view "internal-in" in {
//Interni sit
match-clients { trusted; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
zone "." in {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" in {
type master;
file "/etc/bind/db.local";
allow-query {
any;
};
allow-transfer {
none;
};
};
zone "127.in-addr.arpa" in {
type master;
file "/etc/bind/db.127";
allow-query {
any;
};
allow-transfer {
none;
};
};
zone "0.in-addr.arpa" in {
type master;
file "/etc/bind/db.0";
allow-query {
any;
};
allow-transfer {
none;
};
};
zone "255.in-addr.arpa" in {
type master;
file "/etc/bind/db.255";
};
zone "theos.cz" in {
type master;
file "/etc/bind/named.theos.cz.zone";
allow-query {
any;
};
};
zone "0.22.172.in-addr.arpa" in {
type master;
file "/etc/bind/named.rev";
allow-query {
any;
};
};
};
view "external-in" in {
//externi sit
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
zone "." in {
type hint;
file "/etc/bind/db.root";
};
zone "theos.cz" in {
type master;
file "/etc/bind/theoscz.external";
allow-query {
any;
};
};
zone "0.22.172.in-addr.arpa" in {
type master;
file "/etc/bind/theoscz.reverse";
allow-query {
any;
};
};
};
view "external-chaos" chaos {
//umozneni internim dotazat se na verzi bindu
match-clients { any; };
recursion no;
zone "." {
type hint;
file "/dev/null";
};
zone "bind" {
type master;
file "/etc/bind/db.bind";
allow-query {
trusted;
};
allow-transfer {
none;
};
};
};
konfiguracni soubor named.conf.options
//soubor named.conf.options
options {
directory "/var/cache/bind";
pid-file "/var/cache/bind/data/named.pid";
statistics-file "/var/cache/bind/data/named.stats";
memstatistics-file "/var/cache/bind/data/named.memstats";
dump-file "/var/cache/bind/data/named.dump";
zone-statistics yes;
notify no;
transfer-format many-answers;
max-transfer-time-in 60;
listen-on {
127.0.0.1;
172.22.0.1;
};
allow-transfer {
xfer;
};
allow-query {
trusted;
};
allow-recursion {
trusted;
};
allow-query-cache {
trusted;
};
blackhole {
bogon;
};
forwarders {
10.0.0.1;
8.8.8.8;
};
Prosim o radu jak to zprovoznit. Dekuji moc