Please use it for taking notes. (It disappears when you reload.)
Fedora36: DNS server settings
Check interface name.
Check the interface name.
[root@www ~]# nmcli device DEVICE TYPE STATE CONNECTION enp2s0 ethernet 接続済み enp2s0
Installing BIND.
Install BIND.
[root@www ~]# dnf -y install bind bind-utils
[root@www ~]# vi /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { any; }; # change listen-on-v6 port 53 { none; }; #change directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost;192.168.1.1 /24 ; }; # Postscript allow-transfer { localhost;192.168.1.1 /24 ; }; # Postscript /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; #Change everything below view "internal" { match-clients { localhost;192.168.1.1 /24 ; }; zone "." IN { type hint; file "named.ca"; }; zone "linuxserver.jp " IN { type master; file "linuxserver.jp .lan"; allow-update { none; }; }; zone "1.168.192 .in-addr.arpa" IN { type master; file "1.168.192 .db"; allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; };
Setting zone information.
Create an internal forward lookup information file.
[root@www ~]# vi /var/named/linuxserver.jp .lan $TTL 86400 @ IN SOAlinuxserver.jp . root.linuxserver.jp . ( 2014071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) IN NSlinuxserver.jp . IN MX 10linuxserver.jp . @ IN A192.168.1.3 * IN A192.168.1.3
[root@www ~]# vi /var/named/1.168.192 .db $TTL 86400 @ IN SOAlinuxserver.jp . root.linuxserver.jp . ( 2014071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) IN NSlinuxserver.jp . IN A 255.255.255.03 IN PTRlinuxserver.jp .
Open TCP/UDP port 53.
ルーターの設定で、TCP/UDP53番ポートを開放します。(設定方法はご自身の環境に合わせて調べてください。)
ポート開放テスト.
Open TCP/UDP port 53 in your router settings. (Check the setting method according to your own environment.)
Open confirmation
Start BIND and check its operation.
Change network settings.
[root@www ~]# nmcli connection modifyenp2s0 ipv4.dns192.168.1.3 [root@www ~]# nmcli connection downenp2s0 ; nmcli connection upenp2s0
[root@www ~]# systemctl enable --now named
[root@www ~]# systemctl status named
If there are any errors, validate the syntax and fix the errors.
If there is an error in "192.168.1.1/24" in "/etc/named.conf", change it to "localhost;".
[root@www ~]# sudo named-checkconf
[root@www ~]# diglinuxserver.jp ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>>linuxserver.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15234 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;linuxserver.jp . IN A ;; ANSWER SECTION:linuxserver.jp . 86400 IN A192.168.1.3 ;; AUTHORITY SECTION:linuxserver.jp . 86400 IN NSlinuxserver.jp . ;; Query time: 18 msec ;; SERVER:192.168.1.3 #53(192.168.1.3 ) ;; WHEN: 水 7月 03 15:23:54 JST 2019 ;; MSG SIZE rcvd: 65 [root@www ~]# dig -x192.168.1.3 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x192.168.1.3 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54270 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;3 .1.168.192 .in-addr.arpa. IN PTR ;; ANSWER SECTION:3 .1.168.192 .in-addr.arpa. 86400 IN PTRlinuxserver.jp . ;; AUTHORITY SECTION:1.168.192 .in-addr.arpa. 86400 IN NSlinuxserver.jp . ;; ADDITIONAL SECTION:linuxserver.jp . 86400 IN A192.168.1.3 ;; Query time: 87 msec ;; SERVER:192.168.1.3 #53(192.168.1.3 ) ;; WHEN: 水 7月 03 16:13:36 JST 2019 ;; MSG SIZE rcvd: 103
Move to chroot environment.
Go to the chroot environment.
[root@www ~]# dnf -y install bind-chroot [root@www ~]# mkdir /var/named/chroot/usr/lib64/named [root@www ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on [root@www ~]# systemctl disable --now named [root@www ~]# systemctl enable --now named-chroot Created symlink /etc/systemd/system/multi-user.target.wants/named-chroot.service → /usr/lib/systemd/system/named-chroot.service. [root@www ~]# ll /var/named/chroot/etc 合計 688 -rw-r--r-- 2 root root 292 4月 1 21:27 localtime drwxr-x--- 2 root named 6 1月 30 02:23 named -rw-r----- 1 root named 2340 6月 1 08:23 named.conf -rw-r--r-- 1 root named 3923 1月 30 02:23 named.iscdlv.key -rw-r----- 1 root named 931 6月 21 2007 named.rfc1912.zones -rw-r--r-- 1 root named 1587 5月 22 2017 named.root.key drwxr-x--- 3 root named 25 6月 1 08:33 pki -rw-r--r--. 1 root root 6545 10月 31 2018 protocols -rw-r----- 1 root named 100 6月 1 08:27 rndc.key -rw-r--r--. 1 root root 670293 6月 7 2013 services [root@www ~]# ll /var/named/chroot/var/named 合計 24 -rw-r--r-- 1 root root 288 6月 1 08:27 1.168.192.db drwxr-x--- 7 root named 61 6月 1 08:33 chroot drwxrwx--- 2 named named 127 6月 30 05:51 data drwxrwx--- 2 named named 166 7月 3 22:32 dynamic -rw-r----- 1 root named 2277 6月 1 08:38 named.ca -rw-r----- 1 root named 152 12月 15 2009 named.empty -rw-r----- 1 root named 152 6月 21 2007 named.localhost -rw-r----- 1 root named 168 12月 15 2009 named.loopback -rw-r--r-- 1 root root 317 6月 1 08:24 rcg.jp.lan drwxrwx--- 2 named named 6 1月 30 02:23 slaves
Change the DNS setting of the PC in the home network.
Right-click the Windows Start menu and click Network Connections.
Second DNS verification.
Allow the server to connect to the internet.
Open a file.
[root@www ~]# vi /etc/resolv.conf
nameserver 192.168.1.1
[root@www ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp2s0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=enp2s0 DEVICE=enp2s0 ONBOOT=yes IPADDR=192.168.1.3 PREFIX=24 GATEWAY=192.168.1.1 DNS1=192.168.1.3 IPV6_PRIVACY=no DNS2=192.168.1.1 CONNECTION_METERED=yes
[root@www ~]# reboot
コメント