自宅に設置の DNS サーバは外向けと内向けとの両方にサービスしていたが、
今回の DNS サーバは外向きのみのサービスでよい。
yasunari@aws:~$ apt-cache search bind | grep -i '^bind' bind9-dyndb-ldap - LDAP back-end plug-in for BIND bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND bindechexascii - simple ASCII,binary,decimal and hex converter bindfs - mirrors or overlays a local directory with altered permissions yasunari@aws:~$bind9 で良さそう。インストールする。
yasunari@aws:~$ sudo apt-get install bind9 [sudo] password for yasunari: Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: liblockfile-bin liblockfile1 Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: bind9utils libirs141 Suggested packages: dnsutils bind9-doc resolvconf ufw The following NEW packages will be installed: bind9 bind9utils libirs141 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 1,122 kB of archives. After this operation, 3,424 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://cdn-aws.deb.debian.org/debian stretch/main amd64 libirs141 amd64 1:9.10.3.dfsg.P4-12.3+deb9u3 [200 kB] Get:2 http://cdn-aws.deb.debian.org/debian stretch/main amd64 bind9utils amd64 1:9.10.3.dfsg.P4-12.3+deb9u3 [374 kB] Get:3 http://cdn-aws.deb.debian.org/debian stretch/main amd64 bind9 amd64 1:9.10.3.dfsg.P4-12.3+deb9u3 [548 kB] Fetched 1,122 kB in 6s (166 kB/s) Preconfiguring packages ... Selecting previously unselected package libirs141:amd64. (Reading database ... 30568 files and directories currently installed.) Preparing to unpack .../libirs141_1%3a9.10.3.dfsg.P4-12.3+deb9u3_amd64.deb ... Unpacking libirs141:amd64 (1:9.10.3.dfsg.P4-12.3+deb9u3) ... Selecting previously unselected package bind9utils. Preparing to unpack .../bind9utils_1%3a9.10.3.dfsg.P4-12.3+deb9u3_amd64.deb ... Unpacking bind9utils (1:9.10.3.dfsg.P4-12.3+deb9u3) ... Selecting previously unselected package bind9. Preparing to unpack .../bind9_1%3a9.10.3.dfsg.P4-12.3+deb9u3_amd64.deb ... Unpacking bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) ... Setting up bind9utils (1:9.10.3.dfsg.P4-12.3+deb9u3) ... Setting up libirs141:amd64 (1:9.10.3.dfsg.P4-12.3+deb9u3) ... Processing triggers for libc-bin (2.24-11+deb9u1) ... Processing triggers for systemd (232-25+deb9u1) ... Processing triggers for man-db (2.7.6.1-2) ... Setting up bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) ... Adding group `bind' (GID 112) ... Done. Adding system user `bind' (UID 108) ... Adding new user `bind' (UID 108) with group `bind' ... Not creating home directory `/var/cache/bind'. wrote key file "/etc/bind/rndc.key" # Created symlink /etc/systemd/system/multi-user.target.wants/bind9.service 皴lib/systemd/system/bind9.service. Processing triggers for systemd (232-25+deb9u1) ... yasunari@aws:~$
yasunari@aws:~$ sudo -i root@aws:~# cd /etc/bind/ root@aws:/etc/bind# ls bind.keys db.255 db.root named.conf.local zones.rfc1918 db.0 db.empty named.conf named.conf.options db.127 db.local named.conf.default-zones rndc.key root@aws:/etc/bind# mv named.conf.local{,.orig} root@aws:/etc/bind# cp named.conf.local{.orig,} root@aws:/etc/bind# vi named.conf.local root@aws:/etc/bind# diff -u named.conf.local{.orig,} --- named.conf.local.orig 2017-08-28 16:36:28.000000000 +0900 +++ named.conf.local 2017-12-21 20:36:39.918831555 +0900 @@ -6,3 +6,8 @@ // organization //include "/etc/bind/zones.rfc1918"; +zone "yamasita.jp" { + type master; + file "/etc/bind/yamasita.jp-out-zone"; + allow-transfer { セカンダリをお願いしているIPアドレス; }; +}; root@aws:/etc/bind# vi yamasita.jp-out-zone root@aws:/etc/bind# cat !$ cat yamasita.jp-out-zone $TTL 3600 @ IN SOA aws.yamasita.jp. root.yamasita.jp. ( 2017122101 ; serial 3600 ; refresh (1 hour) 300 ; retry (5 minutes) 3600000 ; expire (5 weeks 6 days 16 hours) 3600 ; minimum (1 hour) ) ; IN NS aws.yamasita.jp. IN NS ns.yamasita.jp. IN NS x159072.ppp.asahi-net.or.jp. ; IN A 13.230.13.194 IN MX 1 ns.yamasita.jp. IN TXT "v=spf1 +ip4:122.249.159.72 -all" ; ns IN A 122.249.159.72 mail IN CNAME ns.yamasita.jp. av IN CNAME ns.yamasita.jp. aws IN A 13.230.13.194 root@aws:/etc/bind#
root@aws:/etc/bind# /etc/init.d/bind9 restart [ ok ] Restarting bind9 (via systemctl): bind9.service. root@aws:/etc/bind#systemctl、使えません(藁
yasunari@aws:~$ dig aws @localhost -bash: dig: command not found yasunari@aws:~$dig がないので、インストールする。
yasunari@aws:~$ sudo apt-get install dnsutils Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: liblockfile-bin liblockfile1 Use 'sudo apt autoremove' to remove them. Suggested packages: rblcheck The following NEW packages will be installed: dnsutils 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 283 kB of archives. After this operation, 531 kB of additional disk space will be used. Get:1 http://cdn-aws.deb.debian.org/debian stretch/main amd64 dnsutils amd64 1:9.10.3.dfsg.P4-12.3+deb9u3 [283 kB] Fetched 283 kB in 2s (130 kB/s) Selecting previously unselected package dnsutils. (Reading database ... 30691 files and directories currently installed.) Preparing to unpack .../dnsutils_1%3a9.10.3.dfsg.P4-12.3+deb9u3_amd64.deb ... Unpacking dnsutils (1:9.10.3.dfsg.P4-12.3+deb9u3) ... Setting up dnsutils (1:9.10.3.dfsg.P4-12.3+deb9u3) ... Processing triggers for man-db (2.7.6.1-2) ... yasunari@aws:~$インストールできたので、再実行
yasunari@aws:~$ dig aws.yamasita.jp @localhost ; <<>> DiG 9.10.3-P4-Debian <<>> aws.yamasita.jp @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5975 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;aws.yamasita.jp. IN A ;; ANSWER SECTION: aws.yamasita.jp. 3600 IN A 13.230.13.194 ;; AUTHORITY SECTION: yamasita.jp. 3600 IN NS ns.yamasita.jp. yamasita.jp. 3600 IN NS x159072.ppp.asahi-net.or.jp. yamasita.jp. 3600 IN NS aws.yamasita.jp. ;; ADDITIONAL SECTION: ns.yamasita.jp. 3600 IN A 122.249.159.72 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Dec 21 20:23:02 JST 2017 ;; MSG SIZE rcvd: 148 yasunari@aws:~$OK!
← リブート |
山下康成の 雲の上 |
→ DNS サーバの構築(2)ポート解放と対外連携 |
ツイート Tweet to @yasunari_y @yasunari_yをフォロー
Copyright (C) 2003-2018 Yasunari Yamashita. All Rights Reserved.
yasunari @ yamasita.jp 山下康成@京都府向日市/東京都新宿区