DNS サーバの構築（１）bind のインストールとセットアップ

自宅に設置の DNS サーバは外向けと内向けとの両方にサービスしていたが、
今回の DNS サーバは外向きのみのサービスでよい。

パッケージのインストール

yasunari@aws:~$ apt-cache search bind | grep -i '^bind'
bind9-dyndb-ldap - LDAP back-end plug-in for BIND
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
bindechexascii - simple ASCII,binary,decimal and hex converter
bindfs - mirrors or overlays a local directory with altered permissions
yasunari@aws:~$

yasunari@aws:~$ sudo apt-get install bind9
[sudo] password for yasunari:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  liblockfile-bin liblockfile1
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  bind9utils libirs141
Suggested packages:
  dnsutils bind9-doc resolvconf ufw
The following NEW packages will be installed:
  bind9 bind9utils libirs141
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,122 kB of archives.
After this operation, 3,424 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://cdn-aws.deb.debian.org/debian stretch/main amd64 libirs141 amd64 1:9.10.3.dfsg.P4-12.3+deb9u3 [200 kB]
Get:2 http://cdn-aws.deb.debian.org/debian stretch/main amd64 bind9utils amd64 1:9.10.3.dfsg.P4-12.3+deb9u3 [374 kB]
Get:3 http://cdn-aws.deb.debian.org/debian stretch/main amd64 bind9 amd64 1:9.10.3.dfsg.P4-12.3+deb9u3 [548 kB]
Fetched 1,122 kB in 6s (166 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libirs141:amd64.
(Reading database ... 30568 files and directories currently installed.)
Preparing to unpack .../libirs141_1%3a9.10.3.dfsg.P4-12.3+deb9u3_amd64.deb ...
Unpacking libirs141:amd64 (1:9.10.3.dfsg.P4-12.3+deb9u3) ...
Selecting previously unselected package bind9utils.
Preparing to unpack .../bind9utils_1%3a9.10.3.dfsg.P4-12.3+deb9u3_amd64.deb ...
Unpacking bind9utils (1:9.10.3.dfsg.P4-12.3+deb9u3) ...
Selecting previously unselected package bind9.
Preparing to unpack .../bind9_1%3a9.10.3.dfsg.P4-12.3+deb9u3_amd64.deb ...
Unpacking bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) ...
Setting up bind9utils (1:9.10.3.dfsg.P4-12.3+deb9u3) ...
Setting up libirs141:amd64 (1:9.10.3.dfsg.P4-12.3+deb9u3) ...
Processing triggers for libc-bin (2.24-11+deb9u1) ...
Processing triggers for systemd (232-25+deb9u1) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) ...
Adding group `bind' (GID 112) ...
Done.
Adding system user `bind' (UID 108) ...
Adding new user `bind' (UID 108) with group `bind' ...
Not creating home directory `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
#
Created symlink /etc/systemd/system/multi-user.target.wants/bind9.service  皴lib/systemd/system/bind9.service.
Processing triggers for systemd (232-25+deb9u1) ...
yasunari@aws:~$

設定

yasunari@aws:~$ sudo -i
root@aws:~# cd /etc/bind/
root@aws:/etc/bind# ls
bind.keys  db.255    db.root                   named.conf.local    zones.rfc1918
db.0       db.empty  named.conf                named.conf.options
db.127     db.local  named.conf.default-zones  rndc.key
root@aws:/etc/bind# mv named.conf.local{,.orig}
root@aws:/etc/bind# cp named.conf.local{.orig,}
root@aws:/etc/bind# vi named.conf.local
root@aws:/etc/bind# diff -u named.conf.local{.orig,}
--- named.conf.local.orig       2017-08-28 16:36:28.000000000 +0900
+++ named.conf.local    2017-12-21 20:36:39.918831555 +0900
@@ -6,3 +6,8 @@
 // organization
 //include "/etc/bind/zones.rfc1918";

+zone "yamasita.jp" {
+       type master;
+       file "/etc/bind/yamasita.jp-out-zone";
+       allow-transfer { セカンダリをお願いしているIPアドレス; };
+};
root@aws:/etc/bind# vi yamasita.jp-out-zone
root@aws:/etc/bind# cat !$
cat yamasita.jp-out-zone
$TTL 3600
@       IN      SOA     aws.yamasita.jp.        root.yamasita.jp. (
                2017122101 ; serial
                3600       ; refresh (1 hour)
                300        ; retry (5 minutes)
                3600000    ; expire (5 weeks 6 days 16 hours)
                3600       ; minimum (1 hour)
                )
;
        IN      NS      aws.yamasita.jp.
        IN      NS      ns.yamasita.jp.
        IN      NS      x159072.ppp.asahi-net.or.jp.
;
        IN      A       13.230.13.194
        IN      MX      1       ns.yamasita.jp.
        IN      TXT     "v=spf1 +ip4:122.249.159.72 -all"
;
ns      IN      A       122.249.159.72
mail    IN      CNAME   ns.yamasita.jp.
av      IN      CNAME   ns.yamasita.jp.

aws     IN      A       13.230.13.194
root@aws:/etc/bind#

起動

root@aws:/etc/bind# /etc/init.d/bind9 restart
[ ok ] Restarting bind9 (via systemctl): bind9.service.
root@aws:/etc/bind#

確認

yasunari@aws:~$ dig aws @localhost
-bash: dig: command not found
yasunari@aws:~$ 

yasunari@aws:~$ sudo apt-get install dnsutils
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  liblockfile-bin liblockfile1
Use 'sudo apt autoremove' to remove them.
Suggested packages:
  rblcheck
The following NEW packages will be installed:
  dnsutils
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 283 kB of archives.
After this operation, 531 kB of additional disk space will be used.
Get:1 http://cdn-aws.deb.debian.org/debian stretch/main amd64 dnsutils amd64 1:9.10.3.dfsg.P4-12.3+deb9u3 [283 kB]
Fetched 283 kB in 2s (130 kB/s)
Selecting previously unselected package dnsutils.
(Reading database ... 30691 files and directories currently installed.)
Preparing to unpack .../dnsutils_1%3a9.10.3.dfsg.P4-12.3+deb9u3_amd64.deb ...
Unpacking dnsutils (1:9.10.3.dfsg.P4-12.3+deb9u3) ...
Setting up dnsutils (1:9.10.3.dfsg.P4-12.3+deb9u3) ...
Processing triggers for man-db (2.7.6.1-2) ...
yasunari@aws:~$ 

yasunari@aws:~$ dig aws.yamasita.jp @localhost

; <<>> DiG 9.10.3-P4-Debian <<>> aws.yamasita.jp @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5975
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aws.yamasita.jp.             IN      A

;; ANSWER SECTION:
aws.yamasita.jp.        3600    IN      A       13.230.13.194

;; AUTHORITY SECTION:
yamasita.jp.            3600    IN      NS      ns.yamasita.jp.
yamasita.jp.            3600    IN      NS      x159072.ppp.asahi-net.or.jp.
yamasita.jp.            3600    IN      NS      aws.yamasita.jp.

;; ADDITIONAL SECTION:
ns.yamasita.jp.         3600    IN      A       122.249.159.72

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Dec 21 20:23:02 JST 2017
;; MSG SIZE  rcvd: 148

yasunari@aws:~$