====== bind ======
bind, dns, dig, lookup
===== Instalación =====
sudo aptitude update; sudo aptitude install bind9
===== Configuración =====
**/etc/bind/named.conf**
sudo mv /etc/bind/named.conf /etc/bind/named.conf.old
sudo vim /etc/bind/named.conf
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.192";
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
forwarders {
# Replace the address below with the address of your provider's DNS server
8.8.8.8;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
**/etc/bind/db.example.com**
sudo vim /etc/bind/db.example.com
$TTL 604800
@ IN SOA dns.example.com. root.example.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.example.com.
dns IN A 192.168.1.16
www IN A 192.168.1.14
alias IN CNAME www
**/etc/bind/db.192**
sudo vim /etc/bind/db.192
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA dns.example.com. root.example.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.
16 IN PTR dns.example.com.
14 IN PTR www.example.com.
===== Probarlo =====
1. Editar siguiente archivo:
sudo cp /etc/resolv.conf /etc/resolv.conf.bak
sudo vim /etc/resolv.conf
Con el siguiente contenido:
search example.com
nameserver 192.168.1.16
La ip 192.168.1.16 es la de la maquina donde esta corriendo bind
3. (Opcional) Instalar paquetes:
sudo aptitude update; sudo aptitude install dnsutils
4. Probar:
nslookup www.example.com
Deberia devolver algo parecido a:
nslookup www.example.com
Server: 192.168.1.16
Address: 192.168.1.16#53
Name: www.example.com
Address: 192.168.1.14
Gracias al forward, por supuesto, tambien resuelve direcciones publicas:
nslookup www.gmail.com
Y deberia devolver:
Server: 192.168.1.16
Address: 192.168.1.16#53
Non-authoritative answer:
www.gmail.com canonical name = mail.google.com.
mail.google.com canonical name = googlemail.l.google.com.
Name: googlemail.l.google.com
===== Recargar configuración sin reiniciar =====
Tras editar los archivos de configuración:
sudo rndc reload
==== Errores ====
=== Errores ===
nslookup jamgo.es
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find jamgo.es: REFUSED
Logs:
/var/log/syslog
Jan 22 14:28:55 dns-1 named[1082]: client 10.7.13.144#34533 (jamgo.es): query (cache) 'jamgo.es/A/IN' denied
**Solucion**
sudo vim /etc/bind/named.conf
Anyadir el rango de IPs que toquen:
# ANYADIDO 22/012015
acl "trusted" {
10.7.13.0/24;
};
Y editar dentro de el bloque options esto:
options {
# ADD
allow-query { trusted; };
allow-recursion { trusted; };
allow-query-cache { trusted; };
};
Recargar config:
sudo /etc/init.d/bind9 reload