Configuration d’un serveur DNS : bind 9
lundi 29 juin 2009
par
popularité : 34%
par
popularité : 34%
Configuration d'un serveur DNS: bind 9
tester sous linux.
Création d'un utilisateur named qui aura comme HOME la
valeur de Directory dans le fichier /etc/named.conf donc ici
/var/named.
Attention il faut que /var/named
appartienne à named ...
structure du domaine: admin-sys.com
|
domaine racine |
sous domaine avec délégation |
sous domaine avec délégation |
serveur master |
serveur slave |
client |
|
admin-sys.com |
|
|
m.admin-sys.com |
s.admin-sys.com |
c.admin-sys.com |
|
|
bastia.admin-sys.com |
|
m.bastia.admin-sys.com |
s.bastia.admin-sys.com |
c.bastia.admin-sys.com |
|
|
papeete.admin-sys.com |
|
m.papeete.admin-sys.com |
s.papeete.admin-sys.com |
c.papeete.admin-sys.com |
|
|
|
plage.papeete.admin-sys.com |
m.plage.papeete.admin-sys.com |
|
c.plage.papeete.admin-sys.com |
A. Configuration du serveur de domaine:
1. serveur Master
fichier /etc/named.conf
Options {# réperoire pour les fichiers de data
Directory "/var/named";
allow-transfer {10.0.0.20;}; #adresse du serveur slave
};
zone "." {
type hint;
file "zone.root";# info sur la racine dns
};
zone "0.0.127.in-addr.arpa."{# reverse for local loopback
type master;
file "zone.127.0.0";
};
zone "10.in-addr.arpa."{# reverse domain name
type master;
file "zone.10"; #rev dns file
allow-transfer {10.0.0.20;};
};
zone "admin-sys.com"{# hosts in admin-sys.com
type master;
file "zone.admin-sys.com";
allow-transfer {10.0.0.20;};
};
|
fichier /etc/resolv.conf
search admin-sys.com nameserver 127.0.0.1 |
fichier /etc/nsswitch.conf
# # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis ... #hosts: db files nisplus nis dns hosts: files dns #hosts: dns files ... |
Dans le répertoire /var/named/
fichier /var/named/zone.root
. 99999999 NS m.admin-sys.com. m.admin-sys.com. IN A 10.0.0.10 |
Car ce serveur est la racine du réseau privé.
fichier /var/named/zone.127.0.0
@ IN SOA m.admin-sys.com root.m.admin-sys.com(
2002102200 ; serial
10800 ; refresh rate
1800 ; retry
604800 ; expire
86400 ) ; ttl
IN NS m.admin-sys.com.
1 IN PTR localhost.
|
fichier /var/named/zone.admin-sys.com
@ IN SOA m.admin-sys.com root.m.admin-sys.com(
2002102200 ; serial number
10800 ; refresh rate
1800 ; retry
604800 ; expire
86400 ) ; ttl
IN NS m.admin-sys.com.
IN NS s.admin-sys.com.
; delegate le sous domaine papeete
papeete.admin-sys.com. IN NS m.papeete.admin-sys.com.
m.papeete.admin-sys.com. IN A 10.10.0.10
; delegate le sous domaine bastia
bastia.admin-sys.com. IN NS m.bastia.admin-sys.com.
m.bastia.admin-sys.com. IN A 10.20.0.10
m IN A 10.0.0.10
s IN A 10.0.0.20
c IN A 10.0.0.30
localhost IN A 127.0.0.1
|
fichier /var/named/zone.10
@ IN SOA m.admin-sys.com root.m.admin-sys.com(
2002102200 ; serial
10800 ; refresh rate
1800 ; retry
604800 ; expire
86400 ) ; ttl
IN NS m.admin-sys.com.
IN NS s.admin-sys.com.
10.0.0 IN PTR m.admin-sys.com.
20.0.0 IN PTR s.admin-sys.com.
30.0.0 IN PTR c.admin-sys.com.
#délégation
0.10.10-in-addr.arpa. IN NS m.papeete.admin-sys.com.
0.20.10-in-addr.arpa. IN NS m.bastia.admin-sys.com.
|
2. serveur Slave:
fichier /etc/named.conf:
Options {# home directory for local zone files
Directory "/var/named";
};
zone "." {
type hint;
file "zone.root"; # zone file containing the cache hints
};
zone "0.0.127.in-addr.arpa." {# reverse for local loopback
type master;
file "zone.127.0.0";
};
zone "10.in-addr.arpa." {
type slave;
file "zone.10"; # domain reverse data
masters {10.0.0.10;}; # the master's IP address
};
zone "admin-sys.com" {
type slave;
file "zone.admin-sys.com"; # domain hostname data
masters {10.0.0.10;}; # the master's IP adress
};
|
fichier /etc/resolv.conf
search admin-sys.com nameserver 10.0.0.20 nameserver 10.0.0.10 |
fichier /etc/nsswitch.conf
# # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis ... #hosts: db files nisplus nis dns hosts: files dns #hosts: dns files ... |
Le répertoire /var/named/
le fichier /var/named/zone.root
. 99999999 NS m.admin-sys.com. m.admin-sys.com. IN A 10.0.0.10 |
Car ce serveur est la racine du réseau privé. Si vous souhaitez aller sur le Web il faudra un serveur proxy.
fichier /var/named/zone.127.0.0
@ IN SOA s.admin-sys.com root.s.admin-sys.com(
2002102200 ; serial
10800 ; refresh rate
1800 ; retry
604800 ; expire
86400 ) ; ttl
IN NS s.admin-sys.com.
1 IN PTR localhost.
|
Les fichiers zone.10 et zone.admin-sys.com seront copiés dans ce répertoire lors de la synchronisation.
B. Configuration du serveur de sous-domaine:
1. serveur Master: pour bastia
fichier /etc/named.conf
options {
directory "/var/named" ;
allow-transfer { 10.0.20.20 ;};
};
zone "." in {
type hint;
file "zone.root";
};
zone "0.0.127.in-addr.arpa." in {
type master;
file "zone.127.0.0";
};
zone "bastia.admin-sys.com." in {
type master;
file "domaine.bastia.admin-sys.com";
allow-transfer { 10.20.0.20; };
};
zone "0.20.10.in-addr.arpa." in {
type master;
file "zone.10.20.0";
allow-transfer { 10.20.0.20; };
};
|
fichier /etc/resolv.conf
search bastia.admin-sys.com nameserver 10.20.0.10 |
fichier /etc/nsswitch.conf
# # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis ... #hosts: db files nisplus nis dns hosts: files dns #hosts: dns files ... |
Dans le répertoire /var/named/
fichier /var/named/zone.root
. 99999999 NS m.admin-sys.com. m.admin-sys.com. IN A 10.0.0.10 |
Car ce serveur est la racine du réseau privé.
fichier /var/named/zone.127.0.0
@ IN SOA m.bastia.admin-sys.com root.m.bastia.admin-sys.com (
2002102300 ; serial number
10800 ; refresh (3hrs)
3600 ; retry (1hr)
432000 ; expire (5days)
86400 ) ; ttl (1day)
IN NS m.bastia.admin-sys.com.
1 IN PTR localhost.
|
fichier /var/named/domaine.bastia.admin-sys.com
@ IN SOA m.bastia.admin-sys.com root.m.bastia.admin-sys.com (
2002102301 ; serial number AAAAMMJJNN
10800 ; refresh (3hrs)
3600 ; retry (1hr)
432000 ; expire (5days)
86400 ) ; ttl (1day)
IN NS m.bastia.admin-sys.com
IN NS s.bastia.admin-sys.com
m.bastia.admin-sys.com. IN A 10.20.0.10
s.bastia.admin-sys.com. IN A 10.20.0.20
c.bastia.admin-sys.com. IN A 10.20.0.30
|
fichier /var/named/zone.10.20.0
@ IN SOA m.bastia.admin-sys.com root.m.bastia.admin-sys.com (
2002102301 ; serial number AAAAMMJJNN
10800 ; refresh (3hrs)
3600 ; retry (1hr)
432000 ; expire (5days)
86400 ) ; ttl (1day)
IN NS m.bastia.admin-sys.com.
IN NS s.bastia.admin-sys.com.
10 IN PTR m.bastia.admin-sys.com.
20 IN PTR s.bastia.admin-sys.com.
30 IN PTR c.bastia.admin-sys.com.
|
2. serveur Slave du sous-domaine: bastia
fichier /etc/named.conf:
options {
directory "/var/named";
};
zone "." in {
type hint;
file "zone.root";
};
zone "0.0.127.in-addr.arpa." in {
type master;
file "zone.127.0.0";
};
zone "0.20.10.in-addr.arpa." in {
type slave;
file "zone.10.20";
masters { 10.20.0.10 ;} ;
};
zone "bastia.admin-sys.com." in {
type slave;
file "domaine.bastia.admin-sys.com";
masters { 10.20.0.10 ; };
};
|
fichier /etc/resolv.conf
search bastia.admin-sys.com nameserver 10.20.0.20 nameserver 10.20.0.10 |
fichier /etc/nsswitch.conf
# # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis ... #hosts: db files nisplus nis dns hosts: files dns #hosts: dns files ... |
Le répertoire /etc/named/
le fichier /var/named/zone.root
. 99999999 NS m.admin-sys.com. m.admin-sys.com. IN A 10.0.0.10 |
Car ce serveur est la racine du réseau privé.
fichier /var/named/zone.127.0.0
@ IN SOA s.bastia.admin-sys.com root.s.bastia.admin-sys.com(
2002102200 ; serial
10800 ; refresh rate
1800 ; retry
604800 ; expire
86400 ) ; ttl
IN NS s.bastia.admin-sys.com.
1 IN PTR localhost.
|
Les fichiers zone.10.20.0 et domaine.bastia.admin-sys.com seront copiés dans ce répertoire lors de la synchronisation.
3. serveur Master pour le sous-domaine: papeete
fichier /etc/named.conf
options {
directory "/var/named" ;
};
zone "." in {
type hint;
file "zone.root";
};
zone "0.0.127.in-addr.arpa." in {
type master;
file "zone.127.0.0";
};
zone "papeete.admin-sys.com." in {
type master;
file "domaine.papeete.admin-sys.com";
allow-update { 10.10.0.20; };
notify yes;
allow-transfer { 10.10.0.20; };
};
zone "10.10.in-addr.arpa." in {
type master;
file "zone.10.10";
notify yes;
allow-update { 10.10.0.20; };
};
|
fichier /etc/resolv.conf
search papeete.admin-sys.com nameserver 10.10.0.10 |
fichier /etc/nsswitch.conf
# # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis ... #hosts: db files nisplus nis dns hosts: files dns #hosts: dns files ... |
Dans le répertoire /var/named/
fichier /var/named/zone.root
. 99999999 NS m.admin-sys.com. m.admin-sys.com. IN A 10.0.0.10 |
Car ce serveur est la racine du réseau privé.
fichier /var/named/zone.127.0.0
@ IN SOA m.papeete.admin-sys.com root.m.papeete.admin-sys.com (
2002102200 ; serial number
10800 ; refresh (3hrs)
3600 ; retry (1hr)
432000 ; expire (5days)
86400 ) ; ttl (1day)
IN NS m.papeete.admin-sys.com.
1 IN PTR localhost.
|
fichier /var/named/domaine.papeete.admin-sys.com
@ IN SOA m.papeete.admin-sys.com root.m.papeete.admin-sys.com (
2002102219 ; serial number
10800 ; refresh (3hrs)
3600 ; retry (1hr)
432000 ; expire (5days)
86400 ) ; ttl (1day)
IN NS m.papeete.admin-sys.com.
IN NS s.papeete.admin-sys.com.
m.papeete.admin-sys.com. IN A 10.10.0.10
s.papeete.admin-sys.com. IN A 10.10.0.20
c.papeete.admin-sys.com. IN A 10.10.0.30
o.papeete.admin-sys.com. IN A 10.10.0.40
plage.papeete.admin-sys.com. IN NS m.plage.papeete.admin-sys.com.
m.plage.papeete.admin-sys.com. IN A 10.10.2.10
|
fichier /var/named/zone.10.10.0
@ IN SOA m.papeete.admin-sys.com root.m.papeete.admin-sys.com (
2002102201 ; serial number
10800 ; refresh (3hrs)
3600 ; retry (1hr)
432000 ; expire (5days)
86400 ) ; ttl (1day)
IN NS m.papeete.admin-sys.com.
IN NS s.papeete.admin-sys.com.
2-in-addr.arpa. IN NS m.plage.papeete.admin-sys.com.
10.0 IN PTR m.papeete.admin-sys.com.
20.0 IN PTR s.papeete.admin-sys.com.
30.0 IN PTR c.papeete.admin-sys.com.
|
4. serveur Slave du sous-domaine: papeete
fichier /etc/named.conf:
options {
directory "/var/named";
};
zone "." in {
type hint;
file "zone.root";
};
zone "0.0.127.in-addr.arpa." in {
type master;
file "zone.127.0.0";
};
zone "0.10.10.in-addr.arpa." in {
type slave;
file "zone.10.10";
masters { 10.10.0.10 ;} ;
};
zone "papeete.admin-sys.com." in {
type slave;
file "domaine.papeete.admin-sys.com";
masters { 10.10.0.10 ; };
};
|
fichier /etc/resolv.conf
search papeete.admin-sys.com nameserver 10.10.0.10 |
fichier /etc/nsswitch.conf
# # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis ... #hosts: db files nisplus nis dns hosts: files dns #hosts: dns files ... |
Le répertoire /etc/named/
le fichier /var/named/zone.root
. 99999999 NS m.admin-sys.com. m.admin-sys.com. IN A 10.0.0.10 |
Car ce serveur est la racine du réseau privé.
fichier /var/named/zone.127.0.0
@ IN SOA s.papeete.admin-sys.com root.s.papeete.admin-sys.com (
2002102200 ; serial number
10800 ; refresh (3hrs)
3600 ; retry (1hr)
432000 ; expire (5days)
86400 ) ; ttl (1day)
IN NS s.papeete.admin-sys.com.
1 IN PTR localhost.
|
Les fichiers zone.10.10.0 et domaine.papeete.admin-sys.com seront copiés dans ce répertoire lors de la synchronisation.
5. serveur Master pour le sous-domaine: plage.papeete
fichier /etc/named.conf
options{
directory "/var/named";
};
zone "." in {
type hint ;
file "zone.root" ;
};
zone "plage.papeete.admin-sys.com" in {
type master ;
file "domaine.plage.papeete.admin-sys.com" ;
};
zone "2.10.10.in-addr.arpa" in { #inverser l @ IP
type master ;
file "zone.10.10.2" ;
};
zone "0.0.127.in-add.arpa" in {
type master ;
file "zone.127.0.0" ;
};
|
fichier /etc/resolv.conf
nameserver 10.10.2.10 |
fichier /etc/nsswitch.conf
# # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis ... #hosts: db files nisplus nis dns hosts: files dns #hosts: dns files ... |
Dans le répertoire /var/named/
fichier /var/named/zone.root
. 99999999 NS m.admin-sys.com. m.admin-sys.com. IN A 10.0.0.10 |
Car ce serveur est la racine du réseau privé.
fichier /var/named/zone.127.0.0
@ IN SOA m.plage.papeete.admin-sys.com root.m.plage.papeete.admin-sys.com (
2002102200 ; serial number
10800 ; refresh (3hrs)
3600 ; retry (1hr)
432000 ; expire (5days)
86400 ) ; ttl (1day)
IN NS m.plage.papeete.admin-sys.com.
1 IN PTR localhost.
|
fichier /var/named/domaine.plage.papeete.admin-sys.com
@ IN SOA m.plage.papeete.admin-sys.com. root.m.plage.papeete.admin-sys.com. (
1 ; serial number
10800 ; refresh (3hrs)
3600 ; retry (1hr)
432000 ; expire (5days)
86400 ) ; ttl (1day)
;
; serveur du domaine
;
IN NS m.plage.papeete.admin-sys.com.
m.plage.papeete.admin-sys.com. IN A 10.10.2.10
c.plage.papeete.admin-sys.com. IN A 10.10.2.30
|
fichier /var/named/zone.10.10.2
@ IN SOA m.plage.papeete.admin-sys.com root.m.plage.papeete.admin-sys.com (
2002102200 ; serial number
10800 ; refresh (3hrs)
3600 ; retry (1hr)
432000 ; expire (5days)
86400 ) ; ttl (1day)
IN NS m.plage.papeete.admin-sys.com.
10 IN PTR m.plage.papeete.admin-sys.com.
30 IN PTR c.plage.papeete.admin-sys.com.
|
Commentaires Forum fermé