Bindの設定

提供:onlinehacks
ナビゲーションに移動 検索に移動

bindの起動

/etc/init.d/named start

named.confの設定

オリジナル

options {
	listen-on port 53 { 127.0.0.1; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; };
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

編集後

options {
	listen-on port 53 {
		127.0.0.1;
		***.***.***.***;  /* サーバのIPアドレス */
	};
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { any; };  /* localhost; を any; に変更 */
	recursion yes;

	allow-recursion { localhost; };  /* 追加 */
	allow-query-cache { localhost; };  /* 追加 */

	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};


zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

/* zone の記載を追加 */

zone "*****.net" {
	type master;
	file "pbukuma.net.zone";
	allow-update { none; };
};

zone "***.***.***.***.in-addr.arpa" {
	type master;
	file "pbukuma.net.rev";
	allow-update { none; };
};

オープンリゾルバ(Open Resolver)に対する注意喚起 - JPNIC