{"id":7546,"date":"2021-11-22T17:01:25","date_gmt":"2021-11-22T08:01:25","guid":{"rendered":"https:\/\/www.stuffy.site\/computers\/?p=7546"},"modified":"2022-08-05T15:00:35","modified_gmt":"2022-08-05T06:00:35","slug":"%e3%81%8a%e3%81%be%e3%81%8b%e3%81%9bdns%e6%a7%8b%e7%af%89","status":"publish","type":"post","link":"https:\/\/www.stuffy.site\/computers\/archives\/7546","title":{"rendered":"\u4fee\u6b63\uff09\u304a\u307e\u304b\u305bDNS\u69cb\u7bc9(named.conf)"},"content":{"rendered":"\n

\u8ffd\u8a18\uff09\u5185\u5411\u304d\u306e\u540d\u524d\u89e3\u6c7a\u304c\u3067\u304d\u306a\u304b\u3063\u305f\u306e\u3067named.conf\u3092view\u53e5\u3067internal(\u5185\u5411\u304d)\u3068external(\u5916\u5411\u304d)\u306b\u5206\u3051\u3066\u8a18\u8ff0\u3002Windows\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3067ns1\u3092DNS\u306b\u3059\u308b\u3088\u3046\u8a2d\u5b9a\u3057\u307e\u3057\u305f\u3002<\/p>\n\n\n\n\n\n\n\n

\u30a4\u30f3\u30bf\u30fc\u30ea\u30f3\u30af\u306e\u304a\u307e\u304b\u305bDNS\u306eBIND\u306e\u8a2d\u5b9a\u4f8b\uff08Unix\uff09<\/a> \u3092\u53c2\u8003\u306b\u9038\u822c\u306e\u8aa4\u5bb6\u5ead\u306eBIND\u306b\u3088\u308b\u30cd\u30fc\u30e0\u30b5\u30fc\u30d0\u30fc\u3092\u69cb\u7bc9\u3057\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n\n\n\n

\u307e\u305a\u3001VMware\u304b\u3089\u65b0\u305f\u306a\u4eee\u60f3\u30de\u30b7\u30f3(CentOS7)\u3092DNS\u7528\u9014\u306bVM(ns1)\u3092\u4f5c\u6210\u3001\u56fa\u5b9aIP(192.168.1.250)\u3092\u632f\u308a\u307e\u3057\u305f\u3002<\/p>\n\n\n\n

\u6b21\u306b\u3001\/etc\/named.conf \u306ballow-trancefer\u3068zone\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3057\u3066\u6b63\u5f15\u304d\u3068\u9006\u5f15\u304d\u306ezone\u30d5\u30a1\u30a4\u30eb\u3092\u305d\u308c\u305e\u308c\u4f5c\u6210\u3057\u307e\u3057\u305f\u3002<\/p>\n\n\n\n

\u30be\u30fc\u30f3\u30d5\u30a1\u30a4\u30eb
in-stuffy.site.zone
1.168.192.in-arpa.zone
stuffy.site.zone
163.58.116.in-addr-arpa.zone<\/p>\n\n\n\n

\/etc\/named.conf<\/p>\n\n\n

controls {\n        inet 127.0.0.1 allow {localhost; } keys { rndc-key; };\n};\nacl localnet {\n        192.168.1.0\/24;\n        127.0.0.1;\n};\noptions {\n        #listen-on port 53 { 127.0.0,1,192.168.1.250; };\n        #listen-on-v6 port 53 { ::1; };\n        directory       \"\/var\/named\";\n        dump-file       \"\/var\/named\/data\/cache_dump.db\";\n        statistics-file \"\/var\/named\/data\/named_stats.txt\";\n        memstatistics-file \"\/var\/named\/data\/named_mem_stats.txt\";\n        recursing-file  \"\/var\/named\/data\/named.recursing\";\n        secroots-file   \"\/var\/named\/data\/named.secroots\";\n        recursion yes;\n        allow-query { localhost; localnet; };\n        allow-recursion { localhost; localnet; };\n        allow-query-cache { localhost; localnet; };\n        allow-transfer { localnet; };\n        forwarders{\n                8.8.8.8;\n                8.8.4.4;\n        };\n        forward only;\n        version \"no version\";\n\n        dnssec-enable yes;\n        dnssec-validation auto;\n\n        \/* Path to ISC DLV key *\/\n        bindkeys-file \"\/etc\/named.root.key\";\n        managed-keys-directory \"\/var\/named\/dynamic\";\n        pid-file \"\/run\/named\/named.pid\";\n        session-keyfile \"\/run\/named\/session.key\";\n};\n\nlogging {\n        channel default_debug {\n                file \"data\/named.run\";\n                severity dynamic;\n        };\n        category lame-servers { null; };\n};\nview \"internal\" {\n        match-clients { localnet; };\n        match-destinations { localnet; };\n        allow-recursion { localhost; localnet; };\n        # \u30eb\u30fc\u30c8\u30ad\u30e3\u30c3\u30b7\u30e5\u30d5\u30a1\u30a4\u30eb\n        zone \".\" IN {\n                type hint;\n                file \"named.ca\";\n        };\n        # \u30ed\u30fc\u30ab\u30eb\u6b63\u5f15\u304d\u8a2d\u5b9a\n        zone \"stuffy.site\" {\n                type master;\n                allow-update { localhost; localnet; };\n                file \"in-stuffy.site.zone\";\n        };\n        # \u30ed\u30fc\u30ab\u30eb\u306e\u9006\u5f15\u304d\u8a2d\u5b9a\n        zone \"1.168.192.in-addr.arpa\" {\n                type master;\n                allow-update { localhost; localnet; };\n                file \"1.168.192.in-addr.arpa.zone\";\n        };\n        # \u30ed\u30fc\u30ab\u30eb\u306e\u9006\u5f15\u304d\u8a2d\u5b9a\n        zone \"1.16.172.in-addr.arpa\" {\n                type master;\n                allow-update { localhost; localnet; };\n                file \"1.16.172.in-addr.arpa.zone\";\n        };\n\n        include \"\/etc\/named.rfc1912.zones\";\n        include \"\/etc\/named.root.key\";\n};\nview \"external\" {\n        match-clients { any; };\n        match-destinations { any; };\n        recursion yes;\n\n        zone \"stuffy.site\" {\n                type master;\n                file \"stuffy.site.zone\";\n                allow-query { any; };\n                allow-transfer  {\n                {localnet;};\n                116.58.163.5;\n                203.141.128.39;\n                };\n        };\n        zone \"163.58.116.in-addr.arpa\" {\n                type master;\n                file \"163.58.116.in-addr.arpa.zone\";\n                allow-query { any; };\n                allow-transfer  {\n                {localnet;};\n                116.58.163.5;\n                203.141.128.39;\n                };\n        };\n};\ninclude \"\/etc\/rndc.key\";\n<\/pre>\n\n\n
host,dig\u30b3\u30de\u30f3\u30c9\u3067\u6b63\u5f15\u304d\u3001\u9006\u5f15\u304d\u3067\u304d\u308b\u307e\u3067\u8a2d\u5b9a\u3092\u716e\u8a70\u3081\u305f\u7d50\u679c\u3001\u5f53\u65b9\u306e\u81ea\u5b85\u74b0\u5883\u3067\u306f<\/p>\n\n\n\n
\/etc\/resolv.conf \u306enameserver\u3092<\/p>\n\n\n\n
nameserver 127.0.0.1
nameserver(\u30a4\u30f3\u30bf\u30fc\u30ea\u30f3\u30af\u306eDNS)<\/p>\n\n\n\n
\u3068\u3059\u308b\u3068\u3088\u304b\u3063\u305f\u3088\u3046\u3067\u3059\u3002<\/p>\n\n\n\n
\u6700\u5f8c\u306b\u3001\u5b85\u5185\u30eb\u30fc\u30bf\u30fc\u306eRTX810\u3067192.168.1.250\u309253\u756a\u3067\u30dd\u30fc\u30c8\u30d5\u30a9\u30ef\u30fc\u30c7\u30a3\u30f3\u30b0\u3002\u304a\u307e\u304b\u305bDNS\u306e\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d1\u30cd\u30eb\u3067ns1\u3092\u30ec\u30b3\u30fc\u30c9\u767b\u9332\u3057\u307e\u3057\u305f\u3002<\/p>\n\n\n\n
\u6700\u521d\u306f\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b3\u30de\u30f3\u30c9\u3068named\u306e\u518d\u8d77\u52d5\u3092\u7e70\u308a\u8fd4\u3059\u3046\u3061host\u30b3\u30de\u30f3\u30c9\u304c\u53cd\u5fdc\u3057\u306a\u304f\u306a\u308a\u307e\u3057\u305f\u304c\u3001rndc flush\u30b3\u30de\u30f3\u30c9\u3067\u30ad\u30e3\u30c3\u30b7\u30e5\u3092\u30af\u30ea\u30a2\u3059\u308b\u3068\u3081\u3067\u305f\u304fhost,dig\u306eanswer\u304c\u6b63\u3057\u304f\u8fd4\u3063\u3066\u304f\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n\n\n
[root@ns1 ~]# dig @8.8.8.8 www.stuffy.site\n\n; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> @8.8.8.8 www.stuffy.site\n; (1 server found)\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54174\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 512\n;; QUESTION SECTION:\n;www.stuffy.site.               IN      A\n\n;; ANSWER SECTION:\nwww.stuffy.site.        21600   IN      A       116.58.163.4\n\n;; Query time: 33 msec\n;; SERVER: 8.8.8.8#53(8.8.8.8)\n;; WHEN: \u91d1  8\u6708 05 14:59:54 JST 2022\n;; MSG SIZE  rcvd: 60\n<\/pre>\n\n\n
\u8ffd\u8a18\uff09CentOS7\u306e\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u3001iptables\u30dd\u30fc\u30c8\u958b\u653e\u3082\u5fd8\u308c\u305a\u306b\u3002<\/p>\n\n\n\n
\u304a\u307e\u304b\u305bDNS\u306eBIND\u306e\u8a2d\u5b9a\u4f8b\uff08Unix\uff09\u3000\u25a0\u304a\u307e\u304b\u305bDNS\u25a0<\/a><\/p>\n\n\n\n
BIND configuration and DNSSEC, validating * no signature found | jackson-brain.com<\/a><\/p>\n\n\n\n
DNS\u30b5\u30fc\u30d0\u30fc\u69cb\u7bc9(BIND)<\/a><\/p>\n\n\n\n
\u21163040 bind\u306e\u540d\u524d\u89e3\u6c7a\u304c\u3067\u304d\u306a\u3044 – Web Patio – CentOS\u3067\u81ea\u5b85\u30b5\u30fc\u30d0\u30fc\u69cb\u7bc9<\/a><\/p>\n\n\n\n
DNS BIND rndc \u5236\u5fa1\u3000\u30ad\u30e3\u30c3\u30b7\u30e5\u306e\u6d88\u3057\u65b9<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
\u8ffd\u8a18\uff09\u5185\u5411\u304d\u306e\u540d\u524d\u89e3\u6c7a\u304c\u3067\u304d\u306a\u304b\u3063\u305f\u306e\u3067named.conf\u3092view\u53e5\u3067internal(\u5185\u5411\u304d)\u3068external(\u5916\u5411\u304d)\u306b\u5206\u3051\u3066\u8a18\u8ff0\u3002Windows\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3067ns1\u3092DNS\u306b\u3059\u308b\u3088\u3046\u8a2d\u5b9a\u3057\u307e\u3057\u305f\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33,17],"tags":[],"class_list":["post-7546","post","type-post","status-publish","format-standard","hentry","category-dns","category-linux"],"_links":{"self":[{"href":"https:\/\/www.stuffy.site\/computers\/wp-json\/wp\/v2\/posts\/7546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stuffy.site\/computers\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stuffy.site\/computers\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stuffy.site\/computers\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stuffy.site\/computers\/wp-json\/wp\/v2\/comments?post=7546"}],"version-history":[{"count":14,"href":"https:\/\/www.stuffy.site\/computers\/wp-json\/wp\/v2\/posts\/7546\/revisions"}],"predecessor-version":[{"id":10636,"href":"https:\/\/www.stuffy.site\/computers\/wp-json\/wp\/v2\/posts\/7546\/revisions\/10636"}],"wp:attachment":[{"href":"https:\/\/www.stuffy.site\/computers\/wp-json\/wp\/v2\/media?parent=7546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stuffy.site\/computers\/wp-json\/wp\/v2\/categories?post=7546"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stuffy.site\/computers\/wp-json\/wp\/v2\/tags?post=7546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}