Introducción
A continuación se muestra el contenido del conjunto de ficheros de configuración que necesita BIND9 para ofrecer las funciones de DNS local sobre una zona de dominios de primer nivel «.dev» y en una red local 192.168.1.0/24, suponiendo que la dirección IP del servidor DNS es 192.168.1.10.
Todos los ficheros se se sitúan en la ruta /etc/bind.
named.conf:
// This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";
named.conf.options:
options { // all relative paths use this directory as a base directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; // By not providing a forwarder, root servers are used. //forwarders { // 192.168.1.1; //}; //=====================================================================$ // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //=====================================================================$ dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 // To listen only on certain interfaces list them here: //listen-on { 127.0.0.1; 10.0.0.1/24; }; listen-on-v6 { any; }; listen-on { any; }; // This prevents bind from serving requests from IPs other than specified: allow-query-cache { 127.0.0.0/8; 192.168.1.0/24; }; // version statement changed for security (to avoid hacking known weaknesses) version "not currently available"; // This prevents bind from serving other than authoritative requests: // recursion no; // disables all zone transfer requests for performance as well as security reasons // allow-transfer { none; }; // The allow-transfer in each zone overrides this // dnssec-enable no; // zone not signed - yes by default since BIND 9.5 // minimal-responses yes; // optional - improved performance // additional-from-auth no; // optional - improved performance // additional-from-cache no; // optional - minimal performance change }; // ----------------------- Logging ----------------------- // log to /var/log/bind/bind9_info.log all events from info UP in severity (no debug) // uses 3 files in rotation swaps files when size reaches 250K // failure messages up to this point are in (syslog) /var/log/messages logging { channel custom_log { file "/var/log/bind/bind9_info.log" versions 3 size 250k; severity info; print-time yes; print-category yes; }; category default { custom_log; }; // Debugging logging settings // category "default" { "debug"; }; category "general" { "debug"; }; category "database" { "debug"; }; category "security" { "debug"; }; category "config" { "debug"; }; category "resolver" { "debug"; }; category "xfer-in" { "debug"; }; category "xfer-out" { "debug"; }; category "notify" { "debug"; }; category "client" { "debug"; }; category "unmatched" { "debug"; }; category "network" { "debug"; }; category "update" { "debug"; }; category "queries" { "debug"; }; category "dispatch" { "debug"; }; category "dnssec" { "debug"; }; category "lame-servers" { "debug"; }; channel "debug" { file "/var/log/bind/bind-dbg.log" versions 2 size 50m; print-time yes; print-category yes; }; };
named.conf.local:
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "dev" { type master; file "/etc/bind/db.dev"; // allow-transfer { 10.0.0.1; }; // Slave server for the domain allow-update { none; }; // Don't allow updates from other servers }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/db.1.168.192"; };
named.conf.default-zones:
// prime the server with knowledge of the root servers zone "." { // a hint type means that we've got to look elsewhere // for authoritative information type hint; file "/etc/bind/db.root"; // This file is maintained by InterNIC and made available at: // ftp://ftp.internic.net/domain/named.root }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { // a master type means that this server needn't look // anywhere else for information; the localhost buck // stops here. type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
db.dev:
; ; BIND data file for dev local TLD ; $ORIGIN dev. $TTL 604800 @ IN SOA ns.dev. root.localhost. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.dev. @ IN A 192.168.1.10 @ IN AAAA ::1 ns IN A 192.168.1.10 otro IN A 192.168.1.100
db.1.168.192:
;; db.1.168.192 - Reverse lookup zone for domain-name $TTL 2D @ IN SOA ns.dev. root.localhost. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.dev. 10 IN PTR ns.dev. ; The nameserver 192.168.1.10 100 IN PTR otro.dev.
Referencias:
http://blog.philippklaus.de/2011/04/get-your-own-dns-server-up-and-running-with-bind9-on-ubuntu-or-debian/
http://www.server-world.info/en/note?os=Debian_6.0&p=dns
http://www.cameratim.com/computing/linux/using-bind-as-a-local-dns-server
http://www.zytrax.com/books/dns/ch8/aaaa.html