$ sudo dnf install bind bind-utils
$ sudo systemctl enable named.service
パッケージインストール
$ sudo dnf install bind-chroot
chroot環境を有効化
$ sudo /usr/libexec/setup-named-chroot.sh /var/named/chroot on
サービス自動起動設定
$ sudo systemctl enable named-chroot.service
サービス起動
$ sudo systemctl start named-chroot.service
$ sudo cp /etc/named.conf /etc/named.conf.org
$ sudo vi /etc/named.conf
$ sudo diff /etc/named.conf.org /etc/named.conf 11,12c11,12 < listen-on port 53 { 127.0.0.1; }; < listen-on-v6 port 53 { ::1; }; --- > listen-on port 53 { 127.0.0.1; 192.168.1.12; }; > #listen-on-v6 port 53 { ::1; }; 17c17,23 < allow-query { localhost; }; --- > allow-query { localhost; 192.168.1.0/24; }; > > forward only; > forwarders { > 129.250.35.250; > 8.8.8.8; > }; 56a63,78 > > zone "fireball.local" IN { > type master; > file "fireball.local.zone"; > allow-update { > 192.168.1.0/24; > }; > }; > > zone "1.168.192.in-addr.arpa" IN { > type master; > file "1.168.192.in-addr.arpa.rev"; > allow-update { > 192.168.1.0/24; > }; > };
正引きファイルを新規作成。
$ sudo vi /var/named/fireball.local.zone
$TTL 86400 ; 1 day @ IN SOA blue-dc.fireball.local. root.blue-dc.fireball.local. ( 2013101001 ; serial 3H ; refresh (3 hours) 1H ; retry (1 hour) 1W ; expire (1 week) 1H ; minimum (1 hour) ) IN NS blue-dc.fireball.local. @ IN A 192.168.1.80 blue-dc IN A 192.168.1.10 blue-sv IN A 192.168.1.20 blue-sv1 IN A 192.168.1.21 blue-sv2 IN A 192.168.1.22 www IN A 192.168.1.80
逆引きファイルを新規作成。
$ sudo vi /var/named/1.168.192.in-addr.arpa.rev
$TTL 86400 ; 1 day @ IN SOA blue-dc.fireball.local. root.blue-dc.fireball.local. ( 2013101001 ; serial 3H ; refresh (3 hours) 1H ; retry (1 hour) 1W ; expire (1 week) 1H ; minimum (1 hour) ) IN NS blue-dc.fireball.local. 10 IN PTR blue-dc.fireball.local. 20 IN PTR blue-sv.fireball.local. 21 IN PTR blue-sv1.fireball.local. 22 IN PTR blue-sv2.fireball.local. 80 IN PTR www.fireball.local.
bind設定ファイルのチェック
$ sudo named-checkconf /etc/named.conf
正引きゾーンのチェック
$ sudo named-checkzone fireball.local /var/named/fireball.local.zone zone fireball.local/IN: loaded serial 2013101001 OK
逆引きゾーンのチェック
$ sudo named-checkzone 1.168.192.in-addr.arpa /var/named/1.168.192.in-addr.arpa.rev zone 1.168.192.in-addr.arpa/IN: loaded serial 2013101001 OK
$ sudo firewall-cmd --permanent --add-service=dns $ sudo firewall-cmd --reload
$ sudo systemctl start named.service