Ubuntu Server Guide Changes, errors and bugs
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
- Bu sahifa navigatsiya:
- Secondary Server
Reverse Zone File
Now that the zone is setup and resolving names to IP Addresses, a Reverse zone needs to be added to allows DNS to resolve an address to a name. Edit /etc/bind/named.conf.local and add the following: zone ” 1 . 1 6 8 . 1 9 2 . in−addr . arpa ” { type master ; f i l e ”/ e t c / bind /db . 1 9 2 ” ; } ; Note Replace 1.168.192 with the first three octets of whatever network you are using. Also, name the zone file /etc/bind/db.192 appropriately. It should match the first octet of your network. Now create the /etc/bind/db.192 file: sudo cp / e t c / bind /db . 1 2 7 / e t c / bind /db . 1 9 2 Next edit /etc/bind/db.192 changing the same options as /etc/bind/db.example.com: ; ; BIND r e v e r s e data f i l e f o r l o c a l 1 9 2 . 1 6 8 . 1 .XXX n e t ; $TTL 604800 @ IN SOA ns . example . com . r o o t . example . com . ( 2 ; S e r i a l 604800 ; R e f r e s h 86400 ; Retry 2419200 ; E x p i r e 604800 ) ; N e g a t i v e Cache TTL 155 ; @ IN NS ns . 10 IN PTR ns . example . com . The Serial Number in the Reverse zone needs to be incremented on each change as well. For each A record you configure in /etc/bind/db.example.com, that is for a different address, you need to create a PTR record in /etc/bind/db.192. After creating the reverse zone file restart BIND9: sudo s y s t e m c t l r e s t a r t bind9 . s e r v i c e Secondary Server Once a Primary Server has been configured a Secondary Server is highly recommended in order to maintain the availability of the domain should the Primary become unavailable. First, on the Primary server, the zone transfer needs to be allowed. Add the allow−transfer option to the example Forward and Reverse zone definitions in /etc/bind/named.conf.local: zone ” example . com” { type master ; f i l e ”/ e t c / bind /db . example . com ” ; a l l o w −t r a n s f e r { 1 9 2 . 1 6 8 . 1 . 1 1 ; } ; } ; zone ” 1 . 1 6 8 . 1 9 2 . in−addr . arpa ” { type master ; f i l e ”/ e t c / bind /db . 1 9 2 ” ; a l l o w −t r a n s f e r { 1 9 2 . 1 6 8 . 1 . 1 1 ; } ; } ; Note Replace 192.168.1.11 with the IP Address of your Secondary nameserver. Restart BIND9 on the Primary server: sudo s y s t e m c t l r e s t a r t bind9 . s e r v i c e Next, on the Secondary server, install the bind9 package the same way as on the Primary. Then edit the /etc/bind/named.conf.local and add the following declarations for the Forward and Reverse zones: zone ” example . com” { type s l a v e ; f i l e ”db . example . com ” ; m a s t e r s { 1 9 2 . 1 6 8 . 1 . 1 0 ; } ; } ; zone ” 1 . 1 6 8 . 1 9 2 . in−addr . arpa ” { type s l a v e ; f i l e ”db . 1 9 2 ” ; m a s t e r s { 1 9 2 . 1 6 8 . 1 . 1 0 ; } ; } ; Note Replace 192.168.1.10 with the IP Address of your Primary nameserver. 156 Restart BIND9 on the Secondary server: sudo s y s t e m c t l r e s t a r t bind9 . s e r v i c e In /var/log/syslog you should see something similar to the following (some lines have been split to fit the format of this document): c l i e n t 1 9 2 . 1 6 8 . 1 . 1 0 # 3 9 4 4 8 : r e c e i v e d n o t i f y f o r zone ’ 1 . 1 6 8 . 1 9 2 . in−addr . arpa ’ zone 1 . 1 6 8 . 1 9 2 . in−addr . arpa /IN : T r a n s f e r s t a r t e d . t r a n s f e r o f ’ 1 0 0 . 1 8 . 1 7 2 . in−addr . arpa /IN ’ from 1 9 2 . 1 6 8 . 1 . 1 0 # 5 3 : c o n n e c t e d u s i n g 1 9 2 . 1 6 8 . 1 . 1 1 # 3 7 5 3 1 zone 1 . 1 6 8 . 1 9 2 . in−addr . arpa /IN : t r a n s f e r r e d s e r i a l 5 t r a n s f e r o f ’ 1 0 0 . 1 8 . 1 7 2 . in−addr . arpa /IN ’ from 1 9 2 . 1 6 8 . 1 . 1 0 # 5 3 : T r a n s f e r completed : 1 messages , 6 r e c o r d s , 212 bytes , 0 . 0 0 2 s e c s ( 1 0 6 0 0 0 b y t e s / s e c ) zone 1 . 1 6 8 . 1 9 2 . in−addr . arpa /IN : s e n d i n g n o t i f i e s ( s e r i a l 5 ) c l i e n t 1 9 2 . 1 6 8 . 1 . 1 0 # 2 0 3 2 9 : r e c e i v e d n o t i f y f o r zone ’ example . com ’ zone example . com/IN : T r a n s f e r s t a r t e d . t r a n s f e r o f ’ example . com/IN ’ from 1 9 2 . 1 6 8 . 1 . 1 0 # 5 3 : c o n n e c t e d u s i n g 1 9 2 . 1 6 8 . 1 . 1 1 # 3 8 5 7 7 zone example . com/IN : t r a n s f e r r e d s e r i a l 5 t r a n s f e r o f ’ example . com/IN ’ from 1 9 2 . 1 6 8 . 1 . 1 0 # 5 3 : T r a n s f e r completed : 1 messages , 8 r e c o r d s , 225 bytes , 0 . 0 0 2 s e c s ( 1 1 2 5 0 0 b y t e s / s e c ) Note Note: A zone is only transferred if the Serial Number on the Primary is larger than the one on the Secondary. If you want to have your Primary DNS notifying other Secondary DNS Servers of zone changes, you can add also−notify { ipaddress; }; to /etc/bind/named.conf.local as shown in the example below: zone ” example . com” { type master ; f i l e ”/ e t c / bind /db . example . com ” ; a l l o w −t r a n s f e r { 1 9 2 . 1 6 8 . 1 . 1 1 ; } ; a l s o −n o t i f y { 1 9 2 . 1 6 8 . 1 . 1 1 ; } ; } ; zone ” 1 . 1 6 8 . 1 9 2 . in−addr . arpa ” { type master ; f i l e ”/ e t c / bind /db . 1 9 2 ” ; a l l o w −t r a n s f e r { 1 9 2 . 1 6 8 . 1 . 1 1 ; } ; a l s o −n o t i f y { 1 9 2 . 1 6 8 . 1 . 1 1 ; } ; } ; Note The default directory for non-authoritative zone files is /var/cache/bind/. This directory is also configured in AppArmor to allow the named daemon to write to it. For more information on AppArmor see Security - AppArmor. Download 1.27 Mb. Do'stlaringiz bilan baham: |
Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling
ma'muriyatiga murojaat qiling