Bind9 als Caching/Forwarding DNS Server

von ·

Heute möchte ich euch zeigen wie ihr Bind9 als Caching/Forwarding Server einrichten könnt.

1. – Was brauchen wir?

Wir brauchen nur das Packet „Bind9″

[otw_shortcode_info_box border_type=“bordered“ border_style=“bordered“ rounded_corners=“rounded-3″]apt-get install bind9[/otw_shortcode_info_box]

2. – Konfiguration: Caching

Im Verzreichnis /etc/bind/ müssen wir die Datei named.conf.options bearbeiten.

[otw_shortcode_info_box border_type=“bordered“ border_style=“bordered“ rounded_corners=“rounded-3″]options {
directory „/var/cache/bind“;

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0’s placeholder.

// forwarders {
// 0.0.0.0; // };

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys //========================================================================

dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; }; }; [/otw_shortcode_info_box]

zu

[otw_shortcode_info_box border_type=“bordered“ border_style=“bordered“ rounded_corners=“rounded-3″]acl erlaubt {
IPs.der.erlaubten.clients/Subnet # z.B. 192.168.1.1/24
localhost;
localnets;
};

options {
directory „/var/cache/bind“;

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0’s placeholder.

// forwarders {
// 0.0.0.0; // };

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys //========================================================================

dnssec-validation auto;
allow-query { erlaubt; };
recursion yes;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; }; };[/otw_shortcode_info_box]

2. – Konfiguration: Forwarding

Im Verzreichnis /etc/bind/ müssen wir wieder die Datei named.conf.options bearbeiten.

…siehe „2. – Konfiguration: Caching“…

[otw_shortcode_info_box border_type=“bordered“ border_style=“bordered“ rounded_corners=“rounded-3″]
acl erlaubt {
IPs.der.erlaubten.clients/Subnet # z.B. 192.168.1.1/24
localhost;
localnets;
};

options {
directory „/var/cache/bind“;

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0’s placeholder.

forwarders {
 8.8.8.8; # Google DNS 1
 8.8.4.4; # Google DNS 2

// 37.114.62.66 # craftsmany DNS
 };
forward only;

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
allow-query { erlaubt; };

listen-on-v6 { any; };
};
[/otw_shortcode_info_box]

3. – Konfiguration Testen

[otw_shortcode_info_box border_type=“bordered“ border_style=“bordered“ rounded_corners=“rounded-3″]named-checkconf[/otw_shortcode_info_box]

Wenn nichts zurück kommt habt ihr alles richtig gemacht.

Jetzt müssen wir nur noch Bind9 Neustarten

[otw_shortcode_info_box border_type=“bordered“ border_style=“bordered“ rounded_corners=“rounded-3″]/etc/init.d/bind9 restart[/otw_shortcode_info_box]

 

So das war’s mit dem Tutorial, viel Spaß mit Bind9! 😀

Das könnte Sie auch interessieren …

Schreiben Sie einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert