User Tools

Site Tools


Sidebar

documentation:systemes:services:dns:configuration

Configuration

J'ai choisi de scinder ma configuration en plusieurs fichiers afin de rendre l'ensemble plus lisible.

Tous les fichiers de conf sont dans /etc/bind/ .

Dans un premier temps nous allons supprimer tous les fichiers de ce dossier (sauf le rndc.key).

Le premier fichier à créer et le fichier named.conf

options {
	directory "/etc/bind";
	allow-query { any; };
	allow-recursion { localhost; };
	recursion no;
	version "DNS";
	auth-nxdomain no;    # conform to RFC1035
	listen-on { 127.0.0.1; 88.191.133.161; };
	statistics-interval 3600;
	zone-statistics yes;
	statistics-file "/var/log/bind/stats.log";
};

include "logging.conf";

include "acl.conf";

include "view.conf";

Le second fichier est le fichier qui contiendra la déclaration des nos logs :

logging {
        channel "querylog" {
                file "/var/log/bind/querylog" versions 5 size 100m;
                print-time yes;
        };

        category queries { querylog; };

        channel security_channel {
                file "/var/log/bind/security.log" versions 4 size 10m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };

        channel default_channel {
                file "/var/log/bind/default.log" versions 4 size 10m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };

        channel xfer-in_channel {
                file "/var/log/bind/xfer-in.log" versions 4 size 10m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };

        channel xfer-out_channel {
                file "/var/log/bind/xfer-out.log" versions 4 size 10m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };

        channel update_channel {
                file "/var/log/bind/update.log" versions 4 size 10m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };

        channel notify_channel {
                file "/var/log/bind/notify.log" versions 4 size 10m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };

        category security { security_channel; };
        category default { default_channel; };
        category xfer-in { xfer-in_channel; };
        category xfer-out { xfer-out_channel; };
        category notify { notify_channel; };
        category update { update_channel; };
        category lame-servers { null; };
        category delegation-only { "null" ; };
};

Puis nos ACL afin de pouvoir renvoyer sur des IPs différents en fonction de notre IP (public, lan, dmz…) :

acl "dns_lan" {
        192.168.1.0/24;
        127.0.0.1;
};

acl "dmz" {
        10.0.0.0/24;
};

Nous ne définissons pas la zone public.

Le dernier fichier à créer et le fichier view.conf

view "lan" {
        match-clients   { dns_lan; };
        recursion       yes;
        include         "/etc/bind/internal.conf";
};

view "lan" {
        match-clients   { dns_dmz; };
        recursion       yes;
        include         "/etc/bind/dmz.conf";
};

view "external" {
        match-clients   { any; };
        recursion       yes;
        include         "/etc/bind/external.conf";
};

Un exemple de fichier pour external.conf :

zone "mousur.org" {
        type master;
        file "/etc/bind/external/ext_db.mousur.org";
	also-notify {
		127.0.0.1;
		217.70.184.40;
		88.191.139.123;
		88.190.23.55;
	};
	allow-transfer {
		127.0.0.1;
		217.70.184.40;
		88.191.139.123;
		88.190.23.55;
	};
};

zone "dbsys.fr" {
	type master;
	file "/etc/bind/external/ext_db.dbsys.fr";
	notify yes;
	also-notify {
		127.0.0.1;
		88.191.139.123;
		88.190.23.55;
	};
	allow-transfer {
		127.0.0.1;
		88.191.56.45;
		88.190.23.55;
	};
};

Et pour finir le fichier pour la zone mousur.org :

;
; BIND data file for mousur.org
;
$TTL    604800
@       IN      SOA     sd-24432.dedibox.fr. sd-29768.dedibox.fr. (
                        2011051001      ; Serial
                           3600        ; Refresh
                           1200         ; Retry
                         644800         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      sd-24432.dedibox.fr.
@	IN 	NS 	sd-29768.dedibox.fr.

@       IN      MX      10      mail
@	IN 	MX 	20 	mx0.openics.org.
mail 	IN 	A 	88.191.133.161

* 	IN 	CNAME 	hvala
pyros 	IN 	A 	88.191.56.45
hvala 	IN 	A 	88.191.133.161
dali 	IN 	CNAME 	mousur.ath.cx.

darxnake 		IN 	CNAME 	pyros
tyrans 			IN 	CNAME 	pyros
skurlat 		IN 	CNAME 	pyros
sondage 		IN 	CNAME 	dali
openvpn 		IN 	CNAME 	dali
sport 			IN 	CNAME 	dali
documentation/systemes/services/dns/configuration.txt · Last modified: 2017/07/14 19:45 (external edit)