В статье рассмотрена настройка двухгоризонтного DNS-сервера на основе Bind 9.20.xx.
named.conf
options {
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on-v6 { none; };
allow-query { any; };
allow-query-cache { any; };
listen-on { any; };
listen-on port 53 { any; };
forwarders { 1.1.1.1; 8.8.8.8; };
notify yes;
recursion no;
version "DNS server";
};
include "/usr/local/etc/namedb/log.conf"; # отдельный конфиг для логов. Будет приведён ниже
include "/usr/local/etc/namedb/rndc.key";
controls { inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; }; };
acl "internals" {127.0.0.1/32; 192.168.2.0/24; };
// Sites
view "internal" {
match-clients { "internals"; };
allow-transfer {192.168.2.6;};
recursion yes;
allow-recursion { "internals"; };
//Forward zones
zone "fbsd.site" in {
type master;
file "/usr/local/etc/namedb/primary/int.fbsd.site.zone";
};
//Reverse zone
zone "2.168.192.in-addr.arpa" in {
type primary;
file "/usr/local/etc/namedb/reverse/2.168.192.zone";
};
// Эта зона настраивается при установке DNS-сервера
zone "localhost" IN {
type primary;
file "/usr/local/etc/namedb/primary/localhost-forward.db";
allow-update { none; };
};
// Эта зона настраивается при установке DNS-сервера
zone "0.0.127.in-addr.arpa" IN {
type primary;
file "/usr/local/etc/namedb/primary/localhost-reverse.db";
allow-update { none; };
};
};
view "external" {
match-clients {"any"; };
allow-transfer { 146.185.239.4;};
//Forward zones
zone "fbsd.site" in {
type primary;
file "/usr/local/etc/namedb/primary/ext.fbsd.site.zone";
};
//Reverse zone. Её настраивает ваш хостер или провайдер, которому принадлежит внешний IP.
include "/usr/local/etc/namedb/zones.conf";
};log.conf
logging {
channel transfers {
file "/var/log/namedb/transfers.log" versions 2 size 3M;
print-time yes;
severity info;
};
channel notify {
file "/var/log/namedb/notify.log" versions 2 size 3M;
print-time yes;
severity info;
};
channel dnssec {
file "/var/log/namedb/dnssec.log" versions 2 size 3M;
print-time yes;
severity info;
};
channel query {
file "/var/log/namedb/query.log" versions 2 size 3M;
print-time yes;
severity info;
};
channel general {
file "/var/log/namedb/general.log" versions 2 size 3M;
print-time yes;
severity info;
};
category xfer-out { "transfers"; };
category xfer-in { "transfers"; };
category notify { "notify"; };
category lame-servers { "general"; };
category config { "general"; };
category default { "general"; };
category security { "general"; };
category dnssec { "dnssec"; };
};primary/int.fbsd.site.conf - файл зоны для внутренней сети компании
$TTL 3600
@ IN SOA ns01.fbsd.site. admin.fbsd.site. (
2024010101; Serial
3600; Refresh
900; Retry
3600000; Expire
3600 ); Minimum
; DNS servers
IN NS ns01.fbsd.site.
IN NS ns02.fbsd.site.
IN A 192.168.52.5
; Mail servers
IN MX 10 ns01.fbsd.site.
IN MX 20 ns02.fbsd.site.
; A records
ns01 IN A 192.168.2.5
ns02 IN A 192.168.2.6primary/ext.fbsd.site.conf - файл зоны для всего остального интернета
$TTL 3600
@ IN SOA ns01.fbsd.site. admin.fbsd.site. (
2024010101; Serial
3600; Refresh
900; Retry
3600000; Expire
3600 ); Minimum
; DNS servers
IN NS ns01.fbsd.site.
IN NS ns02.fbsd.site.
IN A 85.159.231.50
; Mail servers
IN MX 10 ns01.fbsd.site.
; IN MX 20 ns02.fbsd.site.
; A records
ns01 IN A 85.159.231.50
ns02 IN A 146.185.239.4