#contents();
2007年9月に pppoe router 機能をサーバーに集約したタイミングに合わせ、Fles.net へのマルチセッション接続のために無効化していた DNS 機能もサーバー上で動作させることにした。 このタイミングで DNS の設定を見直したので全面的に設定ファイルを更新した。 以前の設定については [[旧ページ>Cent_DNS]] を参照。
- 今回の設定は [[CentOSで自宅サーバー構築:http://centossrv.com/]] の設定内容を参考にしている。
*** 設定ファイル [#jf9df561]
- named の chroot 対応が導入されたため、設定ファイル(実体)の位置が /var/named/chroot の下に変更されている
- %%20070923 時点の /var/named/chroot の下のファイルアーカイブ -----> &ref(named_20070923.tgz);%%
- 20070926 時点の /var/named/chroot の下のファイルアーカイブ -----> &ref(named_20070926.tgz);
[root@spirit ~]# ls -l /etc/named.conf
lrwxrwxrwx 1 root named 33 8月 7 01:28 /etc/named.conf -> /var/named/chroot//etc/named.conf
[root@spirit ~]# ls -l /var/named/
合計 40
drwxr-x--- 6 root named 4096 9月 22 19:20 chroot
lrwxrwxrwx 1 root named 49 8月 7 01:28 gochiharu.org_inside -> /var/named/chroot//var/named/gochiharu.org_inside
lrwxrwxrwx 1 root named 45 9月 23 04:03 localdomain.zone -> /var/named/chroot//var/named/localdomain.zone
lrwxrwxrwx 1 root named 43 9月 23 04:03 localhost.zone -> /var/named/chroot//var/named/localhost.zone
lrwxrwxrwx 1 root named 44 9月 23 04:03 named.broadcast -> /var/named/chroot//var/named/named.broadcast
lrwxrwxrwx 1 root named 37 9月 23 04:03 named.ca -> /var/named/chroot//var/named/named.ca
lrwxrwxrwx 1 root named 44 9月 23 04:03 named.ip6.local -> /var/named/chroot//var/named/named.ip6.local
lrwxrwxrwx 1 root named 40 9月 23 04:03 named.local -> /var/named/chroot//var/named/named.local
lrwxrwxrwx 1 root named 39 9月 23 04:03 named.zero -> /var/named/chroot//var/named/named.zero
*** naamed.conf のゾーン設定 [#n3058f4f]
[root@spirit ~]# cat /etc/named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
# listen-on port 53 { 127.0.0.1; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; localnets; };
forwarders{
210.130.232.1;
210.130.1.1;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
include "/etc/named.hmuna.com.zone";
};
view "internal" {
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;
include "/etc/named.root.hints";
include "/etc/named.hmuna.com.zone";
};
view "external" {
match-clients { any; };
match-destinations { any; };
recursion no;
include "/etc/named.root.hints";
include "/etc/named.hmuna.com.zone.wan";
};
*** zone internal (内向き) のゾーン定義 <---- /etc/named.conf で読み込むファイル [#a3ca3c41]
- /etc/named.hmuna.com.zone
[root@spirit ~]# cat /var/named/chroot/etc/named.hmuna.com.zone
zone "hmuna.com" {
type master;
file "spirit.hmuna.com.db";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "1.168.192.in-addr.arpa.db";
};
*** zone internal (外向き) のゾーン定義 <---- /etc/named.conf で読み込むファイル [#f6202ed1]
- /etc/named.hmuna.com.zone.wan
[root@spirit ~]# cat /var/named/chroot/etc/named.hmuna.com.zone.wan
zone "hmuna.com" {
type master;
file "spirit.hmuna.com.db.wan";
allow-query { any; };
};
- /etc/named.hmuna.com.zone.wan (2ndery DNS 対応版)
[root@spirit ~]# cat /etc/named.hmuna.com.zone.wan
zone "hmuna.com" {
type master;
file "spirit.hmuna.com.db.wan";
allow-query { any; };
# use mihama.net as 2ndery DNS service
allow-transfer { 219.109.237.3; };
notify yes;
};
*** zone internal (内向き) の設定 [#f460a5b9]
- 正引き (/var/named/chroot/var/named/spirit.hmuna.com.db)
[root@spirit ~]# cat /var/named/chroot/var/named/spirit.hmuna.com.db
$TTL 86400
@ IN SOA spirit.hmuna.com. server_admin.hmuna.com.(
2007092306 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS spirit.hmuna.com. ; name server
IN MX 10 mail.hmuna.comi. ; primary mail server
@ IN A 192.168.1.22 ;
router IN A 192.168.1.1 ; SuperOPT G
wireless IN A 192.168.1.2 ; Linksys Wireless-G Access Point
landeboot IN A 192.168.1.5 ; Network Power controller
HP53033B IN A 192.168.1.6 ; HP C5180 All in one printer
backup IN A 192.168.1.11 ; PC backup
muna-home-win IN A 192.168.1.12 ; PC workstationi
charisma IN A 192.168.1.17 ; Linux development work station
spirit IN A 192.168.1.22 ; 2nd gen. server
DTV IN A 192.168.1.40 ; Toshiba DTV Z2000
HDD-Rec-1 IN A 192.168.1.41 ; HDD record vol_1
HDD-Rec-2 IN A 192.168.1.42 ; HDD record vol_2
RD-S600 IN A 192.168.1.43 ; Toshiba HDR RD-S600
AppleTV IN A 192.168.1.44 ; AppleTV
Avellink IN A 192.168.1.47 ; Avel Link Player
wiki IN CNAME spirit ; wiki server
www IN CNAME spirit ; apache server
mail IN CNAME spirit ; postfix mail server
ldap IN CNAME spirit ; ldap server
xoops IN CNAME spirit ; xoops server
- 逆引き (1.168.192.in-addr.arpa.db)
[root@spirit ~]# cat /var/named/chroot/var/named/1.168.192.in-addr.arpa.db
$TTL 86400
@ IN SOA spirit.hmuna.com. server_admin.hmuna.com.(
2007092303 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS spirit.hmuna.com.
1 IN PTR router.hmuna.com.
2 IN PTR wireless.hmuna.com.
5 IN PTR landeboot.hmuna.com.
6 IN PTR HP53033B.hmuna.com.
11 IN PTR backup.hmuna.com.
12 IN PTR muna-home-win.hmuna.com.
17 IN PTR charisma.hmuna.com.
22 IN PTR spirit.hmuna.com.
40 IN PTR DTV.hmuna.com.
41 IN PTR HDD-Rec-1.hmuna.com.
42 IN PTR HDD-Rec-2.hmuna.com.
43 IN PTR RD-S600.hmuna.com.
44 IN PTR AppleTV.hmuna.com.
47 IN PTR Avellink.hmuna.com.
*** zone external (外向き)の設定 [#v468dc70]
- 正引き[2ndery DNS 登録後] (/var/named/chroot/var/named/spirit.hmuna.com.db.wan)
[root@spirit ~]# cat /var/named/chroot/var/named/spirit.hmuna.com.db.wan
$TTL 86400
@ IN SOA ns1.hmuna.com. server_admin.hmuna.com.(
2007092601 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
86400 ) ; Minimum
IN NS ns1.hmuna.com.
IN NS ns.maihama-net.com.
IN MX 10 mail.hmuna.com.
@ IN A 210.138.152.229
spirit IN A 210.138.152.229 ; 2nd gen. server
mail IN A 210.138.152.229 ; postfix server
ns1 IN A 210.138.152.229 ; primary DNS server
wiki IN CNAME spirit ; wiki server
www IN CNAME spirit ; apache server
ldap IN CNAME spirit ; ldap server
landeboot IN CNAME spirit ; network power controll
xoops IN CNAME spirit ; xoops server
www.gochiharu.org IN CNAME spirit ; Virtual domain "gochiharu"
spirit.hmuna.com. IN TXT "v=spf1 a mx ~all"
- 逆引き <------ 外向きの逆引きデータは定義していない..... いいのかな?
*** 動作確認 [#x35ce771]
- 内向きの正引き
[root@spirit ~]# dig wiki.hmuna.com
; <<>> DiG 9.3.3rc2 <<>> wiki.hmuna.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53412
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;wiki.hmuna.com. IN A
;; ANSWER SECTION:
wiki.hmuna.com. 86400 IN CNAME spirit.hmuna.com.
spirit.hmuna.com. 86400 IN A 192.168.1.22
;; AUTHORITY SECTION:
hmuna.com. 86400 IN NS spirit.hmuna.com.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Sep 23 14:47:36 2007
;; MSG SIZE rcvd: 83
- 内向きの逆引き
[root@spirit ~]# dig -x 192.168.1.22
; <<>> DiG 9.3.3rc2 <<>> -x 192.168.1.22
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34214
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;22.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
22.1.168.192.in-addr.arpa. 86400 IN PTR spirit.hmuna.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS spirit.hmuna.com.
;; ADDITIONAL SECTION:
spirit.hmuna.com. 86400 IN A 192.168.1.22
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Sep 23 15:00:05 2007
;; MSG SIZE rcvd: 103
- 外向きの正引き
[root@spirit ~]# dig www.renesas.com
; <<>> DiG 9.3.3rc2 <<>> www.renesas.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28327
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 13, ADDITIONAL: 10
;; QUESTION SECTION:
;www.renesas.com. IN A
;; ANSWER SECTION:
www.renesas.com. 86400 IN CNAME www.renesas.com.edgesuite.net.
www.renesas.com.edgesuite.net. 21600 IN CNAME a899.b.akamai.net.
a899.b.akamai.net. 20 IN A 124.40.51.10
a899.b.akamai.net. 20 IN A 124.40.51.32
;; AUTHORITY SECTION:
. 100916 IN NS B.ROOT-SERVERS.net.
. 100916 IN NS C.ROOT-SERVERS.net.
. 100916 IN NS D.ROOT-SERVERS.net.
. 100916 IN NS E.ROOT-SERVERS.net.
. 100916 IN NS F.ROOT-SERVERS.net.
. 100916 IN NS G.ROOT-SERVERS.net.
. 100916 IN NS H.ROOT-SERVERS.net.
. 100916 IN NS I.ROOT-SERVERS.net.
. 100916 IN NS J.ROOT-SERVERS.net.
. 100916 IN NS K.ROOT-SERVERS.net.
. 100916 IN NS L.ROOT-SERVERS.net.
. 100916 IN NS M.ROOT-SERVERS.net.
. 100916 IN NS A.ROOT-SERVERS.net.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.net. 587322 IN A 198.41.0.4
B.ROOT-SERVERS.net. 587322 IN A 192.228.79.201
C.ROOT-SERVERS.net. 587322 IN A 192.33.4.12
D.ROOT-SERVERS.net. 587322 IN A 128.8.10.90
E.ROOT-SERVERS.net. 587322 IN A 192.203.230.10
F.ROOT-SERVERS.net. 587322 IN A 192.5.5.241
G.ROOT-SERVERS.net. 587322 IN A 192.112.36.4
H.ROOT-SERVERS.net. 587322 IN A 128.63.2.53
I.ROOT-SERVERS.net. 587322 IN A 192.36.148.17
J.ROOT-SERVERS.net. 584739 IN A 192.58.128.30
;; Query time: 183 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Sep 23 14:51:27 2007
;; MSG SIZE rcvd: 504
- 外向きの逆引き
-- Renesas の例
[root@spirit ~]# dig -x 124.40.51.10
; <<>> DiG 9.3.3rc2 <<>> -x 124.40.51.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41556
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;10.51.40.124.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
124.in-addr.arpa. 10800 IN SOA ns1.apnic.net. read-TXT-record-of-zone-first-dns-admin.apnic.net. 2007092218 7200 1800 604800 172800
;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Sep 23 14:53:42 2007
;; MSG SIZE rcvd: 132
-- yahoo の例
[root@spirit ~]# dig -x 124.83.167.212
; <<>> DiG 9.3.3rc2 <<>> -x 124.83.167.212
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53514
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
;; QUESTION SECTION:
;212.167.83.124.in-addr.arpa. IN PTR
;; ANSWER SECTION:
212.167.83.124.in-addr.arpa. 900 IN PTR f7.top.vip.ogk.yahoo.co.jp.
;; AUTHORITY SECTION:
. 100676 IN NS L.ROOT-SERVERS.NET.
. 100676 IN NS M.ROOT-SERVERS.NET.
. 100676 IN NS A.ROOT-SERVERS.NET.
. 100676 IN NS B.ROOT-SERVERS.NET.
. 100676 IN NS C.ROOT-SERVERS.NET.
. 100676 IN NS D.ROOT-SERVERS.NET.
. 100676 IN NS E.ROOT-SERVERS.NET.
. 100676 IN NS F.ROOT-SERVERS.NET.
. 100676 IN NS G.ROOT-SERVERS.NET.
. 100676 IN NS H.ROOT-SERVERS.NET.
. 100676 IN NS I.ROOT-SERVERS.NET.
. 100676 IN NS J.ROOT-SERVERS.NET.
. 100676 IN NS K.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 587082 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 587082 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 587082 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 587082 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 587082 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 587082 IN A 192.5.5.241
G.ROOT-SERVERS.NET. 587082 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 587082 IN A 128.63.2.53
I.ROOT-SERVERS.NET. 587082 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 584499 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 587082 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 587082 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 587082 IN A 202.12.27.33
*** 2ndery DNS [#sb3a2a1b]
- [[マイハマネット :http://www.maihama-net.com/login.html]]の無償DNSサービスを利用
-- user = %%munakata@hmuna.com%% public_mail@hmuna.com (20091122 変更すみ)
-- pass = ivpxhw4i
この度、サービスの安定化及び設備増強の為、新たにDNS Serverを
設置致しました。
これにより、お客様のDNS Server、マイハマネットのDNS Serverが
2台の計3台でDomainの運用が可能となります。また設置場所を地理的
に異なる場所とすることで、より安定してサービスが提供可能となり
ます。
ご利用のみなさまにはお手数をおかけ致しますが、設定追加をお願い
致します。
■Secondary DNS Server
[既設] ns1.maihama-net.com / 123.50.202.226 (国内設置)
[新設] ns2.maihama-net.com / 38.110.146.192 (米国設置) [追加]
■必要な設定追加
①ご利用のDomain Registrarに登録しているSecondary DNS
Serverの設定追加をお願い致します。
設定方法は、各Domain Registrarによって異なります。
②管理されているPrimary DNS Serverにて、新IPへのZone転送
許可をお願い致します。
Bindの場合には以下のように設定致します。
例)
zone "ドメイン名" IN {
type master;
file "ドメインファイル名";
allow-transfer {
123.50.202.226;
38.110.146.192; <--追加
};
};
よろしくお願い致します。
- 2ndery DNS の登録内容 (自動転送された内容 <---- 上記サイトの登録データの確認結果)
$ORIGIN .
$TTL 86400 ; 1 day
hmuna.com IN SOA ns1.hmuna.com. server_admin.hmuna.com. (
2007092601 ; serial
7200 ; refresh (2 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS ns.maihama-net.com.
NS ns1.hmuna.com.
A 210.138.152.229
MX 10 mail.hmuna.com.
$ORIGIN hmuna.com.
landeboot CNAME spirit
ldap CNAME spirit
mail A 210.138.152.229
www.gochiharu.org CNAME spirit
spirit A 210.138.152.229
TXT "v=spf1 a mx ~all"
wiki CNAME spirit
www CNAME spirit
xoops CNAME spirit
*** DNS 検証 [#z8144d13]
- [[DNS report:http://member.dnsstuff.com/pages/dnsreport.php]]
- [[DNS report 解説:http://wiki.poyo.jp/read/dns/dnsreport.com/dns_report/result]]
![[PukiWiki]](image/taikyoku.gif "[PukiWiki]")
