Ȼ/11

Top / Ȼ / 11

DNS հλȤ

BIND ϤˡհλȤߤˤĤƤ⿨Ƥ.
¤ϡѼԤΤ褯ľȰۤʤꡤDNS εհ(IP ɥ쥹¾ξΤ)̤ʻȤߤѰդƤʤ.

IP ɥ쥹 FQDN Τ褦˳ع¤򤷤Ƥ뤳ȤѤơ
IP ɥ쥹ۥ̾ΰǤȤߤʤ DNS λȤߤʶޤ
Ȥǵհ¸Ƥ.

Ūˤϡ"in-addr.arpa." ȤհѤ̤ʥɥᥤβˡIP ɥ쥹ոˤƥۥ̾Ȥߤʤ DNS Ǽ갷.
warning.png ɥᥤΥĥ꡼¤ȡIP Υĥ꡼¤θֵաפʤȤդ.

㤨С192.168.125.91 Ȥ IP ɥ쥹ϡ91.125.168.192.in-addr.arpa. Ȥۥ̾ DNS Ͽ뤳Ȥˤʤ.

inverse-IPdomain.png
IP 192.168.125.91 Ǥޥεհѥɥᥤι¤


հǤϤμɬפʤΤdzФƤ.

dig ޥɤʤɤǡλȤߤ´Ƥߤ褦.
Ūˤϡ㤨Хޥ q01.cl.math.sci.osaka-u.ac.jp = 192.168.125.91 Ф

 host -t PTR 91.125.168.192.in-addr.arpa.

Ȥȡ

91.125.168.192.in-addr.arpa domain name pointer q01.cl.math.sci.osaka-u.ac.jp.

ȤơΤˤΰ֤äƤ뤳Ȥʬ.
(Τݤ餫ƤΥޥɤ IP ɥ쥹򤽤ΤޤľϤƤ⥳ޥ¦DzᤷľƤ)

Ʊͤˡdig ޥɤǤ⡤

 dig -t PTR 91.125.168.192.in-addr.arpa.

ȤФ褤nslookup ޥɤǤ⡤

 nslookup -q=PTR 91.125.168.192.in-addr.arpa.

ȤСηǤεհǤ.

warning.png Ǥϡ䤤碌פ쥳 "PTR" ˤƤ뤬 "ANY" ˤƤ褤.

notes.png ʬΥޥ IP ɥ쥹Ȥäơ host, dig, nslookup ޥɤԤʤʬΥޥ֤̾äƤ뤫ΤƤߤ褦.

DNS 䤤碌饤Ȥ

BINDˡDNS 䤤碌 FreeBSD ǤɤΤ褦ˤƤ뤫񤤤Ƥ.
FreeBSD Ǥ DNS 䤤碌ԤϴŪ /etc/resolv.conf Ȥե˽񤭹ळȤˤʤäƤ.
ܺ٤ man resolv.conf ⤷ jman resolv.conf Ȥƥޥ˥奢ɤǤ餦Ȥˤơ¤񤤤Ƥ.

ץ(ɤ1Ԥǽ񤫤)
nameservernameserver 192.168.125.14DNS (ƵŪ)䤤碌. դƤǤʤȤʤ. nameserver ץ 3ĤޤǻǤ夫˻.
domaindomain cl.math.sci.osaka-u.ac.jpɥᥤ̾. 񤤤ƤСɥᥤ˽°ۥȤ򸡺ݤ˺ǽ . ʹߤάǤ. search Ȥ¾Ū.
searchsearch math.sci.osaka-u.ac.jp sci.osaka-u.ac.jpκݡ䴰뤿˻ȤɥᥤΥꥹ. Ƕڤ. domain Ȥ¾Ū.

notes.png /etc/resolv.conf search ץꤷơѤƤߤ褦.
Ūˤϡ

search cl.math.sci.osaka-u.ac.jp math.sci.osaka-u.ac.jp sci.osaka-u.ac.jp

ȤԤ /etc/resolv.conf ˲ä塤
warning.png 1Ԥǽ񤯤!

host www

dig +search -t ANY mail

ʤɤȤƤߤ褦.
warning.png dig ޥɤϡǥեȤǤ search ץ̵뤹Τ, +search ȤƤ.

DNS Ф¿Ų

ơ DNS Фä˰ܤ.
ޤ DNS Ф¿ŲˤĤƽҤ٤Ƥ.

DNS Фϥ󥿡ͥåȤ˽פ̤ΤǤΤǡɥᥤƤ륵Ф 1椷ʤȤ֤Ϥޤˤ⿴٤򤱤٤Ǥ.
ǡDNS ФϴŪ2սʾ¿Ų뤳ȤˤʤäƤ.
warning.png ޤޤ dig DNS 򸫤ȤˡɤΥɥᥤôФʣäȤפФ.

ơ¿ŲݤΥǡ乹ˤĤƤ⡤ȤȤߤͤƤ.

ϡ1ĤΥ(1Ĥ DNS ǤϰϤȻפФ褤)ˤĤơΥꥸʥĥ ޥ 1ȡΥԡĥ 졼֥ 1ʾѰդ뤳ȡȤƼ¸.
ơꥸʥ󤬥ޥФ饹졼֥ФŪʤϹˤԡ뤳ȤǡʣΥФۤƱĻȤߤˤʤäƤ.
򥾡žȤ.ž DNS ФλŻʤΤǡʹ֤򲼤ɬפäˤʤ.

ʤDNS 䤤碌Ԥ饤Ȥ鸫ȥޥФ졼֥Фζ̤Ϥޤ̵ñˡ᤯ۡפʤɤ褦ˤʤäƤ.

DNS ФοƻҴط

ˡDNS ФοƻҴطˤĤƽҤ٤褦.
ơ DNS ФɽŪʾäƤΤޤȤߤΥݥȤǤΤǡä򤷤褦.

ޤDNS ŪǤꡤξ DNS ФⳬŪˤʤäƤ뤳ȤμȤ dig +trace ǤƤ.

ơǤϤγءƻҴط(Ƥ礭ʥɥᥤ򡤻ҤϤΥ֥ɥᥤƤ륵ФȤȤˤʤ)ϼºݤˤɤΤ褦˴Ƥ.

ϡֿƥФҥФ֥ɥᥤƤ뤳ȤΤäƤФ褤פȤѤƴƤ.
warning.png ҤϿƤľΤɬפϤʤ. ʤʤ־(롼ȥ13)餿ɤкѤΤ.

ŪˤϡƥФΤΥ(ɥᥤ)ˡҥФ륾(ɥᥤ)ȤλҥФб񤫤ƤФ褤.
warning.png 줬 DNS дΰ֤ΥݥȤ. 狼м¤Ϥʤ񤷤ʤ.

ʬפ褦˶ǽ񤳤.
㤨СƥФ aaa.com ɥᥤƤơҥ ns.sub.aaa.com(192.168.125.105) ֥ɥᥤ sub.aaa.com Ȥ褦.
λϡƥФ aaa.com

sub.aaa.com. IN NS ns.sub.aaa.com.

ns.sub.aaa.com. IN A 192.168.125.105

Ƚ񤯤Ȥˤʤ.
warning.png ܤξ󤬤˽񤤤Ƥ뤫¾DNSʤȡns.sub.aaa.com. ˥ǤʤΤǰ̣ʤ.

ơäդ˸С
ֿƥФҥФ֥ɥᥤƤ뤳ȤΤʤ= ֿƥФǾΤ褦򤷤Ƥʤ
ˤСΥ֥ɥᥤξϡֻҥФľ䤤碌ͤΤʤפΤǡޤǥ˥֥ɥᥤȤȤǽǤ.
ǤΤѤ륵֥ɥᥤʤɤϡƴȤ⤢.
󡤤ξϤΥ֥ɥᥤȤäƳ饢뤳ȤϤǤʤ.

BIND δ

BIND λŻϥ꥾(DNS䤤碌뤳)ʤɤ櫓ޤư˺¤ԤäƤߤ褦.
Ǥ⽼ʬ̣.

named.conf

/etc/namedb ( /var/named/etc/namedb )ʲˡBIND ȤեǤ named.conf .
񤭴СBIND ޤưѤ.
ʤߤˡnamed.conf ʸˡåѤ named-checkconf ȤޥɤΤdzФƤ.

ơȤ̵뤹ȡǥեȤǤϤΥեˤϼΤ褦ʹܤʤ.

options {

directory"/etc/namedb";

pid-file"/var/run/named/pid";

dump-file"/var/dump/named_dump.db";

statistics-file "/var/stats/named.stats";

listen-on{ 127.0.0.1; };

disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";

disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";

disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";

forwarders {

127.0.0.1;

};

};


zone "." { type hint; file "named.root"; };


zone "localhost" { type master; file "master/localhost-forward.db"; };

zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; };

zone "255.in-addr.arpa" { type master; file "master/empty.db"; };


zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; };


zone "0.in-addr.arpa" { type master; file "master/empty.db"; };


zone "10.in-addr.arpa" { type master; file "master/empty.db"; };

zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; };

zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; };

zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; };

Ļ褦꤬³Τά

ߤȤ褽ʬ褦ˡΥեñǡoptions zone 餤ܤϤʤ.
ºݤˤ¾ acl(¤򤫤), include(ե̤ɤ߹), server(¾ DNS ФȤ³)ʤɤǤ뤬, ޤϵˤʤƤ褤.

named.conf options

named.conf Խ, ĤΤ褦ˤޤϥХååפȤ.
warning.png ĤǤȤˤХååפ! ʤˤƤޤ.

ơoptions Ǥ BIND Ȥư륪ץꤹ롥
ǥեȤǽ񤫤ƤΤϤۤܤΤޤ޻ȤΤȤơۤȤɤʤǤ褤.

notes.png 줫鳧ΥФϳơ¾䤤碌ˤ DNS ФȤꤷ褦.
Τˤϡ¾Υޥ󤫤䤤碌̵뤷ʤ褦ѹ.

ǡʬȤ䤤碌֤ΤߡפĤƤǤ lisen-on ʬ

// listen-on { 127.0.0.1; };
, ȥȤ̵ˤƤ.

¾ options ˤ褯ȤʤΤȤƤϰʲΤΤΤǡƤ.

ơȥ
forwardforward only; ⤷ forward first;only ξ硤ʬǻäƤʤƿǤ(^-^) first ξϡޤͤǤơʤ鼫ʬǤʤȤ.
forwardersforwarders {192.168.125.xxx; 192.168.125.yyy;};forward
recursionrecursion yes; ⤷ recursion no;BIND ƵŪ䤤碌Ԥɤ. ԤʤϽ˥󶡼ԤȤʤ.
allow-queryallow-query { 192.168.125.xxx; 127.0.0.1; };䤤碌դۥ̾. ꤷʤ(ǥե)ɤǤդ.
allow-recursionallow-recursion { 192.168.125.xxx; 127.0.0.1; };ƵŪ䤤碌դۥ̾. ꤷʤ(ǥե)ɤǤդ.
allow-transferallow-transfer { 192.168.125.xxx; 127.0.0.1; };žդۥ̾. ꤷʤ(ǥե)ɤǤդ.̾ϴԥФȥ졼֥ФΤߤˤƤΤ褤Ȥ.

¾ˤ٤꤬Τạ̇̄ͤ (j)man named.conf Ȥƥޥ˥奢įƤߤ褦.

notes.png ơޤϡǤˤƤޤˤƤߤ褦.
named.conf options ʬտơƤˤʤ褦ˤƤ.

forward only;

forwarders { 192.168.125.14; };

warning.png named.conf ν񼰤ǤϡΡ֥ȥȡפȤƤΤǡ˰ϤޤƤ뤫ɤˤ褯Ĥ褦.
ȥȤƤȤ˲񤭤Ǥ⡤ȿǤʤ.

顤ǰΰ٤ named-checkconf ǥåƤ.

 named-checkconf

ʤСʸˡϤʤȤȤ. ¿Ƽؿʤ⤦.

named.conf zone

ޤnamed.conf ˤ zone Ȥܤ.
줬ּʬ륾(ɥᥤȻפäƤ褤)ˤĤƤξפꤹȤ.
ɤߤʬ褦ˡŪʾ named.conf ˤϤۤȤɽ񤫤Ƥ餺

file "named.root";

ʤɤȤ̥ե뤫ɤ߹褦ˤʤäƤ.

ơˤޤǤ named.conf Ǥ zone ˤĤ褦.
zone ܤϰ̤

zone "̾(ɥᥤ̾)" {

type Υ; ¿ŲФȤơʬ֥ꥸʥפʤΤ֥ԡפʤΤmaster, slave ʤɤȤƶ̤.

file ŪƤ񤤤Ƥե̾;

masters { ޥФ IPɥ쥹 }; 󥿥פ slave ξ

};

Ȥ򤷤Ƥ.

ʲ褦.

  1. ̾Ϥޤ狼.

  2. Υפϡ hint(롼ȥѤ̤ʤΤȻפäƤ褤. Τˤϡ־ǤĤޥǤ⥹졼֤Ǥʤ֡), master(ʬޥФǤ뤳Ȥ̣), slave(ʬ졼֥ФǤ뤳Ȥ̣) 3ȻפäƤФ褤.

  3. masters ϡʬ졼֥ФǤˡǡ򤯤ޥФꤹ뤿ˤ.

  4. file ϡʬޥФξϼʬǺꡤmaster ǥ쥯ȥβ֤.
    ʬ졼֥Фξ硤slave ǥ쥯ȥβ˥ԡƤΤǡե̾ˤƤ.

ơǥեȤ "file" ܤܤʬषƤߤȡäѤˤäơ֥롼ȥɥᥤסּʬȡסּʬȤεհס֤¾()Ȥʤ? ꤵƤ뤳Ȥ狼.
warning.png master/empty.db ե, ˻ȤֿץեΤ褦.

ĤޤꡤȤꤢǺ¤ư.
warning.png ǰǤ⡤롼ȥɥᥤξ󤵤Ф褤ȤϰٶȤ.

¤εưå

notes.png Ȥꤢ BIND Ϻ¤ưϤ. Ƥߤ褦.

ȤȤǡ/etc/resolv.conf nameserver ܤ

nameserver 127.0.0.1

Ƚ/etc/rc.conf

named_enable="YES"

Ŭڤʾ˽񤭹ǥ֡Ȥ褦*1.

ơưޤ

 ps -axuww | grep named

ȤƤߤ褦.

/usr/sbin/named -t /var/named -u bind

ȤΤФСϤҤȤޤޤäƤ.

ˡ

 dig www.osaka-u.ac.jp

ʤɤȤƤߤ. ΤȤ

; <<>> DiG 9.4.3-P2 <<>> www.osaka-u.ac.jp

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40833

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0


;; QUESTION SECTION:

;www.osaka-u.ac.jp. IN A


;; ANSWER SECTION:

www.osaka-u.ac.jp. 213263 IN A 133.1.8.5


;; Query time: 111 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Wed Jan 27 19:25:01 2010

;; MSG SIZE rcvd: 51

ʤɤȤʤꡤ127.0.0.1Ĥޤ꼫ʬȤ DNS ФȤ䤤碌Ȥ狼(ºݤΤʤ 192.168.125.14 ǤƤ櫓).
ǡʤȤ BIND ưǧǤȤˤʤ.

BIND ǥ

ơBIND ܼŪŻǤ롤(ɥᥤ)򤷤Ƥߤ褦.
ĤޤꡤʬΡֲפ˥ɥᥤΤ!

ǤϡƼΥޥǼºݤ˥֥ɥᥤä, 5椢֤Ȥ BIND ꤷƤߤ褦.
ޤơΥ֥ɥᥤϼΤ褦ʤΤȤ.

Ȼ/iii ͥåȥ PC ֹȤˡ

֥ɥᥤ̾subPCֹ.cl.math.sci.osaka-u.ac.jpե٥åȤ "sub" ֹˤĤ. ξ 0 ĤƤΤ. 㤨СPC ֹ椬 08 ξ硤sub08 Ǥ.
Ȥ IP192.168.125.105+(5*PCֹ) 192.168.125.109+(5*PCֹ) 5ĤɬפϤʤ.
졼֥ïƤͤȤǡοͤΥФȤ졼֥Фϲ椢äƤ褤Τǡ3͡4ͤȤǤʤ

Ȥ褦.

notes.png θκȤԤˡforward only 򳰤Ƥ.
Ūˤϡ/etc/namedb/named.conf forward only Ԥ֥ȡפơ̵ˤƤФ褤.

ޥФ - named.conf

notes.png Ǥϡ嵭˱äƺȤ褦.
㤨СPC ֹ椬 17 ΥޥǤ

zone"sub17.cl.math.sci.osaka-u.ac.jp"{

typemaster;

file"master/sub17.db";

};

Ȥ named.conf ˲äơzone "sub17.cl.math.sci.osaka-u.ac.jp" δʬ(ޥФȤ)Ԥ! .

󡤤ä

 named-checkconf

ȤߥʤåƤ.

ޥФ - ե

notes.png ˡοξ񤭤ॾեꡤꤷ褦.
ξȡmaster/sub17.db Ȥʤ.
ޤǤ empty.db 򥳥ԡƥե.
㤨С

 cd /etc/namedb/master
 cp empty.db sub17.db

Ȥ. 줫顤sub17.db ŬԽơǤ

$TTL3h

@SOAq17.cl.math.sci.osaka-u.ac.jp.root.q17.cl.math.sci.osaka-u.ac.jp.2010012901 1h 15m 1w 1h @ Ǹ 1h ޤ1Ԥǽ.

; Serial, Refresh, Retry, Expire, Neg. cache TTL

@NSq17.cl.math.sci.osaka-u.ac.jp.

test01A192.168.125.190

test02A192.168.125.191

test03A192.168.125.192

test04A192.168.125.193

test05A192.168.125.194

ʤɤȤ.
ʲƤ򾯤褦.

  1. SOA ιܤ SOA ʹߤϡξΡǤȤۥȤȡǤԤΥ᡼륢ɥ쥹ꥢͭ͡פǤ.
    ʤߤˡꥢͤϤΥեΡֿפ򼨤ͤǡ줬礭ʤȥե뤬줿ȤȤʤꡤͥåȥ˹줿ή뤳Ȥˤʤ.
    warning.png 顤եԽ, ɬ Serial ͤ䤷ƤʤȤʤ.

  2. NS ιܤϡξˤĤƤ䤤碌͡ॵ(ξϼʬ).
    warning.png NS A ʤɤǤʤȤޤ褦.
    warning.png NS FQDN ǽ񤯤ȤȤˤդ褦.

  3. A ¤ǤܤοΡִƤ׾󤽤Τ.

ơ zone եȤƤϤȤꤢưϤǤ.

ޤΤˤĤƤϡĤιܤΤäƤפ.

ƹԤν̾ 쥳̾ Ƚ񤫤뤳ȤˤʤäƤ
@named.conf ǻꤷΥ̾. sub17.cl.math.sci.osaka-u.ac.jp. Ȥʤ.
Ƭ̾άƤȤ@ Ȳᤵ. 顤@ NS q17.cl.math.sci.osaka-u.ac.jp. ιƬϾάƤ褤Ϥ.
.ǽäƤʤޥ̾.@

notes.png ơ zone եå褦.

 named-checkzone ̾  åե

ȤХåǤ. Ǥϡ

 named-checkzone sub17.cl.math.sci.osaka-u.ac.jp ./sub17.db

Ȥơ

zone sub17.cl.math.sci.osaka-u.ac.jp/IN: loaded serial 2010012901

OK

Τ褦 OK Ф褤.

ޤä顤BIND եɤľ褦. ˤ

 rndc reload

ȤФ褤.

ơưǧ褦. ޤʬΥޥǼʬ

 dig test01.sub17.cl.math.sci.osaka-u.ac.jp

ʤɤȤ

;; ANSWER SECTION:

test01.sub17.cl.math.sci.osaka-u.ac.jp. 10800 IN A 192.168.125.190


;; AUTHORITY SECTION:

sub17.cl.math.sci.osaka-u.ac.jp. 10800 IN NS q17.cl.math.sci.osaka-u.ac.jp.

Ф褤.
줫顤¾οͤ˸ꤤơ¾ΥޥǤƱ

 dig test01.sub17.cl.math.sci.osaka-u.ac.jp

ȤƤ餤Ʊͤ˷̤뤳Ȥǧ.

졼֥Ф

notes.png ˡ졼֥Ф򤷤Ƥߤ褦.
ϥޥϡ״ñǤĤޥȥ졼֤δط򤷤ƤʤȤǤʤΤǡ褯褯ͤ褦.

㤨Сsub16.cl.math.sci.osaka-u.ac.jp ɥᥤ(ޥФ q16.cl...) Υ졼֥Ф q17 Ȥ褦.
λ˹Ԥ󥫽Ǥ.

ޥ¦Υե˥졼֥Ф NS ȤƲä.

Ūˤϡ

@ NS q17.cl.math.sci.osaka-u.ac.jp.

򥵡 q16 Υե˲äƤǤ(쥳 A ˽񤤤Ƥ).

졼¦ named.conf ǥ졼֥򤹤

q17 named.conf

zone"sub16.cl.math.sci.osaka-u.ac.jp"{

typeslave;

masters{192.168.125.106;};q16Υɥ쥹

file"slave/sub16.db";

};

Ƚ񤭲äǤ. "slave/sub16.db" ȤեϾ˥ԡƤΤǺäꤤäꤷʤƤ褤(ȤäƤϤʤ).

notes.png ïȤǡ졼֥ޤǹԤäƤߤ褦.
ޤưǧԤäƤߤ褦.

Ūˤϡ/ưޤǤǤȻפä顤Ф餯Ԥä 졼֥¦ /etc/namedb/slave ǥ쥯ȥ򸫤Ƥߤ.
ۤɻꤷե뤬ǤƤ顤ޤϥž(եž)ޤԤäƤȤȤ.

줫顤Ǹ¾Υޥ󤫤

 dig -t NS sub16.cl.math.sci.osaka-u.ac.jp

ʤɤȤƤߤơsub16.cl.math.sci.osaka-u.ac.jp NS ȤơꤷʣΥФɽ뤳Ȥǧ.

ޤ졼֥Ф˼ºݤ˻Ż򤵤Ƥߤ.
Ūˤϡξ

 dig @q17.cl.math.sci.osaka-u.ac.jp test01.sub16.cl.math.sci.osaka-u.ac.jp

Ȥƥ졼֥Ф˥ԡƤߤơͻҤ򸫤Ƥߤ褦.

հ

ϼ¤ϡֿƥФλ/פ礭ѤäƤΤǤޤŪǤʤ ΤǤȤꤢάƤ

ݡ

ǡĴ٤פȻؼ줿ˤĤĴԤ𤻤.
NS, A 쥳ɤꤷʤäMX ꤷƤߤ.

ޤԤäȤˤĤ𤻤.
Ƽ

  1. °(ز)
  2. ֹ
  3. ǯ
  4. ̾
  5. οΥݡ(θȤˤĤƵŤ)

񤯤Τ˺ʤ褦.

about Icons

Some icons in this page are downloadable at ICONFINDER.
The "note" icon notes.png designed by Marco Martin is distributed with the LGPL licence
and the "warning" icon warning.png designed by Alexandre Moore with the GPL licence.
Thank you Marco and Alexandre!


*1 Τ named_flags ˤꤷʤȤʤäϥǥեȤ bind 桼 chroot ΤǡǤ褤.

źեե: fileinverse-IPdomain.png 832 [ܺ] filenotes.png 46 [ܺ] filewarning.png 710 [ܺ]