Bind 9 FUNKTIONIERDE Anleitung ???

[flugopa]

Hallo,

wer hat/kennt eine FUNKTIONIERDE Bind9 Anleitung/Beispiel ???
Habe nur eine Netz 192.168.1.0/28.

Toll wäre es, wenn Ihr noch ein link hättet für ein DHCP/DDNS.
(Ich meine Client bezieht IP und wird gleich im DNS registriert)

 

[supersucker]

http://wiki.ubuntuusers.de/DNS-Server_Bind

 

[flugopa]

http://wiki.ubuntuusers.de/DNS-Server_Bind

Hast Du es selbst probiert, oder nimmst Du an, daß es schon gehen wird?
Die Anleitung funktioniert bei mir nicht.

 

[supersucker]

Die Anleitung funktioniert bei mir nicht

Ja, mit der Eigeninitiave wird das sowieso nix werden.

Das Minimum an Informationen von dir wäre gewesen:

-> involvierte Distributionen zu nennen
-> bis zu welcher Stelle im Howto du gekommen bist und was du ggf. anders gemacht hast
-> was an welcher Stelle nicht geklappt hat mit exakter Fehlerbeschreibung und Konsolen-Output

Wenn du einen persönlichen Helfer willst, findet sich bestimmt jemand mit paypal-Account -> aber so geht's schon mal nicht!

 

[aspire_5652]

Ha, hast du ein Schwein. Hab ich grade eben gemacht unter SuSE 11.0. Wichtig ist nur, wenn man von Anfang an alles von Hand in den Konfigdateien einstellt, auch dabei bleibt. Ein späteres Bearbeiten mit yast kann fatale Folgen haben.

Vorab: Hier die Eckdaten meines DNS:
hostname: linux-server
ip: 192.168.1.100
lokales Netz: 192.168.1.0/24
Domain/Zone: heimnetz.zone

Und los gehts:

linux-server:~ # named -v
BIND 9.4.2-P1

Hier meine /etc/named.conf

# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9.  It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.

acl heimnetz {192.168.1.0/24;};

options {

        # The directory statement defines the name server's working directory

        directory "/var/lib/named";
        recursion yes;
        check-names master warn;

        # Write dump and statistics file to the log subdirectory.  The
        # pathenames are relative to the chroot jail.

        dump-file "/var/log/named_dump.db";
        statistics-file "/var/log/named.stats";

        # The forwarders record contains a list of servers to which queries
        # should be forwarded.  Enable this line and modify the IP address to
        # your provider's name server.  Up to three servers may be listed.

        forwarders { 192.168.1.1; 217.237.149.225; 194.25.2.129; };

        # Enable the next entry to prefer usage of the name server declared in
        # the forwarders section.

        #forward first;

        # The listen-on record contains a list of local network interfaces to
        # listen on.  Optionally the port can be specified.  Default is to
        # listen on all interfaces found on your system.  The default port is
        # 53.

        listen-on port 53 { 192.168.1.100; };

        # The listen-on-v6 record enables or disables listening on IPv6
        # interfaces.  Allowed values are 'any' and 'none' or a list of
        # addresses.

        listen-on-v6 { any; };

        # The next three statements may be needed if a firewall stands between
        # the local server and the internet.

        #query-source address * port 53;
        #transfer-source * port 53;
        #notify-source * port 53;

        # The allow-query record contains a list of networks or IP addresses
        # to accept and deny queries from. The default is to allow queries
        # from all hosts.

        #allow-query { 127.0.0.1; };
        allow-query { heimnetz; };

        # If notify is set to yes (default), notify messages are sent to other
        # name servers when the the zone data is changed.  Instead of setting
        # a global 'notify' statement in the 'options' section, a separate
        # 'notify' can be added to each zone definition.

        notify no;
};

# To configure named's logging remove the leading '#' characters of the
# following examples.
logging {
        # Log queries to a file limited to a size of 10 MB.
        channel query_logging {
                file "/var/log/named_querylog"
                        versions 3 size 10M;
                print-time yes;                 // timestamp log entries
        };
        category queries {
                query_logging;
        };

        # Or log this kind alternatively to syslog.
        channel syslog_queries {
                syslog user;
                severity info;
        };
        category queries { syslog_queries; };

        # Log general name server errors to syslog.
        channel syslog_errors {
                syslog user;
                severity error;
        };
        category default { syslog_errors;  };

        # Don't log lame server messages.
        category lame-servers { null; };
};

# The following zone definitions don't need any modification.  The first one
# is the definition of the root name servers.  The second one defines
# localhost while the third defines the reverse lookup for localhost.

zone "." in {
        type hint;
        file "root.hint";
};

zone "localhost" in {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "127.0.0.zone";
};

#Eigene Zone -> Forward Lookup, siehe /var/lib/named/master/heimnetz.zone
zone "heimnetz.zone" {
        type master;
        file "master/heimnetz.zone";
        #allow-transfer { any; };
};

#Eigene Zone -> Reverse Lookup, siehe /var/lib/named/master/192.168.1.zone
zone "1.168.192.in-addr.arpa" {
        type master;
        file "master/192.168.1.zone";
        #allow-transfer { any; };
};


# Include the meta include file generated by createNamedConfInclude.  This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named

include "/etc/named.conf.include";

# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.

Das musst du beachten, bzw anpassen:

listen-on port 53 { <IP-Adresse>; };

Damit die Anfragen nicht auf allen Devices entgegen genommen werden, muss hier die statische IP aus dem internen Netz des DNS eingetragen werden.

forwarders { <IP-Adresse>; };

Hier eignet sich den lokalen Gateway einzutragen, falls er auch als DNS fungiert, falls nicht schreibst du einfach 2-3 öffentliche DNS-Server rein. Siehe: http://www.stanar.de/


Das erstellen deiner eigenen Zone für dein lokales Netz

zone "heimnetz.zone"

In meinem Beispiel heißt die Zone künftig
heimnetz.zone

Jetzt brauchst du eine Zonen-Datenbank für den Forward-Lookup Zone (Auflösung Name -> IP).
Meine sieht so aus:

/var/lib/named/master/heimnetz.zone

$TTL 2D
@       IN      SOA     linux-server.heimnetz.zone.     root.linux-server.heimnetz.zone. (
                                        2008110301      ; Serial
                                        3D              ; Refresh
                                        1H              ; Retry
                                        1W              ; Expire
                                        2D )            ; minimum

@       IN      NS      linux-server.heimnetz.zone.

linux-server    IN      A       192.168.1.100

router          IN      A       192.168.1.1
acer-5652-wlmi  IN      A       192.168.1.32
ipod            IN      A       192.168.1.35
hp-deskjet-6980 IN      A       192.168.1.38

Wichtig ist die Leerzeile am Ende.

Dann eine Reverse-Lookupzone für die Auflösung IP -> Name:

/var/lib/named/master/192.168.1.zone

$TTL 1W
@       IN      SOA     linux-server.heimnetz.zone.   root.linux-server.heimnetz.zone. (
                        2008110301      ; serial (d. adams)
                        2D              ; refresh
                        4H              ; retry
                        6W              ; expiry
                        1W )            ; minimum

@       IN      NS      linux-server.heimnetz.zone.

100     IN      PTR     linux-server.heimnetz.zone.

1       IN      PTR     router.heimnetz.zone.
32      IN      PTR     acer-5652-wlmi.heimnetz.zone.
35      IN      PTR     ipod.heimnetz.zone.
38      IN      PTR     hp-deskjet-6980.heimnetz.zone.

Dann brauchst du eine aktuelle /var/lib/named/root.hint:
siehe ftp://ftp.internic.net/domain/named.root

Wichtig ist noch deine /etc/resolv.conf

nameserver 192.168.1.100
domain heimnetz.zone

Einfach die eigene IP des DNS, sowie die Domain eintragen

Wenn du erreichen willst, das sich Clients über DHCP am DNS mit Hostname und IP melden, musst du in der /etc/dhcpd.conf folgende Parameter setzen:

ddns-update-style ad-hoc;
ddns-updates on;

-> Das mit dem DHCP habe ich allerdings noch nicht probiert, also keine Garantie.
-----------------------------------

Und nun der Test:

linux-server:/var/lib/named # dig @192.168.1.100 linux-server.heimnetz.zone.

; <<>> DiG 9.4.2-P1 <<>> @192.168.1.100 linux-server.heimnetz.zone.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65053
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;linux-server.heimnetz.zone.    IN      A

;; ANSWER SECTION:
linux-server.heimnetz.zone. 172800 IN   A       192.168.1.100

;; AUTHORITY SECTION:
heimnetz.zone.          172800  IN      NS      linux-server.heimnetz.zone.

;; Query time: 4 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Wed Nov  5 06:48:23 2008
;; MSG SIZE  rcvd: 74

Test vom Client:

# nslookup 192.168.1.32
Server:         192.168.1.100
Address:        192.168.1.100#53

32.1.168.192.in-addr.arpa       name = acer-5652-wlmi.heimnetz.zone.

# nslookup acer-5652-wlmi.heimnetz.zone.
Server:         192.168.1.100
Address:        192.168.1.100#53

Name:   acer-5652-wlmi.heimnetz.zone
Address: 192.168.1.32

 

[flugopa]

Tausend Dank für die Anleitung.

Nun habe ich folgende Ausgabe:
Wer kann mir hier weiterhelfen?

07-Nov-2008 13:32:03.975 starting BIND 9.3.4-P1 -g
07-Nov-2008 13:32:03.975 found 1 CPU, using 1 worker thread
07-Nov-2008 13:32:03.979 loading configuration from '/etc/named.conf'
07-Nov-2008 13:32:03.980 listening on IPv4 interface eth0, 192.168.1.100#53
07-Nov-2008 13:32:03.984 command channel listening on 127.0.0.1#953
07-Nov-2008 13:32:03.984 command channel listening on ::1#953
07-Nov-2008 13:32:03.985 [B]ignoring config file logging statement due to -g option[/B]
07-Nov-2008 13:32:03.986 [B]127.0.0.zone:1: no current owner name[/B]
07-Nov-2008 13:32:03.986 zone 0.0.127.in-addr.arpa/IN: loading master file [B]127.0.0.zone: no owner[/B]
07-Nov-2008 13:32:03.987 zone 116.168.192.in-addr.arpa/IN: loaded serial 2008110301
07-Nov-2008 13:32:03.988 zone localhost/IN: loaded serial 42
07-Nov-2008 13:32:03.989 zone heimnetz.zone/IN: loaded serial 2008110301
07-Nov-2008 13:32:03.990 running
07-Nov-2008 13:32:24.096 shutting down
07-Nov-2008 13:32:24.096 stopping command channel on 127.0.0.1#953
07-Nov-2008 13:32:24.096 stopping command channel on ::1#953
07-Nov-2008 13:32:24.097 no longer listening on 192.168.1.100#53
07-Nov-2008 13:32:24.099 exiting

 

[aspire_5652]

Na funktioniert der BIND schon oder nicht?

Keine Ahnung, was er da mit der localhost-Zone hat. Wurde da was geändert? An der muss man eigtl nichts ändern. Meine sieht so aus:

/var/lib/named/127.0.0.zone

$TTL 1W
@               IN SOA          localhost.   root.localhost. (
                                42              ; serial (d. adams)
                                2D              ; refresh
                                4H              ; retry
                                6W              ; expiry
                                1W )            ; minimum

                IN NS           localhost.
1               IN PTR          localhost.

 

[flugopa]

Na funktioniert der BIND schon oder nicht?

Leider doch noch nicht richtig.

[root@PC1600 ~]# nslookup router
Server:         192.168.1.12
Address:        192.168.1.12#53

Name:   router.netzwerk.local
Address: 192.168.1.14

[root@PC1600 ~]# nslookup 192.168.1.14
Server:         192.168.1.12
Address:        192.168.1.12#53

** server can't find 14.1.168.192.in-addr.arpa: SERVFAIL

# Default: /var/named/chroot/etc/named.conf

#dnssec-keygen -a hmac-md5 -b 128 -n HOST schluessel
#Key: EXt6qWEIlEQBWuTPoqsUNg==

/*
key Kschluessel. {
   algorithm hmac-md5;
   secret "EXt6qWEIlEQBWuTPoqsUNg==";
};

server 192.168.1.12 {
  keys { Kschluessel. ;};
};
*/

acl internals { 192.168.1.0/28; 127.0.0.1; };

options {
   forwarders { 192.168.1.14;};
   allow-query { internals; };   
   allow-recursion { internals; };
   allow-transfer { none; };
#   default-port 53;
}; 


#controls {
#   inet * port 53 allow { internals; };
#    keys { "rndc-key" };
#};
                            

zone "netzwerk.local" IN {
   type master;
   file "netzwerk.local.db";     #Default-Standort: /var/named/chroot
   allow-transfer { none; };
   allow-query { internals; };   
   allow-update { internals; };
};

zone "1.168.192.in-addr.arpa" IN {
   type master;
   file "1.168.192.in-addr.arpa.rev";
   allow-transfer { none; };
   allow-query { internals; };   
   allow-update { internals; };
};

###
zone "localhost" IN {
	type master;
	file "localhost.db";
	allow-update { none; };
	notify no;
};

zone "0.0.127.in-addr.arpa" IN {
	type master;
	file "localhost.db.rev";
	allow-update { none; };
	notify no;
};

zone "255.in-addr.arpa" IN {
	type master;
	file "named.broadcast";
	allow-update { none; };
	notify no;
};

zone "0.in-addr.arpa" IN {
	type master;
	file "named.zero";
	allow-update { none; };
	notify no;
};

logging {
   channel default-log { file "named.log"; severity debug; print-severity yes; };
   category default    { default-log; };
   channel queries-log { file "queries.log"; severity info; };
   category queries    { queries-log; };
};

; Default: /var/named/chroot
$ORIGIN 1.168.192.in-addr.arpa.
$TTL 2D
@   SOA pc1600.netzwerk.local. root.netzwerk.local. (
    2006032201;
            8H;
            2H;
            1W;
            1H );

    IN  NS   pc1600.netzwerk.local.

10  IN  PTR  pc2400
11  IN  PTR  pc1000
12  IN  PTR  pc1600
13  IN  PTR  drucker
14  IN  PTR  router

[root@PC1600 ~]# uname -a
Linux PC1600.netzwerk.local 2.6.18-92.1.17.el5 #1 SMP Tue Nov 4 13:45:01 EST 2008 i686 i686 i386 GNU/Linux
[root@PC1600 ~]# named -g
08-Nov-2008 14:56:51.915 starting BIND 9.3.4-P1 -g
08-Nov-2008 14:56:51.916 found 2 CPUs, using 2 worker threads
08-Nov-2008 14:56:51.918 loading configuration from '/etc/named.conf'
08-Nov-2008 14:56:51.919 listening on IPv4 interface lo, 127.0.0.1#53
08-Nov-2008 14:56:51.920 binding TCP socket: address in use
08-Nov-2008 14:56:51.920 listening on IPv4 interface eth0, 192.168.1.12#53
08-Nov-2008 14:56:51.920 binding TCP socket: address in use
08-Nov-2008 14:56:51.920 zone 'netzwerk.local' allows updates by IP address, which is insecure
08-Nov-2008 14:56:51.920 zone '1.168.192.in-addr.arpa' allows updates by IP address, which is insecure
08-Nov-2008 14:56:51.921 couldn't add command channel 127.0.0.1#953: address in use
08-Nov-2008 14:56:51.922 couldn't add command channel ::1#953: address not available
08-Nov-2008 14:56:51.922 ignoring config file logging statement due to -g option
08-Nov-2008 14:56:51.922 couldn't open pid file '/var/run/named/named.pid': Permission denied
08-Nov-2008 14:56:51.922 exiting (due to early fatal error)

Auszug aus messages

2008-11-08T14:36:08.504974+01:00 PC1600 named[18048]: isc_log_open 'queries.log' failed: permission denied
2008-11-08T14:36:01.557727+01:00 PC1600 named[18048]: isc_log_open 'named.log' failed: permission denied
2008-11-08T14:36:01.557714+01:00 PC1600 named[18048]: logging channel 'queries-log' file 'queries.log': permission denied
2008-11-08T14:36:01.557612+01:00 PC1600 named[18048]: logging channel 'default-log' file 'named.log': permission denied
2008-11-08T14:36:01.557529+01:00 PC1600 named[18048]: couldn't add command channel ::1#953: address not available
2008-11-08T14:36:01.557390+01:00 PC1600 named[18048]: command channel listening on 127.0.0.1#953
2008-11-08T14:36:01.556161+01:00 PC1600 named[18048]: zone '1.168.192.in-addr.arpa' allows updates by IP address, which is ins
ecure
2008-11-08T14:36:01.556071+01:00 PC1600 named[18048]: zone 'netzwerk.local' allows updates by IP address, which is insecure
2008-11-08T14:36:01.555734+01:00 PC1600 named[18048]: listening on IPv4 interface eth0, 192.168.1.12#53
2008-11-08T14:36:01.555435+01:00 PC1600 named[18048]: listening on IPv4 interface lo, 127.0.0.1#53
2008-11-08T14:36:01.554332+01:00 PC1600 named[18048]: loading configuration from '/etc/named.conf'
2008-11-08T14:36:01.551571+01:00 PC1600 named[18048]: found 2 CPUs, using 2 worker threads
2008-11-08T14:36:01.551442+01:00 PC1600 named[18048]: starting BIND 9.3.4-P1 -u named -t /var/named/chroot
2008-11-08T14:34:46.664758+01:00 PC1600 named: zone 0.in-addr.arpa/IN: loaded serial 42
2008-11-08T14:34:46.664726+01:00 PC1600 named: zone 255.in-addr.arpa/IN: loaded serial 42
2008-11-08T14:34:46.664694+01:00 PC1600 named: zone 0.0.127.in-addr.arpa/IN: loaded serial 42
2008-11-08T14:34:46.664662+01:00 PC1600 named: zone localhost/IN: loaded serial 42
2008-11-08T14:34:46.664631+01:00 PC1600 named: _default/1.168.192.in-addr.arpa/IN: unknown class/type
2008-11-08T14:34:46.664598+01:00 PC1600 named: zone 1.168.192.in-addr.arpa/IN: loading master file 1.168.192.in-addr.arpa.rev:
 unknown class/type

Wer kann mir mein Fehler zeigen?

 

[flugopa]

Gelöst

Leider doch noch nicht richtig.

[root@PC1600 ~]# nslookup router
Server:         192.168.1.12
Address:        192.168.1.12#53

Name:   router.netzwerk.local
Address: 192.168.1.14

[root@PC1600 ~]# nslookup 192.168.1.14
Server:         192.168.1.12
Address:        192.168.1.12#53

** server can't find 14.1.168.192.in-addr.arpa: SERVFAIL

Lösung: chown named:named auf die arpa-Datei.

[root@PC1600 chroot]# ns 192.168.1.14
Server:         192.168.1.12
Address:        192.168.1.12#53

14.1.168.192.in-addr.arpa       name = router.1.168.192.in-addr.arpa.