Installation der Pakete
# apt install bind9 bind9utils bind9-doc
Grundkonfiguration
Nur auf IPv4 anfragen antworten
# vi /etc/default/bind9
#
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -4"
Konfigurieren und erstellen des logfiles
# vi /etc/bind/named.conf.local
...
logging {
channel default_file {
file "/var/log/named.log" versions 2 size 5m;
severity info;
// severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_file; };
};
...
# touch /var/log/named.log
# chown bind /var/log/named.log
# vi /etc/apparmor.d/usr.sbin.named
...
/var/log/named/ rw,
/var/log/named.log w, <<< add line
# gssapi
...
# cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r
DNS-Konfiguration erstellen
# vi /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.1.1.1;
9.9.9.9;
1.0.0.1;
};
forward only;
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-enable yes;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
recursion yes;
allow-query { dnsclients; };
};
acl dnsclients {
192.168.10.0/24
localhost;
localnets;
};
zone "mhdom.eval" IN {
type forward;
forwarders {
192.168.10.10;
};
forward only;
};
zone "10.168.192.in-addr.arpa" IN {
type forward;
forward only;
forwarders { 192.168.10.10; };
};