■FreeBSD 10.1RC4にbind9をインストールしてみた。 $ pkg search bind9 bind910-9.10.1 bind99-9.9.6 $ su root -c 'pkg install -y bind910' ■「rndc.conf」の設定 $ sudo rndc-confgen -a wrote key file "/usr/local/etc/namedb/rndc.key" $ sudo cat /usr/local/etc/namedb/rndc.key | \ sudo tee /usr/local/etc/namedb/rndc.conf | \ sed s/"secret \".*\";"/'secret "xxxxxxxxxxxxxxxxxxx";'/ key "rndc-key" { algorithm hmac-md5; secret "xxxxxxxxxxxxxxxxxxx"; }; $ echo -e "options { \tdefault-key \"rndc-key\"; \tdefault-server 120.0.0.1; \tdefault-port 953; }; Server 127.0.0.1 { \tkey \"rndc-key\"; };" | sudo tee -a /usr/local/etc/namedb/rndc.conf options { default-key "rndc-key"; default-server 120.0.0.1; default-port 953; }; Server 127.0.0.1 { key "rndc-key" }; $ sudo chmod 400 /usr/local/etc/namedb/rndc.conf ■「named.conf」の設定 $ pkg info -l bind910 | grep named.conf /usr/local/etc/namedb/named.conf.sample /usr/local/man/man5/named.conf.5.gz $ sudo cp /usr/local/etc/namedb/rndc.key /usr/local/etc/namedb/named.conf $ echo -e "controls { \tinet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { \"rndc-key\"; }; }; options { \tversion\t\t\"Unknown\"; \tdirectory\t\"/usr/local/etc/namedb\"; \tpid-file\t\"/var/run/named/named.pid\"; \tdump-file\t\"/var/dump/named_dump.db\"; \tstatistics-file\t\"/var/stats/named.stats\"; \tlisten-on-v6\t{ none; }; \tlisten-on\t{ localhost; localnets; }; \tallow-query\t{ 127.0.0.1; localhost; localnets; }; \tallow-recursion\t{ localhost; localnets; }; \tallow-transfer\t{ localhost; localnets; }; \t// forwarders\t{ 127.0.0.1; }; }; view \"internal\" { \tmatch-clients\t{ localnets; }; \trecursion\tyes; \tinclude\t\t\"/usr/local/etc/namedb/named.root.hint\"; \tinclude\t\t\"/usr/local/etc/namedb/zone.rfc1918\"; \tinclude\t\t\"/usr/local/etc/namedb/named.conf.local\"; };" | sudo tee -a /usr/local/etc/namedb/named.conf > /dev/null ■rootゾーンの作成 $ echo -e "zone \".\" { \ttype hint; \tfile \"/usr/local/etc/namedb/named.ca\"; };" | sudo tee /usr/local/etc/namedb/named.root.hint ■rfc1918ゾーンの作成 $ grep ^zone.*empty /usr/local/etc/namedb/named.conf.sample | sudo tee /usr/local/etc/namedb/zone.rfc1918 > /dev/null $ head -2 /usr/local/etc/namedb/zone.rfc1918 zone "255.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "0.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; ■参照先の「named.ca」は直接外部か上位DNSサーバから取得する。 $ dig @a.root-servers.net . ns | sudo tee /usr/local/etc/namedb/named.ca $ dig @192.168.41.254 . ns | sudo tee /usr/local/etc/namedb/named.ca ■ゾーン定義の確認 $ pkg info -l bind910 | grep /sbin/named-checkzone /usr/local/sbin/named-checkzone $ sudo /usr/local/sbin/named-checkzone . /usr/local/etc/namedb/named.ca zone ./IN: has 0 SOA records zone ./IN: not loaded due to errors. ■設定の確認 $ sudo touch /usr/local/etc/namedb/named.conf.local $ sudo /usr/local/sbin/named-checkconf /usr/local/etc/namedb/named.conf && echo "ok" ok $ sudo /usr/local/sbin/named-checkconf /usr/local/etc/namedb/zone.rfc1918 && echo "ok" ok ■bind9を起動する。 $ echo 'named_enable="YES"' | sudo tee -a /etc/rc.conf $ pkg info -l bind910 | grep rc.d/ /usr/local/etc/rc.d/named $ sudo /usr/local/etc/rc.d/named start Starting named. $ sudo tail -10 /var/log/messages | cut -c 23- named[1741]: ---------------------------------------------------- named[1741]: BIND 9 is maintained by Internet Systems Consortium, named[1741]: Inc. (ISC), a non-profit 501(c)(3) public-benefit named[1741]: corporation. Support and training for BIND 9 are named[1741]: available at https://www.isc.org/support named[1741]: ---------------------------------------------------- named[1741]: command channel listening on 127.0.0.1#953 named[1741]: the working directory is not writable named[1741]: all zones loaded named[1741]: running ■forwardersを設定 $ grep forwarders /usr/local/etc/namedb/named.conf forwarders { 192.168.41.254; }; ■root.hintの問い合わせチェック $ dig @127.0.0.1 . ns | grep ^d d.root-servers.net. 393477 IN A 199.7.91.13 d.root-servers.net. 393477 IN AAAA 2001:500:2d::d $ dig @127.0.0.1 localhost | grep ^localhost localhost. 0 IN A 127.0.0.1 ■「named.conf.local」に「localdomain」等、自身の内部ゾーンや外部ゾーンの 正引き、逆引きの設定を必要に応じて行う。
