Servidor de nombres de dominio BIND en FreeBSD
Instalación
Buscamos el paquete bind9 en los repositorios
root@fbsdsrv01:~ # pkg search bind
...
...
...
bind-tools-9.18.7 Command line tools from BIND: delv, dig, host, nslookup...
bind9-devel-9.19.3.2022.06.16 BIND DNS suite with updated DNSSEC and DNS64
bind916-9.16.33 BIND DNS suite with updated DNSSEC and DNS64
bind918-9.18.7 BIND DNS suite with updated DNSSEC and DNS64
bind_exporter-0.4.0_5 Prometheus exporter for BIND server statistics
bindgraph-0.3_1 RRDtool frontend for BIND statistics
bindtest-1.56_1 Test bind() semantics of IPv6 sockets
...
...
...
root@fbsdsrv01:~ #
Y lo instalamos
root@fbsdsrv01:~ # pkg install bind918-9.18.7
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 16 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
bind-tools: 9.18.7
bind918: 9.18.7
fstrm: 0.6.1
indexinfo: 0.3.1
json-c: 0.16
libedit: 3.1.20210910,1
libevent: 2.1.12
libidn2: 2.3.3
libnghttp2: 1.48.0
libunistring: 1.0
libuv: 1.44.2
libxml2: 2.10.2
lmdb: 0.9.29_1,1
protobuf: 3.20.1,1
protobuf-c: 1.4.1
readline: 8.1.2
Number of packages to be installed: 16
The process will require 75 MiB more space.
13 MiB to be downloaded.
Proceed with this action? [y/N]: y
[1/16] Fetching indexinfo-0.3.1.pkg: 100% 5 KiB 5.5kB/s 00:01
[2/16] Fetching libnghttp2-1.48.0.pkg: 100% 110 KiB 113.0kB/s 00:01
[3/16] Fetching libxml2-2.10.2.pkg: 100% 1 MiB 1.0MB/s 00:01
[4/16] Fetching lmdb-0.9.29_1,1.pkg: 100% 92 KiB 94.1kB/s 00:01
[5/16] Fetching libedit-3.1.20210910,1.pkg: 100% 119 KiB 121.6kB/s 00:01
[6/16] Fetching libidn2-2.3.3.pkg: 100% 129 KiB 132.0kB/s 00:01
[7/16] Fetching bind-tools-9.18.7.pkg: 100% 1 MiB 1.2MB/s 00:01
[8/16] Fetching fstrm-0.6.1.pkg: 100% 60 KiB 61.7kB/s 00:01
[9/16] Fetching libuv-1.44.2.pkg: 100% 104 KiB 106.3kB/s 00:01
[10/16] Fetching protobuf-3.20.1,1.pkg: 100% 3 MiB 2.8MB/s 00:01
[11/16] Fetching libunistring-1.0.pkg: 100% 515 KiB 527.7kB/s 00:01
[12/16] Fetching readline-8.1.2.pkg: 100% 335 KiB 343.2kB/s 00:01
[13/16] Fetching protobuf-c-1.4.1.pkg: 100% 172 KiB 176.0kB/s 00:01
[14/16] Fetching json-c-0.16.pkg: 100% 62 KiB 63.3kB/s 00:01
[15/16] Fetching libevent-2.1.12.pkg: 100% 291 KiB 298.2kB/s 00:01
[16/16] Fetching bind918-9.18.7.pkg: 100% 6 MiB 6.7MB/s 00:01
Checking integrity... done (0 conflicting)
[1/16] Installing indexinfo-0.3.1...
[1/16] Extracting indexinfo-0.3.1: 100%
[2/16] Installing libunistring-1.0...
[2/16] Extracting libunistring-1.0: 100%
[3/16] Installing readline-8.1.2...
[3/16] Extracting readline-8.1.2: 100%
[4/16] Installing libnghttp2-1.48.0...
[4/16] Extracting libnghttp2-1.48.0: 100%
[5/16] Installing libxml2-2.10.2...
[5/16] Extracting libxml2-2.10.2: 100%
[6/16] Installing libedit-3.1.20210910,1...
[6/16] Extracting libedit-3.1.20210910,1: 100%
[7/16] Installing libidn2-2.3.3...
[7/16] Extracting libidn2-2.3.3: 100%
[8/16] Installing libuv-1.44.2...
[8/16] Extracting libuv-1.44.2: 100%
[9/16] Installing protobuf-3.20.1,1...
[9/16] Extracting protobuf-3.20.1,1: 100%
[10/16] Installing json-c-0.16...
[10/16] Extracting json-c-0.16: 100%
[11/16] Installing libevent-2.1.12...
[11/16] Extracting libevent-2.1.12: 100%
[12/16] Installing lmdb-0.9.29_1,1...
[12/16] Extracting lmdb-0.9.29_1,1: 100%
[13/16] Installing bind-tools-9.18.7...
[13/16] Extracting bind-tools-9.18.7: 100%
[14/16] Installing fstrm-0.6.1...
[14/16] Extracting fstrm-0.6.1: 100%
[15/16] Installing protobuf-c-1.4.1...
[15/16] Extracting protobuf-c-1.4.1: 100%
[16/16] Installing bind918-9.18.7...
[16/16] Extracting bind918-9.18.7: 100%
=====
Message from bind918-9.18.7:
--
BIND requires configuration of rndc, including a "secret"
key. The easiest, and most secure way to configure rndc is
to run 'rndc-confgen -a' to generate the proper conf file,
with a new random key, and appropriate file permissions.
The /usr/local/etc/rc.d/named script will do that for you.
If using syslog to log the BIND9 activity, and using a
chroot'ed installation, you will need to tell syslog to install
a log socket in the BIND9 chroot by running:
# sysrc altlog_proglist+=named
And then restarting syslogd with: service syslogd restart
root@fbsdsrv01:~ #
Configuración
Buscamos el servicio en la lista de los instalados
root@fbsdsrv01:~ # service -r | grep named
/usr/local/etc/rc.d/named
root@fbsdsrv01:~ #
Y cual es su variable RC para el fichero /etc/rc.conf
root@fbsdsrv01:~ # /usr/local/etc/rc.d/named rcvar
# named : named BIND startup script
#
named_enable="NO"
# (default: "")
root@fbsdsrv01:~ #
Configuramos el servicio para que arranque al inicio, para esto necesitábamos el comando anterior
root@fbsdsrv01:~ # sysrc named_enable="YES"
named_enable: -> YES
root@fbsdsrv01:~ #
Para establecer un mínimo de seguridad implementamos TSIG creando la clave RNDC que permitirá realizar actualizaciones dinámicas desde, por ejemplo, un servidor DHCP.
root@fbsdsrv01:~ # rndc-confgen -a
wrote key file "/usr/local/etc/namedb/rndc.key"
root@fbsdsrv01:~ # chmod 440 /usr/local/etc/namedb/rndc.key
root@fbsdsrv01:~ #
Hacemos una copia de seguridad del fichero de configuración
root@fbsdsrv01:~ # cp /usr/local/etc/namedb/named.conf /usr/local/etc/namedb/named.conf.0
root@fbsdsrv01:~ #
Creamos un fichero de configuración para bind9 adaptado a nuestra red
options {
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; };
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
forwarders {
127.0.0.1;
};
include "/usr/local/etc/namedb/rndc.key";
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
zone "localhost" { type primary; file "/usr/local/etc/namedb/primary/localhost-forward.db"; };
zone "127.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "0.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/localhost-reverse.db"; };
zone "0.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "10.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "16.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "17.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "18.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "19.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "20.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "21.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "22.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "23.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "24.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "25.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "26.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "27.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "28.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "29.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "30.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "31.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "168.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "64.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "65.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "66.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "67.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "68.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "69.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "70.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "71.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "72.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "73.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "74.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "75.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "76.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "77.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "78.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "79.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "80.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "81.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "82.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "83.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "84.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "85.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "86.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "87.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "88.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "89.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "90.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "91.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "92.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "93.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "94.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "95.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "96.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "97.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "98.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "99.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "100.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "101.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "102.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "103.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "104.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "105.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "106.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "107.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "108.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "109.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "110.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "111.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "112.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "113.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "114.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "115.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "116.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "117.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "118.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "119.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "120.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "121.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "122.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "123.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "124.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "125.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "126.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "127.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "254.169.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "0.0.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "2.0.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "100.51.198.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "113.0.203.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "18.198.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "19.198.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "240.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "241.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "242.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "243.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "244.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "245.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "246.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "247.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "248.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "249.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "250.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "251.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "252.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "253.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "254.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "1.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "3.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "4.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "5.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "6.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "7.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "8.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "9.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "a.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "b.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "c.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "d.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "e.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "0.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "1.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "2.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "3.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "4.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "5.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "6.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "7.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "8.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "9.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "a.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "b.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "0.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "1.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "2.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "3.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "4.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "5.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "6.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "7.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "c.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "d.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "8.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "9.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "a.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "b.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "c.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "d.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "e.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "f.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "ip6.int" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "example.org" {
type primary;
allow-update { key rndc-key; };
file "/usr/local/etc/namedb/dynamic/example.org";
};
zone "1.168.192.in-addr.arpa" {
type secondary;
file "/usr/local/etc/namedb/secondary/1.168.192.in-addr.arpa";
primaries { 192.168.1.1; };
};
El fichero anterior es un ejemplo y tendremos que adaptar las zonas a nuestra necesidad
Creamos los ficheros de zonas que alimentarán a bind9 y contendrán los registros que necesitamos
Fichero /usr/local/etc/namedb/dynamic/example.org
$ORIGIN .
$TTL 3600 ; 1 hour
example.net IN SOA server.example.net. admin.example.net. (
0 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS server.example.net.
MX 10 server.example.net.
$ORIGIN example.net.
server A 192.168.1.1
ftp CNAME server
mx CNAME server
ns CNAME server
www CNAME server
Fichero /usr/local/etc/namedb/dynamic/example.org
$ORIGIN .
$TTL 3600 ; 1 hour
1.168.192.in-addr.arpa IN SOA server.example.net. admin.example.net. (
0 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS server.example.net.
MX 10 server.example.net.
$ORIGIN 1.168.192.in-addr.arpa.
1 PTR server.example.net.
El servicio de Bind9 necesita poder modificar y actualizar sus propios ficheros. Le asignamos su propiedad
root@fbsdsrv01:~ # chown bind:bind /usr/local/etc/namedb/dynamic/*
root@fbsdsrv01:~ #
Comprobaciones del servicio
root@fbsdsrv01:~ # named-checkconf -zj
zone localhost/IN: loaded serial 42
zone 127.in-addr.arpa/IN: loaded serial 42
zone 255.in-addr.arpa/IN: loaded serial 42
zone 0.ip6.arpa/IN: loaded serial 42
zone 0.in-addr.arpa/IN: loaded serial 42
zone 10.in-addr.arpa/IN: loaded serial 42
zone 16.172.in-addr.arpa/IN: loaded serial 42
zone 17.172.in-addr.arpa/IN: loaded serial 42
zone 18.172.in-addr.arpa/IN: loaded serial 42
zone 19.172.in-addr.arpa/IN: loaded serial 42
zone 20.172.in-addr.arpa/IN: loaded serial 42
zone 21.172.in-addr.arpa/IN: loaded serial 42
zone 22.172.in-addr.arpa/IN: loaded serial 42
zone 23.172.in-addr.arpa/IN: loaded serial 42
zone 24.172.in-addr.arpa/IN: loaded serial 42
zone 25.172.in-addr.arpa/IN: loaded serial 42
zone 26.172.in-addr.arpa/IN: loaded serial 42
zone 27.172.in-addr.arpa/IN: loaded serial 42
zone 28.172.in-addr.arpa/IN: loaded serial 42
zone 29.172.in-addr.arpa/IN: loaded serial 42
zone 30.172.in-addr.arpa/IN: loaded serial 42
zone 31.172.in-addr.arpa/IN: loaded serial 42
zone 168.192.in-addr.arpa/IN: loaded serial 42
zone 64.100.in-addr.arpa/IN: loaded serial 42
zone 65.100.in-addr.arpa/IN: loaded serial 42
zone 66.100.in-addr.arpa/IN: loaded serial 42
zone 67.100.in-addr.arpa/IN: loaded serial 42
zone 68.100.in-addr.arpa/IN: loaded serial 42
zone 69.100.in-addr.arpa/IN: loaded serial 42
zone 70.100.in-addr.arpa/IN: loaded serial 42
zone 71.100.in-addr.arpa/IN: loaded serial 42
zone 72.100.in-addr.arpa/IN: loaded serial 42
zone 73.100.in-addr.arpa/IN: loaded serial 42
zone 74.100.in-addr.arpa/IN: loaded serial 42
zone 75.100.in-addr.arpa/IN: loaded serial 42
zone 76.100.in-addr.arpa/IN: loaded serial 42
zone 77.100.in-addr.arpa/IN: loaded serial 42
zone 78.100.in-addr.arpa/IN: loaded serial 42
zone 79.100.in-addr.arpa/IN: loaded serial 42
zone 80.100.in-addr.arpa/IN: loaded serial 42
zone 81.100.in-addr.arpa/IN: loaded serial 42
zone 82.100.in-addr.arpa/IN: loaded serial 42
zone 83.100.in-addr.arpa/IN: loaded serial 42
zone 84.100.in-addr.arpa/IN: loaded serial 42
zone 85.100.in-addr.arpa/IN: loaded serial 42
zone 86.100.in-addr.arpa/IN: loaded serial 42
zone 87.100.in-addr.arpa/IN: loaded serial 42
zone 88.100.in-addr.arpa/IN: loaded serial 42
zone 89.100.in-addr.arpa/IN: loaded serial 42
zone 90.100.in-addr.arpa/IN: loaded serial 42
zone 91.100.in-addr.arpa/IN: loaded serial 42
zone 92.100.in-addr.arpa/IN: loaded serial 42
zone 93.100.in-addr.arpa/IN: loaded serial 42
zone 94.100.in-addr.arpa/IN: loaded serial 42
zone 95.100.in-addr.arpa/IN: loaded serial 42
zone 96.100.in-addr.arpa/IN: loaded serial 42
zone 97.100.in-addr.arpa/IN: loaded serial 42
zone 98.100.in-addr.arpa/IN: loaded serial 42
zone 99.100.in-addr.arpa/IN: loaded serial 42
zone 100.100.in-addr.arpa/IN: loaded serial 42
zone 101.100.in-addr.arpa/IN: loaded serial 42
zone 102.100.in-addr.arpa/IN: loaded serial 42
zone 103.100.in-addr.arpa/IN: loaded serial 42
zone 104.100.in-addr.arpa/IN: loaded serial 42
zone 105.100.in-addr.arpa/IN: loaded serial 42
zone 106.100.in-addr.arpa/IN: loaded serial 42
zone 107.100.in-addr.arpa/IN: loaded serial 42
zone 108.100.in-addr.arpa/IN: loaded serial 42
zone 109.100.in-addr.arpa/IN: loaded serial 42
zone 110.100.in-addr.arpa/IN: loaded serial 42
zone 111.100.in-addr.arpa/IN: loaded serial 42
zone 112.100.in-addr.arpa/IN: loaded serial 42
zone 113.100.in-addr.arpa/IN: loaded serial 42
zone 114.100.in-addr.arpa/IN: loaded serial 42
zone 115.100.in-addr.arpa/IN: loaded serial 42
zone 116.100.in-addr.arpa/IN: loaded serial 42
zone 117.100.in-addr.arpa/IN: loaded serial 42
zone 118.100.in-addr.arpa/IN: loaded serial 42
zone 119.100.in-addr.arpa/IN: loaded serial 42
zone 120.100.in-addr.arpa/IN: loaded serial 42
zone 121.100.in-addr.arpa/IN: loaded serial 42
zone 122.100.in-addr.arpa/IN: loaded serial 42
zone 123.100.in-addr.arpa/IN: loaded serial 42
zone 124.100.in-addr.arpa/IN: loaded serial 42
zone 125.100.in-addr.arpa/IN: loaded serial 42
zone 126.100.in-addr.arpa/IN: loaded serial 42
zone 127.100.in-addr.arpa/IN: loaded serial 42
zone 254.169.in-addr.arpa/IN: loaded serial 42
zone 0.0.192.in-addr.arpa/IN: loaded serial 42
zone 2.0.192.in-addr.arpa/IN: loaded serial 42
zone 100.51.198.in-addr.arpa/IN: loaded serial 42
zone 113.0.203.in-addr.arpa/IN: loaded serial 42
zone 8.b.d.0.1.0.0.2.ip6.arpa/IN: loaded serial 42
zone 18.198.in-addr.arpa/IN: loaded serial 42
zone 19.198.in-addr.arpa/IN: loaded serial 42
zone 240.in-addr.arpa/IN: loaded serial 42
zone 241.in-addr.arpa/IN: loaded serial 42
zone 242.in-addr.arpa/IN: loaded serial 42
zone 243.in-addr.arpa/IN: loaded serial 42
zone 244.in-addr.arpa/IN: loaded serial 42
zone 245.in-addr.arpa/IN: loaded serial 42
zone 246.in-addr.arpa/IN: loaded serial 42
zone 247.in-addr.arpa/IN: loaded serial 42
zone 248.in-addr.arpa/IN: loaded serial 42
zone 249.in-addr.arpa/IN: loaded serial 42
zone 250.in-addr.arpa/IN: loaded serial 42
zone 251.in-addr.arpa/IN: loaded serial 42
zone 252.in-addr.arpa/IN: loaded serial 42
zone 253.in-addr.arpa/IN: loaded serial 42
zone 254.in-addr.arpa/IN: loaded serial 42
zone 1.ip6.arpa/IN: loaded serial 42
zone 3.ip6.arpa/IN: loaded serial 42
zone 4.ip6.arpa/IN: loaded serial 42
zone 5.ip6.arpa/IN: loaded serial 42
zone 6.ip6.arpa/IN: loaded serial 42
zone 7.ip6.arpa/IN: loaded serial 42
zone 8.ip6.arpa/IN: loaded serial 42
zone 9.ip6.arpa/IN: loaded serial 42
zone a.ip6.arpa/IN: loaded serial 42
zone b.ip6.arpa/IN: loaded serial 42
zone c.ip6.arpa/IN: loaded serial 42
zone d.ip6.arpa/IN: loaded serial 42
zone e.ip6.arpa/IN: loaded serial 42
zone 0.f.ip6.arpa/IN: loaded serial 42
zone 1.f.ip6.arpa/IN: loaded serial 42
zone 2.f.ip6.arpa/IN: loaded serial 42
zone 3.f.ip6.arpa/IN: loaded serial 42
zone 4.f.ip6.arpa/IN: loaded serial 42
zone 5.f.ip6.arpa/IN: loaded serial 42
zone 6.f.ip6.arpa/IN: loaded serial 42
zone 7.f.ip6.arpa/IN: loaded serial 42
zone 8.f.ip6.arpa/IN: loaded serial 42
zone 9.f.ip6.arpa/IN: loaded serial 42
zone a.f.ip6.arpa/IN: loaded serial 42
zone b.f.ip6.arpa/IN: loaded serial 42
zone 0.e.f.ip6.arpa/IN: loaded serial 42
zone 1.e.f.ip6.arpa/IN: loaded serial 42
zone 2.e.f.ip6.arpa/IN: loaded serial 42
zone 3.e.f.ip6.arpa/IN: loaded serial 42
zone 4.e.f.ip6.arpa/IN: loaded serial 42
zone 5.e.f.ip6.arpa/IN: loaded serial 42
zone 6.e.f.ip6.arpa/IN: loaded serial 42
zone 7.e.f.ip6.arpa/IN: loaded serial 42
zone c.f.ip6.arpa/IN: loaded serial 42
zone d.f.ip6.arpa/IN: loaded serial 42
zone 8.e.f.ip6.arpa/IN: loaded serial 42
zone 9.e.f.ip6.arpa/IN: loaded serial 42
zone a.e.f.ip6.arpa/IN: loaded serial 42
zone b.e.f.ip6.arpa/IN: loaded serial 42
zone c.e.f.ip6.arpa/IN: loaded serial 42
zone d.e.f.ip6.arpa/IN: loaded serial 42
zone e.e.f.ip6.arpa/IN: loaded serial 42
zone f.e.f.ip6.arpa/IN: loaded serial 42
zone ip6.int/IN: loaded serial 42
zone example.org/IN: loaded serial 0
zone 0.168.192.in-addr.arpa/IN: loaded serial 93706
root@fbsdsrv01:~ #
Inicio del servicio
root@fbsdsrv01:~ # service named start
Starting named.
root@fbsdsrv01:~ #
Desde este momento tendremos un servidor de nombres funcionando en nuestra red y respondiendo con los registros que hayamos configurado.