Fichero /etc/bind/named.conf
NOTA: En algunas distribuciones y en versiones antiguas de BIND el fichero se encuentra en /etc/named.conf
Este
fichero es el fichero principal de configuración de bind. En su
versión para Debian, este fichero no lo tendriamos que modificar
nunca ya que solo tiene /etc/bind/named.conf.options y las zonas por
defecto (que se supone que nunca se han de tocar) y delega las
opciones y la creación de zonas propias a los ficheros
/etc/bind/named.conf.local respectivamente.
$ cat /etc/bind/named.conf
................................................
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
....................
include "/etc/bind/named.conf.local";
El
mayor recurso para conocer todas las opciónes de fichero named.conf
es el manual de Linux.
- Manual: man named.conf (esta en ingles)
Fichero /etc/bind/named.conf.options
$ cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
// By default, name servers should only perform recursive domain
// lookups for their direct clients. If recursion is left open
// to the entire Internet, your name server could be used to
// perform distributed denial of service attacks against other
// innocent computers. For more information on DDoS recursion:
// http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
allow-recursion { localnets; };
// If you have DNS clients on other subnets outside of your
// server's "localnets", you can explicitly add their networks
// without opening up your server to the Internet at large:
// allow-recursion { localnets; 192.168.0.0/24; };
// If your name server is only listening on 127.0.0.1, consider:
// allow-recursion { 127.0.0.1; };
Normalmente
lo que siempre se modifica de este fichero es el apartado forwarders
y es donde se especifican los servidores DNS de nuestro proveedor de
servicios.
Fichero /etc/bind/named.conf.local
En
este
fichero
hemos
de configurar las
zonas
de
las
que queremos
que el servidor DNS se encargue.
Un ejemplo
puede
ser:
zone "0.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.0.rev";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.1.rev";
};
zone "iesdeltebre.net" {
type master;
file "/var/lib/named/iesdeltebre.net.hosts";
};
zone "intracentre" {
type master;
file "/var/lib/named/intracentre.hosts";
};
Aquí
se configuran dos redes privadas de clase C (192.168.0.0/24 y
192.168.1.0/24). Los nombres de las zonas de resolución inversas en
cada caso son iesdeltebre.net y intracentre.
$ttl 38400
0.168.192.in-addr.arpa. IN SOA s-207. ocastell (
2003062504
10800
3600
604800
38400 )
2.0.168.192.in-addr.arpa. IN PTR s-207.iesdeltebre.net.
2.0.168.192.in-addr.arpa. IN PTR iesdeltebre.net.
$ttl 38400
iesdeltebre.net. IN SOA s-207. ocastell (
2003062502
10800
3600
604800
38400 )
iesdeltebre.net. IN NS s-207.
0.168.192.in-addr.arpa. IN NS s-207.
s-207.iesdeltebre.net. IN A 192.168.0.2
iesdeltebre.net. IN CNAME s-207
www.iesdeltebre.net. IN CNAME s-20
Comentarios
Publicar un comentario