Config DNS บน FreeBSD 6.2

1. ไฟล์ config ทั้งหมดจะอยู่ใน /etc/namedb จะมีทั้งที่ระบบสร้างมาให้ และเราต้องสร้างขึ้นเองครับ
โดยที่ ไฟล์ที่ต้องสร้างขึ้นเองมีดังนี่

1.1 rndc ชึ่ง rnd จะประกอบด้วย rndc.conf และ rndc.key เป็นการเพิ่มความปลอดภัยให้ DNS
1.2 donaminname(your domain) และ ip(ip=xxx.xxx.xxx.xxx)

2. เรามาเริ่มสร้าง กันเลยครับ

2.1 rndc.conf

luffa# rndc-confgen > rndc.conf

2.1 rndc.key

luffa# rndc-confgen -a

3. ให้ copy key ใน rndc.key ไปใส่ใน rndc.conf
rndc.key

key "rndc-key" {
algorithm hmac-md5;
secret "14VK07fIkp1H20zF9Mn6qw==";
};

rndc.conf

# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "14VK07fIkp1H20zF9Mn6qw==";
};
#key "rndc-key" {
# algorithm hmac-md5;
# secret "e1uPVW9ADrzBZ4pfxMjegQ==";
#};

options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "e1uPVW9ADrzBZ4pfxMjegQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

** สีน้ำเงินคือส่วนที่เพิ่มลงไป
*** ส่วนสีแดงเป็นส่วนที่ โปรแกรมแนะนำให้เรานำไปใส่ในไฟล์ named.conf โดยจะต้องเปลี่ยน key ให้ตรงกัน

4. แก้ไขไฟล์ named.conf

luffa# pico /etc/named.conf

// $FreeBSD: src/etc/namedb/named.conf,v 1.21.2.1 2005/09/10 08:27:27 dougb Exp $
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works. Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.

options {
        directory "/etc/namedb";
        pid-file "/var/run/named/pid";
        dump-file "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";

// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
        listen-on { 127.0.0.1;202.28.71.53; };

// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver. To give access to the network, specify
// an IPv6 address, or the keyword "any".
// listen-on-v6 { ::1; };

// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
        forwarders {
        127.0.0.1;
        };
*/
       /*
        * If there is a firewall between you and nameservers you want
       * to talk to, you might need to uncomment the query-source
       * directive below. Previous versions of BIND always asked
       * questions using port 53, but BIND versions 8 and later
        * use a pseudo-random unprivileged UDP port by default.
        */
        // query-source address * port 53;
};

// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.

zone "." {
        type hint;
        file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
       type master;
       file "master/localhost.rev";
};

// RFC 3152
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
        type master;
       file "master/localhost-v6.rev";
};

// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example slave zone config entries. It can be convenient to become
// a slave at least for the zone your own domain is in. Ask
// your network administrator for the IP address of the responsible
// primary.
//
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is named after the first bytes of the IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)
//
// Before starting to set up a primary zone, make sure you fully
// understand how DNS and BIND works. There are sometimes
// non-obvious pitfalls. Setting up a slave zone is simpler.
//
// NB: Don't blindly enable the examples below. :-) Use actual names
// and addresses instead.

/* An example master zone
zone "example.net" {
       type master;
       file "master/example.net";
};
*/

/* An example dynamic zone
key "exampleorgkey" {
        algorithm hmac-md5;
       secret "sf87HJqjkqh8ac87a02lla==";
};
zone "example.org" {
        type master;
        allow-update {
        key "exampleorgkey";
        };
       file "dynamic/example.org";
};
*/

/* Examples of forward and reverse slave zones
zone "example.com" {
        type slave;
       file "slave/example.com";
        masters {
        192.168.1.1;
       };
};
zone "1.168.192.in-addr.arpa" {
        type slave;
       file "slave/1.168.192.in-addr.arpa";
       masters {
       192.168.1.1;
        };
};
*/
key "rndc-key" {
       algorithm hmac-md5;
       secret "14VK07fIkp1H20zF9Mn6qw==";
};
controls{
       inet 127.0.0.1 port 953
        allow{127.0.0.1;}keys{"rndc-key";};
};
zone "deknakhon.org"{
        type master;
       file "deknakhon.org";//***
};
zone "71.28.202.in-addr.arpa"{
        type master;
        file "202.28.71.53";//***
};

//*** เป็นไฟล์ zone ที่เราต้องสร้างขึ้นมา

5. เราก็ต้องสร้างไฟล์ zone ขึ้นมา

luffa# sh make-localhost
luffa# cp PROTO.localhost.rev deknakhon.org
luffa# cp PROTO.localhost.rev 202.28.71.53

เสร็จแล้ว ก็แก้ไขไฟล์ deknakhon.org กับ 202.28.71.53
luffa# pico deknakhon.org

; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90
; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.6 2000/01/10 15:31:40 peter Exp $
;
; This file is automatically edited by the `make-localhost' script in
; the /etc/namedb directory.
;

$TTL 3600

@   IN   SOA   ns.deknakhon.org. root.ns.deknakhon.org. (
           2007102401 ; Serial    วันที่ปรับปรุงครั้งล่าสุด
           3600 ; Refresh
           900 ; Retry
            3600000 ; Expire
           3600 ) ; Minimum
    IN   NS    ns.deknakhon.org.
@   IN    A   202.28.71.53
ns   IN   A   202.28.71.53
www   IN   A    202.28.71.56

luffa# pico deknakhon.org

; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90
; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.6 2000/01/10 15:31:40 peter Exp $
;
; This file is automatically edited by the `make-localhost' script in
; the /etc/namedb directory.
;

$TTL 3600

@   IN   SOA   ns.deknakhon.org. root.ns.deknakhon.org. (
           2007102401 ; Serial
           3600 ; Refresh
           900 ; Retry
           3600000 ; Expire
           3600 ) ; Minimum
    IN   NS   ns.deknakhon.org.
53    IN   PTR   ns.deknakhon.org.
56    IN   PTR    www.deknakhon.org.

6. แก้ไขไฟล์ /etc/hosts

luffa# pico /etc/hosts
::1 localhost.deknakhon.org localhost
127.0.0.1 localhost.deknakhon.org localhost
202.28.71.53 ns.deknakhon.org ns
202.28.71.53 ns.deknakhon.org.

7. สั่ง start ตอน boot เครื่อง แก้ไขไฟล์ rc.conf โดยเพิ่ม named_enable="YES" เข้าไป

luffa# pico /etc/rc.conf

# -- sysinstall generated deltas -- # Fri Oct 19 17:50:39 2007
# Created: Fri Oct 19 17:50:39 2007
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="202.28.71.1"
hostname="luffa.deknakhon.org"
ifconfig_lnc0="inet 202.28.71.53 netmask 255.255.255.0"
keymap="us.iso"
linux_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
named_enable="YES"

8. restart เครื่อง

luffa# shutdown -r now

0[c]h;8iy[