Debian 9 : serveur DNS local
Mise en place d’un serveur DNS local sur Debian 9
Environnement
| IP | Nom de l’hôte | Rôle | OS |
|---|---|---|---|
| 172.16.0.10/24 | primarydns.stan.local | Serveur DNS primaire | Debian 9 |
| 172.16.0.11/24 | secondarydns.stan.local | Serveur DNS secondaire | Debian 9 |
| 172.16.0.12/24 | client.stan.local | Client | Debian 9 |
Après l’installation
: après l’ajout d’entrées dans les fichiers de configurations il faut recharger la cette configuration pour que ces nouvelles entrées soient prise en compte.
root@debian~#: rndc reload stan.local
Mise en place du serveur DNS primaire
Installer le serveur DNS bind et les utilitaires DNS bind-utils.
root@debian~#: apt install -y bind9 bind9utils bind9-doc dnsutils
Configurer le service named.
root@debian~#: vim /etc/bind/named.conf.local
contenu du fichier
zone "stan.local" IN {
type master;
file "/etc/bind/fwd.stan.local.db";
allow-transfer { 172.16.0.11; };
also-notify { 172.16.0.11; };
};
zone "0.16.172.in-addr.arpa" IN {
type master;
file "/etc/bind/rev.stan.local.db";
allow-transfer { 172.16.0.11; };
also-notify { 172.16.0.11; };
};
Configurer les options du service named.
root@debian~#: vim /etc/bind/named.conf.options
options {
[…]
allow-transfer { 172.16.0.11; };
[…]
Créer le fichier de zone.
root@debian~#: cp /etc/bind/db.local /etc/bind/fwd.stan.local.db root@debian~#: vim /etc/bind/fwd.stan.local.db
contenu du fichier
$TTL 86400 @ IN SOA masterdns.stan.local. root.stan.local. ( 20 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.stan.local. @ IN NS secondarydns.stan.local. @ IN A 172.16.0.10 @ IN A 172.16.0.11 @ IN A 172.16.0.12 masterdns IN A 172.16.0.10 secondarydns IN A 172.16.0.11 client IN A 172.16.0.12
Créer le fichier de zone inverse.
root@debian~#: cp /etc/bind/db.127 /etc/bind/rev.stan.local.db root@debian~#: vim /etc/bind/rev.stan.local.db
contenu du fichier
$TTL 86400 @ IN SOA masterdns.stan.local. root.stan.local. ( 20 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.stan.local. @ IN NS secondarydns.stan.local. @ IN PTR stan.local. masterdns IN A 172.16.0.10 secondarydns IN A 172.16.0.11 client IN A 172.16.0.12 10 IN PTR masterdns.stan.local. 11 IN PTR secondarydns.stan.local. 12 IN PTR client.stan.local.
Vérification du fichier de configuration.
root@debian~#: named-checkconf
Vérification de la zone.
root@debian~#: named-checkzone stan.local /etc/bind/fwd.stan.local.db
sortie
zone stan.local/IN: loaded serial 20 OK
Vérification de la zone inverse.
root@debian~#: named-checkzone stan.local /etc/bind/rev.stan.local.db
sortie
zone stan.local/IN: loaded serial 20 OK
Démarrer le service bind9 (DNS).
root@debian~#: systemctl start bind9
Démarrage du service bind9 au boot.
root@debian~#: systemctl enable bind9
Vérifier de le status du service bind9.
root@debian~#: systemctl status bind9
sortie
● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-05-10 07:34:35 CEST; 34min ago Docs: man:named(8) Main PID: 1219 (named) Tasks: 4 (limit: 4915) CGroup: /system.slice/bind9.service └─1219 /usr/sbin/named -f -u bind May 10 07:34:35 ns1.server.local named[1219]: zone 127.in-addr.arpa/IN: loaded serial 1 May 10 07:34:35 ns1.server.local named[1219]: zone 255.in-addr.arpa/IN: loaded serial 1 May 10 07:34:35 ns1.server.local named[1219]: all zones loaded May 10 07:34:35 ns1.server.local named[1219]: running May 10 07:34:35 ns1.server.local named[1219]: zone server.local/IN: sending notifies (serial 20) May 10 07:34:35 ns1.server.local named[1219]: zone 0.16.172.in-addr.arpa/IN: sending notifies (serial 20) May 10 08:01:54 ns1.server.local named[1219]: client 172.16.0.11#51353 (0.16.172.in-addr.arpa): transfer of '0.16.172.in-addr.arpa/IN': AXFR started (serial 20) May 10 08:01:54 ns1.server.local named[1219]: client 172.16.0.11#51353 (0.16.172.in-addr.arpa): transfer of '0.16.172.in-addr.arpa/IN': AXFR ended May 10 08:01:54 ns1.server.local named[1219]: client 172.16.0.11#36789 (server.local): transfer of 'server.local/IN': AXFR started (serial 20) May 10 08:01:54 ns1.server.local named[1219]: client 172.16.0.11#36789 (server.local): transfer of 'server.local/IN': AXFR ended
Ajout du nouveau DNS dans le fichier /etc/resolv.conf.
root@debian~#: vim /etc/resolv.conf
: il faut mettre le DNS local en premier pour qu’il soit prise en compte
aperçu du contenu du fichier
nameserver 172.16.0.10
[…]
Test du serveur DNS primary.
root@debian~#: dig masterdns.stan.local
sortie
; <<>> DiG 9.10.3-P4-Debian <<>> masterdns.stan.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48115 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;masterdns.stan.local. IN A ;; ANSWER SECTION: masterdns.stan.local. 86400 IN A 172.16.0.10 ;; AUTHORITY SECTION: stan.local. 86400 IN NS secondarydns.stan.local. stan.local. 86400 IN NS masterdns.stan.local. ;; ADDITIONAL SECTION: secondarydns.stan.local. 86400 IN A 172.16.0.11 ;; Query time: 0 msec ;; SERVER: 172.16.0.10#53(172.16.0.10) ;; WHEN: Fri May 04 14:32:06 CEST 2018 ;; MSG SIZE rcvd: 107
root@debian~#: nslookup stan.local
sortie
Server: 172.16.0.10 Address: 172.16.0.10#53 Name: stan.local Address: 172.16.0.12 Name: stan.local Address: 172.16.0.10 Name: stan.local Address: 172.16.0.11
: après ajout d’entrée, voir la commande plus haut pour recharger la configuration
Mise en place du serveur DNS secondaire
Installer le serveur DNS bind et les utilitaires DNS bind-utils.
root@debian~#: apt install -y bind9 bind9utils bind9-doc dnsutils
Configurer le service bind9.
root@debian~#: vim /etc/bind/named.conf.local
contenu du fichier
zone "stan.local" IN {
type slave;
file "/var/cache/bind/fwd.stan.local.db";
masters { 172.16.0.10; };
};
zone "0.16.172.in-addr.arpa" IN {
type slave;
file "/var/cache/bind/rev.stan.local.db";
masters { 172.16.0.10; };
};
Démarrer le service bind9 (DNS).
root@debian~#: systemctl start bind9
Démarrage du service bind9 au boot.
root@debian~#: systemctl enable bind9
Vérifier de le status du service bind9.
root@debian~#: systemctl status bind9
sortie
● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-05-10 08:01:53 CEST; 28s ago Docs: man:named(8) Main PID: 1125 (named) CGroup: /system.slice/bind9.service └─1125 /usr/sbin/named -f -u bind May 10 08:01:54 ns2.stan.local named[1125]: transfer of '0.16.172.in-addr.arpa/IN' from 172.16.0.10#53: Transfer status: success May 10 08:01:54 ns2.stan.local named[1125]: transfer of '0.16.172.in-addr.arpa/IN' from 172.16.0.10#53: Transfer completed: 1 messages, 11 records, 293 bytes, 0.006 secs (48833 bytes/sec) May 10 08:01:54 ns2.stan.local named[1125]: zone 0.16.172.in-addr.arpa/IN: sending notifies (serial 20) May 10 08:01:54 ns2.stan.local named[1125]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53 May 10 08:01:54 ns2.stan.local named[1125]: zone server.local/IN: Transfer started. May 10 08:01:54 ns2.stan.local named[1125]: transfer of 'server.local/IN' from 172.16.0.10#53: connected using 172.16.0.11#36789 May 10 08:01:54 ns2.stan.local named[1125]: zone server.local/IN: transferred serial 20 May 10 08:01:54 ns2.stan.local named[1125]: transfer of 'server.local/IN' from 172.16.0.10#53: Transfer status: success May 10 08:01:54 ns2.stan.local named[1125]: transfer of 'server.local/IN' from 172.16.0.10#53: Transfer completed: 1 messages, 10 records, 243 bytes, 0.004 secs (60750 bytes/sec) May 10 08:01:54 ns2.stan.local named[1125]: zone server.local/IN: sending notifies (serial 20)
Ajout du nouveau DNS dans le fichier /etc/resolv.conf.
root@debian~#: vim /etc/resolv.conf
: il faut mettre le DNS local en premier pour qu’il soit prise en compte
aperçu du contenu du fichier
nameserver 172.16.0.10
Mise en place du client DNS
root@debian~#: apt install -y dnsutils
Ajout du nouveau DNS dans le fichier /etc/resolv.conf.
root@debian~#: vim /etc/resolv.conf
aperçu du contenu du fichier
[…] nameserver 172.16.0.10 nameserver 172.16.0.11
Test de la configuration DNS.
root@debian~#: dig secondarydns.stan.local
sortie
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> secondarydns.stan.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61897 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;secondarydns.stan.local. IN A ;; ANSWER SECTION: secondarydns.stan.local. 86400 IN A 172.16.0.11 ;; AUTHORITY SECTION: stan.local. 86400 IN NS masterdns.stan.local. stan.local. 86400 IN NS secondarydns.stan.local. ;; ADDITIONAL SECTION: masterdns.stan.local. 86400 IN A 172.16.0.10 ;; Query time: 1 msec ;; SERVER: 172.16.0.10#53(172.16.0.10) ;; WHEN: Sat Mar 31 02:25:29 EDT 2018 ;; MSG SIZE rcvd: 122
root@debian~#: dig client.stan.local
sortie
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> client.stan.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54407 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;client.stan.local. IN A ;; ANSWER SECTION: client.stan.local. 86400 IN A 172.16.0.12 ;; AUTHORITY SECTION: stan.local. 86400 IN NS masterdns.stan.local. stan.local. 86400 IN NS secondarydns.stan.local. ;; ADDITIONAL SECTION: masterdns.stan.local. 86400 IN A 172.16.0.10 secondarydns.stan.local. 86400 IN A 172.16.0.11 ;; Query time: 1 msec ;; SERVER: 172.16.0.10#53(172.16.0.10) ;; WHEN: Sat Mar 31 02:25:32 EDT 2018 ;; MSG SIZE rcvd: 145
root@debian~#: nslookup stan.local
sortie
Server: 172.16.0.10 Address: 172.16.0.10#53 Name: stan.local Address: 172.16.0.10 Name: stan.local Address: 172.16.0.12 Name: stan.local Address: 172.16.0.11
by Nicolas SHINEY | May 4, 2018 | No Comments | Système | Tags : debian debian 9 dns