Cette partie va nous servir à résoudre les noms de domaine, mais aussi à résoudre chaque nom de machine si le serveur dhcp a pu l'obtenir.
+-----------+ | | INTERNET ---------- (DHCP) eth0 -| SERVEUR |- eth1 (10.9.0.0/22) --- Réseau local pour les installs | | +-----------+
Installez bind9
aptitude install bind9
Ajoutez les lignes suviantes à votre configuration /etc/bind/named.conf
include "/etc/bind/rndc.key";
Zone locales
/etc/bind/named.conf.local
zone "lq" { type master; file "/var/lib/bind/lq.hosts"; allow-update { key "rndc-key"; }; }; zone "9.10.in-addr.arpa" { type master; file "/var/lib/bind/10.9.rev"; allow-update { key "rndc-key"; }; };
Créez la zone reverse /var/lib/bind/10.9.rev comme suit
$ttl 38400 9.10.in-addr.arpa. IN SOA billig.lq. root.localhost. ( 1341155341 10800 3600 604800 38400 ) 9.10.in-addr.arpa. IN NS billig.lq.
Créez la zone .lq. /var/lib/bind/lq.hosts
$ttl 38400 lq. IN SOA billig.lq. root.localhost. ( 1341155297 10800 3600 604800 38400 ) lq. IN NS billig.lq.
Configurez le fichier /etc/bind/named.conf.options
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { none; }; managed-keys-directory "/etc/bind"; recursion yes; allow-recursion { 127.0.0.1; 10.9.0.0/22; }; allow-query { 127.0.0.1; 10.9.0.0/22; }; };
Ajoutez (Si vous le souhaitez), les option de log à la toute fin du fichier named.conf.options. (Pensez à créer le répertoire /var/log/named/ avec les droits d'écriture pour le groupe bind)
logging { channel default_file { file "/var/log/named/default.log"; severity dynamic; print-time yes; }; channel general_file { file "/var/log/named/general.log"; severity dynamic; print-time yes; }; channel database_file { file "/var/log/named/database.log"; severity dynamic; print-time yes; }; channel security_file { file "/var/log/named/security.log"; severity dynamic; print-time yes; }; channel config_file { file "/var/log/named/config.log"; severity dynamic; print-time yes; }; channel resolver_file { file "/var/log/named/resolver.log"; severity dynamic; print-time yes; }; channel xfer-in_file { file "/var/log/named/xfer-in.log"; severity dynamic; print-time yes; }; channel xfer-out_file { file "/var/log/named/xfer-out.log"; severity dynamic; print-time yes; }; channel notify_file { file "/var/log/named/notify.log"; severity dynamic; print-time yes; }; channel client_file { file "/var/log/named/client.log"; severity dynamic; print-time yes; }; channel unmatched_file { file "/var/log/named/unmatched.log"; severity dynamic; print-time yes; }; channel queries_file { file "/var/log/named/queries.log"; severity dynamic; print-time yes; }; channel network_file { file "/var/log/named/network.log"; severity dynamic; print-time yes; }; channel update_file { file "/var/log/named/update.log"; severity dynamic; print-time yes; }; channel dispatch_file { file "/var/log/named/dispatch.log"; severity dynamic; print-time yes; }; channel dnssec_file { file "/var/log/named/dnssec.log"; severity dynamic; print-time yes; }; channel lame-servers_file { file "/var/log/named/lame-servers.log"; severity dynamic; print-time yes; }; category lame-servers { lame-servers_file; }; category dnssec { dnssec_file; }; category dispatch { dispatch_file; }; category update { update_file; }; category network { network_file; }; category queries { queries_file; }; category unmatched { unmatched_file; }; category client { client_file; }; category notify { notify_file; }; category xfer-out { xfer-out_file; }; category xfer-in { xfer-in_file; }; category resolver { resolver_file; }; category config { config_file; }; category security { security_file; }; category database { database_file; }; category general { general_file; }; category default { default_file; }; };
Redémarrez votre serveur bind