Résolution de noms

Cette partie va nous servir à résoudre les noms de domaine, mais aussi à résoudre chaque nom de machine si le serveur dhcp a pu l'obtenir.

Rappel du réseau

                                 +-----------+
                                 |           |
INTERNET ---------- (DHCP) eth0 -|  SERVEUR  |- eth1 (10.9.0.0/22) --- Réseau local pour les installs
                                 |           |
                                 +-----------+

Bind

Installez bind9

aptitude install bind9

Ajoutez les lignes suviantes à votre configuration /etc/bind/named.conf

include "/etc/bind/rndc.key";

Zone locales

/etc/bind/named.conf.local

zone "lq" {
        type master;
        file "/var/lib/bind/lq.hosts";
        allow-update { key "rndc-key"; };
        };
zone "9.10.in-addr.arpa" {
        type master;
        file "/var/lib/bind/10.9.rev";
        allow-update { key "rndc-key"; };
        };

Créez la zone reverse /var/lib/bind/10.9.rev comme suit

$ttl 38400
9.10.in-addr.arpa.      IN      SOA     billig.lq. root.localhost. (
                        1341155341
                        10800
                        3600
                        604800
                        38400 )
9.10.in-addr.arpa.      IN      NS      billig.lq.

Créez la zone .lq. /var/lib/bind/lq.hosts

$ttl 38400
lq.     IN      SOA     billig.lq. root.localhost. (
                        1341155297
                        10800
                        3600
                        604800
                        38400 )
lq.     IN      NS      billig.lq.

Configurez le fichier /etc/bind/named.conf.options

options {
      directory "/var/cache/bind";

      // If there is a firewall between you and nameservers you want
      // to talk to, you may need to fix the firewall to allow multiple
      // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

      // If your ISP provided one or more IP addresses for stable
      // nameservers, you probably want to use them as forwarders.
      // Uncomment the following block, and insert the addresses replacing
      // the all-0's placeholder.

      // forwarders {
      //      0.0.0.0;
      // };

      //========================================================================
      // If BIND logs error messages about the root key being expired,
      // you will need to update your keys.  See https://www.isc.org/bind-keys
      //========================================================================
      dnssec-validation auto;

      auth-nxdomain no;    # conform to RFC1035
      listen-on-v6 { none; };

      managed-keys-directory "/etc/bind";

      recursion yes;

      allow-recursion {
              127.0.0.1;
              10.9.0.0/22;
      };

      allow-query {
              127.0.0.1;
              10.9.0.0/22;
      };

};

Ajoutez (Si vous le souhaitez), les option de log à la toute fin du fichier named.conf.options. (Pensez à créer le répertoire /var/log/named/ avec les droits d'écriture pour le groupe bind)

logging {
      channel default_file {
              file "/var/log/named/default.log";
              severity dynamic;
              print-time yes;
              };
      channel general_file {
              file "/var/log/named/general.log";
              severity dynamic;
              print-time yes;
              };
      channel database_file {
              file "/var/log/named/database.log";
              severity dynamic;
              print-time yes;
              };
      channel security_file {
              file "/var/log/named/security.log";
              severity dynamic;
              print-time yes;
              };
      channel config_file {
              file "/var/log/named/config.log";
              severity dynamic;
              print-time yes;
              };
      channel resolver_file {
              file "/var/log/named/resolver.log";
              severity dynamic;
              print-time yes;
              };
      channel xfer-in_file {
              file "/var/log/named/xfer-in.log";
              severity dynamic;
              print-time yes;
              };
      channel xfer-out_file {
              file "/var/log/named/xfer-out.log";
              severity dynamic;
              print-time yes;
              };
      channel notify_file {
              file "/var/log/named/notify.log";
              severity dynamic;
              print-time yes;
              };
      channel client_file {
              file "/var/log/named/client.log";
              severity dynamic;
              print-time yes;
              };
      channel unmatched_file {
              file "/var/log/named/unmatched.log";
              severity dynamic;
              print-time yes;
              };
      channel queries_file {
              file "/var/log/named/queries.log";
              severity dynamic;
              print-time yes;
              };
      channel network_file {
              file "/var/log/named/network.log";
              severity dynamic;
              print-time yes;
              };
      channel update_file {
              file "/var/log/named/update.log";
              severity dynamic;
              print-time yes;
              };
      channel dispatch_file {
              file "/var/log/named/dispatch.log";
              severity dynamic;
              print-time yes;
              };
      channel dnssec_file {
              file "/var/log/named/dnssec.log";
              severity dynamic;
              print-time yes;
              };
      channel lame-servers_file {
              file "/var/log/named/lame-servers.log";
              severity dynamic;
              print-time yes;
              };
      category lame-servers {
              lame-servers_file;
              };
      category dnssec {
              dnssec_file;
              };
      category dispatch {
              dispatch_file;
              };
      category update {
              update_file;
              };
      category network {
              network_file;
              };
      category queries {
              queries_file;
              };
      category unmatched {
              unmatched_file;
              };
      category client {
              client_file;
              };
      category notify {
              notify_file;
              };
      category xfer-out {
              xfer-out_file;
              };
      category xfer-in {
              xfer-in_file;
              };
      category resolver {
              resolver_file;
              };
      category config {
              config_file;
              };
      category security {
              security_file;
              };
      category database {
              database_file;
              };
      category general {
              general_file;
              };
      category default {
              default_file;
              };
};

Redémarrez votre serveur bind