Bind9 als Caching/Forwarding DNS Server

Heute möchte ich euch zeigen wie ihr Bind9 als Caching/Forwarding Server einrichten könnt.

1. - Was brauchen wir?

Wir brauchen nur das Packet "Bind9"

apt-get install bind9

2. - Konfiguration: Caching

Im Verzreichnis /etc/bind/ müssen wir die Datei named.conf.options bearbeiten.

options {

directory "/var/cache/bind";


// If there is a firewall between you and nameservers you want

// to talk to, you may need to fix the firewall to allow multiple

// ports to talk. See http://www.kb.cert.org/vuls/id/800113


// If your ISP provided one or more IP addresses for stable

// nameservers, you probably want to use them as forwarders.

// Uncomment the following block, and insert the addresses replacing

// the all-0's placeholder.


// forwarders {

// 0.0.0.0; // };


//========================================================================

// If BIND logs error messages about the root key being expired,

// you will need to update your keys. See https://www.isc.org/bind-keys //========================================================================


dnssec-validation auto;


auth-nxdomain no; # conform to RFC1035

listen-on-v6 { any; }; };

zu

acl erlaubt {

IPs.der.erlaubten.clients/Subnet # z.B. 192.168.1.1/24

localhost;

localnets;

};


options {

directory "/var/cache/bind";


// If there is a firewall between you and nameservers you want

// to talk to, you may need to fix the firewall to allow multiple

// ports to talk. See http://www.kb.cert.org/vuls/id/800113


// If your ISP provided one or more IP addresses for stable

// nameservers, you probably want to use them as forwarders.

// Uncomment the following block, and insert the addresses replacing

// the all-0's placeholder.


// forwarders {

// 0.0.0.0; // };


//========================================================================

// If BIND logs error messages about the root key being expired,

// you will need to update your keys. See https://www.isc.org/bind-keys //========================================================================


dnssec-validation auto;

allow-query { erlaubt; };

recursion yes;


auth-nxdomain no; # conform to RFC1035

listen-on-v6 { any; }; };

2. - Konfiguration: Forwarding

Im Verzreichnis /etc/bind/ müssen wir wieder die Datei named.conf.options bearbeiten.

...siehe "2. - Konfiguration: Caching"...



acl erlaubt {

IPs.der.erlaubten.clients/Subnet # z.B. 192.168.1.1/24

localhost;

localnets;

};


options {

directory "/var/cache/bind";


// If there is a firewall between you and nameservers you want

// to talk to, you may need to fix the firewall to allow multiple

// ports to talk. See http://www.kb.cert.org/vuls/id/800113


// If your ISP provided one or more IP addresses for stable

// nameservers, you probably want to use them as forwarders.

// Uncomment the following block, and insert the addresses replacing

// the all-0's placeholder.


forwarders {

 8.8.8.8; # Google DNS 1

 8.8.4.4; # Google DNS 2


// 37.114.62.66 # craftsmany DNS

 };

forward only;


//========================================================================

// If BIND logs error messages about the root key being expired,

// you will need to update your keys. See https://www.isc.org/bind-keys

//========================================================================

dnssec-validation auto;


auth-nxdomain no; # conform to RFC1035

allow-query { erlaubt; };


listen-on-v6 { any; };

};

3. - Konfiguration Testen

named-checkconf

Wenn nichts zurück kommt habt ihr alles richtig gemacht.

Jetzt müssen wir nur noch Bind9 Neustarten

/etc/init.d/bind9 restart

 

So das war's mit dem Tutorial, viel Spaß mit Bind9! 😀

Kurzlink: https://s.lt27.de/2rtL4RG

Das könnte Dich auch interessieren...

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.