{"id":2828,"date":"2018-07-25T13:33:06","date_gmt":"2018-07-25T13:33:06","guid":{"rendered":"https:\/\/tst-amo.net.ua\/blog\/?p=2828"},"modified":"2018-07-25T13:33:06","modified_gmt":"2018-07-25T13:33:06","slug":"bind9-9-%d0%bd%d0%b0-centos-7","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=2828","title":{"rendered":"Bind9.9 \u043d\u0430 Centos 7"},"content":{"rendered":"

\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c:<\/p>\n

$ sudo yum install bind bind-utils<\/pre>\n
$ cat \/etc\/named.conf\r\n\r\nacl \"bsd\" { 192.168.113.0\/24; 127.0.0.1; };\r\n\r\noptions {\r\n       listen-on port 53 { 127.0.0.1; 192.168.113.1; };\r\n       listen-on-v6 port 53 { none; };\r\n\r\nforwarders {\r\n       127.0.0.1;\r\n       _DNS_\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430<\/span>;\r\n       8.8.8.8;\r\n       };\r\n\r\n\r\ndirectory \"\/var\/named\";\r\n       dump-file \"\/var\/named\/data\/cache_dump.db\";\r\n       statistics-file \"\/var\/named\/data\/named_stats.txt\";\r\n       memstatistics-file \"\/var\/named\/data\/named_mem_stats.txt\";\r\n\r\n\/*\r\n - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.\r\n - If you are building a RECURSIVE (caching) DNS server, you need to enable\r\n recursion.\r\n - If your recursive DNS server has a public IP address, you MUST enable access\r\n control to limit queries to your legitimate users. Failing to do so will\r\n cause your server to become part of large scale DNS amplification\r\n attacks. Implementing BCP38 within your network would greatly\r\n reduce such attack surface\r\n *\/\r\n\r\n\r\nallow-query { bsd; };\r\n\r\nrecursion yes;\r\nallow-recursion { bsd; };\r\n\r\nblackhole {\r\n      0.0.0.0\/8;\r\n      10.0.0.0\/8;\r\n      169.254.0.0\/16;\r\n      172.16.0.0\/12;\r\n      192.0.2.0\/24;\r\n     \/\/192.168.0.0\/16;\r\n      224.0.0.0\/4;\r\n      240.0.0.0\/4;\r\n     };\r\n\r\ndnssec-enable yes;\r\ndnssec-validation yes;\r\n\r\n\/* Path to ISC DLV key *\/\r\nbindkeys-file \"\/etc\/named.iscdlv.key\";\r\n\r\nmanaged-keys-directory \"\/var\/named\/dynamic\";\r\n\r\npid-file \"\/run\/named\/named.pid\";\r\nsession-keyfile \"\/run\/named\/session.key\";\r\n};\r\n\r\n\r\nlogging {\r\n     channel queries {\r\n     file \"\/var\/log\/named\/queries.log\" versions 2 size 10M;\r\n     print-time yes;\r\n     print-category yes;\r\n     print-severity yes;\r\n     };\r\n channel bind_log {\r\n     file \"\/var\/log\/named\/named.log\" size 10M;\r\n     print-category yes;\r\n     print-severity yes;\r\n     print-time yes;\r\n     };\r\n channel update_debug {\r\n     file \"\/var\/log\/named\/named-update.log\" versions 6 size 10M;\r\n     severity debug 10;\r\n     print-category yes;\r\n     print-severity yes;\r\n     print-time yes;\r\n     };\r\n channel security_info {\r\n     file \"\/var\/log\/named\/named.log\" versions 6 size 10M;\r\n     severity info;\r\n     print-category yes;\r\n     print-severity yes;\r\n     print-time yes;\r\n     };\r\n\r\nchannel edns-disabled {\r\n     file \"\/var\/log\/named\/edns-disabled.log\" versions 1 size 500K;\r\n     severity info;\r\n     print-category yes;\r\n     print-severity yes;\r\n     print-time yes;\r\n     };\r\n\r\ncategory default { bind_log; };\r\ncategory xfer-in { bind_log; };\r\ncategory xfer-out { bind_log; };\r\ncategory update { update_debug; };\r\ncategory security { security_info; };\r\ncategory queries { queries; };\r\ncategory edns-disabled { edns-disabled; };\r\ncategory lame-servers { null; };\r\n};\r\n\r\nzone \".\" IN {\r\n    type hint;\r\n    file \"named.ca\";\r\n};\r\n\r\n#controls {\r\n# inet 127.0.0.1 port 953\r\n# allow { 127.0.0.1; } keys { \"rndc-key\"; };\r\n# };\r\n\r\ninclude \"\/etc\/rndc.key\";\r\n\r\ninclude \"\/etc\/named.rfc1912.zones\";\r\ninclude \"\/etc\/named.root.key\";<\/pre>\n
$ sudo systemctl start named\r\n$ sudo systemctl enable named<\/pre>\n
\u041f\u0440\u0430\u0432\u0438\u043c:<\/p>\n
cat \/etc\/resolv.conf\r\n# Generated by NetworkManager\r\nsearch imp.kiev.ua\r\nnameserver 194.44.219.161\r\nnameserver 8.8.8.8\r\nnameserver 8.8.4.4<\/pre>\n
\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c:<\/p>\n
[root@ring etc]# dig ya.ru\r\n\r\n; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> ya.ru\r\n;; global options: +cmd\r\n;; Got answer:\r\n;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 5166\r\n;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1\r\n;; WARNING: recursion requested but not available\r\n\r\n;; OPT PSEUDOSECTION:\r\n; EDNS: version: 0, flags:; udp: 4096\r\n;; QUESTION SECTION:\r\n;ya.ru. IN A\r\n\r\n;; Query time: 0 msec\r\n;; SERVER: 194.44.219.161<\/span>#53(194.44.219.161)\r\n;; WHEN: \u0421\u0440\u0434 \u0418\u044e\u043b 25 16:26:48 EEST 2018\r\n;; MSG SIZE rcvd: 34<\/pre>\n
\u0414\u0435\u043b\u0430\u0435\u043c chroot<\/h3>\n
 <\/p>\n
 <\/p>\n
\"image_pdf\"<\/a>\"image_print\"<\/a><\/div>","protected":false},"excerpt":{"rendered":"
\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c: $ sudo yum install bind bind-utils $ cat \/etc\/named.conf acl “bsd” { 192.168.113.0\/24; 127.0.0.1; }; options { listen-on port 53 { 127.0.0.1; 192.168.113.1; }; listen-on-v6 port 53 { none; }; forwarders { 127.0.0.1; _DNS_\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430; 8.8.8.8; }; directory “\/var\/named”; dump-file “\/var\/named\/data\/cache_dump.db”; statistics-file “\/var\/named\/data\/named_stats.txt”; memstatistics-file “\/var\/named\/data\/named_mem_stats.txt”; \/* – If you are building an AUTHORITATIVE DNS server, …<\/p>\n
Continue reading ‘Bind9.9 \u043d\u0430 Centos 7’ »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,131,47],"tags":[],"class_list":["post-2828","post","type-post","status-publish","format-standard","hentry","category-bind","category-chroot","category-linux"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2828"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2828"}],"version-history":[{"count":1,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2828\/revisions"}],"predecessor-version":[{"id":2829,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2828\/revisions\/2829"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}