Install BIND 9 on Ubuntu
Update the system
apt-get update && apt-get dist-upgrade
Install Bind 9
apt-get install bind9 bind9utils bind9-doc
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
The following additional packages will be installed:
libirs141
Die folgenden NEUEN Pakete werden installiert:
bind9 bind9-doc bind9utils libirs141
0 aktualisiert, 4 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
Es müssen 808 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 4.687 kB Plattenplatz zusätzlich benutzt.
Möchten Sie fortfahren? [J/n] JSet Bind to IPv4 mode
systemctl edit --full bind9
[Service]
ExecStart=/usr/sbin/named -f -u bind -4Reload the systemd daemon
systemctl daemon-reload
Restart Bind
service bind9 restart
Add remote name daemon controller to services
vi /etc/services
rndc 953/tcp
netstat -patu |grep named
tcp 0 0 192.168.0.4:domain *:* LISTEN 31209/named tcp 0 0 localhost:domain *:* LISTEN 31209/named tcp 0 0 localhost:rndc *:* LISTEN 31209/named udp 0 0 192.168.0.4:domain *:* 31209/named udp 0 0 localhost:domain *:* 31209/named
Create rndc.key
rndc-confgen -a
cat /etc/bind/rndc.key
key "rndc-key" {
algorithm hmac-sha256;
secret "1QEesnAjRbnq0XwpMZMNRg==";
};Configure Bind
vi /etc/bind/named.conf
key "rndc-key" {
algorithm hmac-sha256;
secret "1QEesnAjRbnq0XwpMZMNRg==";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; }
keys { rndc-key; };
};
logging {
category lame-servers {default_syslog; };
category dispatch {default_syslog; };
category update {default_syslog; };
category unmatched {default_syslog; };
category xfer-out {default_syslog; };
category xfer-in {default_syslog; };
category config {default_syslog; };
category security {default_syslog; };
category general {default_syslog; };
category default {default_syslog; };
category database {default_syslog; };
category resolver {default_syslog; };
category notify {default_syslog; };
category client {default_syslog; };
category network {default_syslog; };
category queries {default_syslog; };
category dnssec {default_syslog; };
};vi /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
// listen-on-v6 { any; };
listen-on { 127.0.0.1; 192.168.0.4; };
recursion yes;
allow-transfer {
127.0.0.1;
192.168.0.3;
};
version "Bomboklaat";
notify yes;
}service bind9 restart
Congratulations! Your nameserver is now configured and running.
rndc status
version: BIND 9.10.3-P4-Ubuntu <id:ebd72b3> (Raasklaat) boot time: Sun, 08 Jan 2017 23:06:58 GMT last configured: Sun, 08 Jan 2017 23:07:00 GMT CPUs found: 1 worker threads: 1 UDP listeners per interface: 1 number of zones: 101 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running
dig @localhost CH TXT version.bind
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost CH TXT version.bind ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21523 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;version.bind. CH TXT ;; ANSWER SECTION: version.bind. 0 CH TXT "Raasklaat" ;; AUTHORITY SECTION: version.bind. 0 CH NS version.bind. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1)
tail -f /var/log/syslog | grep bind
named[945]: received control channel command 'stop'
named[945]: shutting down: flushing changes
named[945]: stopping command channel on 127.0.0.1#953
named[945]: no longer listening on 127.0.0.1#53
named[945]: no longer listening on 192.168.0.4#53
named[945]: exiting
named[1031]: starting BIND 9.10.3-P4-Ubuntu <id:ebd72b3> -f -u bind -4
named[1031]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/i386-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/i386-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIGCHASE'
named[1031]: ----------------------------------------------------
named[1031]: BIND 9 is maintained by Internet Systems Consortium,
named[1031]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
named[1031]: corporation. Support and training for BIND 9 are
named[1031]: available at https://www.isc.org/support
named[1031]: ----------------------------------------------------
named[1031]: adjusted limit on open files from 4096 to 1048576
named[1031]: found 1 CPU, using 1 worker thread
named[1031]: using 1 UDP listener per interface
named[1031]: using up to 4096 sockets
named[1031]: loading configuration from '/etc/bind/named.conf'
named[1031]: reading built-in trusted keys from file '/etc/bind/bind.keys'
named[1031]: initializing GeoIP Country (IPv4) (type 1) DB
named[1031]: GEO-106FREE 20160408 Bu
named[1031]: initializing GeoIP Country (IPv6) (type 12) DB
named[1031]: GEO-106FREE 20160408 Bu
named[1031]: GeoIP City (IPv4) (type 2) DB not available
named[1031]: GeoIP City (IPv4) (type 6) DB not available
named[1031]: GeoIP City (IPv6) (type 30) DB not available
named[1031]: GeoIP City (IPv6) (type 31) DB not available
named[1031]: GeoIP Region (type 3) DB not available
named[1031]: GeoIP Region (type 7) DB not available
named[1031]: GeoIP ISP (type 4) DB not available
named[1031]: GeoIP Org (type 5) DB not available
named[1031]: GeoIP AS (type 9) DB not available
named[1031]: GeoIP Domain (type 11) DB not available
named[1031]: GeoIP NetSpeed (type 10) DB not available
named[1031]: using default UDP/IPv4 port range: [32768, 60999]
named[1031]: listening on IPv4 interface lo, 127.0.0.1#53
named[1031]: listening on IPv4 interface eth0, 192.168.0.4#53
named[1031]: generating session key for dynamic DNS
named[1031]: sizing zone task pool based on 5 zones
named[1031]: using built-in root key for view _default
named[1031]: set up managed keys zone for view _default, file 'managed-keys.bind'
named[1031]: automatic empty zone: 10.IN-ADDR.ARPA
named[1031]: automatic empty zone: 16.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 17.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 18.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 19.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 20.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 21.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 22.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 23.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 24.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 25.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 26.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 27.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 28.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 29.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 30.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 31.172.IN-ADDR.ARPA
named[1031]: automatic empty zone: 168.192.IN-ADDR.ARPA
named[1031]: automatic empty zone: 64.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 65.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 66.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 67.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 68.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 69.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 70.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 71.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 72.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 73.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 74.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 75.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 76.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 77.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 78.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 79.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 80.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 81.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 82.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 83.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 84.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 85.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 86.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 87.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 88.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 89.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 90.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 91.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 92.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 93.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 94.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 95.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 96.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 97.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 98.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 99.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 100.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 101.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 102.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 103.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 104.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 105.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 106.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 107.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 108.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 109.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 110.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 111.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 112.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 113.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 114.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 115.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 116.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 117.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 118.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 119.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 120.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 121.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 122.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 123.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 124.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 125.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 126.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 127.100.IN-ADDR.ARPA
named[1031]: automatic empty zone: 254.169.IN-ADDR.ARPA
named[1031]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
named[1031]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
named[1031]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
named[1031]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
named[1031]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
named[1031]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
named[1031]: automatic empty zone: D.F.IP6.ARPA
named[1031]: automatic empty zone: 8.E.F.IP6.ARPA
named[1031]: automatic empty zone: 9.E.F.IP6.ARPA
named[1031]: automatic empty zone: A.E.F.IP6.ARPA
named[1031]: automatic empty zone: B.E.F.IP6.ARPA
named[1031]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
named[1031]: automatic empty zone: EMPTY.AS112.ARPA
named[1031]: command channel listening on 127.0.0.1#953
named[1031]: managed-keys-zone: journal file is out of date: removing journal file
named[1031]: managed-keys-zone: loaded serial 12
named[1031]: zone 0.in-addr.arpa/IN: loaded serial 1
named[1031]: zone 255.in-addr.arpa/IN: loaded serial 1
named[1031]: zone 127.in-addr.arpa/IN: loaded serial 1
named[1031]: zone localhost/IN: loaded serial 2
named[1031]: all zones loaded
named[1031]: running