老周的部落

1.檢查網路設定是否為固定IP
root@smallken:~# vi /etc/network/interfaces
iface eth0 inet static
address 192.168.1.105
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 168.95.1.1
dns-search vblog.tw

2.檢查 /etc/hosts 的設定，特別是192.168.1.105的設定

root@smallken:~# vi /etc/hosts
127.0.0.1 localhost
192.168.1.105 smallken.vblog.tw smallken

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

3.設定 hostname 為 smallken.vblog.tw
root@smallken:~# echo "smallken.vblog.tw" > /etc/hostname
root@smallken:~# /etc/init.d/hostname.sh start

檢查一下設定有沒有生效
root@smallken:~# hostname
root@smallken:~# hostname -f

4.停用 apparmor (類似SELinux的東西)，一定要停掉，否則後面裝不起來
root@smallken:~# /etc/init.d/apparmor stop
root@smallken:~# update-rc.d -f apparmor remove

5. 開始安裝 DNS Server
root@smallken:~# apt-get install bind9

為了安全考量，我們做一下 chroot，換一下目錄
root@smallken:~# /etc/init.d/bind9 stop
root@smallken:~# vi /etc/default/bind9

OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes
我們想要 chroot 目錄到 /var/lib/named，所以在/var/lib/named 建立好相關的目錄
root@smallken:/var/lib# mkdir -p /var/lib/named/etc
root@smallken:/var/lib# mkdir /var/lib/named/dev
root@smallken:/var/lib# mkdir -p /var/lib/named/var/cache/bind
root@smallken:/var/lib# mkdir -p /var/lib/named/var/run/bind/run

把 bind 的設定檔目錄搬到 /var/lib/named/etc/
root@smallken:~# mv /etc/bind/ /var/lib/named/etc/

再用 symbolic link 串回原來的位置
root@smallken:~# ln -s /var/lib/named/etc/bind /etc/bind

手動製造null跟random設備
root@smallken:~# mknod /var/lib/named/dev/null c 1 3
root@smallken:~# mknod /var/lib/named/dev/random c 1 8

修改設備的permissions
root@smallken:~# chmod 666 /var/lib/named/dev/null
root@smallken:~# chmod 666 /var/lib/named/dev/random

把目錄的permissions設定給運行DNS的系統使用者 bind(相當於fedora的named)
root@smallken:~# chown -R bind:bind /var/lib/named/var/*
root@smallken:~# chown -R bind:bind /var/lib/named/etc/bind

我們希望把DNS Server 運行的log紀錄下來，修改SYSLOGD=""，成為SYSLOGD="-a /var/lib/named/dev/log"
root@smallken:~# vi /etc/default/syslogd
#
# Top configuration file for syslogd
#

#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#

#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

重跑syslogd
root@smallken:~# /etc/init.d/sysklogd restart

啟動 bind
root@smallken:~# /etc/init.d/bind9 start

檢查 /var/log/syslog
root@smallken:/etc/bind# tail -f /var/log/syslog

如果無法正常啟動，就重新開機一下，應該是 apparmor 還沒disable 掉

root@smallken:/etc/bind# reboot

開機完成之後，再次 restart bind9，check /var/log/syslog 有無錯誤訊息? 修正錯誤直到正常為止

因為 /etc/bind/named.conf 最後一行
include "/etc/bind/named.conf.local";

所以變動部分我們只編輯named.conf.local就好了
root@smallken:/etc/bind# vi /etc/bind/named.conf.local
// 正解部分
zone "vblog.tw" {
type master;
file "/etc/bind/zones/vblog.tw.db";
};

// 反解部分
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
};

建立 zones 目錄
root@smallken:/etc/bind# mkdir /etc/bind/zones

建立正解部分的設定檔 vblog.tw.db
root@smallken:/etc/bind# vi /etc/bind/zones/vblog.tw.db
$TTL 1500
@ IN SOA smallken.vblog.tw. root (
2007062703 ;serial
28800 ;refresh
3600 ;retry
604800 ;expire
38400 ) ;minimum 25 minutes
vblog.tw. IN NS smallken.vblog.tw.
smallken IN A 192.168.1.105
webserver1 IN A 192.168.1.103
media IN A 192.168.1.104
db2 IN A 192.168.1.101



建立反解部分的設定檔 rev.1.168.192.in-addr.arpa
root@smallken:/etc/bind# vi /etc/bind/zones/rev.1.168.192.in-addr.arpa
$TTL 1500
@ IN SOA smallken.vblog.tw. root (
2007062703 ;serial
28800 ;refresh
3600 ;retry
604800 ;expire
38400 ) ;minimum 25 minutes

IN NS smallken.vblog.tw.
105 IN PTR smallken.vblog.tw.
103 IN PTR webserver1.vblog.tw.
104 IN PTR media.vblog.tw.
101 IN PTR db2.vblog.tw.

設定forwarders，設定forwarders的意思是說，如果查詢範圍超出了本機DNS所設定的範圍之外的話，本機的DNS會自動幫你去問其他DNS Server 然後回傳結果，類似被問到無法回答的問題時，再出去外面討救兵的意思，所以一般的forwarders都會設定ISP的DNS，我習慣設hinet的DNS 168.95.1.1
root@smallken:/etc/bind# vi /etc/bind/named.conf.options
forwarders {
168.95.1.1;
};



以上全部都設定完成之後，重新啟動 bind
root@smallken:/etc/bind# /etc/init.d/bind9 restart
* Stopping domain name service... bind [ OK ]
* Starting domain name service... bind [ OK ]



設定 /etc/resolv.conf，把本機ip 192.168.1.105 設定在 hinet 的dns ip 168.95.1.1 之前，這樣會先查本機的dns設定，以便接下來的測試
root@smallken:/etc/bind# vi /etc/resolv.conf
search vblog.tw
nameserver 192.168.1.105
nameserver 168.95.1.1



測試 smallken.vblog.tw
root@smallken:/etc/bind# nslookup smallken
Server: 192.168.1.105
Address: 192.168.1.105#53

Name: smallken.vblog.tw
Address: 192.168.1.105

測試 media.vblog.tw

root@smallken:/etc/bind# nslookup media

Server: 192.168.1.105
Address: 192.168.1.105#53

Name: media.vblog.tw
Address: 192.168.1.104

測試成功!