「Bindの設定」の版間の差分
提供: sha.ngri.la
細 (→named.confの設定) |
細 |
||
| (同じ利用者による、間の1版が非表示) | |||
| 99行目: | 99行目: | ||
allow-update { none; }; | allow-update { none; }; | ||
}; | }; | ||
| + | </pre> | ||
| + | [https://www.nic.ad.jp/ja/dns/openresolver/ オープンリゾルバ(Open Resolver)に対する注意喚起 - JPNIC] | ||
[[Category:bind]] | [[Category:bind]] | ||
[[Category:サーバ]] | [[Category:サーバ]] | ||
2014年10月27日 (月) 05:52時点における最新版
bindの起動
/etc/init.d/named start
named.confの設定
オリジナル
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
編集後
options {
listen-on port 53 {
127.0.0.1;
***.***.***.***; /* サーバのIPアドレス */
};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; /* localhost; を any; に変更 */
recursion yes;
allow-recursion { localhost; }; /* 追加 */
allow-query-cache { localhost; }; /* 追加 */
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
/* zone の記載を追加 */
zone "*****.net" {
type master;
file "pbukuma.net.zone";
allow-update { none; };
};
zone "***.***.***.***.in-addr.arpa" {
type master;
file "pbukuma.net.rev";
allow-update { none; };
};