4.5 Các bài thực hành thiết lập dịch vụ DNS
4.5.1 Cài đặt & cấu hình BIND
Login vào máy chủ CentOS, kiểm tra kết nối Internet và sử dụng công cụ yum để cài đặt bind và các ứng dụng hỗ trợ bind (bind-utils) như nslookup hay dig. Có thể kiểm tra các gói ứng dụng này đã có trên máy chủ CentOS hay chưa rồi tiến hành cài đặt:
> yum list bind bind-utils Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos-hn.viettelidc.com.vn
* extras: centos-hn.viettelidc.com.vn
* updates: centos-hn.viettelidc.com.vn Installed Packages
bind.x86_64 32:9.8.2-0.37.rc1.el6_7.4 @updates
bind-utils.x86_64 32:9.8.2-0.37.rc1.el6_7.4 @updates
> yum install bind bind-utils Loaded plugins: fastestmirror Setting up Install Process
Loading mirror speeds from cached hostfile
* base: centos-hn.viettelidc.com.vn
* extras: centos-hn.viettelidc.com.vn
* updates: centos-hn.viettelidc.com.vn
Package 32:bind-9.8.2-0.37.rc1.el6_7.4.x86_64 already installed and latest version Package 32:bind-utils-9.8.2-0.37.rc1.el6_7.4.x86_64 already installed and latest version
A BIND system consists of the following items:
• A named.conf file that describes the server characteristics and the zone files used. The named.conf file is normally located in /etc for most Linux distributions, %SystemRoot%\system32\dns\etc for Windows, and in either /etc/namedb or /usr/local/etc for BSD-based systems.
• Depending on the configuration, the name server may use one or more zone files describing the domains being managed. By convention, the zone files are normally located in /var/named for Linux and most Unix-based systems, but this location can be controlled by BIND configuration parameters (using the directory statement).
• Depending on the services being provided by the name server, it may require additional zone files describing the localhost environment, and reverse maps for local IP addresses and root-servers.
Zone files are text files (standardized by RFC 1035) that may be read or edited using any standard editor and can contain three types of entries:
• Comments: All comments start with a semicolon (;) and continue to the end of the line. Comments can be added to any other record type and are assumed to terminate the line.
• Directives: All directives start with a dollar sign ($) and are used to control processing of the zone files.
• Resource Records: Resource Records (RR) are used to define the characteristics, properties, or entities contained within the domain. RRs are contained on a single line with the exception that entries enclosed in parentheses can spread across multiple lines.
• Field Separators: The separators between fields in a RR can be either spaces or tabs. In zone files, tabs are traditionally used to make a more attractive layout and to clearly indicate which fields are missing.
In general, a zone file will typically contain the following RRs and directives:
• The $TTL directive: Defines the default Time to Live (TTL) value for the zone or domain, which is the time a RR may be cached (or saved) by another DNS server. This directive is mandatory.
• The $ORIGIN directive: The domain name for the zone being defined. This directive is optional. If not present, BIND 9 will create the $ORIGIN value from the zone name defined in its configuration file (the named.conf file)
• A Start of Authority (SOA) RR: The SOA RR, which must appear as the first RR in a zone file, describes the global characteristics of the zone or domain.
There can be only one SOA RR in a zone file. This RR is mandatory.
• The Name Server (NS) RR: Defines name servers that are authoritative for the zone or domain. There must be two or more NS RRs in a zone file. NS RRs may reference servers in this domain or in a foreign or external domain.
These RRs are mandatory.
• The Mail Exchanger (MX) RR: Defines the mail servers for the zone. There may be zero or more MX RRs in a zone file. If the domain does not provide e-mail services, there is no need for any MX RRs. An MX RR may reference a mail server in this domain or in a foreign or external domain. This RR is optional.
• The Address (A) RR: Used to define the IPv4 address of all the hosts (or services) that exist in this zone and are required to be publicly visible. IPv6 entries are defined using AAAA (called Quad A) RRs. There may zero or more A or AAAA RRs in a zone file. This RR is optional.
• The CNAME RR: Defines an Alias RR, which allows one host (or service) to be defined as the alias name for another host. There may be zero or more CNAME RRs in a zone file. This RR is optional.
Chú ý kiểm tra quyền truy nhập của file zone. Khi chạy lệnh dig mà DNS server không trả về kết quả (thiếu thông tin ANSWER SESTION cùng với thông tin trạng thái status:
> dig @127.0.0.1 mydomain.vn any
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @127.0.0.1 mydomain.vn any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16658
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;mydomain.vn.INANY
;; ANSWER SECTION:
mydomain.vn. 10800 mydomain.vn. mydomain.vn.
86400 INSOAns1.mydomain.vn. hostmaster.hp.vn. 20151108 86400 3600 604800 86400
86400 IN
IN NS
MX ns1.mydomain.vn.
10 mail.mydomain.vn.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 11 07:24:33 2015
;; MSG SIZE rcvd: 150
SERVFAIL) thì có thể là do không đọc được file zone. Khi đó cần kiểm tra và bổ sung quyền đọc (read) cho file này với lệnh chmod +r.