By default, trixbox Pro’s DNS server (BIND v9) comes enabled, but is only configured to answer requests on the localhost address (127.0.0.1). This guide will show you how to enable DNS for all ethernet interfaces, and also how to set up a forwarder to another DNS server to handle unresolved requests.
First, lets verify that DNS is configured to start at boot-up.
chkconfig --list |grep named
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
We can see that the ‘named’ service is on for system runlevels 2, 3, 4, and 5. This is exactly what we want. If your DNS server is NOT on for these runlevels, you can run this command to turn the service on:
chkconfig --levels 2345 named on
The first thing we want to do is configure DNS to listen on all of our interfaces. In this example, we will have 2 ethernet cards. Eth0 is 192.168.1.20, and eth1 is 10.10.10.20. We want to add these into the ‘options’ section of our /var/named/chroot/etc/named.conf file. Here is how the section looks by default:
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
To edit our named.conf file, we want to run:
nano /var/named/chroot/etc/named.conf
Currently, there are no options for our DNS server. Before the close of the options section (the }; ), we want to add the following:
listen-on {
127.0.0.1;
192.168.1.20;
10.10.10.20;
};
Please not the semi-colons at the end of each line…these are necessary. Also note that the close of this option (the }; ) is NOT the close to the entire options section…just the ‘listen-on’ setting.
Next, we’re going to add in a forwarder to another DNS server. This tells named to send any requests that it can’t resolve itself to the forwarder. For my forwarder, I am going to use the public 4.2.2.2 DNS server, but for the promptest DNS resolution, you should use your ISP’s provided DNS servers.
We want to add the following lines within the ‘options’ section…this can be above or below the ‘listen-on’ setting we just added.
forwarders {
4.2.2.2;
};
Now that we have both of those settings in our /var/named/chroot/etc/named.conf file, your options section should look like this:
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
listen-on {
127.0.0.1;
192.168.1.20;
10.10.10.20;
};
forwarders {
4.2.2.2;
};
};
Save and exit nano by doing CTRL+X to exit, and then answer ‘Y’ when asked to save.
Restart DNS:
service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
If named does not start after you have edited the named.conf file, open it back up and make sure you don’t have any typos, and that there are semi-colons at the end of each setting.
You can test to see if DNS is working with the nslookup command:
nslookup
> server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1#53
> s133828.trixbox.fonality.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: s133828.trixbox.fonality.com
Address: 192.168.1.20
> www.google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.google.com
canonical name = www.l.google.com.
Name: www.l.google.com
Address: 74.125.45.104
Name: www.l.google.com
Address: 74.125.45.147
Name: www.l.google.com
Address: 74.125.45.99
Name: www.l.google.com
Address: 74.125.45.103
画像 0 | ||
---|---|---|
ギャラリーに表示すべき画像はありません。 |