Open1

bindインストール

Tsubasa NomuraTsubasa Nomura
apt install bind9 bind9utils
systemctl enable bind9

/etc/hosts

root@vm-hub1-onprem1:~# head /etc/hosts
127.0.0.1 localhost ns.contoso.com
root@vm-hub1-onprem1:/etc/bind# more /etc/bind/{named.conf,named.conf.default-zones,contoso.com}
::::::::::::::
/etc/bind/named.conf
::::::::::::::
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
logging {
       channel query_log {
              file "/var/log/named/query.log" versions 10 size 20M;
              severity dynamic;
              print-time yes;
              print-severity yes;
              print-category yes;
      };

      category queries {
               query_log;
      };

};
::::::::::::::
/etc/bind/named.conf.default-zones
::::::::::::::
// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

zone "contoso.com" {
        type master;
        file "/etc/bind/contoso.com";
};
::::::::::::::
/etc/bind/contoso.com
::::::::::::::
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.contoso.com.
@       IN      A       192.168.0.4
ns      IN      A       192.168.0.4
app1    IN      A       192.168.100.100

apparmorに追加してログを書けるようにする。

# tail /etc/apparmor.d/usr.sbin.named
  /{,var/}run/slapd-*.socket rw,

  # dynamic updates
  /var/tmp/DNS_* rw,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.named>
  /var/log/named/** rw,
  /var/log/named/ rw,
}