debian \ BIND \ DNS-Server \ DNS \ bind9 \ host \ dig \ nslookup

zone "d0.b14esh.ru" {
type master;
file "/etc/bind/master/b14esh.ru.zone";
allow-transfer { 127.0.0.1 ; };
};

zone "10.10.10.in-addr.arpa" {
type master;
file "/etc/bind/master/10.10.10.in-addr.arpa.zone";
};

1

2

3

4

5

6

7

8

9

10

zone "d0.b14esh.ru" {

type master;

file "/etc/bind/master/b14esh.ru.zone";

allow-transfer { 127.0.0.1 ; };

};

zone "10.10.10.in-addr.arpa" {

type master;

file "/etc/bind/master/10.10.10.in-addr.arpa.zone";

};

 acl "acl_trusted_transfer" {
      none;
 };

 acl "acl_trusted_clients" {
     127.0.0.0/8;            // localhost (RFC 3330) - Loopback-Device addresses    127.0.0.0 - 127.255.255.255  
     // 192.168.0.0/16;     // Private Network (RFC 1918) - e. e. LAN              192.168.0.0 - 192.168.255.255 
     10.0.0.0/24;          // Private Network (RFC 1918) - e. g. VPN              10.0.0.0 - 10.255.255.255
 };

options {
        directory "/var/cache/bind";
        pid-file "/var/run/named/named.pid";
        version "not currently available"; 
        listen-on-v6 { none; };
        listen-on { any; };
        notify no;

        allow-query { acl_trusted_clients; };
        allow-query-cache { acl_trusted_clients; };
        allow-recursion { acl_trusted_clients; };
        allow-transfer {  none; };
        allow-update { none; };
        
        dnssec-validation yes;
        auth-nxdomain no; # conform to RFC1035

        empty-zones-enable yes;
        
        recursion yes;
        
        //additional-from-auth no;
        //additional-from-cache no;
        
        forwarders {
                // Router DNS
                10.0.0.1;

                // Google Public DNS
                //8.8.8.8;
                //8.8.4.4;
 
                // OpenDNS
                //208.67.222.222;
                //208.67.220.220;
                   };

};

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

acl "acl_trusted_transfer" {

none;

};

acl "acl_trusted_clients" {

127.0.0.0/8; // localhost (RFC 3330) - Loopback-Device addresses 127.0.0.0 - 127.255.255.255

// 192.168.0.0/16; // Private Network (RFC 1918) - e. e. LAN 192.168.0.0 - 192.168.255.255

10.0.0.0/24; // Private Network (RFC 1918) - e. g. VPN 10.0.0.0 - 10.255.255.255

};

options {

directory "/var/cache/bind";

pid-file "/var/run/named/named.pid";

version "not currently available";

listen-on-v6 { none; };

listen-on { any; };

notify no;

allow-query { acl_trusted_clients; };

allow-query-cache { acl_trusted_clients; };

allow-recursion { acl_trusted_clients; };

allow-transfer { none; };

allow-update { none; };

dnssec-validation yes;

auth-nxdomain no; # conform to RFC1035

empty-zones-enable yes;

recursion yes;

//additional-from-auth no;

//additional-from-cache no;

forwarders {

// Router DNS

10.0.0.1;

// Google Public DNS

//8.8.8.8;

//8.8.4.4;

// OpenDNS

//208.67.222.222;

//208.67.220.220;

};

$TTL 30
$ORIGIN 10.10.10.in-addr.arpa.
@ SOA gw.d0.b14esh.ru. root.d0.b14esh.ru. (
20120200
1h
10m
1d
30 )
  NS gw.d0.b14esh.ru.
  MX 10 gw.d0.b14esh.ru.

10 PTR gw.d0.b14esh.ru.
20 PTR win2003.d0.b14esh.ru.
30 PTR win2008.d0.b14esh.ru.
120 PTR winxp.d0.b14esh.ru.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

$TTL 30

$ORIGIN 10.10.10.in-addr.arpa.

@ SOA gw.d0.b14esh.ru. root.d0.b14esh.ru. (

20120200

1h

10m

1d

30 )

NS gw.d0.b14esh.ru.

MX 10 gw.d0.b14esh.ru.

10 PTR gw.d0.b14esh.ru.

20 PTR win2003.d0.b14esh.ru.

30 PTR win2008.d0.b14esh.ru.

120 PTR winxp.d0.b14esh.ru.

$TTL 30
$ORIGIN d0.b14esh.ru.
@ SOA gw root 20120200 1h 10m 1d 30
  NS gw
  MX 10 gw

gw A 10.10.10.10
winxp A 10.10.10.120
win2003 A 10.10.10.20
win2008 A 10.10.10.30

1

2

3

4

5

6

7

8

9

10

$TTL 30

$ORIGIN d0.b14esh.ru.

@ SOA gw root 20120200 1h 10m 1d 30

NS gw

MX 10 gw

gw A 10.10.10.10

winxp A 10.10.10.120

win2003 A 10.10.10.20

win2008 A 10.10.10.30

nameserver 127.0.01
domain my.domain

1 2	nameserver 127.0.01 domain my.domain

named-checkconf -z проверка зон
named-checkconf проверка конфигов
rndc reconfig перечетать конфиги

nslookup
host
dig

host -la my.domain
host 127.0.0.1

www.myservak.ru. FQDN
/etc/nsswitch что смотрит первым сетевому интерфейсу file(hosts или resolv)

1

2

3

4

5

6

7

8

9

10

11

12

13

named-checkconf -z проверка зон

named-checkconf проверка конфигов

rndc reconfig перечетать конфиги

nslookup

host

dig

host -la my.domain

host 127.0.0.1

www.myservak.ru. FQDN

/etc/nsswitch что смотрит первым сетевому интерфейсу file(hosts или resolv)