Suporte na configuração do servidor DNS bind9 para uma rede privada

tag-icon tag-icon ubuntu networking domain-name-system linux-networking bind
Suporte na configuração do servidor DNS bind9 para uma rede privada

Tenho vários servidores em minha rede doméstica (192.168.0.0/24) e gostaria de configurar o bind9 como um servidor DNS, para poder resolver mais facilmente os endereços IP dessas máquinas pelo nome.

Eu instalei e configurei o bind9 no Ubuntu 20.04 da seguinte maneira –seguindo este tutorial bem de perto.

2 zonas: epicsystems.local.com - /etc/bind/zones/db.epicsystems.local.com

    $TTL    604800
@   IN  SOA ns1.epicsystems.local.com. admin.epicsystems.local.com. (
                  3     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
; name servers - NS records
    IN  NS  ns1.epicsystems.local.com.

; name servers - A records
ns1.epicsystems.local.com.  IN  A   192.168.0.69


; 192.168.0.0/16 - A records
host2.epicsystems.local.com.    IN  A    192.168.0.67
host1.epicsystems.local.com         IN  A    192.168.0.66

db.192.168 -- zona de pesquisa reversa

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@   IN  SOA ns1.epicsystems.local.com. admin.epicsystems.local.com. (
                  3     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;

;name servers - NS records
    IN  NS  ns1.epicsystems.local.com.

;PTR records
69.0    IN  PTR ns1.epicsystems.local.com.          ;192.168.0.69
66.0    IN  PTR host1.epicsystems.local.com.            ;192.168.0.66
67.0    IN  PTR host2.epicsystems.local.com.        ;192.168.0.67

Meu nomeado.conf.local em /etc/bind/named.conf.local tem:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "epicsystems.local.com"{
    type master;
    file "/etc/bind/zones/db.epicsystems.local.com"; #zone file path
};

zone "168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.192.168"; #192.168.0.0/16 subnet
};

Verifiquei a sintaxe do conf e das zonas - e sintaticamente é válido - mas não étrabalhando.

Eu atribuo ao meu mac local o servidor DNS 192.168.0.69 - e tento um nslookup para ubuntu.com - isso funciona - então o bind9 funciona nessa medida.

Se eu tentar um nslookup para host1 ou host2 - ele falhará. O log misc do bind9 mostra as zonas sendo configuradas:

09-Aug-2021 21:23:34.627 zoneload: info: managed-keys-zone: loaded serial 11
09-Aug-2021 21:23:34.627 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1
09-Aug-2021 21:23:34.631 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1
09-Aug-2021 21:23:34.635 zoneload: info: zone 127.in-addr.arpa/IN: loaded serial 1
09-Aug-2021 21:23:34.635 zoneload: info: zone 168.192.in-addr.arpa/IN: loaded serial 3
09-Aug-2021 21:23:34.639 zoneload: info: zone localhost/IN: loaded serial 2
09-Aug-2021 21:23:34.639 zoneload: info: zone epicsystems.local.com/IN: loaded serial 3
09-Aug-2021 21:23:34.639 general: notice: all zones loaded
09-Aug-2021 21:23:34.639 general: notice: running
09-Aug-2021 21:23:34.743 dnssec: info: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
09-Aug-2021 21:23:34.811 resolver: info: resolver priming query complete
09-Aug-2021 21:23:42.131 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.143 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.163 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.231 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.247 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.335 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.347 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.415 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.603 dnssec: info:   validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.623 dnssec: info:   validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.707 dnssec: info: validating com/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.715 dnssec: info: validating com/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:20.508 dnssec: info:   validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:20.528 dnssec: info:   validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.244 dnssec: info:   validating cloud/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.260 dnssec: info:   validating cloud/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.324 dnssec: info: validating cloud/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.340 dnssec: info: validating cloud/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:36.973 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:36.989 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:37.005 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:37.093 dnssec: info:   validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:29:26.277 dnssec: info:   validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:29:26.577 dnssec: info: validating net/DNSKEY: got insecure response; parent indicates it should be secure

O query.log mostra que a pesquisa para host1 chega - mas não resolve nada:

09-Aug-2021 21:25:15.148 client @0x7f1cc0005910 192.168.0.13#49292 (host1.epicsystems.local.com): query: host1.epicsystems.local.com IN A + (192.168.0.69)
09-Aug-2021 21:25:36.941 client @0x7f1cbc00a550 192.168.0.13#58522 (host1): query: host1 IN A + (192.168.0.69)

Alguém pode ver o que fiz de errado aqui? É a primeira vez que tento configurar um servidor DNS, então é provável que tenha cometido um erro em algum lugar!

Responder1

host1.epicsystems.local.com         IN  A    192.168.0.66

Este registro está faltando um ponto final. Isso significa que um servidor DNS de ligação não o trata como o nome de domínio totalmente qualificado que você deseja usar, mas sim como uma abreviação.

O Bind anexará $ORIGIN (o nome da zona) aos registros abreviados, fazendo com que o registro A host1.epicsystems.local.com.epicsystems.local.com.provavelmente não seja o que você pretendia.

informação relacionada