{"id":676,"date":"2013-04-19T16:45:32","date_gmt":"2013-04-19T14:45:32","guid":{"rendered":"https:\/\/zz-indigo.mavipet.sk\/?page_id=676"},"modified":"2017-03-30T09:32:33","modified_gmt":"2017-03-30T09:32:33","slug":"bind9","status":"publish","type":"page","link":"https:\/\/zz-indigo.mavipet.sk\/?page_id=676","title":{"rendered":"Bind9"},"content":{"rendered":"

Pre zjednodu\u0161enie spr\u00e1vy a hlavne pre HA storage je potrebn\u00e9 mat nejak\u00e9 DNS alebo vyplnen\u00e9 host tabulky. Ke\u010fze sa jedn\u00e1 z \u010dasti o Proof Of Concept som sa rozhodol pre \u0161tandardn\u00fd Bind9. Prim\u00e1rnym name serverom bude NFS01 a sekund\u00e1rnym NFS02.<\/p>\n

Syst\u00e9m ma 2 subdom\u00e9ny<\/p>\n

    \n
  1. .storage.mavipet.sk – Dom\u00e9na Storage serverov<\/li>\n
  2. .internal.mavipet.sk –\u00a0 Dom\u00e9na intern\u00fdch serverov<\/li>\n<\/ol>\n

    In\u0161tal\u00e1cia:<\/p>\n

    apt-get install bind9<\/pre>\n
    Konfigur\u00e1cia:<\/p>\n
    NFS01:<\/p>\n
    root@nfs1:\/mnt\/test# cat \/etc\/bind\/named.conf.options \r\noptions {\r\n\u00a0\u00a0 \u00a0directory \"\/var\/cache\/bind\";\r\n\r\n\u00a0\u00a0 \u00a0\/\/ If there is a firewall between you and nameservers you want\r\n\u00a0\u00a0 \u00a0\/\/ to talk to, you may need to fix the firewall to allow multiple\r\n\u00a0\u00a0 \u00a0\/\/ ports to talk.\u00a0 See http:\/\/www.kb.cert.org\/vuls\/id\/800113\r\n\r\n\u00a0\u00a0 \u00a0\/\/ If your ISP provided one or more IP addresses for stable \r\n\u00a0\u00a0 \u00a0\/\/ nameservers, you probably want to use them as forwarders. \u00a0\r\n\u00a0\u00a0 \u00a0\/\/ Uncomment the following block, and insert the addresses replacing \r\n\u00a0\u00a0 \u00a0\/\/ the all-0's placeholder.\r\n\r\n\u00a0\u00a0 \u00a0\/\/forwarders {\r\n\u00a0\u00a0 \u00a0\/\/ \u00a0\u00a0 \u00a00.0.0.0;\r\n\u00a0\u00a0 \u00a0\/\/};\r\n\r\n\u00a0\u00a0 \u00a0auth-nxdomain no;\u00a0\u00a0\u00a0 # conform to RFC1035\r\n\r\n\u00a0\u00a0 \u00a0\/\/ oznamime info kamaradovy\r\n\u00a0\u00a0 \u00a0also-notify { 172.16.1.12; };\r\n\r\n\u00a0\u00a0 \u00a0listen-on-v6 { any; };\r\n\u00a0\u00a0 \u00a0\/\/ cyklicke odpovede pre RoudRobin\/HA \r\n\u00a0\u00a0 \u00a0rrset-order { order random;};\r\n};\r\n\r\nroot@nfs1:\/mnt\/test# cat \/etc\/bind\/named.conf.local \r\n\/\/\r\n\/\/ Do any local configuration here\r\n\/\/\r\n\r\n\/\/ Consider adding the 1918 zones here, if they are not used in your\r\n\/\/ organization\r\n\/\/ include \"\/etc\/bind\/zones.rfc1918\";\r\n\r\nzone \"storage.mavipet.sk\" IN {\r\n\u00a0\u00a0 \u00a0type master;\r\n\u00a0\u00a0 \u00a0file \"\/etc\/bind\/db.storage.mavipet.sk\";\r\n\u00a0\u00a0 \u00a0allow-update { none; };\r\n};\r\n\r\nzone \"internal.mavipet.sk\" IN {\r\n\u00a0\u00a0 \u00a0type master;\r\n\u00a0\u00a0 \u00a0file \"\/etc\/bind\/db.internal.mavipet.sk\";\r\n\u00a0\u00a0 \u00a0allow-update { none; };\r\n};\r\n\r\nroot@nfs1:\/mnt\/test# cat \/etc\/bind\/db.storage.mavipet.sk \r\n$TTL\u00a0\u00a0 \u00a086400\r\n@\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0SOA\u00a0\u00a0 \u00a0dns.internal.mavipet.sk. root.dns.internal.mavipet.sk (\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0; Serial\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0 604800\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0; Refresh\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0 86400\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0; Retry\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a02419200\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0; Expire\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0 86400 )\u00a0\u00a0 \u00a0; Negative Cache TTL\r\n;\r\n@\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0dns.internal.mavipet.sk.\r\n@\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0dns-s.internal.mavipet.sk.\r\n;\r\nkvm01\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.1\r\nkvm02\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.2\r\nkvm03\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.3\r\nkvm04\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.4\r\nnfs01\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.11\r\nnfs02\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.12\r\n;\r\ngls1\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.11\r\n\u00a0\u00a0 \u00a0    IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.12\r\ngls2\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.1\r\n\u00a0\u00a0 \u00a0    IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.2\r\n\u00a0\u00a0 \u00a0    IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.3\r\n\u00a0\u00a0 \u00a0    IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.0.4\r\n\r\nroot@nfs1:\/mnt\/test# cat \/etc\/bind\/db.internal.mavipet.sk \r\n$TTL\u00a0\u00a0 \u00a086400\r\n@\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0SOA\u00a0\u00a0 \u00a0dns.internal.mavipet.sk. root.dns.internal.mavipet.sk (\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0; Serial\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0 604800\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0; Refresh\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0 86400\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0; Retry\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a02419200\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0; Expire\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0 86400 )\u00a0\u00a0 \u00a0; Negative Cache TTL\r\n;\r\n@\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0nfs01\r\n@\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0nfs02\r\n;\r\nkvm01\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.1.1\r\nkvm02\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.1.2\r\nkvm03\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.1.3\r\nkvm04\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.1.4\r\nnfs01\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.1.11\r\nnfs02\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0172.16.1.12\r\ndns\u00a0\u00a0 \u00a0  IN\u00a0\u00a0 \u00a0CNAME\u00a0\u00a0 \u00a0nfs01\r\ndns-s\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0CNAME\u00a0\u00a0 \u00a0nfs02<\/pre>\n
    NFS02:<\/p>\n
    root@nfs2:~# cat \/etc\/bind\/named.conf.local \r\n\/\/\r\n\/\/ Do any local configuration here\r\n\/\/\r\n\r\n\/\/ Consider adding the 1918 zones here, if they are not used in your\r\n\/\/ organization\r\n\/\/ include \"\/etc\/bind\/zones.rfc1918\";\r\n\r\nzone \"storage.mavipet.sk\" IN {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 type slave;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 file \"\/etc\/bind\/slaves\/db.storage.mavipet.sk\";\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 masters {\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0172.16.1.11;\r\n\u00a0\u00a0 \u00a0};\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 allow-transfer { any; };\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 allow-update { none; };\r\n};\r\n\r\nzone \"sync.mavipet.sk\" IN {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 type slave;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 file \"\/etc\/bind\/slaves\/db.sync.mavipet.sk\";\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 masters {\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0172.16.1.11;\r\n\u00a0\u00a0 \u00a0};\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 allow-transfer { any; };\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 allow-update { none;};\r\n};\r\n\r\nzone \"internal.mavipet.sk\" IN {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 type slave;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 file \"\/etc\/bind\/slaves\/db.internal.mavipet.sk\";\r\n\u00a0\u00a0 \u00a0masters {\r\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0172.16.2.11;\r\n\u00a0\u00a0 \u00a0};\r\n\u00a0\u00a0 \u00a0allow-transfer { any; };\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 allow-update { none; };\r\n};<\/pre>\n
    Pozn\u00e1mky:<\/p>\n