lost and found ( for me ? )

DNS: how to deploy internal root zone , jp zone , test.co.jp zone for internal testing

この設定であってるのかな??。。
ミスってるかも。

internal root : 192.168.1.50 ( hostname : hat1-vm )
internal jp ( co.jp ) : 192.168.1.51 ( hostname : hat2-vm )
test.co.jp : 192.168.1.52 ( hostname : hat3-vm )
キャッシュサーバ : 192.168.1.80 ( hostname : hat4-vm )

All DNS servers are running under KVM ( Kernel-based Virtual Machine).

 # named -v
BIND 9.7.1

[ internal root server ( hat1-vm ) ]

zone  "." in {
        type master;
        file "root_zone_internal.db";
        };

[root@hat1-vm ~]# cat /var/named/root_zone_internal.db 
$TTL 86400
. IN SOA x.root-servers.net. hostmaster.root-servers.net. (
2010062304
1h
15m
30d
1h )
IN NS x.root-servers.net.

x.root-servers.net. IN A 192.168.1.50

jp. IN NS x.dns.jp.

x.dns.jp. IN A 192.168.1.51

co.jp. IN NS x.dns.jp.


[ internal jp (co.jp ) zone ( hat2-vm ) ]

zone  "." in {
        type hint;
        file "named.ca";
        };

zone  "jp" in {
        type master;
        file "jp_zone_internal.db";
        };

ルートサーバは internal root server の IP , 192.168.1.50を指定

[root@hat2-vm ~]# cat /var/named/named.ca
.                        3600000  IN  NS    X.ROOT-SERVERS.NET.
X.ROOT-SERVERS.NET.      3600000      A     192.168.1.50
[root@hat2-vm ~]# 

- jp ゾーン

[root@hat2-vm ~]# cat /var/named/jp_zone_internal.db 
$TTL 86400
jp. IN SOA x.dns.jp. hostmaster.dns.jp. (
2010062303
1h
15m
30d
1h )
IN NS x.dns.jp.

x.dns.jp. IN A 192.168.1.51

test.co.jp. NS ns.test.co.jp.
ns.test.co.jp. IN A 192.168.1.52
[root@hat2-vm ~]# 

[ test.co.jp ゾーン ( hat3-vm ) ]

zone  "." in {
        type hint;
        file "named.ca";
        };

zone "test.co.jp" {
        type master;
        file "test.co.jp.db";
};

[root@hat3-vm ~]# cat /var/named/named.ca
.                        3600000  IN  NS    X.ROOT-SERVERS.NET.
X.ROOT-SERVERS.NET.      3600000      A     192.168.1.50
[root@hat3-vm ~]# 
[root@hat3-vm ~]# cat /var/named/test.co.jp.db 
$TTL 86400
test.co.jp.     IN      SOA     ns.test.co.jp. hostmaster.test.co.jp. (
        2010062303
        1h
        15m
        30d
        1h )
        IN      NS      ns.test.co.jp.

ns.test.co.jp.       IN      A       192.168.1.52

www.test.co.jp. IN A 10.0.0.1

[ キャッシュサーバ ( hat4-vm ) ]

options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";
        max-cache-size 5M;
        recursion yes;
        version "";
};

zone  "." in {
        type hint;
        file "named.ca";
        };

[root@hat4-vm ~]# cat /var/named/named.ca
.                        3600000  IN  NS    X.ROOT-SERVERS.NET.
X.ROOT-SERVERS.NET.      3600000      A     192.168.1.50


[ キャッシュサーバから www.test.co.jp の名前解決ができるか確認 ]

名前解決できたー

[root@hat4-vm ~]# dig @127.1 www.test.co.jp.

; <<>> DiG 9.7.1 <<>> @127.1 www.test.co.jp.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.test.co.jp. IN A

;; ANSWER SECTION:
www.test.co.jp. 86400 IN A 10.0.0.1

;; AUTHORITY SECTION:
test.co.jp. 86400 IN NS ns.test.co.jp.

ルートからたどってみると、

[root@hat4-vm ~]# dig @192.168.1.50 www.test.co.jp +norec

; <<>> DiG 9.7.1 <<>> @192.168.1.50 www.test.co.jp +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29607
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.test.co.jp. IN A

;; AUTHORITY SECTION:
jp. 86400 IN NS x.dns.jp.

;; ADDITIONAL SECTION:
x.dns.jp. 86400 IN A 192.168.1.51


[root@hat4-vm ~]# dig @192.168.1.51 www.test.co.jp +norec

; <<>> DiG 9.7.1 <<>> @192.168.1.51 www.test.co.jp +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48652
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.test.co.jp. IN A

;; AUTHORITY SECTION:
test.co.jp. 86400 IN NS ns.test.co.jp.

;; ADDITIONAL SECTION:
ns.test.co.jp. 86400 IN A 192.168.1.52

[root@hat4-vm ~]# dig @192.168.1.52 www.test.co.jp +norec

; <<>> DiG 9.7.1 <<>> @192.168.1.52 www.test.co.jp +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65425
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.test.co.jp. IN A

;; ANSWER SECTION:
www.test.co.jp. 86400 IN A 10.0.0.1

;; AUTHORITY SECTION:
test.co.jp. 86400 IN NS ns.test.co.jp.

;; ADDITIONAL SECTION:
ns.test.co.jp. 86400 IN A 192.168.1.52

他クエリいろいろ ( dig @a.root-servers.net , dig @a.dns.jp の回答と比べてあっているっぽいので,設定は大丈夫かなと )

[root@hat4-vm ~]# dig @192.168.1.50 . +norec

; <<>> DiG 9.7.1 <<>> @192.168.1.50 . +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59980
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;. IN A

;; AUTHORITY SECTION:
. 3600 IN SOA x.root-servers.net. hostmaster.root-servers.net. 2010062304 3600 900 2592000 3600

;; Query time: 1 msec
;; SERVER: 192.168.1.50#53(192.168.1.50)
;; WHEN: Tue Jun 29 00:26:29 2010
;; MSG SIZE  rcvd: 81

[root@hat4-vm ~]# 
[root@hat4-vm ~]# dig @192.168.1.50 jp. +norec

; <<>> DiG 9.7.1 <<>> @192.168.1.50 jp. +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38991
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;jp. IN A

;; AUTHORITY SECTION:
jp. 86400 IN NS x.dns.jp.

;; ADDITIONAL SECTION:
x.dns.jp. 86400 IN A 192.168.1.51

;; Query time: 2 msec
;; SERVER: 192.168.1.50#53(192.168.1.50)
;; WHEN: Tue Jun 29 00:26:33 2010
;; MSG SIZE  rcvd: 56

[root@hat4-vm ~]# 
[root@hat4-vm ~]# dig @192.168.1.50 co.jp +norec

; <<>> DiG 9.7.1 <<>> @192.168.1.50 co.jp +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39887
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;co.jp. IN A

;; AUTHORITY SECTION:
jp. 86400 IN NS x.dns.jp.

;; ADDITIONAL SECTION:
x.dns.jp. 86400 IN A 192.168.1.51

[root@hat4-vm ~]# dig @192.168.1.51 jp +norec

; <<>> DiG 9.7.1 <<>> @192.168.1.51 jp +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28399
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;jp. IN A

;; AUTHORITY SECTION:
jp. 3600 IN SOA x.dns.jp. hostmaster.dns.jp. 2010062303 3600 900 2592000 3600

;; Query time: 3 msec
;; SERVER: 192.168.1.51#53(192.168.1.51)
;; WHEN: Tue Jun 29 00:27:47 2010
;; MSG SIZE  rcvd: 73

[root@hat4-vm ~]# 

[root@hat4-vm ~]# dig @192.168.1.51 co.jp +norec

; <<>> DiG 9.7.1 <<>> @192.168.1.51 co.jp +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53030
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;co.jp. IN A

;; AUTHORITY SECTION:
jp. 3600 IN SOA x.dns.jp. hostmaster.dns.jp. 2010062303 3600 900 2592000 3600

[root@hat4-vm ~]# dig @192.168.1.51 jp ns +norec

; <<>> DiG 9.7.1 <<>> @192.168.1.51 jp ns +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 670
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;jp. IN NS

;; ANSWER SECTION:
jp. 86400 IN NS x.dns.jp.

;; ADDITIONAL SECTION:
x.dns.jp. 86400 IN A 192.168.1.51

;; Query time: 6 msec
;; SERVER: 192.168.1.51#53(192.168.1.51)
;; WHEN: Tue Jun 29 00:28:32 2010
;; MSG SIZE  rcvd: 56

[root@hat4-vm ~]# 
[root@hat4-vm ~]# dig @192.168.1.51 co.jp ns +norec

; <<>> DiG 9.7.1 <<>> @192.168.1.51 co.jp ns +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38325
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;co.jp. IN NS

;; AUTHORITY SECTION:
jp. 3600 IN SOA x.dns.jp. hostmaster.dns.jp. 2010062303 3600 900 2592000 3600

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.