發佈於 作者: t850008

ArchLinux – 建立 DNS Server Chroot 環境

ArchLinux 好像並沒有像 CentOS Linux,在 Bind DNS Server 有直接提供 DNS Server Chroot(bind-chroot) 的套件,可以方便做設定,所以要用手動的方式來設定。
在 CentOS
# yum list | grep bind-chroot | awk ‘{print $1}’
bind-chroot.x86_64

底下文章參考:
How to install and set-up Slave Named (BIND) DNS server in ArchLinux | Stavrovski.Net

[@more@]設定 DNS Chroot 的目錄
# CHROOT=/var/named/chroot
# 建立 chroot 目錄
# mkdir -p “${CHROOT}”/{dev,etc} “${CHROOT}”/var/{run,log,named,tmp}
# mkdir -p “${CHROOT}”/usr/lib/bind “${CHROOT}”/usr/lib/engines

建立  block devices
# mknod “${CHROOT}”/dev/null c 1 3
# mknod “${CHROOT}”/dev/random c 1 8

複製  /usr/lib/libgost.so/var/named/chroot/usr/lib/engines/
# cp /usr/lib/engines/libgost.so “${CHROOT}”/usr/lib/engines/

更改目錄權限
# chown root:named “${CHROOT}”
# chmod 750 “${CHROOT}”
# chown -R named: “${CHROOT}”/var/named/
# chown named: “${CHROOT}”/var/{run,log}
# chmod 666 “${CHROOT}”/dev/{null,random}

搬移原有的設定檔到 chroot 目錄
# mv /etc/named.conf “${CHROOT}”/etc/
# mv /etc/rndc.key “${CHROOT}”/etc/
# mv /var/named/{root.hint,127.0.0.zone,localhost.zone,db.1.168.192,db.tces.ilc.edu.tw} “${CHROOT}”/var/named/

建立 /var/named/chroot/etc/named.conf 的連結到 /etc 目錄之下
# ln -s “${CHROOT}”/etc/named.conf /etc/

設定目錄的權限
# chown -R named: “${CHROOT}”/var/named/

在 /etc/systemd/system 目錄下建立 named.service 啟動檔
# vim /etc/systemd/system/named.service

[Unit]
Description=Internet domain name server
After=network.target

[Service]
ExecStart=/usr/bin/named -f -u named -t /var/named/chroot
ExecReload=/usr/bin/rndc reload
ExecStop=/usr/bin/rndc stop

[Install]
WantedBy=multi-user.target

關閉原有的 DNS Server,並啟動 chroot DNS Server
# systemctl stop named
# systemctl disable named
Removed symlink /etc/systemd/system/multi-user.target.wants/named.service.
# systemctl start named.service
# systemctl enable named.service
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /etc/systemd/system/named.service.

檢查 DNS Server 是否有正常啟動
# netstat -ant | grep :.*53
tcp        0      0 192.168.1.106:53        0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN

測試
# host free.test.ilc.edu.tw
free.test.ilc.edu.tw has address 192.168.1.6

# host 192.168.1.6
6.1.168.192.in-addr.arpa domain name pointer free.test.ilc.edu.tw.