LinuCエヴァンジェリスト・Open Source Summit Japanボランティアリーダーの鯨井貴博@opensourcetechです。
はじめに
今回は、Ubuntu Server 22.04 LTS(VM)にBind9を構築します。
Bind9のインストール
aptを使って、bind9・bind9-utils・dnsutilsをインストールします。
ubuntu@ubuntu:~$ cat /etc/os-release PRETTY_NAME="Ubuntu 22.04.3 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.3 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy ubuntu@ubuntu:~$ sudo apt update [sudo] password for ubuntu: Hit:1 http://jp.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://jp.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://jp.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://jp.archive.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... Done Building dependency tree... Done Reading state information... Done ubuntu@ubuntu:~$ sudo apt install bind9 bind9-utils Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: bind9-libs dns-root-data liblmdb0 libmaxminddb0 libuv1 Suggested packages: bind-doc dnsutils resolvconf ufw mmdb-bin The following NEW packages will be installed: bind9 bind9-libs bind9-utils dns-root-data liblmdb0 libmaxminddb0 libuv1 0 upgraded, 7 newly installed, 0 to remove and 42 not upgraded. Need to get 1836 kB of archives. After this operation, 5648 kB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 liblmdb0 amd64 0.9.24-1build2 [47.6 kB] Get:2 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 libmaxminddb0 amd64 1.5.2-1build2 [24.7 kB] Get:3 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libuv1 amd64 1.43.0-1ubuntu0.1 [92.7 kB] Get:4 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 bind9-libs amd64 1:9.18.18-0ubuntu0.22.04.2 [1245 kB] Get:5 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 bind9-utils amd64 1:9.18.18-0ubuntu0.22.04.2 [161 kB] Get:6 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 dns-root-data all 2023112702~ubuntu0.22.04.1 [5136 B] Get:7 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 bind9 amd64 1:9.18.18-0ubuntu0.22.04.2 [260 kB] Fetched 1836 kB in 3s (671 kB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package liblmdb0:amd64. (Reading database ... 64089 files and directories currently installed.) Preparing to unpack .../0-liblmdb0_0.9.24-1build2_amd64.deb ... Unpacking liblmdb0:amd64 (0.9.24-1build2) ... Selecting previously unselected package libmaxminddb0:amd64. Preparing to unpack .../1-libmaxminddb0_1.5.2-1build2_amd64.deb ... Unpacking libmaxminddb0:amd64 (1.5.2-1build2) ... Selecting previously unselected package libuv1:amd64. Preparing to unpack .../2-libuv1_1.43.0-1ubuntu0.1_amd64.deb ... Unpacking libuv1:amd64 (1.43.0-1ubuntu0.1) ... Selecting previously unselected package bind9-libs:amd64. Preparing to unpack .../3-bind9-libs_1%3a9.18.18-0ubuntu0.22.04.2_amd64.deb ... Unpacking bind9-libs:amd64 (1:9.18.18-0ubuntu0.22.04.2) ... Selecting previously unselected package bind9-utils. Preparing to unpack .../4-bind9-utils_1%3a9.18.18-0ubuntu0.22.04.2_amd64.deb ... Unpacking bind9-utils (1:9.18.18-0ubuntu0.22.04.2) ... Selecting previously unselected package dns-root-data. Preparing to unpack .../5-dns-root-data_2023112702~ubuntu0.22.04.1_all.deb ... Unpacking dns-root-data (2023112702~ubuntu0.22.04.1) ... Selecting previously unselected package bind9. Preparing to unpack .../6-bind9_1%3a9.18.18-0ubuntu0.22.04.2_amd64.deb ... Unpacking bind9 (1:9.18.18-0ubuntu0.22.04.2) ... Setting up liblmdb0:amd64 (0.9.24-1build2) ... Setting up libmaxminddb0:amd64 (1.5.2-1build2) ... Setting up dns-root-data (2023112702~ubuntu0.22.04.1) ... Setting up libuv1:amd64 (1.43.0-1ubuntu0.1) ... Setting up bind9-libs:amd64 (1:9.18.18-0ubuntu0.22.04.2) ... Setting up bind9-utils (1:9.18.18-0ubuntu0.22.04.2) ... Setting up bind9 (1:9.18.18-0ubuntu0.22.04.2) ... Adding group `bind' (GID 112) ... Done. Adding system user `bind' (UID 108) ... Adding new user `bind' (UID 108) with group `bind' ... Not creating home directory `/var/cache/bind'. wrote key file "/etc/bind/rndc.key" named-resolvconf.service is a disabled or a static unit, not starting it. Created symlink /etc/systemd/system/bind9.service → /lib/systemd/system/named.service. Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service. Processing triggers for libc-bin (2.35-0ubuntu3.6) ... debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.) debconf: falling back to frontend: Readline Scanning processes... Scanning linux images... Running kernel seems to be up-to-date. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host. ubuntu@ubuntu:/etc/bind$ sudo apt install dnsutils Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: bind9-dnsutils bind9-host The following NEW packages will be installed: bind9-dnsutils bind9-host dnsutils 0 upgraded, 3 newly installed, 0 to remove and 42 not upgraded. Need to get 214 kB of archives. After this operation, 786 kB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 bind9-host amd64 1:9.18.18-0ubuntu0.22.04.2 [52.5 kB] Get:2 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 bind9-dnsutils amd64 1:9.18.18-0ubuntu0.22.04.2 [157 kB] Get:3 http://jp.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 dnsutils all 1:9.18.18-0ubuntu0.22.04.2 [3926 B] Fetched 214 kB in 2s (94.2 kB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package bind9-host. (Reading database ... 66240 files and directories currently installed.) Preparing to unpack .../bind9-host_1%3a9.18.18-0ubuntu0.22.04.2_amd64.deb ... Unpacking bind9-host (1:9.18.18-0ubuntu0.22.04.2) ... Selecting previously unselected package bind9-dnsutils. Preparing to unpack .../bind9-dnsutils_1%3a9.18.18-0ubuntu0.22.04.2_amd64.deb ... Unpacking bind9-dnsutils (1:9.18.18-0ubuntu0.22.04.2) ... Selecting previously unselected package dnsutils. Preparing to unpack .../dnsutils_1%3a9.18.18-0ubuntu0.22.04.2_all.deb ... Unpacking dnsutils (1:9.18.18-0ubuntu0.22.04.2) ... Setting up bind9-host (1:9.18.18-0ubuntu0.22.04.2) ... Setting up bind9-dnsutils (1:9.18.18-0ubuntu0.22.04.2) ... Setting up dnsutils (1:9.18.18-0ubuntu0.22.04.2) ... debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.) debconf: falling back to frontend: Readline Scanning processes... Scanning linux images... Running kernel seems to be up-to-date. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host.
Bind9の設定
Bind9インストール後は、named.conf(設定ファイル)やroot.hints(ヒントファイル)など配置されるので、追加設定を行っていきます。
ubuntu@ubuntu:~$ cd /etc/bind ubuntu@ubuntu:/etc/bind$ ls bind.keys db.0 db.127 db.255 db.empty db.local named.conf named.conf.default-zones named.conf.local named.conf.options rndc.key zones.rfc1918 ubuntu@ubuntu:/etc/bind$ ls /usr/share/dns/root. root.ds root.hints root.hints.sig root.key
追加するドメイン(opensourcetech.test)に関する設定追加。
ubuntu@ubuntu:/etc/bind$ sudo vi /etc/bind/named.conf ubuntu@ubuntu:/etc/bind$ cat /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the $ORIGIN opensourcetech.test. // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/etc/bind/named.conf.my-zones" ・・・・追記 ubuntu@ubuntu:/etc/bind$ sudo vi named.conf.my-zones ubuntu@ubuntu:/etc/bind$ cat named.conf.my-zones zone "opensourcetech.test" { type master; file "/etc/bind/test.zone"; }; zone "1.168.192.in-addr.arpa" { type master; $ORIGIN 1.168.192.in-addr.arpa. file "/etc/bind/test.rev"; };
追加するドメイン用のゾーンファイル作成。
ubuntu@ubuntu:/etc/bind$ sudo vi test.zone ubuntu@ubuntu:/etc/bind$ cat test.zone $ORIGIN opensourcetech.test. $TTL 604800 @ IN SOA dns.opensourcetech.test. root.opensourcetech.test. ( 2024030301 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; IN NS dns.opensourcetech.test. IN MX 10 mail.opensourcetech.test. dns IN A 192.168.1.114 www IN A 192.168.1.114 mail IN A 192.168.1.114 ftp IN A 192.168.1.114 smb IN A 192.168.1.114 ubuntu@ubuntu:/etc/bind$ sudo vi test.rev ubuntu@ubuntu:/etc/bind$ cat test.rev $ORIGIN 1.168.192.in-addr.arpa. $TTL 604800 @ IN SOA dns.opensourcetech.test. root.opensourcetech.test. ( 2024030301 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; IN NS dns.opensourcetech.test. 114 IN PTR www.opensourcetech.test. 114 IN PTR dns.opensourcetech.test. 114 IN PTR mail.opensourcetech.test. 114 IN PTR ftp.opensourcetech.test. 114 IN PTR smb.opensourcetech.test.
Bind9の動作確認
bind(named)の再起動
ubuntu@ubuntu:/etc/bind$ sudo systemctl status named ● named.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2024-03-03 08:19:30 UTC; 10min ago Docs: man:named(8) Process: 1336 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 1337 (named) Tasks: 8 (limit: 2221) Memory: 6.2M CPU: 150ms CGroup: /system.slice/named.service └─1337 /usr/sbin/named -u bind Mar 03 08:19:30 ubuntu named[1337]: managed-keys-zone: loaded serial 0 Mar 03 08:19:30 ubuntu named[1337]: zone 0.in-addr.arpa/IN: loaded serial 1 Mar 03 08:19:30 ubuntu named[1337]: zone localhost/IN: loaded serial 2 Mar 03 08:19:30 ubuntu named[1337]: zone 127.in-addr.arpa/IN: loaded serial 1 Mar 03 08:19:30 ubuntu named[1337]: zone 255.in-addr.arpa/IN: loaded serial 1 Mar 03 08:19:30 ubuntu named[1337]: all zones loaded Mar 03 08:19:30 ubuntu named[1337]: running Mar 03 08:19:30 ubuntu systemd[1]: Started BIND Domain Name Server. Mar 03 08:19:40 ubuntu named[1337]: resolver priming query complete: timed out Mar 03 08:19:40 ubuntu named[1337]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out ubuntu@ubuntu:/etc/bind$ sudo systemctl restart named
正引き・逆引きの回答を確認。
ubuntu@ubuntu:/etc/bind$ nslookup > server Default server: 127.0.0.53 Address: 127.0.0.53#53 > server 192.168.1.114 Default server: 192.168.1.114 Address: 192.168.1.114#53 > www.opensourcetech.test Server: 192.168.1.114 Address: 192.168.1.114#53 Name: www.opensourcetech.test Address: 192.168.1.114 > 192.168.1.114 114.1.168.192.in-addr.arpa name = ftp.opensourcetech.test. 114.1.168.192.in-addr.arpa name = smb.opensourcetech.test. 114.1.168.192.in-addr.arpa name = mail.opensourcetech.test. 114.1.168.192.in-addr.arpa name = dns.opensourcetech.test. 114.1.168.192.in-addr.arpa name = www.opensourcetech.test. > exit
おわりに
Chrootもやってみたかったのですが、Ubuntuではパッケージがないので実施はしていません。
ubuntu@ubuntu:/etc/bind$ sudo apt install bind-chroot Reading package lists... Done Building dependency tree... Done Reading state information... Done E: Unable to locate package bind-chroot ubuntu@ubuntu:/etc/bind$ sudo apt install bind9-chroot Reading package lists... Done Building dependency tree... Done Reading state information... Done E: Unable to locate package bind9-chroot
参考
Ubuntu 20.04 LTSで作業は、以下記事。
https://www.opensourcetech.tokyo/entry/20220604/1654315353