LinuC（Linux技術者認定資格）＆リナックスサーバ構築設定事例

[root@sentos5 ~]# nslookup www.lpi.or.jp
Server:         192.168.0.1
Address:        192.168.0.1#53
Non-authoritative answer:
Name:   www.lpi.or.jp
Address: 202.218.212.222

[root@sentos5 ~]# nslookup
> server 192.168.0.1
Default server: 192.168.0.1
Address: 192.168.0.1#53
> www.isc.org
Server:         192.168.0.1
Address:        192.168.0.1#53
Non-authoritative answer:
Name:   www.isc.org
Address: 149.20.64.42
> exit

[root@sentos5 ~]# host sv1.lpi.jp
sv1.lpi.jp has address 203.174.74.34

[root@sentos5 ~]# host 203.174.74.34
34.74.174.203.in-addr.arpa domain name pointer sv1.lpi.jp.

[root@sentos5 ~]# host -t mx lpi.org
lpi.org mail is handled by 10 mail.lpi.org.

[root@sentos5 ~]# host -t ns lpi.org
lpi.org name server server1.moongroup.com.
lpi.org name server ns.starnix.com.

[root@sentos5 ~]# host www.lpi.org 172.17.0.1
Using domain server:
Name: 192.168.0.1
Address: 192.168.0.1#53
Aliases:
www.lpi.org has address 24.215.7.162

[root@sentos5 ~]# dig lpi.org mx
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> lpi.org mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63305
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;lpi.org.                       IN      MX
;; ANSWER SECTION:
lpi.org.                3600    IN      MX      10 mail.lpi.org.
;; AUTHORITY SECTION:
lpi.org.                3600    IN      NS      server1.moongroup.com.
lpi.org.                3600    IN      NS      ns.starnix.com.
;; ADDITIONAL SECTION:
mail.lpi.org.           3600    IN      A       24.215.7.168
ns.starnix.com.         3600    IN      A       24.215.7.99
;; Query time: 1870 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Mon Jan 10 16:30:53 2011
;; MSG SIZE  rcvd: 138

[root@sentos5 ~]# cat /etc/named.rfc1912.zones
zone "." IN {
        type hint;
        file "named.ca";
};
zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};
zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};
zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};
zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

[root@sentos5 named]# cat /etc/named.caching-nameserver.conf
options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        allow-query-cache { localhost; };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
        match-clients      { localhost; };
        match-destinations { localhost; };
        recursion yes;
        include "/etc/named.rfc1912.zones";
};

[root@sentos5 etc]# dig @m.root-servers.net ns > /var/named/named.ca

[root@sentos5 etc]# cat /var/named/named.ca
;; ANSWER SECTION:
.                       518400  IN      NS      m.root-servers.net.
.                       518400  IN      NS      c.root-servers.net.
;; ADDITIONAL SECTION:
b.root-servers.net.     3600000 IN      A       192.228.79.201
c.root-servers.net.     3600000 IN      A       192.33.4.12

[root@sentos5 etc]# rndc status
number of zones: 6
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

[root@sentos5 etc]# cat /var/named/named.local
$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
        IN      NS      localhost.
1       IN      PTR     localhost.

[root@sentos5 etc]# dig @localhost version.bind chaos txt
;; ANSWER SECTION:
version.bind.           0       CH      TXT     "9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2"

[root@sentos5 etc]# ps -f -C named
UID        PID  PPID  C STIME TTY          TIME CMD
named     2495     1  0 15:26 ?        00:00:00 /usr/sbin/named -u named -t /var/named/chroot

[root@sentos5 etc]# dnssec-keygen -a RSA -b 1024 -n ZONE example.net.
[root@sentos5 etc]# dnssec-keygen -a RSA -b 4096 -n ZONE example.net.
[root@sentos5 etc]# dnssec-signzone -k Kexample.net.+005+28778.key example.net

[root@sentos5 etc]# dig +dnssec @localhost smtp.exaple.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> +dnssec @localhost smtp.exaple.com