■IPベースのバーチャルホストのDNS対応
※実際にはDNSSecが動作しているが、設定方法は変わらない。
また、Windows2003の役割(DNS)でも同じ考えで設定できる。
apache2のIPベースのバーチャルホストで複数ドメインの共存
http://d.hatena.ne.jp/labunix/20120601
squeeze+bindでDNSSECに対応する
http://d.hatena.ne.jp/labunix/20120503
■別のセグメントからは引けないことを確認する
$ LANG=C /sbin/ifconfig | grep "inet addr" | awk -F\: '{print $2}' | awk '{print $1}'
192.168.177.177
127.0.0.1
$ nslookup vmsqueeze-nclean 192.168.164.177
Server: 192.168.164.177
Address: 192.168.164.177#53
** server can’t find vmsqueeze-nclean: NXDOMAIN
■同じセグメントからは引けることを確認する
$ LANG=C /sbin/ifconfig | grep "inet addr" | awk -F\: '{print $2}' | awk '{print $1}'
192.168.164.180
127.0.0.1
$ nslookup vmsqueeze-nclean 192.168.164.177
Server: 192.168.164.177
Address: 192.168.164.177#53
Name: vmsqueeze-nclean.localdomain
Address: 192.168.164.177
■該当の設定は以下の通り
※正引き用と逆引き用の2行
$ grep allow-query /etc/bind/named.conf.local
allow-query { 127.0.0.1;192.168.164.0/24; };
allow-query { 127.0.0.1;192.168.164.0/24; };
■逆引きの設定を追加
※177は変更なし、ホスト名は同じでFQDNが異なるという要件の為、CNAMEで対応。
$ sudo grep ^17 /var/cache/bind/localdomain.rev
177 PTR vmsqueeze-nclean.localdomain.
178 PTR vmsqueeze-nclean.labunix.vm.
179 PTR vmsqueeze-nclean.vm.test.
■正引きの設定のベースを作成
$ sudo cp -pi /var/cache/bind/localdomain.zone /var/cache/bind/squeeze.net.zone
$ sudo cp -pi /var/cache/bind/localdomain.zone /var/cache/bind/labunix.vm
$ sudo cp -pi /var/cache/bind/localdomain.zone /var/cache/bind/vm.test
■「named.conf.local」に追加
$ tail -30 /etc/bind/named.conf.local | grep -v "^//\|^\$"
};
zone "squeeze.net" {
type master;
file "squeeze.net.zone";
allow-update { 127.0.0.1;192.168.164.177; };
allow-query { 127.0.0.1;192.168.164.0/24; };
};
zone "labunix.vm" {
type master;
file "labunix.vm.zone";
allow-update { 127.0.0.1;192.168.164.177; };
allow-query { 127.0.0.1;192.168.164.0/24; };
};
zone "vm.test" {
type master;
file "vm.test.zone";
allow-update { 127.0.0.1;192.168.164.177; };
allow-query { 127.0.0.1;192.168.164.0/24; };
};
zone "164.168.192.in-addr.arpa" {
type master;
file "localdomain.rev";
allow-update { 127.0.0.1;192.168.164.177; };
allow-query { 127.0.0.1;192.168.164.0/24; };
};
■設定のカスタマイズ
※SOA、NSは変更しない。
$ cat /var/cache/bind/squeeze.net.zone $ORIGIN .
$TTL 3600 ; 1 hour
squeeze.net IN SOA vmsqueeze-nclean.localdomain. root.mail.localdomain. (
2012060301 ; serial
1800 ; refresh (30 minutes)
900 ; retry (15 minutes)
604800 ; expire (1 week)
1200 ; minimum (20 minutes)
)
NS vmsqueeze-nclean.localdomain.
A 192.168.164.177
$ORIGIN squeeze.net.
vmsqueeze-nclean A 192.168.164.177
www CNAME vmsqueeze-nclean.localdomain.
$ sudo cat /var/cache/bind/labunix.vm.zone
$ORIGIN .
$TTL 3600 ; 1 hour
labunix.vm IN SOA vmsqueeze-nclean.localdomain. root.mail.localdomain. (
2012060301 ; serial
1800 ; refresh (30 minutes)
900 ; retry (15 minutes)
604800 ; expire (1 week)
1200 ; minimum (20 minutes)
)
NS vmsqueeze-nclean.localdomain.
A 192.168.164.177
$ORIGIN labunix.vm.
vmsqueeze-nclean A 192.168.164.178
www CNAME vmsqueeze-nclean.labunix.vm.
$ sudo cat /var/cache/bind/vm.test.zone
$ORIGIN .
$TTL 3600 ; 1 hour
vm.test IN SOA vmsqueeze-nclean.localdomain. root.mail.localdomain. (
2012060301 ; serial
1800 ; refresh (30 minutes)
900 ; retry (15 minutes)
604800 ; expire (1 week)
1200 ; minimum (20 minutes)
)
NS vmsqueeze-nclean.localdomain.
A 192.168.164.177
$ORIGIN vm.test.
vmsqueeze-nclean A 192.168.164.179
www CNAME vmsqueeze.vm.test.
■引いてみる。
$ nslookup www.squeeze.net 192.168.164.177
Server: 127.0.0.1
Address: 127.0.0.1#53
www.squeeze.net canonical name = vmsqueeze-nclean.localdomain.
Name: vmsqueeze-nclean.localdomain
Address: 192.168.164.177
$ nslookup www.labunix.vm 192.168.164.177
Server: 192.168.164.177
Address: 192.168.164.177#53
www.labunix.vm canonical name = vmsqueeze-nclean.labunix.vm.
Name: vmsqueeze-nclean.labunix.vm
Address: 192.168.164.178
$ nslookup www.vm.test 192.168.164.177
Server: 192.168.164.177
Address: 192.168.164.177#53
www.vm.test canonical name = vmsqueeze-nclean.vm.test.
Name: vmsqueeze-nclean.vm.test
Address: 192.168.164.179
■「/etc/hosts」の該当行をコメントアウト、DNSでアクセス
$ sudo grep ^#192 /etc/hosts
$ for list in vmsqueeze-nclean.localdomain www.squeeze.net www.labunix.vm www.vm.test;do \
echo "[ $list ]"; \
w3m -no-proxy -dump http://${list} | awk '(NR%7==0) || (NR==1) {print}'; \
done
[ vmsqueeze-nclean.localdomain ]
It works!
[ www.squeeze.net ]
It works!
www.squeeze.net
[ www.labunix.vm ]
It works!
www.labunix.vm
[ www.vm.test ]
It works!
www.vm.test
■パケットは以下のようになる。
$ sudo tcpdump -i lo -nnn udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
15:25:23.871307 IP 192.168.164.177.42864 > 192.168.164.177.53: 20996+ A? www.squeeze.net. (33)
15:25:23.871535 IP 192.168.164.177.53 > 192.168.164.177.42864: 20996* 2/1/0 CNAME vmsqueeze-nclean.localdomain., A 192.168.164.177 (105)
15:25:23.871591 IP 192.168.164.177.42864 > 192.168.164.177.53: 62039+ AAAA? www.squeeze.net. (33)
15:25:23.871649 IP 192.168.164.177.53 > 192.168.164.177.42864: 62039* 1/1/0 CNAME vmsqueeze-nclean.localdomain. (121)
15:25:23.902739 IP 192.168.164.177.34067 > 192.168.164.177.53: 17260+ A? www.labunix.vm. (32)
15:25:23.902936 IP 192.168.164.177.53 > 192.168.164.177.34067: 17260* 2/1/1 CNAME vmsqueeze-nclean.labunix.vm., A 192.168.164.178 (137)
15:25:23.902989 IP 192.168.164.177.34067 > 192.168.164.177.53: 56615+ AAAA? www.labunix.vm. (32)
15:25:23.903045 IP 192.168.164.177.53 > 192.168.164.177.34067: 56615* 1/1/0 CNAME vmsqueeze-nclean.labunix.vm. (137)
15:25:23.933582 IP 192.168.164.177.59322 > 192.168.164.177.53: 3418+ A? www.vm.test. (29)
15:25:23.933778 IP 192.168.164.177.53 > 192.168.164.177.59322: 3418* 2/1/1 CNAME vmsqueeze-nclean.vm.test., A 192.168.164.179 (134)
15:25:23.933829 IP 192.168.164.177.59322 > 192.168.164.177.53: 46597+ AAAA? www.vm.test. (29)
15:25:23.933885 IP 192.168.164.177.53 > 192.168.164.177.59322: 46597* 1/1/0 CNAME vmsqueeze-nclean.vm.test. (134)