[Gandi][Serveur] Installation d’un serveur Bind.
Serveur : Serveur Gandi
Distribution : Debian 8 64 bits (HVM)
@ip : 92.243.5.200
Serveur primaire :
ns1.samglux.info = 92.243.5.200
Serveurs secondaires :
ns6.gandi.net = 217.70.177.40
ns.kimsufi.com = 213.186.33.199
1) Acheter un nom de domain chez Gandi
https://www.gandi.net/domaine
2) A partir de l’interface Gandi du nom de domaine : Création d’un Glue Record.
Nom : ns1.samglux.info
Adresse IP : 92.243.5.200
3) A partir de l’interface Gandi du nom de domaine : Remplacement les serveurs par défaut de Gandi.
Supprimer les serveurs de nom de Gandi et ajouter notre serveur de nom : ns.samglux.info
4) Installation de LAMP.
http://framboisepi.fr/installation-dun-serveur-linux-apache-mysql-php/
5) Installation du paquetage Bind :
root@server02:~# apt-get install bind9 dnsutils
6) Déclaration de la zone DNS :
Ouvrir :
/etc/bind/named.conf.local
Ajouter :
zone "samglux.info" IN {
# Zone de type maître
type master;
# Fichier de zone
file "/etc/bind/db.samglux.info";
# On autorise le transfert de la zone aux serveurs DNS secondaires
allow-transfer { 217.70.177.40; 213.186.33.199; 127.0.0.1; ::1; };
# On autorise tout le monde à envoyer des requêtes vers cette zone
allow-query { any; };
# Prévenir les serveurs DNS secondaires qu'un changement a été effectué dans la zone maître
notify yes;
};
7) Configuration des options :
Ouvrir :
/etc/bind/named.conf.options
Remplacer tout par :
options {
directory "/var/cache/bind";
# Activer DNSSEC
dnssec-enable yes;
dnssec-validation auto;
auth-nxdomain no; # RFC1035
listen-on { any; };
listen-on-v6 { any; };
# Autoriser les requêtes récursives locales uniquement
allow-recursion { 127.0.0.1; ::1; };
# Ne pas transférer les informations des zones aux DNS secondaires
allow-transfer { none; };
# Ne pas autoriser la mise à jour des zones maîtres
allow-update { none; };
version none;
hostname none;
server-id none;
};
8) Création de la zone DNS du nom de domaine :
Ouvrir :
/etc/bind/db.samglux.info
Ajouter à la fin :
; ZONE : domain.tld
; ------------------------------------------------------------------
$TTL 7200
@ IN SOA ns1.samglux.info. hostmaster.samglux.info. (
2016012706 ; Serial
14400 ; Refresh
3600 ; Retry
1209600 ; Expire - 1 week
86400 ) ; Minimum
; NAMESERVERS
@ IN NS ns1.samglux.info.
@ IN NS ns6.gandi.net.
@ IN NS ns.kimsufi.com.
; Enregistrements A/AAAA
@ IN A 92.243.5.200
hostname IN A 92.243.5.200
ns1 IN A 92.243.5.200
; Sous-domaines - Serveur web
www IN CNAME samglux.info.
blog IN CNAME samglux.info.
forum IN CNAME samglux.info.
; Sous-domaines - Serveur mail
smtp IN CNAME samglux.info.
imap IN CNAME samglux.info.
pop IN CNAME samglux.info.
mail IN A 92.243.5.200
; Enregistrement MX (Mail Exchanger)
@ IN MX 10 mail.samglux.info.
9) Modification du résolveur :
Ouvrir :
/etc/resolv.conf
Ajouter :
nameserver 127.0.0.1
10) Vérification de la configuration :
root@server02:~# named-checkconf -z zone samglux.info/IN: loaded serial 2016012701 zone localhost/IN: loaded serial 2 zone 127.in-addr.arpa/IN: loaded serial 1 zone 0.in-addr.arpa/IN: loaded serial 1 zone 255.in-addr.arpa/IN: loaded serial 1 root@server02:~# named-checkzone samglux.info /etc/bind/db.samglux.info zone samglux.info/IN: loaded serial 2016012701 OK
11) Changement de permission :
root@server02:~# chown bind:bind /etc/bind/rndc.key root@server02:~# chmod 777 /etc/bind/rndc.key root@server02:~# ls -l /etc/bind/rndc.key -rwxrwxrwx 1 bind bind 77 Jan 27 20:10 /etc/bind/rndc.key
12) Relancer le service Bind :
root@server02:~# /etc/init.d/bind9 restart [ ok ] Restarting bind9 (via systemctl): bind9.service. root@server02:~# service bind9 restart
13) Vérification :
root@server02:~# named -g 27-Jan-2016 20:42:11.642 starting BIND 9.9.5-9+deb8u5-Debian -g 27-Jan-2016 20:42:11.642 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2' 27-Jan-2016 20:42:11.642 ---------------------------------------------------- 27-Jan-2016 20:42:11.642 BIND 9 is maintained by Internet Systems Consortium, 27-Jan-2016 20:42:11.642 Inc. (ISC), a non-profit 501(c)(3) public-benefit 27-Jan-2016 20:42:11.642 corporation. Support and training for BIND 9 are 27-Jan-2016 20:42:11.642 available at https://www.isc.org/support 27-Jan-2016 20:42:11.642 ---------------------------------------------------- 27-Jan-2016 20:42:11.642 adjusted limit on open files from 65536 to 1048576 27-Jan-2016 20:42:11.642 found 2 CPUs, using 2 worker threads 27-Jan-2016 20:42:11.642 using 2 UDP listeners per interface 27-Jan-2016 20:42:11.642 using up to 4096 sockets 27-Jan-2016 20:42:11.646 loading configuration from '/etc/bind/named.conf' 27-Jan-2016 20:42:11.647 reading built-in trusted keys from file '/etc/bind/bind.keys' 27-Jan-2016 20:42:11.647 using default UDP/IPv4 port range: [1024, 65535] 27-Jan-2016 20:42:11.647 using default UDP/IPv6 port range: [1024, 65535] ... 27-Jan-2016 20:42:11.664 not using config file logging statement for logging due to -g option 27-Jan-2016 20:42:11.665 managed-keys-zone: loaded serial 2 27-Jan-2016 20:42:11.665 zone 0.in-addr.arpa/IN: loaded serial 1 27-Jan-2016 20:42:11.674 zone 127.in-addr.arpa/IN: loaded serial 1 27-Jan-2016 20:42:11.675 zone 255.in-addr.arpa/IN: loaded serial 1 27-Jan-2016 20:42:11.677 zone localhost/IN: loaded serial 2 27-Jan-2016 20:42:11.677 zone samglux.info/IN: loaded serial 2016012701 27-Jan-2016 20:42:11.679 all zones loaded 27-Jan-2016 20:42:11.679 running 27-Jan-2016 20:42:11.680 zone samglux.info/IN: sending notifies (serial 2016012701)
14) Vérification de la prise en charge du nom de domaine par le serveur :
Attendre 2 heures.
15) Ajouter le Glue Record :
ns1.samglux.info = 92.243.5.200
16) Via l’interface Gandi de gestion du nom de domaine, ajouter les DNS suivants :
DNS1 : ns1.samglux.info
DNS2 : ns6.gandi.net
DNS3 : ns.kimsufi.com
17) Vérification :
[~] ➔ nslookup samglux.info Server: 127.0.1.1 Address: 127.0.1.1#53 Non-authoritative answer: Name: samglux.info Address: 92.243.5.200
[~] ➔ dig samglux.info ; <<>> DiG 9.9.5-3ubuntu0.6-Ubuntu <<>> samglux.info ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51001 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;samglux.info. IN A ;; ANSWER SECTION: samglux.info. 3548 IN A 92.243.5.200 ;; Query time: 3 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Sat Jan 30 21:06:04 CET 2016 ;; MSG SIZE rcvd: 46
[~] ➔ ping -c 3 samglux.info PING samglux.info (92.243.5.200) 56(84) bytes of data. 64 bytes from xvm-5-200.dc0.ghst.net (92.243.5.200): icmp_seq=1 ttl=52 time=32.5 ms 64 bytes from xvm-5-200.dc0.ghst.net (92.243.5.200): icmp_seq=2 ttl=52 time=33.0 ms 64 bytes from xvm-5-200.dc0.ghst.net (92.243.5.200): icmp_seq=3 ttl=52 time=32.9 ms --- samglux.info ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 32.504/32.823/33.026/0.228 ms
[~] ➔ host samglux.info 92.243.5.200 Using domain server: Name: 92.243.5.200 Address: 92.243.5.200#53 Aliases: samglux.info has address 92.243.5.200 samglux.info mail is handled by 10 mail.samglux.info.
18) Site internet :
http://samglux.info/
http://samglux.info/~admin
19) Liens :
https://mondedie.fr/viewtopic.php?id=5946
http://nekrocite.info/?s=bind
https://wiki.gandi.net/fr/hosting/using-linux/tutorials/ubuntu/bind
Comments are closed, but trackbacks and pingbacks are open.