[Gandi][Serveur] Installation d’un serveur Bind

[Gandi][Serveur] Installation d’un serveur Bind.
Serveur : Serveur Gandi
Distribution : Debian 8 64 bits (HVM)
@ip : 92.243.5.200
Serveur primaire :
ns1.samglux.info = 92.243.5.200
Serveurs secondaires :
ns6.gandi.net = 217.70.177.40
ns.kimsufi.com = 213.186.33.199
1) Acheter un nom de domain chez Gandi
https://www.gandi.net/domaine
2) A partir de l’interface Gandi du nom de domaine : Création d’un Glue Record.
Nom : ns1.samglux.info
Adresse IP : 92.243.5.200
3) A partir de l’interface Gandi du nom de domaine : Remplacement les serveurs par défaut de Gandi.
Supprimer les serveurs de nom de Gandi et ajouter notre serveur de nom : ns.samglux.info
4) Installation de LAMP.
http://framboisepi.fr/installation-dun-serveur-linux-apache-mysql-php/
5) Installation du paquetage Bind :

root@server02:~# apt-get install bind9 dnsutils

6) Déclaration de la zone DNS :
Ouvrir :

/etc/bind/named.conf.local

Ajouter :

zone "samglux.info" IN {
        # Zone de type maître
        type master;
        # Fichier de zone
        file "/etc/bind/db.samglux.info";
        # On autorise le transfert de la zone aux serveurs DNS secondaires
        allow-transfer { 217.70.177.40; 213.186.33.199; 127.0.0.1; ::1; };
        # On autorise tout le monde à envoyer des requêtes vers cette zone
        allow-query { any; };
        # Prévenir les serveurs DNS secondaires qu'un changement a été effectué dans la zone maître
        notify yes;
};

7) Configuration des options :
Ouvrir :

/etc/bind/named.conf.options

Remplacer tout par :

options {
    directory "/var/cache/bind";
    # Activer DNSSEC
    dnssec-enable yes;
    dnssec-validation auto;
    auth-nxdomain no; # RFC1035
    listen-on { any; };
    listen-on-v6 { any; };
    # Autoriser les requêtes récursives locales uniquement
    allow-recursion { 127.0.0.1; ::1; };
    # Ne pas transférer les informations des zones aux DNS secondaires
    allow-transfer { none; };
    # Ne pas autoriser la mise à jour des zones maîtres
    allow-update { none; };
    version none;
    hostname none;
    server-id none;
};

8) Création de la zone DNS du nom de domaine :
Ouvrir :

/etc/bind/db.samglux.info

Ajouter à la fin :

; ZONE : domain.tld
; ------------------------------------------------------------------
$TTL 7200
@       IN      SOA    ns1.samglux.info. hostmaster.samglux.info. (
                                        2016012706 ; Serial
                                        14400      ; Refresh
                                        3600       ; Retry
                                        1209600    ; Expire - 1 week
                                        86400 )    ; Minimum
; NAMESERVERS
@                   IN                NS                   ns1.samglux.info.
@                   IN                NS                   ns6.gandi.net.
@                   IN                NS                   ns.kimsufi.com.
; Enregistrements A/AAAA
@                   IN                A                    92.243.5.200
hostname     IN                A                   92.243.5.200
ns1                 IN                A                   92.243.5.200
; Sous-domaines - Serveur web
www               IN                CNAME                samglux.info.
blog                IN                CNAME                samglux.info.
forum             IN                CNAME                samglux.info.
; Sous-domaines - Serveur mail
smtp                IN                CNAME              samglux.info.
imap                IN                CNAME              samglux.info.
pop                  IN                CNAME              samglux.info.
mail                 IN                A                          92.243.5.200
; Enregistrement MX (Mail Exchanger)
@                       IN              MX      10              mail.samglux.info.

9) Modification du résolveur :
Ouvrir :

/etc/resolv.conf

Ajouter :

nameserver 127.0.0.1

10) Vérification de la configuration :

root@server02:~# named-checkconf -z
zone samglux.info/IN: loaded serial 2016012701
zone localhost/IN: loaded serial 2
zone 127.in-addr.arpa/IN: loaded serial 1
zone 0.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1
root@server02:~# named-checkzone samglux.info /etc/bind/db.samglux.info
zone samglux.info/IN: loaded serial 2016012701
OK

11) Changement de permission :

root@server02:~# chown bind:bind /etc/bind/rndc.key
root@server02:~# chmod 777 /etc/bind/rndc.key
root@server02:~# ls -l /etc/bind/rndc.key
-rwxrwxrwx 1 bind bind 77 Jan 27 20:10 /etc/bind/rndc.key

12) Relancer le service Bind :

root@server02:~# /etc/init.d/bind9 restart
[ ok ] Restarting bind9 (via systemctl): bind9.service.
root@server02:~#  service bind9 restart

13) Vérification :

root@server02:~# named -g
27-Jan-2016 20:42:11.642 starting BIND 9.9.5-9+deb8u5-Debian -g
27-Jan-2016 20:42:11.642 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2'
27-Jan-2016 20:42:11.642 ----------------------------------------------------
27-Jan-2016 20:42:11.642 BIND 9 is maintained by Internet Systems Consortium,
27-Jan-2016 20:42:11.642 Inc. (ISC), a non-profit 501(c)(3) public-benefit
27-Jan-2016 20:42:11.642 corporation.  Support and training for BIND 9 are
27-Jan-2016 20:42:11.642 available at https://www.isc.org/support
27-Jan-2016 20:42:11.642 ----------------------------------------------------
27-Jan-2016 20:42:11.642 adjusted limit on open files from 65536 to 1048576
27-Jan-2016 20:42:11.642 found 2 CPUs, using 2 worker threads
27-Jan-2016 20:42:11.642 using 2 UDP listeners per interface
27-Jan-2016 20:42:11.642 using up to 4096 sockets
27-Jan-2016 20:42:11.646 loading configuration from '/etc/bind/named.conf'
27-Jan-2016 20:42:11.647 reading built-in trusted keys from file '/etc/bind/bind.keys'
27-Jan-2016 20:42:11.647 using default UDP/IPv4 port range: [1024, 65535]
27-Jan-2016 20:42:11.647 using default UDP/IPv6 port range: [1024, 65535]
...
27-Jan-2016 20:42:11.664 not using config file logging statement for logging due to -g option
27-Jan-2016 20:42:11.665 managed-keys-zone: loaded serial 2
27-Jan-2016 20:42:11.665 zone 0.in-addr.arpa/IN: loaded serial 1
27-Jan-2016 20:42:11.674 zone 127.in-addr.arpa/IN: loaded serial 1
27-Jan-2016 20:42:11.675 zone 255.in-addr.arpa/IN: loaded serial 1
27-Jan-2016 20:42:11.677 zone localhost/IN: loaded serial 2
27-Jan-2016 20:42:11.677 zone samglux.info/IN: loaded serial 2016012701
27-Jan-2016 20:42:11.679 all zones loaded
27-Jan-2016 20:42:11.679 running
27-Jan-2016 20:42:11.680 zone samglux.info/IN: sending notifies (serial 2016012701)

14) Vérification de la prise en charge du nom de domaine par le serveur :
Attendre 2 heures.
15) Ajouter le Glue Record :

ns1.samglux.info =  	92.243.5.200

16) Via l’interface Gandi de gestion du nom de domaine, ajouter les DNS suivants :
DNS1 : ns1.samglux.info
DNS2 : ns6.gandi.net
DNS3 : ns.kimsufi.com
17) Vérification :

[~] ➔ nslookup samglux.info
Server:		127.0.1.1
Address:	127.0.1.1#53
Non-authoritative answer:
Name:	samglux.info
Address: 92.243.5.200
[~] ➔ dig samglux.info
; <<>> DiG 9.9.5-3ubuntu0.6-Ubuntu <<>> samglux.info
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51001
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;samglux.info.			IN	A
;; ANSWER SECTION:
samglux.info.		3548	IN	A	92.243.5.200
;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sat Jan 30 21:06:04 CET 2016
;; MSG SIZE  rcvd: 46
[~] ➔ ping -c 3 samglux.info
PING samglux.info (92.243.5.200) 56(84) bytes of data.
64 bytes from xvm-5-200.dc0.ghst.net (92.243.5.200): icmp_seq=1 ttl=52 time=32.5 ms
64 bytes from xvm-5-200.dc0.ghst.net (92.243.5.200): icmp_seq=2 ttl=52 time=33.0 ms
64 bytes from xvm-5-200.dc0.ghst.net (92.243.5.200): icmp_seq=3 ttl=52 time=32.9 ms
--- samglux.info ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 32.504/32.823/33.026/0.228 ms
[~] ➔ host samglux.info 92.243.5.200
Using domain server:
Name: 92.243.5.200
Address: 92.243.5.200#53
Aliases:
samglux.info has address 92.243.5.200
samglux.info mail is handled by 10 mail.samglux.info.

18) Site internet :
http://samglux.info/
http://samglux.info/~admin
19) Liens :
https://mondedie.fr/viewtopic.php?id=5946
http://nekrocite.info/?s=bind
https://wiki.gandi.net/fr/hosting/using-linux/tutorials/ubuntu/bind

Comments are closed, but trackbacks and pingbacks are open.