在 Alpine Linux 3 底下安裝 Bind 當 DNS
- 採用 PVE 內提供的 alpine-3.14 (2.5MB) 建立 CT
- 預計安裝與配置:
- CPU:1vcore / RAM:512MB / Root Disk:8GB
- 啟動主機的 IP 網段 10.20.0.0/24
- 允許本機與 10.0.0.0/8 來源詢問任何 Domain Name
- 上游 DNS : 1.1.1.1
安裝與設定 BIND
- 安裝 BIND
apk add bind
- 設定 /etc/bind/named.conf
options { directory "/var/bind"; pid-file "/var/run/named/named.pid"; listen-on { 127.0.0.1; 10.20.0.0/24; }; allow-query { localhost; 0.0.0.0/0; }; recursion yes; max-cache-size 218M; allow-recursion { 127.0.0.1/32; 10.0.0.0/8; }; forwarders { 1.1.1.1; }; };
- 驗證設定是否沒問題
named-checkconf
- 設定開機啟動與啟動 DNS 服務
rc-update add named rc-service named start
- 啟動時如果出現以下的異常訊息
: Jul 8 07:47:30 ct-dns daemon.info named[537]: none:100: 'max-cache-size 90%' - setting to 173990MB (out of 193322MB) Jul 8 07:47:33 ct-dns daemon.err /etc/init.d/named[535]: start-stop-daemon: failed to start `/usr/sbin/named' Jul 8 07:47:33 ct-dns daemon.err /etc/init.d/named[397]: ERROR: named failed to start
- 可以在 /etc/bind/named.conf 內強制設定 max-cache-size 來解決, Exp:
: max-cache-size 218M; :
增加查詢與運行的相關紀錄
- 設定 /etc/bind/named.conf
logging { channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes; }; category default { default_file; }; category general { general_file; }; category database { database_file; }; category security { security_file; }; category config { config_file; }; category resolver { resolver_file; }; category xfer-in { xfer-in_file; }; category xfer-out { xfer-out_file; }; category notify { notify_file; }; category client { client_file; }; category unmatched { unmatched_file; }; category queries { queries_file; }; category network { network_file; }; category update { update_file; }; category dispatch { dispatch_file; }; category dnssec { dnssec_file; }; category lame-servers { lame-servers_file; }; };
- 建立 named 的 log 路徑
mkdir /var/log/named chown -R named:named /var/log/named
- 重新啟動 named
rc-service named restart
- 在 /var/log/named 內就可以看到產生上面定義的 log 檔案, 主要的查詢紀錄會出現在 /var/log/named/queries.log 內