Administration de Bind9
Lancer, arrêter ou redémarrer Bind9
Bind9 comme tout Daemon (ou service) sous Debian, il suffit d'utiliser le script que met Bind9 dans /etc/init.d :
pour le lancer :
#/etc/init.d/bind9startpour l'arrêter :
# /etc/init.d/bind9 stoppour le relancer :
# /etc/init.d/bind9 restartpour recharger sa configuration sans le relancer :
# /etc/init.d/bind9 reloadpour vérifier s'il est lancé ou non :
# /etc/init.d/bind9 status
Quelques Outils
Il existe quelques outils pour tester Bind9.
Vous pouvez tester la configuration de Bind9 avant de l'appliquer :
# named-checkconfig
Vous pouvez tester la validité et la version d'une zone :
# named-checkzone <zone> <nom_de_fichier>
Avec zone, votre zone DNS, et nom_de_fichier le nom de fichier définissant la zone.
Exemple :
# named-checkzone entreprise.fr /etc/bind/db.entreprise.fr
# named-checkzone 168.192.in-addr.arpa /etc/bind/db.168.192
La commande nslookup peut aussi vous permettre de faire des requêtes sur votre DNS ou un autres pour le tester. Repoertez vous au manuel de nslookup pour plus d'information.
# nslookup www.google.fr
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.google.fr canonical name = www.google.com.
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 209.85.227.147
Name: www.l.google.com
Address: 209.85.227.99
Name: www.l.google.com
Address: 209.85.227.103
Name: www.l.google.com
Address: 209.85.227.104
Name: www.l.google.com
Address: 209.85.227.105
Name: www.l.google.com
Address: 209.85.227.106
# nslookup 209.85.227.147
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
147.227.85.209.in-addr.arpa name = wy-in-f147.1e100.net.
Authoritative answers can be found from:
. nameserver = f.root-servers.net.
. nameserver = b.root-servers.net.
. nameserver = a.root-servers.net.
. nameserver = g.root-servers.net.
. nameserver = d.root-servers.net.
. nameserver = l.root-servers.net.
. nameserver = c.root-servers.net.
. nameserver = h.root-servers.net.
. nameserver = i.root-servers.net.
. nameserver = e.root-servers.net.
. nameserver = k.root-servers.net.
. nameserver = m.root-servers.net.
. nameserver = j.root-servers.net.
a.root-servers.net internet address = 198.41.0.4
a.root-servers.net has AAAA address 2001:503:ba3e::2:30
b.root-servers.net internet address = 192.228.79.201
c.root-servers.net internet address = 192.33.4.12
d.root-servers.net internet address = 128.8.10.90
e.root-servers.net internet address = 192.203.230.10
f.root-servers.net internet address = 192.5.5.241
f.root-servers.net has AAAA address 2001:500:2f::f
g.root-servers.net internet address = 192.112.36.4
h.root-servers.net internet address = 128.63.2.53
h.root-servers.net has AAAA address 2001:500:1::803f:235
Il y a aussi la commande dig qui permet d'avoir des informations beaucoup plus détaillé et d'afficher par exemple les table DNS. Reportez vous à la documentation détaillé de dig pour plus d'informations.
# dig www.google.fr
; <<>> DiG 9.6-ESV-R3 <<>> www.google.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9048
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 13, ADDITIONAL: 9
;; QUESTION SECTION:
;www.google.fr. IN A
;; ANSWER SECTION:
www.google.fr. 90355 IN CNAME www.google.com.
www.google.com. 490264 IN CNAME www.l.google.com.
www.l.google.com. 336 IN A 209.85.229.104
www.l.google.com. 336 IN A 209.85.229.147
www.l.google.com. 336 IN A 209.85.229.99
;; AUTHORITY SECTION:
. 476711 IN NS f.root-servers.net.
. 476711 IN NS h.root-servers.net.
. 476711 IN NS l.root-servers.net.
. 476711 IN NS m.root-servers.net.
. 476711 IN NS i.root-servers.net.
. 476711 IN NS d.root-servers.net.
. 476711 IN NS c.root-servers.net.
. 476711 IN NS k.root-servers.net.
. 476711 IN NS a.root-servers.net.
. 476711 IN NS g.root-servers.net.
. 476711 IN NS j.root-servers.net.
. 476711 IN NS b.root-servers.net.
. 476711 IN NS e.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 604330 IN A 198.41.0.4
a.root-servers.net. 604330 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 604330 IN A 192.228.79.201
c.root-servers.net. 604330 IN A 192.33.4.12
d.root-servers.net. 604330 IN A 128.8.10.90
e.root-servers.net. 604330 IN A 192.203.230.10
f.root-servers.net. 604330 IN A 192.5.5.241
f.root-servers.net. 604330 IN AAAA 2001:500:2f::f
g.root-servers.net. 604330 IN A 192.112.36.4
;; Query time: 28 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Mar 05 12:56:40 2011
;; MSG SIZE rcvd: 506
Les Logs de Bind9
Bind9 indiques le résultat de son activité dans /var/log/syslog :
Mar 05 12:09:28 ns1 named[2259]: starting BIND 9.6-ESV-R3 -u bind
Mar 05 12:09:28 ns1 named[2259]: built with '--prefix=/usr' '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var/run/bind' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--enable-ipv6' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -DNS_RUN_PID_DIR=0 -O2' 'LDFLAGS=' 'CPPFLAGS='
Mar 05 12:09:28 ns1 named[2259]: adjusted limit on open files from 1024 to 1048576
Mar 05 12:09:28 ns1 named[2259]: found 1 CPU, using 1 worker thread
Mar 05 12:09:28 ns1 named[2259]: using up to 4096 sockets
Mar 05 12:09:28 ns1 named[2259]: loading configuration from '/etc/bind/named.conf'
Mar 05 12:09:28 ns1 named[2259]: using default UDP/IPv4 port range: [1024, 65535]
Mar 05 12:09:28 ns1 named[2259]: using default UDP/IPv6 port range: [1024, 65535]
Mar 05 12:09:28 ns1 named[2259]: listening on IPv6 interfaces, port 53
Mar 05 12:09:28 ns1 named[2259]: listening on IPv4 interface lo, 127.0.0.1#53
Mar 05 12:09:28 ns1 named[2259]: listening on IPv4 interface eth0, 192.168.0.1#53
Mar 05 12:09:28 ns1 named[2259]: automatic empty zone: 254.169.IN-ADDR.ARPA
Mar 05 12:09:28 ns1 named[2259]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Mar 05 12:09:28 ns1 named[2259]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Mar 05 12:09:28 ns1 named[2259]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 05 12:09:28 ns1 named[2259]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 05 12:09:28 ns1 named[2259]: automatic empty zone: D.F.IP6.ARPA
Mar 05 12:09:28 ns1 named[2259]: automatic empty zone: 8.E.F.IP6.ARPA
Mar 05 12:09:28 ns1 named[2259]: automatic empty zone: 9.E.F.IP6.ARPA
Mar 05 12:09:28 ns1 named[2259]: automatic empty zone: A.E.F.IP6.ARPA
Mar 05 12:09:28 ns1 named[2259]: automatic empty zone: B.E.F.IP6.ARPA
Mar 05 12:09:28 ns1 named[2259]: command channel listening on 127.0.0.1#953
Mar 05 12:09:28 ns1 named[2259]: command channel listening on ::1#953
Mar 05 12:09:28 ns1 named[2259]: zone 0.in-addr.arpa/IN: loaded serial 1
Mar 05 12:09:28 ns1 named[2259]: zone 127.in-addr.arpa/IN: loaded serial 1
Mar 05 12:09:28 ns1 named[2259]: zone 168.192.in-addr.arpa/IN: NS 'ns1.entreprise.fr.168.192.in-addr.arpa' has no address records (A or AAAA)
Mar 05 12:09:28 ns1 named[2259]: zone 168.192.in-addr.arpa/IN: loaded serial 2011030541
Mar 05 12:09:28 ns1 named[2259]: zone 255.in-addr.arpa/IN: loaded serial 1
Mar 05 12:09:28 ns1 named[2259]: zone entreprise.fr/IN: loaded serial 2011030543
Mar 05 12:09:28 ns1 named[2259]: zone localhost/IN: loaded serial 2
Mar 05 12:09:28 ns1 named[2259]: zone 168.192.in-addr.arpa/IN: sending notifies (serial 2011030541)
Mar 05 12:09:28 ns1 named[2259]: running
