====== 在 Alpine Linux 3 底下安裝 Bind 當 DNS ======
  * 採用 PVE 內提供的 alpine-3.14 (2.5MB) 建立 CT
  * 預計安裝與配置:
    * CPU:1vcore / RAM:512MB / Root Disk:8GB
    * 啟動主機的 IP 網段 10.20.0.0/24
    * 允許本機與 10.0.0.0/8 來源詢問任何 Domain Name
    * 上游 DNS : 1.1.1.1

===== 安裝與設定 BIND =====
  * 安裝 BIND <cli>
apk add bind
</cli>
  * 設定 /etc/bind/named.conf <cli>
options {
  directory "/var/bind";
  pid-file "/var/run/named/named.pid";
  listen-on { 127.0.0.1; 10.20.0.0/24; };
  allow-query { localhost; 0.0.0.0/0; };
  recursion yes;
  max-cache-size 218M;
  allow-recursion { 127.0.0.1/32; 10.0.0.0/8; };
  forwarders { 1.1.1.1; };
};
</cli>
  * 驗證設定是否沒問題 <cli>
named-checkconf
</cli>
  * 設定開機啟動與啟動 DNS 服務 <cli>
rc-update add named
rc-service named start
</cli>

<WRAP center round tip 60%>
  * 啟動時如果出現以下的異常訊息 <cli>
:
Jul  8 07:47:30 ct-dns daemon.info named[537]: none:100: 'max-cache-size 90%' - setting to 173990MB (out of 193322MB)              
Jul  8 07:47:33 ct-dns daemon.err /etc/init.d/named[535]: start-stop-daemon: failed to start `/usr/sbin/named'                     
Jul  8 07:47:33 ct-dns daemon.err /etc/init.d/named[397]: ERROR: named failed to start                              
</cli>
  * 可以在 /etc/bind/named.conf 內強制設定 max-cache-size 來解決, Exp: <cli>
:
  max-cache-size 218M;
:
</cli>
</WRAP>
===== 增加查詢與運行的相關紀錄 =====
  * 設定 /etc/bind/named.conf <cli>
logging {
    channel default_file {
        file "/var/log/named/default.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel general_file {
        file "/var/log/named/general.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel database_file {
        file "/var/log/named/database.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel security_file {
        file "/var/log/named/security.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel config_file {
        file "/var/log/named/config.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel resolver_file {
        file "/var/log/named/resolver.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-in_file {
        file "/var/log/named/xfer-in.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-out_file {
        file "/var/log/named/xfer-out.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel notify_file {
        file "/var/log/named/notify.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel client_file {
        file "/var/log/named/client.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel unmatched_file {
        file "/var/log/named/unmatched.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel queries_file {
        file "/var/log/named/queries.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel network_file {
        file "/var/log/named/network.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel update_file {
        file "/var/log/named/update.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dispatch_file {
        file "/var/log/named/dispatch.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dnssec_file {
        file "/var/log/named/dnssec.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel lame-servers_file {
        file "/var/log/named/lame-servers.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };

    category default { default_file; };
    category general { general_file; };
    category database { database_file; };
    category security { security_file; };
    category config { config_file; };
    category resolver { resolver_file; };
    category xfer-in { xfer-in_file; };
    category xfer-out { xfer-out_file; };
    category notify { notify_file; };
    category client { client_file; };
    category unmatched { unmatched_file; };
    category queries { queries_file; };
    category network { network_file; };
    category update { update_file; };
    category dispatch { dispatch_file; };
    category dnssec { dnssec_file; };
    category lame-servers { lame-servers_file; };
};
</cli>   
  * 建立 named 的 log 路徑<cli>
mkdir /var/log/named
chown -R named:named /var/log/named
</cli>
  * 重新啟動 named <cli>
rc-service named restart
</cli>
  * 在 /var/log/named 內就可以看到產生上面定義的 log 檔案, 主要的查詢紀錄會出現在 /var/log/named/queries.log 內

===== 參考網址 =====
  * https://www.hiroom2.com/2017/08/22/alpinelinux-3-6-bind-en/
  * https://www.linuxquestions.org/questions/linux-server-73/bind-dns-server-reports-wrong-memory-size-when-run-in-chroot-environment-4175616253/
  * https://stackoverflow.com/questions/11153958/how-to-enable-named-bind-dns-full-logging

{{tag>alpine bind named dns}}