在 Alpine Linux 3 底下安裝 Bind 當 DNS

  • 採用 PVE 內提供的 alpine-3.14 (2.5MB) 建立 CT
  • 預計安裝與配置:
    • CPU:1vcore / RAM:512MB / Root Disk:8GB
    • 啟動主機的 IP 網段 10.20.0.0/24
    • 允許本機與 10.0.0.0/8 來源詢問任何 Domain Name
    • 上游 DNS : 1.1.1.1
  • 安裝 BIND

    apk add bind

  • 設定 /etc/bind/named.conf

    options {
      directory "/var/bind";
      pid-file "/var/run/named/named.pid";
      listen-on { 127.0.0.1; 10.20.0.0/24; };
      allow-query { localhost; 0.0.0.0/0; };
      recursion yes;
      max-cache-size 218M;
      allow-recursion { 127.0.0.1/32; 10.0.0.0/8; };
      forwarders { 1.1.1.1; };
    };

  • 驗證設定是否沒問題

    named-checkconf

  • 設定開機啟動與啟動 DNS 服務

    rc-update add named
    rc-service named start

  • 啟動時如果出現以下的異常訊息

    :
    Jul  8 07:47:30 ct-dns daemon.info named[537]: none:100: 'max-cache-size 90%' - setting to 173990MB (out of 193322MB)              
    Jul  8 07:47:33 ct-dns daemon.err /etc/init.d/named[535]: start-stop-daemon: failed to start `/usr/sbin/named'                     
    Jul  8 07:47:33 ct-dns daemon.err /etc/init.d/named[397]: ERROR: named failed to start                              

  • 可以在 /etc/bind/named.conf 內強制設定 max-cache-size 來解決, Exp:

    :
      max-cache-size 218M;
    :

  • 設定 /etc/bind/named.conf

    logging {
        channel default_file {
            file "/var/log/named/default.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel general_file {
            file "/var/log/named/general.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel database_file {
            file "/var/log/named/database.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel security_file {
            file "/var/log/named/security.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel config_file {
            file "/var/log/named/config.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel resolver_file {
            file "/var/log/named/resolver.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel xfer-in_file {
            file "/var/log/named/xfer-in.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel xfer-out_file {
            file "/var/log/named/xfer-out.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel notify_file {
            file "/var/log/named/notify.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel client_file {
            file "/var/log/named/client.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel unmatched_file {
            file "/var/log/named/unmatched.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel queries_file {
            file "/var/log/named/queries.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel network_file {
            file "/var/log/named/network.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel update_file {
            file "/var/log/named/update.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel dispatch_file {
            file "/var/log/named/dispatch.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel dnssec_file {
            file "/var/log/named/dnssec.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
        channel lame-servers_file {
            file "/var/log/named/lame-servers.log" versions 3 size 5m;
            severity dynamic;
            print-time yes;
        };
    
        category default { default_file; };
        category general { general_file; };
        category database { database_file; };
        category security { security_file; };
        category config { config_file; };
        category resolver { resolver_file; };
        category xfer-in { xfer-in_file; };
        category xfer-out { xfer-out_file; };
        category notify { notify_file; };
        category client { client_file; };
        category unmatched { unmatched_file; };
        category queries { queries_file; };
        category network { network_file; };
        category update { update_file; };
        category dispatch { dispatch_file; };
        category dnssec { dnssec_file; };
        category lame-servers { lame-servers_file; };
    };

  • 建立 named 的 log 路徑

    mkdir /var/log/named
    chown -R named:named /var/log/named

  • 重新啟動 named

    rc-service named restart

  • 在 /var/log/named 內就可以看到產生上面定義的 log 檔案, 主要的查詢紀錄會出現在 /var/log/named/queries.log 內
  • tech/alpine_bind.txt
  • 上一次變更: 2022/01/30 16:50
  • jonathan