廣告聯播

2013年3月3日 星期日

QNAP Install DNS Server with BIND ipkg & Auto Run DNS Service

From: Polin Wei

買了一台 QNAP TS-119P II ,內鍵沒有 DNS Server 服務,但它提供自行安裝 IPKG 的服務,下面就 Step by Step 來作 DNS Server 安裝設定:

Step 1:安裝  Optware IPKG 套件
登入 QNAP WEB 管理介面,一般來說是 http://qnap ip address:8080,在 首頁 >> 應用服務 >> QPKG Center 的可安裝頁面,選擇 Optware IPKG 安裝

Step 2: 安裝 bind 套件
登入 Optware 的管理介面,一般來說是 http://qnap ip address/Optware

Sync packages no yes
Type: NONE
Filter

尋找 bind 套件,並按下 install 安裝

Install bind

Installing bind (9.6.1.3-4) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/unstable/bind_9.6.1.3-4_arm.ipk
Installing openssl (0.9.8v-2) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/unstable/openssl_0.9.8v-2_arm.ipk
Installing psmisc (22.17-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/unstable/psmisc_22.17-1_arm.ipk
Configuring bind
Running post-install
You must now create your named.conf file
When it is installed in /opt/etc/named/named.conf, execute
              /opt/etc/init.d/S09named start
to start service
You will probably also want to create rndc.conf by running
rndc-confgen.  Of course, you may want to set your name server
in the GUI to 127.0.0.1 or your local ip-address
Configuring openssl
Configuring psmisc
update-alternatives: Linking //opt/bin/killall to /opt/bin/psmisc-killall
update-alternatives: Linking //opt/bin/pidof to /opt/bin/psmisc-killall
Successfully terminated.
Step 3:Enable SSH Connection 設定 SSH 連結
將 首頁 >> 網路服務 >> Telnet / SSH 的功能啟動,SSH 的連線工具PuTTY可以從 http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html 網址下載

Step 4:建立 rndc.key 檔案
PuTTY連入 QANP 主機,並進入目錄 /opt/etc/named ,若此目錄不存在,則建立此目錄

mkdir /opt/etc/named
並在此目錄建立 rndc.key
[/opt/etc/named] # /opt/sbin/rndc-confgen -a
wrote key file "/opt/etc/named/rndc.key"


 
Step 5:CONFIGURING BIND 下列的步驟開始設定 Bind 的 Named 組態

建立必要的系統檔:
  • named.conf
每個 DNS Zone 的檔案:
  • db.localhost
  • db.localhost.rev
  • db.leedomain.com
  • db.192.168.2.rev
named.conf
# Goes in /opt/etc/named/named.conf

acl "home" { 192.168.2.0/24; 127.0.0.1; };

options {
        directory "/opt/etc/named";
        allow-query { "home"; };
        allow-recursion { 192.168.2.0/24; 127.0.0.1; };
        forwarders { 192.168.2.3;8.8.8.8; };
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

// log to /var/log/named/example.log all events from info UP in severity (no debug)
// defaults to use 3 files in rotation
// BIND 8.x logging MUST COME FIRST in this file
// BIND 9.x parses the whole file before using the log
// failure messages up to this point are in (syslog) /var/log/messages
//
//logging {
//  channel weidns_log {
//   file "/var/log/weidns.log" versions 3 size 2m;
//   severity info;
//   print-severity yes;
//   print-time yes;
//   print-category yes;
//};
//category default {
//  weidns_log;
//};
//};

// Add local zone definitions here.
zone "localhost" {
        type master;
        file "db.localhost";
        allow-update { none; };
        notify no;
};


zone "0.0.127.in-addr.arpa" {
        type master;
        file "db.localhost.rev";
        allow-update { none; };
        notify no;
};

zone "weidns.com" {
        type master;
        file "db.weidns.com";
        allow-update { key "rndc-key"; };
        notify yes;
};

zone "2.168.192.in-addr.arpa" {
        type master;
        file "db.192.168.2.rev";
        allow-update { key "rndc-key"; };
        notify yes;
};

zone "." {
        type hint;
        file "root.servers";
};

include "/opt/etc/named/rndc.key";

db.localhost
;Goes in /opt/etc/named/db.localhost
$TTL    86400 ; 24 hours could have been written as 24h
$ORIGIN localhost.
; line below = localhost 1D IN SOA localhost root.localhost
@  1D  IN        SOA @  root (
                              2013030301 ; serial
                              3H ; refresh
                              15 ; retry
                              1w ; expire
                              3h ; minimum
                             )
@  1D  IN  NS @
   1D  IN  A  127.0.0.1


db.localhost.rev
;Goes in /opt/etc/named/db.localhost.rev
$TTL    86400 ;
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@       IN      SOA     localhost. root.localhost.  (
                        2013030301 ; Serial
                        3h      ; Refresh
                        15      ; Retry
                        1w      ; Expire
                        3h )    ; Minimum
        IN      NS      localhost.
1       IN      PTR     localhost.

db.weidns.com
; weidns.com
;Goes in /opt/etc/named/db.weidns.com
$TTL    604800
@       IN      SOA     ns1.weidns.com.      root.weidns.com.     (
                2013030301 ; Serial
                    604800 ; Refresh
                     86400 ; Retry
                   2419200 ; Expire
                   604800) ; Negative Cache TTL
;
@       IN      NS      ns1
        IN      MX      10 mail
        IN      A       192.168.2.3
ns1     IN      A       192.168.2.3
mail    IN      A       192.168.2.3

db.192.168.2.rev
;Goes in /opt/etc/named/db.192.168.2.rev
$TTL    86400   ; 1 day
$ORIGIN 2.168.192.in-addr.arpa.
@       1D      IN      SOA  ns1.weidns.com. root.weidns.com.     (
                2006080801 ; Serial
                    604800 ; Refresh
                     86400 ; Retry
                   2419200 ; Expire
                   604800) ; Negative Cache TTL
;
; Name servers
3               IN NS   ns1.weidns.com.
;
; Fixed host mappings allegedly inserted by DDNS

root.servers


Step 6:啟動 DNS

/opt/etc/init.d/S09named start
/opt/etc/init.d/S09named restart
/opt/etc/init.d/S09named status 
Step 7: 驗證 DNS

可以使用 dig 的指令來利用此 DNS 服務,來反查是否正常運作
dig @ polinwei.blogspot.com
可以使用  named -g 來偵錯

讓 DNS 在開機時自動執行

DNS 既然要提供服務,自然希望QNAP開機時可以自動執行。這裡您會發現QNAP系統跟其它主流Linux發行版本其中一個很不一樣的地方:它沒有完整支援upstart或者init.d來啟動服務。根據QNAPedia的這篇文章,節錄相關步驟:

查看 /etc/config/qpkg.conf 這個檔案:


# cat /etc/config/qpkg.conf
宣告一個autorun套件來利用ipkg自動啟動機制:

[autorun]
Name = autorun
Version = 0.1
Author = PolinWei
Date = 2013-06-08
Shell = /share/MD0_DATA/.qpkg/autorun/autorun.sh
Install_Path = /share/MD0_DATA/.qpkg/autorun
Enable = TRUE

其中, ‘Shell’就是要被自動執行的shell腳本。每次QNAP啟動時,那個腳本就會被執行,所以,我們可以將要自動被執行的程式碼寫在那個檔案內。請按照下列步驟建立autorun.sh檔案:

# mkdir -p /share/MD0_DATA/.qpkg/autorun
# touch /share/MD0_DATA/.qpkg/autorun/autorun.sh
# chmod +x /share/MD0_DATA/.qpkg/autorun/autorun.sh

編輯 autorun.sh ,它的內容會隨後續設定而修改,一個基本可以執行 DNS 的腳本

# vi /share/MD0_DATA/.qpkg/autorun/autorun.sh

內容如下:

#!/bin/sh
# starts the DNS server
/opt/etc/init.d/S09named start


參考:
http://www.nslu2-linux.org/wiki/HowTo/BuildPrimaryDNSServer
http://crippaandrea.it/blog/2012/05/13/installing-bind-on-qnap
http://blog.eavatar.com/post/2013/11/setup-home-vpn-server-with-softether-qnap-nas/

沒有留言:

張貼留言