named.rfc5735.zones を作ってみる
外向け・内向け両方に対応するネームサーバを立てる際に影響のある話ですが、いわゆるプライベートIPアドレスなど用途が限定されている特別なIPアドレスについては、逆引きの結果を返す必要が無い場合がほとんどです。インターネットの外の世界へグローバル参照しないよう、自分自身のネームサーバで空返事するように設定しておくべきです。
この特別なIPアドレスは RFC 1918 および RFC 3330 で定義されておりましたが、2010年に RFC 5735 が出ていることを知りました。
そこで、さほど差分があるわけではありませんが、いくつかのネットワークが追加されておりましたので、 named.rfc5735.zones と名づけたファイルを作成することにしました。
(/var/named/chroot)/var/named/named.zero が無ければ作成する
$TTL 86400 @ IN SOA localhost. nobody.invalid. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS localhost.
(/var/named/chroot)/etc/named.rfc5735.zones を作成する
// named.rfc5735.zones // Special Use IPv4 Addresses // [RFC 1918] Private-Use Networks zone "10.in-addr.arpa" IN { type master; file "named.zero"; }; zone "168.192.in-addr.arpa" IN { type master; file "named.zero"; }; zone "16.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "17.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "18.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "19.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "20.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "21.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "22.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "23.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "24.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "25.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "26.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "27.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "28.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "29.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "30.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "31.172.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 1122] Loopback zone "127.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 3927] Link Local zone "254.169.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 5736] IETF Protocol Assignments zone "0.0.192.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 5737] TEST-NET-1 zone "2.0.192.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 5737] TEST-NET-2 zone "100.51.198.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 5737] TEST-NET-3 zone "113.0.203.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 3068] 6to4 Relay Anycast zone "99.88.192.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 2544] Network Interconnect Device Benchmark Testing zone "18.198.in-addr.arpa" IN { type master; file "named.zero"; }; zone "19.198.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 3171] Multicast addresses zone "224.in-addr.arpa" IN { type master; file "named.zero"; }; zone "225.in-addr.arpa" IN { type master; file "named.zero"; }; zone "226.in-addr.arpa" IN { type master; file "named.zero"; }; zone "227.in-addr.arpa" IN { type master; file "named.zero"; }; zone "228.in-addr.arpa" IN { type master; file "named.zero"; }; zone "229.in-addr.arpa" IN { type master; file "named.zero"; }; zone "230.in-addr.arpa" IN { type master; file "named.zero"; }; zone "231.in-addr.arpa" IN { type master; file "named.zero"; }; zone "232.in-addr.arpa" IN { type master; file "named.zero"; }; zone "233.in-addr.arpa" IN { type master; file "named.zero"; }; zone "234.in-addr.arpa" IN { type master; file "named.zero"; }; zone "235.in-addr.arpa" IN { type master; file "named.zero"; }; zone "236.in-addr.arpa" IN { type master; file "named.zero"; }; zone "237.in-addr.arpa" IN { type master; file "named.zero"; }; zone "238.in-addr.arpa" IN { type master; file "named.zero"; }; zone "239.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 1112] Reserved for Future Use zone "240.in-addr.arpa" IN { type master; file "named.zero"; }; zone "241.in-addr.arpa" IN { type master; file "named.zero"; }; zone "242.in-addr.arpa" IN { type master; file "named.zero"; }; zone "243.in-addr.arpa" IN { type master; file "named.zero"; }; zone "244.in-addr.arpa" IN { type master; file "named.zero"; }; zone "245.in-addr.arpa" IN { type master; file "named.zero"; }; zone "246.in-addr.arpa" IN { type master; file "named.zero"; }; zone "247.in-addr.arpa" IN { type master; file "named.zero"; }; zone "248.in-addr.arpa" IN { type master; file "named.zero"; }; zone "249.in-addr.arpa" IN { type master; file "named.zero"; }; zone "250.in-addr.arpa" IN { type master; file "named.zero"; }; zone "251.in-addr.arpa" IN { type master; file "named.zero"; }; zone "252.in-addr.arpa" IN { type master; file "named.zero"; }; zone "253.in-addr.arpa" IN { type master; file "named.zero"; }; zone "254.in-addr.arpa" IN { type master; file "named.zero"; }; zone "255.in-addr.arpa" IN { type master; file "named.zero"; };
最後に named.conf に include すれば完了です。
include "named.rfc5735.zones";
注意すべき点
includeした結果BINDが起動しなくなるなどエラーが出る場合は、上記の逆引きゾーンのいずれかを既に定義済みにしている可能性があります。起動時のエラーメッセージを見て確認をして下さい。ほぼプライベートIPアドレスの定義だと思われますが、完全一致のほかの設定が見つかった場合は該当のゾーンを named.rfc5735.zones 側でコメントアウトを行って下さい。
こんなエラーが出ていたらビンゴです。
/etc/named.hogehoge:lineno: zone ' ': already exists previous definition: /etc/named.hogehoge:
