named.rfc6890.zones を作ってみる
こんばんは。野又です。
外向け・内向け両方に対応するネームサーバを立てる際に影響のある話ですが、いわゆるプライベートIPアドレスなど用途が限定されている特別なIPアドレスについては、逆引きの結果を返す必要が無い場合がほとんどです。インターネットの外の世界へグローバル参照しないよう、自分自身のネームサーバで空返事するように設定しておくべきです。
自分の別のエントリで named.rfc5735.zones というのを作っていましたが、その後CGN(キャリアグレードNAT)向けのIPアドレスが追加されましたので、あらためて named.rfc6890.zones として作成してみました。
さほど差分があるわけではありませんが、サブネットが中途半端なため行数は増えています。
(/var/named/chroot)/var/named/named.zero が無ければ作成する
$TTL 86400 @ IN SOA localhost. nobody.invalid. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS localhost.
(/var/named/chroot)/etc/named.rfc6890.zones を作成する
// named.rfc6890.zones // Special-Purpose IP Address Registries // [RFC 1112] Reserved for Future Use zone "240.in-addr.arpa" IN { type master; file "named.zero"; }; zone "241.in-addr.arpa" IN { type master; file "named.zero"; }; zone "242.in-addr.arpa" IN { type master; file "named.zero"; }; zone "243.in-addr.arpa" IN { type master; file "named.zero"; }; zone "244.in-addr.arpa" IN { type master; file "named.zero"; }; zone "245.in-addr.arpa" IN { type master; file "named.zero"; }; zone "246.in-addr.arpa" IN { type master; file "named.zero"; }; zone "247.in-addr.arpa" IN { type master; file "named.zero"; }; zone "248.in-addr.arpa" IN { type master; file "named.zero"; }; zone "249.in-addr.arpa" IN { type master; file "named.zero"; }; zone "250.in-addr.arpa" IN { type master; file "named.zero"; }; zone "251.in-addr.arpa" IN { type master; file "named.zero"; }; zone "252.in-addr.arpa" IN { type master; file "named.zero"; }; zone "253.in-addr.arpa" IN { type master; file "named.zero"; }; zone "254.in-addr.arpa" IN { type master; file "named.zero"; }; zone "255.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 1122] "This host on this network" zone "0.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 1122] Loopback zone "127.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 1918] Private-Use Networks zone "10.in-addr.arpa" IN { type master; file "named.zero"; }; zone "168.192.in-addr.arpa" IN { type master; file "named.zero"; }; zone "16.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "17.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "18.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "19.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "20.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "21.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "22.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "23.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "24.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "25.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "26.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "27.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "28.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "29.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "30.172.in-addr.arpa" IN { type master; file "named.zero"; }; zone "31.172.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 2544] Benchmarking zone "18.198.in-addr.arpa" IN { type master; file "named.zero"; }; zone "19.198.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 3068] 6to4 Relay Anycast zone "99.88.192.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 3171] Multicast addresses zone "224.in-addr.arpa" IN { type master; file "named.zero"; }; zone "225.in-addr.arpa" IN { type master; file "named.zero"; }; zone "226.in-addr.arpa" IN { type master; file "named.zero"; }; zone "227.in-addr.arpa" IN { type master; file "named.zero"; }; zone "228.in-addr.arpa" IN { type master; file "named.zero"; }; zone "229.in-addr.arpa" IN { type master; file "named.zero"; }; zone "230.in-addr.arpa" IN { type master; file "named.zero"; }; zone "231.in-addr.arpa" IN { type master; file "named.zero"; }; zone "232.in-addr.arpa" IN { type master; file "named.zero"; }; zone "233.in-addr.arpa" IN { type master; file "named.zero"; }; zone "234.in-addr.arpa" IN { type master; file "named.zero"; }; zone "235.in-addr.arpa" IN { type master; file "named.zero"; }; zone "236.in-addr.arpa" IN { type master; file "named.zero"; }; zone "237.in-addr.arpa" IN { type master; file "named.zero"; }; zone "238.in-addr.arpa" IN { type master; file "named.zero"; }; zone "239.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 3927] Link Local for APIPA zone "254.169.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 5736] IETF Protocol Assignments zone "0.0.192.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 5737] TEST-NET-1 zone "2.0.192.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 5737] TEST-NET-2 zone "100.51.198.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 5737] TEST-NET-3 zone "113.0.203.in-addr.arpa" IN { type master; file "named.zero"; }; // [RFC 6598] Shared Address Space (Carrier-Grade NAT) zone "64.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "65.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "66.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "67.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "68.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "69.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "70.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "71.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "72.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "73.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "74.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "75.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "76.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "77.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "78.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "79.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "80.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "81.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "82.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "83.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "84.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "85.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "86.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "87.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "88.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "89.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "90.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "91.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "92.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "93.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "94.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "95.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "96.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "97.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "98.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "99.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "100.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "101.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "102.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "103.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "104.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "105.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "106.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "107.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "108.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "109.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "110.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "111.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "112.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "113.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "114.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "115.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "116.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "117.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "118.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "119.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "120.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "121.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "122.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "123.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "124.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "125.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "126.100.in-addr.arpa" IN { type master; file "named.zero"; }; zone "127.100.in-addr.arpa" IN { type master; file "named.zero"; };
最後に named.conf に include すれば完了です。
include "named.rfc6890.zones";
注意すべき点
includeした結果BINDが起動しなくなるなどエラーが出る場合は、上記の逆引きゾーンのいずれかを既に定義済みにしている可能性があります。重複するネットワークアドレスに関しては named.rfc6890.zones 側でコメントアウトを行って下さい。
こんなエラーが出ていたらビンゴです。
/etc/named.hogehoge:lineno: zone ' ': already exists previous definition: /etc/named.hogehoge:
