{"id":36,"date":"2019-05-13T22:44:20","date_gmt":"2019-05-13T20:44:20","guid":{"rendered":"https:\/\/aietea.fr\/?p=36"},"modified":"2019-05-13T22:44:20","modified_gmt":"2019-05-13T20:44:20","slug":"parametrage-de-bind","status":"publish","type":"post","link":"https:\/\/aietea.fr\/index.php\/2019\/05\/13\/parametrage-de-bind\/","title":{"rendered":"PARAM\u00c9TRAGE DE BIND"},"content":{"rendered":"\n<p>Dans cet article nous allons param\u00e9trer un nouveau serveur bas\u00e9 sur <strong>Ubuntu Server 18.04<\/strong> de telle sorte qu\u2019il fasse office de <strong>serveur DNS<\/strong>.<br><\/p>\n\n\n\n<p>Puis dans un second temps nous param\u00e9trerons ce serveur en routeur afin que les postes du r\u00e9seau local acc\u00e8dent \u00e0 Internet.<br><\/p>\n\n\n\n<p>Pour la premi\u00e8re partie je me suis aid\u00e9 d\u2019un article du site web Digital Ocean relatif \u00e0 l\u2019installation d\u2019un serveur DNS sur Ubuntu 18.04 :<br><\/p>\n\n\n\n<p>https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-18-04<br><\/p>\n\n\n\n<p>Tout d\u2019abord vous trouverez ci-dessous le sch\u00e9ma du r\u00e9seau qui servira de mod\u00e8le :<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/71L__vG116axwF3gjDUVBCJym3FpbE3gIYYMwyOtVb-l2YRACJYrDXQX4WnjofB4qz_-xICvCB5WvOh4nODSXY4YUz8nHfzNOYpYbG2raRQzcN2e9clZM053IA6kphPQuD1tAeeq\" alt=\"Sch\u00e9ma r\u00e9seau AieTea\" \/><figcaption>Sch\u00e9ma du r\u00e9seau AieTea<\/figcaption><\/figure>\n\n\n\n<p>Puis voici un sch\u00e9ma des fichiers que nous utiliserons :<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/SXICYKUcDM4x8ajdGedIQOhr3s3Z0kDxa-XSwS6BDm6UNy85R7lUnGD0Y0mte3O7F3syDn-sN-LjkVxfhU98G6L-tdF7cO3NC1yiuyOrCJlrSK1dv1KklZOtcVuaYBXujM9MXNSk\" alt=\"Fichiers configuration Bind\" \/><figcaption>Fichiers de configuration Bind<\/figcaption><\/figure>\n\n\n\n<p><u>1 \u2013<\/u><br><\/p>\n\n\n\n<p>Pour r\u00e9aliser cela j\u2019ai utilis\u00e9 VirtualBox afin d\u2019installer deux machines virtuelles :<br><\/p>\n\n\n\n<p><strong>srvlan<\/strong> (Ubuntu Server 18.04)<br><\/p>\n\n\n\n<p><strong>client<\/strong> (Lubuntu 18.04)<br><\/p>\n\n\n\n<p>Toujours dans Virtualbox, srvlan aura <strong>deux interfaces r\u00e9seaux<\/strong> :<br><\/p>\n\n\n\n<p>la premi\u00e8re en <strong>Internal Network<\/strong>, la seconde en <strong>Bridged Adapter<\/strong> :<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/gwz86bvhg4TafH0fv47Xb0g_xnjGhfEq7BIGgWUL37tovEgaTwJvOxabLCVFNnBye433e6X3-sfXKIplmbZhHn_EPEDHK_2Ah_6blirFfM25v1ynvsUncsZaCfoGdQeR1dno5Hqr\" alt=\"Configuration r\u00e9seau 1 VirtualBox\" \/><figcaption>Configuration r\u00e9seau 1 de VirtualBox<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"444\" height=\"237\" src=\"https:\/\/aietea.fr\/wp-content\/uploads\/2019\/05\/image-8.png\" alt=\"Configuration r\u00e9seau 2 VirtualBox\" class=\"wp-image-37\" srcset=\"https:\/\/aietea.fr\/wp-content\/uploads\/2019\/05\/image-8.png 444w, https:\/\/aietea.fr\/wp-content\/uploads\/2019\/05\/image-8-300x160.png 300w\" sizes=\"auto, (max-width: 444px) 100vw, 444px\" \/><figcaption>Configuration r\u00e9seau 2 de VirtualBox<\/figcaption><\/figure>\n\n\n\n<p>Le poste client aura quant \u00e0 lui une seule interface r\u00e9seau <strong>Internal Network<\/strong>.<br><\/p>\n\n\n\n<p>L\u2019installation du serveur ne pr\u00e9sente aucun pi\u00e8ge. Voici les quelques points de vigilance ci-dessous :<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/ovqYacPaNn9mCPA30rBXm7yQ_By1tP2EaUkq8CyBw2Da0Y5Y3pPK-6Ifpgxli1EFbtgdawyzlF2FwMPVOcQnSPMjTyjKWoyWAWoq5AsPT2uPrxbasbs_qbnIG8_miIaItdz7gdkk\" alt=\"Interfaces r\u00e9seaux Srvlan\" \/><figcaption>Interfaces r\u00e9seaux Srvlan<\/figcaption><\/figure>\n\n\n\n<p>Penser \u00e0 param\u00e9trer l\u2019adressage IP statique (ci-dessus enp0s3).<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/FoQXJt7G4YRWTP46ubauo8Bt4g8-FDUs3kk3TC5SmHxAae9DMaHozlbjno6MonPQwBdf-8VFOmf4x8d49BT1hzFKwmD3Q1kr-BIverFSN_rUWZMTCL4NMkEyk5nPyxoQHBDWoEae\" alt=\"Adressage IP Srvlan\" \/><figcaption>Adressage IP Srvlan<\/figcaption><\/figure>\n\n\n\n<p>Param\u00e9trer correctement ci-dessus l\u2019adressage IP du serveur.<br><\/p>\n\n\n\n<p><u>2 \u2013<\/u><br><\/p>\n\n\n\n<p>Voici maintenant comment <strong>configurer le serveur DNS<\/strong> sur <strong>srvlan<\/strong> :<br><\/p>\n\n\n\n<p>Tout d\u2019abord faire un <strong>apt-get update<\/strong><br><\/p>\n\n\n\n<p>Puis installer Bind (serveur DNS) :<br><strong>apt-get install bind9 bind9utils bind9-doc<\/strong><br><\/p>\n\n\n\n<p>Param\u00e9trer Bind en IPv4 :<br> Dans le fichier \/<strong>etc\/default\/bind9<\/strong> ajouter <strong>-4<\/strong> \u00e0 la ligne suivante :<br> <strong>OPTIONS=\u201d-u bind -4\u201d<\/strong><br><\/p>\n\n\n\n<p>Red\u00e9marrer Bind :<br> <strong>systemctl restart bind9<\/strong><br><\/p>\n\n\n\n<p>Configurer maintenant le fichier <strong>\/etc\/bind\/named.conf.options<\/strong> :<\/p>\n\n\n<p>acl \u201ctrusted\u201d {<br \/>\u00a0 \u00a0 \u00a0192.168.10.1;<br \/>\u00a0 \u00a0 \u00a0192.168.10.11;<br \/>};<br \/>options {<br \/>\u00a0 \u00a0 \u00a0directory \u201c\/var\/cache\/bind\u201d;<br \/>\u00a0 \u00a0 \u00a0recursion yes;<br \/>\u00a0 \u00a0 \u00a0allow-recursion { trusted; };<br \/>\u00a0 \u00a0 \u00a0listen-on { 192.168.10.1; };<br \/>\u00a0 \u00a0 \u00a0allow-transfer {none; };<br \/>\u00a0 \u00a0 \u00a0forwarders {<br \/>\u00a0 \u00a0 \u00a08.8.8.8;<br \/>\u00a0 \u00a0 \u00a08.8.4.4;<br \/>\u00a0 \u00a0 \u00a0};<br \/>\u00a0 \u00a0 \u00a0dnssec-validation auto;<br \/>\u00a0 \u00a0 \u00a0auth-nxdomain no;<br \/>\u00a0 \u00a0 \u00a0listen-on-v6 { any; };<br \/>};<\/p>\n\n\n<p>Editer maintenant le fichier <strong>\/etc\/bind\/named.conf.local <\/strong>:<\/p>\n\n\n<p>zone \u201caietea.local\u201d {<br \/>\u00a0 \u00a0 \u00a0type master;<br \/>\u00a0 \u00a0 \u00a0file \u201c\/etc\/bind\/zones\/db.aietea.local\u201d;<br \/>};<br \/>zone \u201c10.168.192.in-addr.arpa\u201d {<br \/>\u00a0 \u00a0 \u00a0type master;<br \/>\u00a0 \u00a0 \u00a0file \u201c\/etc\/bind\/zones\/db.192.168.10\u201d;<br \/>};<\/p>\n\n\n<p>Cr\u00e9er maintenant le r\u00e9pertoire <strong>\/etc\/bind\/zones<\/strong> et cr\u00e9er le fichier <strong>\/etc\/bind\/zones\/db.aietea.local<\/strong> dont voici le contenu :<\/p>\n\n\n<p>$TTL 604800<br \/>@ IN SOA srvlan.aietea.local. admin.aietea.local. (<br \/>\u00a0 \u00a0 \u00a03 ; Serial<br \/>\u00a0 \u00a0 \u00a0604800 ; Refresh<br \/>\u00a0 \u00a0 \u00a086400 ; Retry<br \/>\u00a0 \u00a0 \u00a02419200 ; Expire<br \/>\u00a0 \u00a0 \u00a0604800 ) ; Negative Cache TTL<br \/>;<br \/>; name servers \u2013 NS records<br \/>\u00a0 \u00a0 \u00a0IN NS srvlan.aietea.local.<br \/>; name servers \u2013 A records<br \/>srvlan.aietea.local. IN A 192.168.10.1<br \/>; 192.168.10.0\/24 \u2013 A records<br \/>client.aietea.local. IN A 192.168.10.11<\/p>\n\n\n<p>Editer maintenant le nouveau fichier <strong>\/etc\/bind\/zones\/db.192.168.10<\/strong> :<\/p>\n\n\n<p>$TTL 604800<br \/>@ IN SOA srvlan.aietea.local. admin.aietea.local. (<br \/>\u00a0 \u00a0 \u00a03 ; Serial<br \/>\u00a0 \u00a0 \u00a0604800 ; Refresh<br \/>\u00a0 \u00a0 \u00a086400 ; Retry<br \/>\u00a0 \u00a0 \u00a02419200 ; Expire<br \/>\u00a0 \u00a0 \u00a0604800 ) ; Negative Cache TTL<br \/>;<br \/>; name servers<br \/>\u00a0 \u00a0 \u00a0IN NS srvlan.aietea.local.<br \/>; PTR Records<br \/>1 IN PTR srvlan.aietea.local. ; 192.168.10.1<br \/>11 IN PTR client.aietea.local. ; 192.168.10.11<\/p>\n\n\n<p>\u2013 Lancer maintenant les commandes suivantes pour v\u00e9rifier la bonne syntaxe ainsi que la bonne configuration :<br><\/p>\n\n\n\n<p><strong>named-checkconf<\/strong><br><\/p>\n\n\n\n<p>v\u00e9rifie la syntaxe des fichiers <strong>named.conf.*<\/strong><br><\/p>\n\n\n\n<p>\u2013 Pour v\u00e9rifier si la configuration du domaine d\u00e9finie dans le fichier <strong>\/etc\/bind\/zones\/db.aietea.local<\/strong> est correcte taper :<br><\/p>\n\n\n\n<p><strong>named-checkzone aietea.local \/etc\/bind\/zones\/db.aietea.local<\/strong><br><\/p>\n\n\n\n<p>\u2013 De m\u00eame pour v\u00e9rifier la configuration de zone inverse :<br><\/p>\n\n\n\n<p><strong>named-checkzone 10.168.192.in-addr.arpa \/etc\/bind\/zones\/db.192.168.10<\/strong><br><\/p>\n\n\n\n<p>\u2013 Pour finir sur le serveur red\u00e9marrer Bind :<br><strong> systemctl restart bind9<\/strong><\/p>\n\n\n\n<p><u>3 \u2013<\/u><br>V\u00e9rifier maitenant c\u00f4t\u00e9 client la bonne configuration.<br><\/p>\n\n\n\n<p>Pour cela je me suis aid\u00e9 du site d\u2019aide de Microsoft sur la commande <strong>nslookup<\/strong>.<br><\/p>\n\n\n\n<p>Testons avec Windows en d\u00e9marrant la fen\u00eatre de commandes <strong>CMD<\/strong>, puis taper les commandes encadr\u00e9es en rouge ci-dessous :<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/iwAMcIJ1dt8AwqY2mi4yO9MzQW-qfDneKMVSpuQHsMb1xCgjnFO-sxmVQt_XLUXCym0XMaudxwzDkARmP80o3msqm-RgPf1cexxa1zM3s7KGI19Zi9Cf9N1cLsBTZAqAo9FHT9Tq\" alt=\"R\u00e9sultat nslookup Windows\" \/><figcaption>R\u00e9sultats de nslookup sous Windows<\/figcaption><\/figure>\n\n\n\n<p>Penser au pr\u00e9alable \u00e0 configurer correctement l\u2019adressage IP de la carte r\u00e9seau client comme indiqu\u00e9 sur le sch\u00e9ma au d\u00e9but de cet article.<br><\/p>\n\n\n\n<p>Les r\u00e9sultats retourn\u00e9s par les commandes ci-dessus montrent que la configuration de notre serveur DNS est correcte.<br><\/p>\n\n\n\n<p>\u2013 Nous verrons dans une seconde partie comment configurer notre serveur en routeur afin que les postes clients puissent sortir sur internet.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dans cet article nous allons param\u00e9trer un nouveau serveur bas\u00e9 sur Ubuntu Server 18.04 de telle sorte qu\u2019il fasse office de serveur DNS. Puis dans un second temps nous param\u00e9trerons ce serveur en routeur afin que les postes du r\u00e9seau local acc\u00e8dent \u00e0 Internet. Pour la premi\u00e8re partie je me suis aid\u00e9 d\u2019un article du &hellip; <a href=\"https:\/\/aietea.fr\/index.php\/2019\/05\/13\/parametrage-de-bind\/\" class=\"more-link\">Continuer la lecture de <span class=\"screen-reader-text\">PARAM\u00c9TRAGE DE BIND<\/span>  <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-36","post","type-post","status-publish","format-standard","hentry","category-systemes-reseaux"],"_links":{"self":[{"href":"https:\/\/aietea.fr\/index.php\/wp-json\/wp\/v2\/posts\/36","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aietea.fr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aietea.fr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aietea.fr\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/aietea.fr\/index.php\/wp-json\/wp\/v2\/comments?post=36"}],"version-history":[{"count":3,"href":"https:\/\/aietea.fr\/index.php\/wp-json\/wp\/v2\/posts\/36\/revisions"}],"predecessor-version":[{"id":40,"href":"https:\/\/aietea.fr\/index.php\/wp-json\/wp\/v2\/posts\/36\/revisions\/40"}],"wp:attachment":[{"href":"https:\/\/aietea.fr\/index.php\/wp-json\/wp\/v2\/media?parent=36"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aietea.fr\/index.php\/wp-json\/wp\/v2\/categories?post=36"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aietea.fr\/index.php\/wp-json\/wp\/v2\/tags?post=36"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}