Este documento detalha a configuração do servidor DNS autoritativo e recursivo para o laboratório, utilizando o BIND9. O servidor DNS (VM ns1) é responsável por resolver os nomes de domínio internos (geanmartins.net) e encaminhar consultas externas, suportando resolução direta e reversa para IPv4 e IPv6 (Dual-Stack).
Antes de instalar o BIND, precisamos garantir que o servidor tenha acesso à internet para baixar pacotes e que seu relógio esteja sincronizado com o Gateway.
Como o BIND ainda não está rodando, precisamos desativar o resolvedor local padrão do Debian e configurar um DNS público temporário.
# Para o serviço de resolução local do systemd
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
# Configura o DNS do Google temporariamente
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf
O DNSSEC e o Active Directory dependem de relógios perfeitamente sincronizados. Vamos apontar o cliente NTP do ns1 para o nosso Gateway.
sudo apt update
sudo apt install systemd-timesyncd
sudo systemctl enable --now systemd-timesyncd
Edite o arquivo /etc/systemd/timesyncd.conf:
[Time]
NTP=10.48.1.1
FallbackNTP=
Reinicie e valide a sincronização:
sudo systemctl restart systemd-timesyncd
timedatectl timesync-status
timedatectl
sudo apt install bind9 bind9-dnsutils vim git curl
Após a instalação, configure o servidor para consultar a si mesmo, já que ele agora é o servidor DNS oficial. O comando chattr +i impede que o arquivo seja sobrescrito acidentalmente pelo NetworkManager ou DHCP.
echo -e "nameserver 127.0.0.1\nnameserver ::1" | sudo tee /etc/resolv.conf
sudo chattr +i /etc/resolv.conf
O BIND precisa de diretórios específicos para armazenar os arquivos de zona (onde ficam os registros DNS) e os logs.
# Diretórios para as zonas diretas e reversas
sudo mkdir -p /var/cache/bind/zones/{forward,reverse}
sudo mkdir /var/cache/bind/zones/reverse/{ipv4,ipv6}
# Ajusta as permissões para o usuário 'bind'
sudo chown -R bind:bind /var/cache/bind/zones
sudo find /var/cache/bind/zones -type f -exec chmod 640 {} \;
# Diretório para os logs do BIND
sudo mkdir /var/log/named
sudo chown -R bind:bind /var/log/named
sudo chmod 750 /var/log/named
/etc/bind/)A configuração do BIND é modular. O arquivo principal inclui outros arquivos menores para manter a organização.
Edite o arquivo /etc/bind/named.conf para incluir os logs:
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.logging";
include "/etc/bind/named.conf.root-hints";
named.conf.options)Este arquivo define quem pode consultar o servidor, em quais interfaces ele escuta e as configurações de segurança (ACLs).
# Define os IPs do próprio servidor (IPv4)
acl "iface_v4" {
127.0.0.1/32;
10.48.1.2/32;
};
# Define os IPs do próprio servidor (IPv6)
acl "iface_v6" {
::1/128;
fd00:0:b:1::2/128;
};
# Define as redes internas que têm permissão para fazer consultas recursivas (Internet)
acl "internals" {
::1/128;
127.0.0.1/32;
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
fc00::/7;
};
options {
directory "/var/cache/bind";
# Escuta apenas nas interfaces configuradas nas ACLs
listen-on { iface_v4; };
listen-on-v6 { iface_v6; };
# Restrições de segurança para evitar que o servidor seja usado em ataques DDoS
allow-query { internals; };
allow-recursion { internals; };
allow-query-cache { internals; };
# Validação automática de assinaturas DNSSEC
dnssec-validation auto;
};
named.conf.logging)O BIND permite rotear diferentes tipos de mensagens (segurança, consultas, erros) para arquivos separados, facilitando o troubleshooting.
logging {
channel security_file {
file "/var/log/named/security.log" versions 5 size 20m;
severity dynamic;
print-time yes;
print-severity yes;
};
channel query_log {
file "/var/log/named/query.log" versions 5 size 20m;
severity info;
print-time yes;
print-category yes;
};
channel error_log {
file "/var/log/named/errors.log" versions 3 size 10m;
severity warning;
print-time yes;
};
category security { security_file; };
category queries { query_log; };
category resolver { error_log; };
category default { null; };
};
named.conf.local)Este arquivo informa ao BIND quais domínios ele gerencia (autoridade) e onde estão os arquivos de registro para cada um.
// ============================================================
// ZONAS DIRETAS (Nome -> IP)
// ============================================================
zone "geanmartins.net" IN {
type master;
file "zones/forward/geanmartins.net.zone";
};
// ============================================================
// ZONAS REVERSAS IPv4 (IP -> Nome)
// ============================================================
// infra-net: 10.48.1.0/24
zone "1.48.10.in-addr.arpa" IN {
type master;
file "zones/reverse/ipv4/rev-10.48.1.ipv4.zone";
};
// auth-net: 10.48.3.0/24
zone "3.48.10.in-addr.arpa" IN {
type master;
file "zones/reverse/ipv4/rev-10.48.3.ipv4.zone";
};
// db-net: 10.48.5.0/24
zone "5.48.10.in-addr.arpa" IN {
type master;
file "zones/reverse/ipv4/rev-10.48.5.ipv4.zone";
};
// dhcp-net: 10.48.7.0/24
zone "7.48.10.in-addr.arpa" IN {
type master;
file "zones/reverse/ipv4/rev-10.48.7.ipv4.zone";
};
// kube-net: 10.48.9.0/24
zone "9.48.10.in-addr.arpa" IN {
type master;
file "zones/reverse/ipv4/rev-10.48.9.ipv4.zone";
};
// metallb-pool: 10.48.11.0/24
zone "11.48.10.in-addr.arpa" IN {
type master;
file "zones/reverse/ipv4/rev-10.48.11.ipv4.zone";
};
// ============================================================
// ZONAS REVERSAS IPv6 (IP -> Nome)
// ============================================================
// fd00:0:b:1::/64 - infra-net
zone "1.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." IN {
type master;
file "zones/reverse/ipv6/rev-fd00.1.ipv6.zone";
};
// fd00:0:b:3::/64 - auth-net
zone "3.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." IN {
type master;
file "zones/reverse/ipv6/rev-fd00.3.ipv6.zone";
};
// fd00:0:b:5::/64 - db-net
zone "5.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." IN {
type master;
file "zones/reverse/ipv6/rev-fd00.5.ipv6.zone";
};
// fd00:0:b:7::/64 - dhcp-net
zone "7.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." IN {
type master;
file "zones/reverse/ipv6/rev-fd00.7.ipv6.zone";
};
// fd00:0:b:9::/64 - kube-net
zone "9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." IN {
type master;
file "zones/reverse/ipv6/rev-fd00.9.ipv6.zone";
};
// fd00:0:b:b::/64 - metallb-pool
zone "b.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa." IN {
type master;
file "zones/reverse/ipv6/rev-fd00.b.ipv6.zone";
};
Os arquivos de zona contêm o mapeamento real entre nomes e IPs. O registro SOA (Start of Authority) define os parâmetros de replicação e cache da zona.
Importante: Sempre que alterar um arquivo de zona, você deve incrementar o número de série (
serial), geralmente no formatoYYYYMMDDXX(AnoMêsDiaRevisão).
geanmartins.net.zone)Crie o arquivo /var/cache/bind/zones/forward/geanmartins.net.zone:
$TTL 86400 ; Tempo de cache padrão (1 dia)
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial (Atualize sempre que editar!)
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
NS ns1.geanmartins.net.
$ORIGIN geanmartins.net.
$TTL 10800 ; 3 hours
; ============================================================
; INFRAESTRUTURA (infra-net: 10.48.1.0/24)
; ============================================================
ns1.geanmartins.net. IN A 10.48.1.2
ns1.geanmartins.net. IN AAAA fd00:0:b:1::2
storage.geanmartins.net. IN A 10.48.1.10
storage.geanmartins.net. IN AAAA fd00:0:b:1::a
nfs.geanmartins.net. IN CNAME storage.geanmartins.net.
; ============================================================
; AUTENTICAÇÃO (auth-net: 10.48.3.0/24)
; ============================================================
adds-01.geanmartins.net. 300 IN A 10.48.3.2
adds-01.geanmartins.net. 300 IN AAAA fd00:0:b:3::2
idm-01.geanmartins.net. 300 IN A 10.48.3.20
idm-01.geanmartins.net. 300 IN AAAA fd00:0:b:3::14
; ============================================================
; DATABASE (DB-net: 10.48.5.0/24)
; ============================================================
mysql.geanmartins.net. 300 IN A 10.48.5.2
mysql.geanmartins.net. 300 IN AAAA fd00:0:b:5::2
pgsql.geanmartins.net. 300 IN A 10.48.5.20
pgsql.geanmartins.net. 300 IN AAAA fd00:0:b:5::14
; ============================================================
; DHCP (dhcp-net: 10.48.7.0/24)
; ============================================================
gateway.geanmartins.net. 300 IN A 10.48.7.1
gateway.geanmartins.net. 300 IN AAAA fd00:0:b:7::1
; ============================================================
; KUBERNETES CLUSTER - NODES E CONTROL PLANE
; ============================================================
kube-lb.geanmartins.net. 300 IN A 10.48.9.100
kube-lb.geanmartins.net. 300 IN AAAA fd00:0:b:9::63
api.cluster.geanmartins.net. 300 IN A 10.48.9.100
api.cluster.geanmartins.net. 300 IN AAAA fd00:0:b:9::63
kube-api.geanmartins.net. 300 IN CNAME api.cluster.geanmartins.net.
kube-ctrl-01.geanmartins.net. 300 IN A 10.48.9.2
kube-ctrl-01.geanmartins.net. 300 IN AAAA fd00:0:b:9::2
kube-ctrl-02.geanmartins.net. 300 IN A 10.48.9.3
kube-ctrl-02.geanmartins.net. 300 IN AAAA fd00:0:b:9::3
kube-ctrl-03.geanmartins.net. 300 IN A 10.48.9.4
kube-ctrl-03.geanmartins.net. 300 IN AAAA fd00:0:b:9::4
kube-worker-01.geanmartins.net. 300 IN A 10.48.9.20
kube-worker-01.geanmartins.net. 300 IN AAAA fd00:0:b:9::14
kube-worker-02.geanmartins.net. 300 IN A 10.48.9.21
kube-worker-02.geanmartins.net. 300 IN AAAA fd00:0:b:9::15
kube-worker-03.geanmartins.net. 300 IN A 10.48.9.22
kube-worker-03.geanmartins.net. 300 IN AAAA fd00:0:b:9::16
; ============================================================
; KUBERNETES CLUSTER - INGRESS (MetalLB Pool)
; ============================================================
ingress.cluster.geanmartins.net. 300 IN A 10.48.10.100
ingress.cluster.geanmartins.net. 300 IN AAAA fd00:0:b:a::100
; Wildcard para resolver qualquer subdomínio para o Ingress Controller
*.geanmartins.net. 300 IN A 10.48.10.100
*.geanmartins.net. 300 IN AAAA fd00:0:b:a::100
; ============================================================
; SERVIÇOS E APLICAÇÕES
; ============================================================
ipam.geanmartins.net. 300 IN A 10.48.11.100
ipam.geanmartins.net. 300 IN AAAA fd00:0:b:b::100
phpipam.geanmartins.net. 300 IN CNAME ipam.geanmartins.net.
kc.geanmartins.net. 300 IN A 10.48.11.100
kc.geanmartins.net. 300 IN AAAA fd00:0:b:b::100
keycloak.geanmartins.net. 300 IN CNAME kc.geanmartins.net.
vw.geanmartins.net. 300 IN A 10.48.11.100
vw.geanmartins.net. 300 IN AAAA fd00:0:b:b::100
vaultwarden.geanmartins.net. 300 IN CNAME vw.geanmartins.net.
wiki.geanmartins.net. 300 IN A 10.48.11.100
wiki.geanmartins.net. 300 IN AAAA fd00:0:b:b::100
wikijs.geanmartins.net. 300 IN CNAME wiki.geanmartins.net.
os.geanmartins.net. 300 IN A 10.48.11.101
os.geanmartins.net. 300 IN AAAA fd00:0:b:b::101
api.opensearch.geanmartins.net. 300 IN CNAME os.geanmartins.net.
ca.geanmartins.net. 300 IN A 10.48.11.102
ca.geanmartins.net. 300 IN AAAA fd00:0:b:b::102
step-ca.geanmartins.net. 300 IN CNAME ca.geanmartins.net.
; ============================================================
; SAMBA 4 ACTIVE DIRECTORY - Registros SRV (Serviços)
; ============================================================
_kerberos._tcp.geanmartins.net. 600 IN SRV 0 100 88 adds-01.geanmartins.net.
_kerberos._udp.geanmartins.net. 600 IN SRV 0 100 88 adds-01.geanmartins.net.
_kerberos._tcp.dc._msdcs.geanmartins.net. 600 IN SRV 0 100 88 adds-01.geanmartins.net.
_ldap._tcp.geanmartins.net. 600 IN SRV 0 100 389 adds-01.geanmartins.net.
_ldap._tcp.dc._msdcs.geanmartins.net. 600 IN SRV 0 100 389 adds-01.geanmartins.net.
_gc._tcp.geanmartins.net. 600 IN SRV 0 100 3268 adds-01.geanmartins.net.
_ldap._tcp.gc._msdcs.geanmartins.net. 600 IN SRV 0 100 3268 adds-01.geanmartins.net.
_kpasswd._tcp.geanmartins.net. 600 IN SRV 0 100 464 adds-01.geanmartins.net.
_kpasswd._udp.geanmartins.net. 600 IN SRV 0 100 464 adds-01.geanmartins.net.
A zona reversa permite que um sistema descubra o nome de uma máquina a partir do seu IP (necessário para logs, anti-spam e Active Directory).
/var/cache/bind/zones/reverse/ipv4/rev-10.48.1.ipv4.zone (infra-net)
$ORIGIN 1.48.10.in-addr.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
NS ns1.geanmartins.net.
2 PTR ns1.geanmartins.net.
10 PTR storage.geanmartins.net.
/var/cache/bind/zones/reverse/ipv4/rev-10.48.3.ipv4.zone (auth-net)
$ORIGIN 3.48.10.in-addr.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
NS ns1.geanmartins.net.
2 PTR adds-01.geanmartins.net.
20 PTR idm-01.geanmartins.net.
/var/cache/bind/zones/reverse/ipv4/rev-10.48.5.ipv4.zone (db-net)
$ORIGIN 5.48.10.in-addr.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
NS ns1.geanmartins.net.
2 PTR mysql.geanmartins.net.
20 PTR pgsql.geanmartins.net.
/var/cache/bind/zones/reverse/ipv4/rev-10.48.7.ipv4.zone (dhcp-net)
$ORIGIN 7.48.10.in-addr.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
NS ns1.geanmartins.net.
1 PTR gateway.geanmartins.net.
/var/cache/bind/zones/reverse/ipv4/rev-10.48.9.ipv4.zone (kube-net)
$ORIGIN 9.48.10.in-addr.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
NS ns1.geanmartins.net.
2 PTR kube-ctrl-01.geanmartins.net.
3 PTR kube-ctrl-02.geanmartins.net.
4 PTR kube-ctrl-03.geanmartins.net.
20 PTR kube-worker-01.geanmartins.net.
21 PTR kube-worker-02.geanmartins.net.
22 PTR kube-worker-03.geanmartins.net.
100 PTR kube-lb.geanmartins.net.
/var/cache/bind/zones/reverse/ipv4/rev-10.48.11.ipv4.zone (metallb-pool)
$ORIGIN 11.48.10.in-addr.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
NS ns1.geanmartins.net.
100 PTR ingress.cluster.geanmartins.net.
101 PTR os.geanmartins.net.
102 PTR ca.geanmartins.net.
O IPv6 usa o domínio .ip6.arpa e exige que cada dígito hexadecimal do IP seja invertido e separado por pontos.
/var/cache/bind/zones/reverse/ipv6/rev-fd00.1.ipv6.zone (infra-net)
$ORIGIN 1.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
IN NS ns1.geanmartins.net.
; fd00:0:b:1::2 -> ns1
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR ns1.geanmartins.net.
; fd00:0:b:1::a -> storage
a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR storage.geanmartins.net.
/var/cache/bind/zones/reverse/ipv6/rev-fd00.3.ipv6.zone (auth-net)
$ORIGIN 3.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
IN NS ns1.geanmartins.net.
; fd00:0:b:3::2 -> adds-01
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR adds-01.geanmartins.net.
; fd00:0:b:3::14 -> idm-01 (20 decimal = 14 hex)
4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR idm-01.geanmartins.net.
/var/cache/bind/zones/reverse/ipv6/rev-fd00.5.ipv6.zone (db-net)
$ORIGIN 5.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
IN NS ns1.geanmartins.net.
; fd00:0:b:5::2 -> mysql
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR mysql.geanmartins.net.
; fd00:0:b:5::14 -> pgsql (20 decimal = 14 hex)
4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR pgsql.geanmartins.net.
/var/cache/bind/zones/reverse/ipv6/rev-fd00.7.ipv6.zone (dhcp-net)
$ORIGIN 7.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
IN NS ns1.geanmartins.net.
; fd00:0:b:7::1 -> gateway
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR gateway.geanmartins.net.
/var/cache/bind/zones/reverse/ipv6/rev-fd00.9.ipv6.zone (kube-net)
$ORIGIN 9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
IN NS ns1.geanmartins.net.
; fd00:0:b:9::2 -> kube-ctrl-01
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR kube-ctrl-01.geanmartins.net.
; fd00:0:b:9::3 -> kube-ctrl-02
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR kube-ctrl-02.geanmartins.net.
; fd00:0:b:9::4 -> kube-ctrl-03
4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR kube-ctrl-03.geanmartins.net.
; fd00:0:b:9::14 -> kube-worker-01 (20 decimal = 14 hex)
4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR kube-worker-01.geanmartins.net.
; fd00:0:b:9::15 -> kube-worker-02 (21 decimal = 15 hex)
5.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR kube-worker-02.geanmartins.net.
; fd00:0:b:9::16 -> kube-worker-03 (22 decimal = 16 hex)
6.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR kube-worker-03.geanmartins.net.
; fd00:0:b:9::63 -> kube-lb (99 decimal = 63 hex)
3.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR kube-lb.geanmartins.net.
/var/cache/bind/zones/reverse/ipv6/rev-fd00.b.ipv6.zone (metallb-pool)
$ORIGIN b.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.
$TTL 86400
@ IN SOA ns1.geanmartins.net. hostmaster.geanmartins.net. (
2026040201 ; serial
14400 ; refresh
3600 ; retry
2419200 ; expire
300 ; minimum
)
IN NS ns1.geanmartins.net.
; fd00:0:b:b::100 -> ingress (256 decimal = 100 hex)
0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.b.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR ingress.cluster.geanmartins.net.
; fd00:0:b:b::101 -> os (257 decimal = 101 hex)
1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.b.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR os.geanmartins.net.
; fd00:0:b:b::102 -> ca (258 decimal = 102 hex)
2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.b.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR ca.geanmartins.net.
Dica de Cálculo IPv6 Reversa:
Parafd00:0:b:9::/64, expanda o prefixo:fd00:0000:000b:0009.
Inverta os caracteres:9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.
O BIND fornece ferramentas para checar a sintaxe dos arquivos antes de recarregar o serviço, evitando indisponibilidade.
# Verifica os arquivos /etc/bind/named.conf*
sudo named-checkconf -p
# Verifica a sintaxe da zona direta
sudo named-checkzone geanmartins.net /var/cache/bind/zones/forward/geanmartins.net.zone
# Verifica uma zona reversa
sudo named-checkzone 9.48.10.in-addr.arpa /var/cache/bind/zones/reverse/ipv4/rev-10.48.9.ipv4.zone
Se todos os comandos acima retornarem "OK", aplique as configurações recarregando o BIND:
# Recarrega as zonas sem derrubar o serviço
sudo rndc reload
# Verifica o status geral
sudo systemctl status named
Utilize o utilitário dig para garantir que o servidor está respondendo corretamente.
# Teste de resolução direta (Nome -> IP)
dig @localhost kube-lb.geanmartins.net
# Teste de resolução reversa IPv4 (IP -> Nome)
dig @localhost -x 10.48.9.100
# Teste de resolução reversa IPv6
dig @localhost -x fd00:0:b:9::63
Para confirmar que o cache está funcionando, faça uma consulta externa duas vezes e observe o Query time:
dig @localhost -t soa kernel.org | tail -n6
# Primeira vez: Query time: 568 msec
# Segunda vez: Query time: 0 msec (Respondido via cache)
| Rede Lógica | Subnet IPv4 | Subnet IPv6 | Arquivo de Zona Reversa IPv4 | Arquivo de Zona Reversa IPv6 |
|---|---|---|---|---|
| infra-net | 10.48.1.0/24 |
fd00:0:b:1::/64 |
1.48.10.in-addr.arpa |
1.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa |
| auth-net | 10.48.3.0/24 |
fd00:0:b:3::/64 |
3.48.10.in-addr.arpa |
3.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa |
| db-net | 10.48.5.0/24 |
fd00:0:b:5::/64 |
5.48.10.in-addr.arpa |
5.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa |
| dhcp-net | 10.48.7.0/24 |
fd00:0:b:7::/64 |
7.48.10.in-addr.arpa |
7.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa |
| kube-net | 10.48.9.0/24 |
fd00:0:b:9::/64 |
9.48.10.in-addr.arpa |
9.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa |
| metallb-pool | 10.48.11.0/24 |
fd00:0:b:b::/64 |
11.48.10.in-addr.arpa |
b.0.0.0.b.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa |