# /etc/resolv.conf
nameserver 8.8.8.8 # Serveur DNS primaire
nameserver 8.8.4.4 # Serveur DNS secondaire
search example.com # Domaine de recherche
domain example.com # Domaine local
options timeout:2 # Timeout en secondes
options rotate # Rotation des serveurs
# Configuration
/etc/systemd/resolved.conf
# Gestion du service
systemctl status systemd-resolved
systemctl restart systemd-resolved
# Vérification configuration
resolvectl status
# Configuration DNS par interface
nmcli con mod "eth0" ipv4.dns "8.8.8.8 8.8.4.4"
nmcli con mod "eth0" ipv4.dns-search "example.com"
# Appliquer changements
nmcli con up "eth0"
apt install bind9 # Debian/Ubuntu
dnf install bind # RHEL/CentOS
options {
directory "/var/cache/bind";
recursion yes;
allow-recursion { trusted; };
listen-on { 192.168.1.10; };
allow-transfer { none; };
forwarders {
8.8.8.8;
8.8.4.4;
};
};
zone "example.com" {
type master;
file "/etc/bind/zones/example.com.zone";
allow-transfer { 192.168.1.11; };
};
$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
2023120601 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
@ IN MX 10 mail.example.com.
@ IN A 192.168.1.10
www IN A 192.168.1.10
mail IN A 192.168.1.20
dig [@server] [name] [type]
# Requête simple
dig example.com
# Type d'enregistrement spécifique
dig example.com MX
dig example.com NS
# Serveur spécifique
dig @8.8.8.8 example.com
# Reverse DNS
dig -x 192.168.1.1
# Trace complète
dig +trace example.com
# Format court
dig +short example.com
nslookup
> set type=MX
> example.com
# Recherche basique
nslookup example.com
# Type spécifique
nslookup -type=MX example.com
# Serveur spécifique
nslookup example.com 8.8.8.8
# Recherche simple
host example.com
# Type spécifique
host -t MX example.com
# Mode verbeux
host -v example.com
#!/bin/bash
DOMAIN=$1
echo "=== Vérification DNS pour $DOMAIN ==="
# Enregistrements A
echo -e "\n=== Enregistrements A ==="
dig +short A $DOMAIN
# MX Records
echo -e "\n=== Enregistrements MX ==="
dig +short MX $DOMAIN
# NS Records
echo -e "\n=== Serveurs de noms ==="
dig +short NS $DOMAIN
# Reverse DNS
echo -e "\n=== Reverse DNS ==="
ip=$(dig +short A $DOMAIN)
dig +short -x $ip
# DNSSEC
echo -e "\n=== DNSSEC ==="
dig +dnssec $DOMAIN | grep -A2 ";; ANSWER SECTION"
#!/bin/bash
# Teste plusieurs serveurs DNS
for ns in 8.8.8.8 1.1.1.1 9.9.9.9; do
echo "=== Test avec $ns ==="
dig @$ns +short $1
done
# Vider cache systemd-resolved
systemd-resolve --flush-caches
# Vider cache BIND
rndc flush
# Vérifier cache
rndc dumpdb -cache
# Vérifier syntaxe zone
named-checkzone example.com /etc/bind/zones/example.com.zone
# Vérifier configuration
named-checkconf /etc/bind/named.conf
# Recharger zones
rndc reload
# Temps de réponse
dig +stats example.com | grep "Query time"
# État serveur BIND
rndc status
# Statistiques BIND
rndc stats
options {
directory "/var/cache/bind";
// Cache tuning
max-cache-size 256M;
max-ncache-ttl 3600;
// Query tuning
minimal-responses yes;
prefetch 2 10;
// Network tuning
tcp-listen-queue 128;
tcp-clients 1000;
// Memory tuning
cleaning-interval 15;
interface-interval 60;
};
# Configuration dnsmasq
apt install dnsmasq
# /etc/dnsmasq.conf
cache-size=1000
no-negcache
dns-forward-max=150
Sécurité
Performance
Maintenance
Documentation
# Logs BIND
tail -f /var/log/named/named.log
# Requêtes en cours
rndc status
# Statistiques
rndc stats
#!/bin/bash
# Surveillance temps réponse DNS
threshold=100 # ms
time=$(dig example.com | grep "Query time" | awk '{print $4}')
if [ $time -gt $threshold ]; then
echo "ALERTE: Temps réponse DNS élevé ($time ms)"
fi