首先安裝bind,yum -y install bind
bind:
服務腳本:/etc/rc.d/init.d/named
主配置文件:/etc/named.conf, /etc/named.rfc1912.zones
區域解析庫文件:/var/named/zone_name.zone
| 正向解析 |
配置主DNS正向解析服務器:主機IP爲172.16.249.69
| 一、vi /etc/named.conf 調整的部分用紅色標註 |
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { //listen-on port 53 { 127.0.0.1; }; 監聽指定主機的端口、IP listen-on port 53 { any; };上行可直接註釋掉,或者寫成any //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允許任何主機查詢 recursion yes; dnssec-enable no; dnssec-validation no; 改爲no dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; 註釋掉 managed-keys-directory "/var/named/dynamic";*/ }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; |
options {}:全局配置段,定義named進程的工作特性 logging {}:定義日誌功能 zone {}:定義本named進程負責解析的區域;zone可以有多個; 註釋: //: 單行註釋 /* ... */: 多行註釋 需要的配置: 監聽的地址:配置爲監聽能與外部通信的地址; listen-on port 53 { 172.16.100.6; 127.0.0.1; }; 允許所有主機查詢: allow-query { any; }; 關閉dnssec相關的配置: dnssec-enable no; dnssec-validation no; dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; */ |
可以直接開啓服務:service named start
bind同時監聽udp和tcp的53端口,
查看一下是否啓動成功:ss tunl | grep :53
| 二、vi /etc/named.rfc1912.zones |
| // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { type master; 設置爲主DNS服務器 file "test.com.zone"; 指定正向區域解析庫文件 }; |
配置dns服務器成爲某區域的主服務器: test.com zone "ZONE_NAME" IN { type master|slave|forward; file "/path/to/zone_file.zone"; }; ZONE_NAME: 正向區域:test.com 反向區域:逆向網絡地址.in-addr.arpa |
| 三、vi /var/named/test.com.zone |
| $TTL 600 $ORIGIN test.com. @ IN SOA ns1 mail ( 2014121001 1H 5M 7D 1D ) IN NS ns1 IN MX 10 mx1 ns1 IN A 172.16.249.69 mx1 IN A 172.16.249.69 www IN A 172.16.17.10 www IN A 172.16.17.20 hao IN CNAME www imap IN A 172.16.17.30 pop3 IN A 172.16.249.69 |
資源記錄的定義格式: 語法:name[ttl] IN rr_type value SOA: name: 區域名稱 value: ]主DNS服務器的FQDN,也可以當前區域的名稱; 當前區域的管理員郵箱; @用於表示當前區域的名字,所以郵箱地址不能出現@符號; (主從服務器協調屬性定義及否定應答的TTL值): 例如:test.com. 60 IN SOA test.com. dns.test.com. ( 2014120901 ;區域數據文件有版本號(序列號) 1H ;刷新時間(檢查週期) 5M ;重試時間(重試周期) 7D ;過期時間(失效時長) 1D ;否定應答的TTL值 ) NS: 一個區域數據文件可以有多個NS記錄; name: 區域名稱,可使用@替換; value:dns服務的FQDN; 例如: test.com.IN NS dns1.test.com. IN NS dns2.test.com. 注意: 1、相鄰的資源記錄name相同時,後面的可省略; 2、任何一個value中指定的FQDN,在其域的正向解析文件中應該有A記錄; MX:一個區域數據文件可以有多個MX記錄; name: 區域名稱,可使用@表示; value: 郵件服務器的FQDN value之前需要一個數字表示其優先級(0-99, 數字越小優先級越高) 例如: @IN MX 10 mx1.test.com. IN MX 20 mx2.test.com. A, AAAA: 應用於正向區域文件 name: FQDN value: IP 例如: www.test.com. IN A 1.1.1.1 www.test.com. IN A 2.2.2.2 mx1.test.com. IN A 1.1.1.1 pop3.test.com. IN A 1.1.1.1 test.com. IN A 1.1.1.1 泛域名解析: *.test.com.IN A 1.1.1.1 PTR: 應用於反向區域文件 name: IP地址的逆向格式,並附加in-addr.arpa.後綴 value: FQDN 例如: 6.100.16.172.in-addr.arpa. IN PTR www.test.com. CNAME: name: 別名FQDN value: 正名FQDN 例如: web.test.com. IN CNAME www.test.com. |
客戶端測試工具:dig, host, nslookup dig: 用法:dig -t type name @SERVER [queryoptions] [-t type]:資源記錄類型 query options: +[no]trace +[no]recurse host: 用法:host [-t type] name [SERVER] nslookup: nslookup [-option] [name | -] [server] nslookup> server IP: 設定查詢時使用服務器 set q=type: 設定查詢類型 name: 指定要查詢的名字 |
重載named服務,查看是否生效
service named reload
dig -t A www.test.com @172.16.249.69
配置從DNS正向解析服務器:主機ip爲172.16.249.70
| 一、vi /etc/named.conf |
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { //listen-on port 53 { 127.0.0.1; }; 監聽指定主機的端口、IP listen-on port 53 { any; };上行可直接註釋掉,或者寫成any //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允許任何主機查詢 recursion yes; dnssec-enable no; dnssec-validation no; 改爲no dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; 註釋掉 managed-keys-directory "/var/named/dynamic";*/ }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; |
| 同主DNS服務器配置一樣 |
| 一、vi /etc/named.rfc1912.zones |
| // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { type slave; 設置爲從DNS服務器 file "slaves/test.com.zone"; 指定反向區域解析庫文件 masters { 172.16.249.69; }; 指定主DNS服務器地址 }; |
| 二、vi /var/named/test.com.zone 這是主DNS服務器的區域解析庫文件 |
| $TTL 600 $ORIGIN test.com. @ IN SOA ns1 mail ( 2014121002 ;修改後要把序列號加1 1H 5M 7D 1D ) IN NS ns1 IN NS ns2 ;添加從DNS服務器 IN MX 10 mx1 ns1 IN A 172.16.249.69 ns2 IN A 172.16.249.70 mx1 IN A 172.16.249.69 www IN A 172.16.17.10 www IN A 172.16.17.20 hao IN CNAME www imap IN A 172.16.17.30 pop3 IN A 172.16.249.69 |
然後重載服務,service named reload
查看是否生效,tail /var/log/messages
| 反向解析 |
配置主DNS反向解析服務器 主機ip爲172.16.249.69
| 一、vi /etc/named.conf |
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { //listen-on port 53 { 127.0.0.1; }; 監聽指定主機的端口、IP listen-on port 53 { any; };上行可直接註釋掉,或者寫成any //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允許任何主機查詢 recursion yes; dnssec-enable no; dnssec-validation no; 改爲no dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; 註釋掉 managed-keys-directory "/var/named/dynamic";*/ }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; |
| 配置過正向解析服務器的此步驟可以省略 |
| 二、vi /etc/named.rfc1912.zones |
| // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { type master; 設置爲主DNS服務器 file "test.com.zone"; 指定正向區域解析庫文件 }; zone "249.16.172.in-addr.arpa" IN { type master; 設置爲主DNS服務器 file "172.16.249.zone"; 指定反向區域解析庫文件 }; |
| 三、vi /var/named/172.16.249.zone |
| $TTL 600 $ORIGIN 249.16.172.in-addr.arpa. @ IN SOA ns1.test.com. mail.test.com. ( 2014121003 1H 5M 7D 1D) IN NS ns1.test.com. 69 IN PTR ns1.test.com. 69 IN PTR mx1.test.com. 10 IN PTR www.test.com. 20 IN PTR www.test.com. 69 IN PTR pop3.test.com. 30 IN PTR imap.test.com. |
重載服務查看是否生效
service named reload
dig -x 172.16.249.10 @172.16.249.69
配置從DNS反向解析服務器 主機ip爲172.16.249.70
| 一、vi /etc/named.conf |
// named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { //listen-on port 53 { 127.0.0.1; }; 監聽指定主機的端口、IP listen-on port 53 { any; };上行可直接註釋掉,或者寫成any //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允許任何主機查詢 recursion yes; dnssec-enable no; dnssec-validation no; 改爲no dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; 註釋掉 managed-keys-directory "/var/named/dynamic";*/ }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; |
| 二、vi /etc/named.rfc1912.zones |
| // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { type slave; 設置爲從DNS服務器 file "slaves/test.com.zone"; 指定反向區域解析庫文件 masters { 172.16.249.69; }; 指定主DNS服務器地址 }; zone "249.16.172.in-addr.arpa" IN { type slave; 設置爲從DNS服務器 file "slaves/172.16.249.zone"; 指定反向區域解析庫文件 masters { 172.16.249.69; }; 指定主DNS服務器地址 }; |
重載服務查看是否生效 service named reload
dig -x 172.16.249.10 @172.16.240.70