首先安装bind,yum -y install bind
bind:
服务脚本:/etc/rc.d/init.d/named
主配置文件:/etc/named.conf, /etc/named.rfc1912.zones
区域解析库文件:/var/named/zone_name.zone
| 正向解析 |
配置主DNS正向解析服务器:主机IP为172.16.249.69
| 一、vi /etc/named.conf 调整的部分用红色标注 |
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { //listen-on port 53 { 127.0.0.1; }; 监听指定主机的端口、IP listen-on port 53 { any; };上行可直接注释掉,或者写成any //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允许任何主机查询 recursion yes; dnssec-enable no; dnssec-validation no; 改为no dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; 注释掉 managed-keys-directory "/var/named/dynamic";*/ }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; |
options {}:全局配置段,定义named进程的工作特性 logging {}:定义日志功能 zone {}:定义本named进程负责解析的区域;zone可以有多个; 注释: //: 单行注释 /* ... */: 多行注释 需要的配置: 监听的地址:配置为监听能与外部通信的地址; listen-on port 53 { 172.16.100.6; 127.0.0.1; }; 允许所有主机查询: allow-query { any; }; 关闭dnssec相关的配置: dnssec-enable no; dnssec-validation no; dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; */ |
可以直接开启服务:service named start
bind同时监听udp和tcp的53端口,
查看一下是否启动成功:ss tunl | grep :53
| 二、vi /etc/named.rfc1912.zones |
| // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { type master; 设置为主DNS服务器 file "test.com.zone"; 指定正向区域解析库文件 }; |
配置dns服务器成为某区域的主服务器: test.com zone "ZONE_NAME" IN { type master|slave|forward; file "/path/to/zone_file.zone"; }; ZONE_NAME: 正向区域:test.com 反向区域:逆向网络地址.in-addr.arpa |
| 三、vi /var/named/test.com.zone |
| $TTL 600 $ORIGIN test.com. @ IN SOA ns1 mail ( 2014121001 1H 5M 7D 1D ) IN NS ns1 IN MX 10 mx1 ns1 IN A 172.16.249.69 mx1 IN A 172.16.249.69 www IN A 172.16.17.10 www IN A 172.16.17.20 hao IN CNAME www imap IN A 172.16.17.30 pop3 IN A 172.16.249.69 |
资源记录的定义格式: 语法:name[ttl] IN rr_type value SOA: name: 区域名称 value: ]主DNS服务器的FQDN,也可以当前区域的名称; 当前区域的管理员邮箱; @用于表示当前区域的名字,所以邮箱地址不能出现@符号; (主从服务器协调属性定义及否定应答的TTL值): 例如:test.com. 60 IN SOA test.com. dns.test.com. ( 2014120901 ;区域数据文件有版本号(序列号) 1H ;刷新时间(检查周期) 5M ;重试时间(重试周期) 7D ;过期时间(失效时长) 1D ;否定应答的TTL值 ) NS: 一个区域数据文件可以有多个NS记录; name: 区域名称,可使用@替换; value:dns服务的FQDN; 例如: test.com.IN NS dns1.test.com. IN NS dns2.test.com. 注意: 1、相邻的资源记录name相同时,后面的可省略; 2、任何一个value中指定的FQDN,在其域的正向解析文件中应该有A记录; MX:一个区域数据文件可以有多个MX记录; name: 区域名称,可使用@表示; value: 邮件服务器的FQDN value之前需要一个数字表示其优先级(0-99, 数字越小优先级越高) 例如: @IN MX 10 mx1.test.com. IN MX 20 mx2.test.com. A, AAAA: 应用于正向区域文件 name: FQDN value: IP 例如: www.test.com. IN A 1.1.1.1 www.test.com. IN A 2.2.2.2 mx1.test.com. IN A 1.1.1.1 pop3.test.com. IN A 1.1.1.1 test.com. IN A 1.1.1.1 泛域名解析: *.test.com.IN A 1.1.1.1 PTR: 应用于反向区域文件 name: IP地址的逆向格式,并附加in-addr.arpa.后缀 value: FQDN 例如: 6.100.16.172.in-addr.arpa. IN PTR www.test.com. CNAME: name: 别名FQDN value: 正名FQDN 例如: web.test.com. IN CNAME www.test.com. |
客户端测试工具:dig, host, nslookup dig: 用法:dig -t type name @SERVER [queryoptions] [-t type]:资源记录类型 query options: +[no]trace +[no]recurse host: 用法:host [-t type] name [SERVER] nslookup: nslookup [-option] [name | -] [server] nslookup> server IP: 设定查询时使用服务器 set q=type: 设定查询类型 name: 指定要查询的名字 |
重载named服务,查看是否生效
service named reload
dig -t A www.test.com @172.16.249.69
配置从DNS正向解析服务器:主机ip为172.16.249.70
| 一、vi /etc/named.conf |
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { //listen-on port 53 { 127.0.0.1; }; 监听指定主机的端口、IP listen-on port 53 { any; };上行可直接注释掉,或者写成any //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允许任何主机查询 recursion yes; dnssec-enable no; dnssec-validation no; 改为no dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; 注释掉 managed-keys-directory "/var/named/dynamic";*/ }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; |
| 同主DNS服务器配置一样 |
| 一、vi /etc/named.rfc1912.zones |
| // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { type slave; 设置为从DNS服务器 file "slaves/test.com.zone"; 指定反向区域解析库文件 masters { 172.16.249.69; }; 指定主DNS服务器地址 }; |
| 二、vi /var/named/test.com.zone 这是主DNS服务器的区域解析库文件 |
| $TTL 600 $ORIGIN test.com. @ IN SOA ns1 mail ( 2014121002 ;修改后要把序列号加1 1H 5M 7D 1D ) IN NS ns1 IN NS ns2 ;添加从DNS服务器 IN MX 10 mx1 ns1 IN A 172.16.249.69 ns2 IN A 172.16.249.70 mx1 IN A 172.16.249.69 www IN A 172.16.17.10 www IN A 172.16.17.20 hao IN CNAME www imap IN A 172.16.17.30 pop3 IN A 172.16.249.69 |
然后重载服务,service named reload
查看是否生效,tail /var/log/messages
| 反向解析 |
配置主DNS反向解析服务器 主机ip为172.16.249.69
| 一、vi /etc/named.conf |
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { //listen-on port 53 { 127.0.0.1; }; 监听指定主机的端口、IP listen-on port 53 { any; };上行可直接注释掉,或者写成any //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允许任何主机查询 recursion yes; dnssec-enable no; dnssec-validation no; 改为no dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; 注释掉 managed-keys-directory "/var/named/dynamic";*/ }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; |
| 配置过正向解析服务器的此步骤可以省略 |
| 二、vi /etc/named.rfc1912.zones |
| // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { type master; 设置为主DNS服务器 file "test.com.zone"; 指定正向区域解析库文件 }; zone "249.16.172.in-addr.arpa" IN { type master; 设置为主DNS服务器 file "172.16.249.zone"; 指定反向区域解析库文件 }; |
| 三、vi /var/named/172.16.249.zone |
| $TTL 600 $ORIGIN 249.16.172.in-addr.arpa. @ IN SOA ns1.test.com. mail.test.com. ( 2014121003 1H 5M 7D 1D) IN NS ns1.test.com. 69 IN PTR ns1.test.com. 69 IN PTR mx1.test.com. 10 IN PTR www.test.com. 20 IN PTR www.test.com. 69 IN PTR pop3.test.com. 30 IN PTR imap.test.com. |
重载服务查看是否生效
service named reload
dig -x 172.16.249.10 @172.16.249.69
配置从DNS反向解析服务器 主机ip为172.16.249.70
| 一、vi /etc/named.conf |
// named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { //listen-on port 53 { 127.0.0.1; }; 监听指定主机的端口、IP listen-on port 53 { any; };上行可直接注释掉,或者写成any //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允许任何主机查询 recursion yes; dnssec-enable no; dnssec-validation no; 改为no dnssec-lookaside no; /* Path to ISC DLV key bindkeys-file "/etc/named.iscdlv.key"; 注释掉 managed-keys-directory "/var/named/dynamic";*/ }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; |
| 二、vi /etc/named.rfc1912.zones |
| // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { type slave; 设置为从DNS服务器 file "slaves/test.com.zone"; 指定反向区域解析库文件 masters { 172.16.249.69; }; 指定主DNS服务器地址 }; zone "249.16.172.in-addr.arpa" IN { type slave; 设置为从DNS服务器 file "slaves/172.16.249.zone"; 指定反向区域解析库文件 masters { 172.16.249.69; }; 指定主DNS服务器地址 }; |
重载服务查看是否生效 service named reload
dig -x 172.16.249.10 @172.16.240.70