Linux上DNS上服務器只要是BIND,是伯克利大學開發的。下面是主要的安裝以及配置,
yum install bind*
bind安裝好之後主要的daemon是named,一般情況下會自動安裝好bind-chroot,chroot的存在主要就是爲了保護系統的安全性,就算bind被黑了,黑客也只能在chroot的目錄裏面活動,有點vsftpd裏的味道,但是不相同。
bind通用配置文件 /etc/named.conf
bind通過對每個域名和IP映射關係形成zone來工作,每個zone的配置文件在 /var/named/ 下面,由於使用了chroot,bind會把
/ 變更到 /var/named/chroot 下(默認yum安裝好的情況),也就是說
/etc/named.conf <==> /var/named/chroot/etc/named.conf
/var/named/ <==> /var/named/chroot/var/named/
可以測試下,啓動了bind-chroot之後,你對/etc/named.conf修改會同步到/var/named/chroot/etc/named.conf ,同樣的也適用於/var/named/ 下的zone配置文件
下面介紹下named.conf
================================================================================
1
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
//named.conf
options { //通用配置 listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { //定義根域的zone,對應的 /var/named/named.ca 列出所有根域名服務器 type hint; file "named.ca"; //可以在 /usr/share/doc/bind-9.8.2/sample/var/named/ 獲取named.ca模板 }; zone "localhost" IN { //定義“localhost”的zone,對應 /var/named/named.localhost type master; //master 就是主DNS Server file "named.localhost"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.127.0.0"; }; include "/etc/named.root.key"; //以上可以是默認的基本配置,下面添加一個zone,域名是fire.net zone "fire.net" IN { type master; file "fire.zone"; }; |
================================================================================
本地正向解析文件 /var/named/named.localhost
1
2 3 4 5 6 7 8 9 |
$TTL 3600
@ IN SOA localhost. root.localhost. ( ; @就是代表對應/etc/named.conf zone對應的名字 zone "xxx" 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS localhost. ; IN 代表一條資源記錄(RR),NS = NameServer 代表DNS Server localhost. IN A 127.0.0.1 ; A 是正向解析的標誌,[hostname] IN A [IP] 代表該主機對應該IP |
本地反向解析文件 /var/named/named.127.0.0
1
2 3 4 5 6 7 8 9 |
$TTL 600
@ IN SOA localhost. root.localhost. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS localhost. 1 IN PTR localhost. ; PTR爲反向解析,與上面的 A 標誌對應 |
上面是基本配置,可以作爲模塊,下面是/var/named/fire.zone的配置。
1
2 3 4 5 6 7 8 9 10 11 12 |
$TTL 3600
@ IN SOA fire.net. root.localhost. ( ; 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS localhost. ; @ 就是 fire.net(zone指定),尋找fire.net則向主機(NS)localhost. 發出查詢 localhost. IN A 127.0.0.1 ; NS對應的IP記錄 www IN A 1.1.1.1 ; 這裏就是真正的主機名的解析,www自動擴展成 www.fire.net FTP IN A 2.2.2.2 ; FTP.fire.net |
注意:對於/var/named下面的zone配置文件,宿主都必須是 root:named (chown root:namedzone_file)!!!
bind的daemon主要是named
-
bind服務器啓動 /etc/init.d/named start
-
bind服務器停止 /etc/init.d/names stop