# ll /mnt/cdrom/Packages/bind*
-r--r--r-- 2 root root 4191052 Mar 23 2017 /mnt/cdrom/Packages/bind-9.8.2-0.62.rc1.el6.x86_64.rpm -r--r--r-- 2 root root 78788 Mar 23 2017 /mnt/cdrom/Packages/bind-chroot-9.8.2-0.62.rc1.el6.x86_64.rpm -r--r--r-- 2 root root 73456 Jul 25 2015 /mnt/cdrom/Packages/bind-dyndb-ldap-2.3-8.el6.x86_64.rpm -r--r--r-- 2 root root 912824 Mar 23 2017 /mnt/cdrom/Packages/bind-libs-9.8.2-0.62.rc1.el6.x86_64.rpm -r--r--r-- 2 root root 192844 Mar 23 2017 /mnt/cdrom/Packages/bind-utils-9.8.2-0.62.rc1.el6.x86_64.rpm
6版本的linux中,caching-nameserver已经被整合到了bind中,所以不要安装了。基本的配置示例文件在:/etc/named.conf 和 named.rfc1912.zones中
# yum install bind bind-chroot bind-utils
# rpm -qi bind
# rpm -ql bind
几个重要目录:
/var/named/chroot/ dns服务器根目录
/var/named/chroot/etc/named.conf 主配置文件,设置dns服务器的属性
/var/named/chroot/etc/named.rfc1912.zones 区域定义文件
/var/named/chroot/var/named/ 区域文件所在目录
# cd /var/named/chroot/etc
# cp -p /etc/named.conf named.conf(拷贝主配置样例文件)
1. # vim named.conf
options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; #允许哪些人查询 recursion yes; dnssec-enable no; #关闭安全的dns查询 dnssec-validation no; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
dns udp/53:用于接受客户请求,tcp/53:辅助dns和主dns进行区域文件传送时使用
查看Internet上根dns服务器:
# cat /var/named/chroot/var/named/named.ca | grep -v -E ‘;|^\.|AAAA‘
1 A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 2 B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 3 C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 4 D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 5 E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 6 F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 7 G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 8 H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 9 I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 10 J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 11 K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 12 L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 13 M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
13台根dns服务器,其中1台在日本东京,2台在欧洲(英国伦敦和瑞典斯德哥尔摩各1台),其余10台在美国。
2. # vim named.rfc1912.zones
zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; //添加区域申明
zone "itecs.cn" IN { type master; file "itecs.cn.zone"; allow-update { none; }; };
3. 创建区域文件
# cd ../var/named/
# pwd
/var/named/chroot/var/named
# cp -p named.localhost itecs.cn.zone
# vim itecs.cn.zone
1 $TTL 1D 2 @ IN SOA ns1.itecs.cn. ybliu2004.163.com. ( 3 0 ; serial (辅助dns依据序号值来决定是否更新) 4 1D ; refresh (每隔多久同步一次,这里是1天) 5 1H ; retry (如果同步失败,每隔1小时再次尝试同步) 6 1W ; expire (如果尝试了一周还没有同步成功,则下面的所有记录都将过期) 7 3H ) ; minimum (表示SOA这条记录的缓存时间,其他记录的缓存时间由第1行决定) 8 @ IN NS ns1.itecs.cn. ;(前面的@也可以省略不写)
9 ns1 IN A 192.168.80.2
10 www IN A 1.1.1.1
11 ftp IN A 2.2.2.2
@表示该区域,即itecs.cn.
SOA 起始授权(主dns服务器,管理员邮箱,刷新策略)
NS 该区域的dns服务器,包括主dns和辅助dns服务器
3.1 语法检查工具:
named-checkconf 主配置文件的路径及名称
named-checkzone 域名 区域文件的路径及名称
# named-checkconf /var/named/chroot/etc/named.conf(没有消息就是好消息)
# named-checkzone itecs.cn /var/named/chroot/var/named/itecs.cn.zone
3.2 启动服务并检查日志
# service named start
# ps aux | grep named
# netstat -tupln | grep :53
查看日志:
# cat /var/named/chroot/var/named/data/named.run
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone itecs.cn/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
managed-keys-zone ./IN: loaded serial 2
running
# tail -n 50 /var/log/messages | grep named
# chkconfig --list named
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
# chkconfig named on
3.3 客户端工具
3.3.1 windows上使用nslookup测试
3.3.2 Linux上测试(需要安装bind-utils包)
① nslookup
② dig
③ host
每次修改区域文件都要重启named服务,如果dns服务器管辖的区域很多,启动将比较耗时。使用 ‘rndc reload‘指令也可以在不重启服务的情况下重新加载改变的区域文件。
# vim itecs.cn.zone(新增4条记录,包括2条别名记录,1条mx记录)
mail IN A 3.3.3.3
smtp IN CNAME mail
pop3 IN CNAME mail
mx记录:邮件交换记录,用于指定本区域的邮件服务器。10表示优先级,第8行和第9行前面的@符号都可以省略不写,因为在它们前面(第2行)已经有了@
1 $TTL 1D 2 @ IN SOA ns1.itecs.cn. ybliu2004.163.com. ( 3 0 ; serial 4 1D ; refresh 5 1H ; retry 6 1W ; expire 7 3H ) ; minimum 8 @ IN NS ns1.itecs.cn. 9 @ IN MX 10 mail 10 ns1 IN A 192.168.80.2 11 www IN A 1.1.1.1 12 ftp IN A 2.2.2.2 13 mail IN A 3.3.3.3 14 smtp IN CNAME mail 15 pop3 IN CNAME mail
# rndc reload
原文:https://www.cnblogs.com/ybliu/p/11625996.html