1 下载服务
yum -y install bind
2 配置文件
主配置文件 /etc/named.conf
区配置文件 /var/named/
配置文件模板 /usr/share/doc/bind-9.8.2/sample
3 协议及端口
TCP 53 主要用于主从同步,需要的是可靠的数据传输
UDP 53 主要用于客户端查询域名
4 配置文件详解(named.conf 注释为 // 或 /*)
[root@localhost ~]# egrep -v "^$|^\/" /etc/named.conf options { #全局选项配置 listen-on port 53 { 127.0.0.1; }; #监听套接字 listen-on-v6 port 53 { ::1; }; directory "/var/named"; #存放区域配置文件的目录 dump-file "/var/named/data/cache_dump.db"; #缓存备份文件 statistics-file "/var/named/data/named_stats.txt"; #状态文件 memstatistics-file "/var/named/data/named_mem_stats.txt"; #内存状态文件 recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; }; #允许哪些客户端进行查询,可写成any,172.16.0.0/16等形式 /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; #允许递归查询 dnssec-enable yes; #启用dns安全策略 dnssec-validation yes; #启用dns的valid安全策略 /* Path to ISC DLV key */ bindkeys-file "/etc/named.root.key"; #密钥文件 managed-keys-directory "/var/named/dynamic"; #管理密钥的目录 pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; #会话密钥文件 }; logging { #和日志等相关的 channel default_debug { file "data/named.run"; #日志路径 severity dynamic; #动态 }; }; zone "." IN { #域设置 type hint; #域类型:根域 file "named.ca"; #域文件名称 }; include "/etc/named.rfc1912.zones"; #包含的子配置文件 include "/etc/named.root.key"; #包含的密钥文件
原文:https://www.cnblogs.com/Xinenhui/p/14085367.html