Linux DNS之bind详解

BIND:

Berkeley Internet Name Domain

目前由ISC进行维护。DHCP也是其维护。


安装:

注意:默认情况下,安装好BIND后,默认配置为缓存DNS,然后才配置为住DNS及从DNS服务器。

1.使用rpm包安装:

所需rpm包:

bind97-

libs 库文件包

utils 工具包

devel 包含头文件和库文件的开发包

chroot 将根临时切换到其他目录

caching-nameserver

通过提供配置文件,让BIND服务器成为缓存DNS服务器。新版本中已经集成。不需要专门安装。


#yum install bind97


2.使用源码包安装:


配置文件:

/etc/named.conf

权限为640,属主为root,属组为named。

ZONEFILE可以使用相对路径,是对于DATAFILEDIR来说的相对路径。


文件定义格式:

每一个完整的语句都要以分号(;)结尾,花括号({})只要不在同一行,前后必须有空格。中间的指令也要以分号(;)结尾。


ACL:

访问控制列表,必须先定义后使用。定义在在配置文件最上部。

acl ACLNAME {

ADDR1;

ADDR2;

...

};


none;无

any; 任意的


全局选项:

options {

listen-on prot PORT {IP;}; 

指定监听在IP上PORT端口,省略{IP;};表示接收所有地址。


directory "DATAFILEDIR"; 

确定数据库存放位置。


recursion yes; 

允许递归。


allow-recursion{IP|ACL;};

定义允许递归的客户端来源。


allow-qurey IP|ACL;}; 

定义允许进行查询的客户端来源。


allow-transfer {IP|ACL;};

允许指定的DNS服务器进行进行区域传送,可以定义在区域的内部。


notify yes; 

启动通知功能,主服务端修改后将通知从服务器进行同步。


forward only|first;

only:接受到的请求都转发给指定的服务器,无结果,则无应答。


first:接受到的请求都转发给指定的服务器,无结果后向根查询。


fowarders {IP;};

定义将请求转发到指定的服务器上。


querylog yes:是否启动解析日志记录。



};


视图:

view VIEWNAME { 

OPTIONS;

match-clients{IP1;...;}; 匹配客户端来源

};

注意:全局选项绝大部分都可以在视图中使用,所有的区域都必须定义在视图中。根区域只定义在需要递归的视图中。


日志系统:

格式如下:

logging {

channel CHANNELNAME {

file "FILE" versions NUM size SIZE;

severity LEVEL

};


channel CHANNELNAME {

syslog FILE;

severity LEVEL;


};

catagory CATAGORY { FILE };

};


catagory 日志源。

default

general

client

config

dispatch

dnssec

lame-servers

network

notify

querise

resovler

security

update

xfer-in

xfer-out



channel 定义日志目标。

LOGTYPE:

syslog /var/log/messages

FILE 自定义日志文件。


channel "CHANNELNAME" (LOGTYPE WRITER LEVEL)



例如:

logging {

channel my_file {

file "log.msgs" versions 3 size 20k;

serverity dynamic;

};

channel my_syslog {

syslog local0;

severity info;


};


category xfer-in { my_file; };

categroy upate { my_syslog; }

};



根区域:

zone "." IN {

type hint;

file "named.ca"


};


主区域:

zone "ZONEFILE" IN {

type master|;

file "ZONEFILE";

};


从区域:

zone "ZONENAME" IN {

type slave

file "slave/ZONEFILE"

master {MASTER1IP;MASTER2IP ;...};

};



例如:

有域为test.com. 10.0.0.0/8

dns ns1为10.0.0.3

ns2为 10.0.0.6

www为10.0.0.2 10.0.0.5

mail为10.0.0.4

ftp 在www主机上


1.创建缓存名称服务器并检测错误:

#vim /etc/named.conf

options { 

directory "/var/named";

};

zone "." IN {

type hint;

file "named.ca"


};


zone "localhost" IN {

type master;

file "named.localhost";

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback"

};


#chowm root:named /etc/named.conf

#chmod 640 /etc/named.conf

#named-checkconf 

#named-checkzone "." /var/named/named.ca

#named-checkzone "localhost" /var/named/named.local

#named-checkzone "0.0.172.in-addr.arpa" /var/named/named.loopback

#service named start


2.接上题,创建主服务器:

#vim /etc/named.conf

options { 

directory "/var/named";

};

zone "." IN {

type hint;

file "named.ca"


};


zone "localhost" IN {

type master;

file "named.localhost";

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback"

};


zone "test.com" IN {

type master;

file "test.com.zone";

};


zone "0.0.10.in-addr.arpa" IN {

type master;

file "10.0.0.zone";

};


#vim /var/named/test.com.zone

$TLL 600

test.com. IN SOA ns1.test.com. admin.test.com (

1

1H

5M

1W

1D)


test.com. IN NS ns1.test.com.

IN MX 10 mail


ns1 IN A 10.0.0.3

mail IN A 10.0.0.4

www IN A 10.0.0.2

www IN A 10.0.0.5

ftp IN CNAME www


#vim /var/named/10.0.0.zone

$TLL 600

@ IN SOA ns1.test.com. admin.test.com (

1

1H

5M

1W

1D)


IN NS ns1.test.com.

3 IN PTR ns1.test.com.

4 IN PTR mail.test.com.

2 IN PTR www.test.com.

5 IN PTR www.test.com.


#chmod 640 /var/named/test.com.zone

#chown root:named /var/name/test.com.zone

#named-checkconf

#named-chcekzone "test.com" /var/named/test.com.zone

#name-checkzone "10.0.0.zone" /var/named/10.0.0.zone

#service named restart


3.设置服务器的递归和主从复制选项:

#vim /etc/named.conf

options { 

directory "/var/named";

allow recursion {172.16.0.0/16;};


}; 

zone "." IN {

type hint;

file "named.ca"


};


zone "localhost" IN {

type master;

file "named.localhost";

allow-transfer {none;};

};


zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback"

allow-transfer {none;};

};


zone "test.com" IN {

type master;

file "test.com.zone";

allow-transfer {10.0.0.6;};

}

zone "0.0.10.in-addr.arpa" IN {

type master;

file "10.0.0.zone";

allow-transfer {10.0.0.6;};

};


4.创建DNS从服务器:

在从服务器上配置:

#vim /etc/named.conf

options { 

directory "/var/named";

allow-recursion {172.16.0.0/16;};

};

zone "." IN {

type hint;

file "named.ca"


};


zone "localhost" IN {

type master;

file "named.localhost";

allow-transfer {none;};

};


zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback"

allow-transfer {none;};

};


zone "test.com" IN {

type slave;

master {10.0.0.3;};

file "slaves/test.com.zone";

allow-transfer {none;};

};


zone "0.0.10.in-addr.arpa" IN {

type slave;

master {10.0.0.3;};

file "slaves/10.0.0.zone";

allow-transfer {none;};

};


编辑主服务器上的区域文件:

#vim /var/named/test.com.zone

$TLL 600

test.com. IN SOA ns1.test.com. admin.test.com (

1

1H

5M

1W

1D)


test.com. IN NS ns1.test.com.

IN MX 10 mail

IN NS ns2.test.com.


ns1 IN A 10.0.0.3

mail IN A 10.0.0.4

www IN A 10.0.0.2

www IN A 10.0.0.5

ns2 IN A 10.0.0.6

ftp IN CNAME www


#vim /var/named/10.0.0.zone

$TLL 600

@ IN SOA ns1.test.com. admin.test.com (

1

1H

5M

1W

1D)


IN NS ns1.test.com.

IN NS ns2.test.com.


3 IN PTR ns1.test.com.

4 IN PTR mail.test.com.

2 IN PTR www.test.com.

5 IN PTR www.test.com.

6 IN PTR ns2.test.com.


5.创建转发服务器:

全局转发:

#vim /etc/named.conf

options { 

directory "/var/named";

allow recursion {172.16.0.0/16;};

forward first;

forwarder {10.0.1.2;};

};

zone "." IN {

type hint;

file "named.ca"


};


zone "localhost" IN {

type master;

file "named.localhost";

allow-transfer {none;};

};


zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback"

allow-transfer {none;};

};


zone "test.com" IN {

type master;

file "test.com.zone";

allow-transfer {10.0.0.6;};

};


zone "0.0.10.in-addr.arpa" IN {

type master;

file "10.0.0.zone";

allow-transfer {10.0.0.6;};

};


区域转发:

#vim /etc/named.conf

options { 

directory "/var/named";

allow-recursion {172.16.0.0/16;};

};

zone "." IN {

type hint;

file "named.ca"


};


zone "localhost" IN {

type master;

file "named.localhost";

allow-transfer {none;};

};


zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback"

allow-transfer {none;};

};


zone "test.com" IN {

type master;

file "test.com.zone";

allow-transfer {10.0.0.6;};

forward first;

forwarder {10.0.1.2;};

};


zone "0.0.10.in-addr.arpa" IN {

type master;

file "10.0.0.zone";

allow-transfer {10.0.0.6;};

};


6.视图和ACL:

NET1网段中中客户端访问www.test.com解析为10.0.0.2,其他网段客户端访问解析的地址为192.168.0.2。a.net域中的主机访问www.a.net一律解析为10.0.0.2。


#vim /etc/named.conf

acl NET1 {

172.16.0.0/16;

192.168.100.0/24;

127.0.0.0/8;

};


options { 

directory "/var/named";

allow-recursion {NET1;};

};


view NET1{

match-client {NET1;};

zone "test.com" IN {

type master;

file "NET1.test.com.zone"

};


zone "0.0.10.in-addr.arpa" IN {

type master;

file "NET1.192.0.0.zone";

};


zone "a.net" IN {

type master;

file "a.net.zone"

};

};


view NET2{

match-client {any;};

zone "test.com" IN {

type master;

file "ANY.test.com.zone"

};


zone "0.0.10.in-addr.arpa" IN {

type master;

file "ANY.10.0.0.zone";

};


zone "a.net" IN {

type master;

file "a.net.zone"


};

};


zone "." IN {

type hint;

file "named.ca"


};


zone "localhost" IN {

type master;

file "named.localhost";

allow-transfer {none;};

};


zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback"

allow-transfer {none;};

};


#vim NET1.test.com.zone

$TLL 86400

$ORIGIN test.com.

@ IN SOA ns1.test.com. admin.test.com.(

1

1D

15M

1W

1D

)

IN NS ns1.test.com.

IN NS ns2.test.com.

IN MX 10 mail.test.com.

ns1 IN A 10.0.0.3

ns2 IN A 10.0.0.6

www IN A 10.0.0.2

www IN A 10.0.0.5

mail IN A 10.0.0.4

ftp IN CNAME www


#vim ANY.test.com.zone

$TLL 86400

$ORIGIN test.com.

@ IN SOA ns1.test.com. admin.test.com.(

1

1D

15M

1W

1D

)

IN NS ns1.test.com.

IN NS ns2.test.com.

IN MX 10 mail.test.com.

ns1 IN A 10.0.0.3

ns2 IN A 10.0.0.6

www IN A 192.168.0.2

www IN A 192.168.0.5

mail IN A 10.0.0.4

ftp IN CNAME www


#vim a.net.zone

$TLL 86400

$ORIGIN a.net.

@ IN SOA ns1.a.net. admin.a.net.(

1

1D

15M

1W

1D

)

IN NS ns1.a.net

ns1 IN A 10.0.0.3

www IN A 10.0.0.2


/etc/rndc.key

Remote Name Domain Controller 远程域名控制器。

让rndc能够正常工作的密钥文件。


/etc/rndc.conf

rndc工具的配置信息。


/var/named/*

区域数据文件,由管理员自行定义。


name.ca 

13个根DNS服务器的地址,若没有此文件可以通过dig命令来生成。


name.localhost

专门将localhost解析为127.0.0.1


name.loopback

专门将loopback解析为127.0.0.1



/etc/rc.d/init.d/named

服务脚本,支持start|stop|status|restart|reload|try-restart|force-reload


主程序:

/usr/sbin/named


监听的端口:

TCP 53端口 主从复制时使用,保证数据完整性。


UTP 53端口 查询请求时使用,速度快。


TCP 953端口 rndc工具监听端口。


日志:

/var/log/message



工具:

/usr/sbin/named-checkconf 检查配置文件

/usr/sbin/named-checkzone 检查区域文件


/usr/sbin/named-compliezone 将区域文件编译为其他格式

/usr/sbin/named-journalprint 


/usr/sbin/rndc 远程控制工具

/usr/sbin/rndc-confgen 

rndc工具的配置文件生成器,生成/etc/rndc.conf文件。


DNS子域授权:

正向区域:

SUB_ZONE_NAME IN NS SUB_ZONE_DNS_NMAE

SUB_ZONE_DNS_NMAE IN A SUB_DNS_IP


反向区域:



例如:

有域为.com

test.com为子域。

DNS服务器如下:

ns1.test.com 10.0.0.3

ns2.test.com 10.0.0.4


其中有:fi、market、it3个子域,各部门中的DNS服务器如下:

ns1.fi.test.com 172.16.0.2

ns2.fi.test.com 172.16.0.5


ns1.market.test.com 172.16.0.3

ns2.market.test.com 172.16.0.6


ns1.it.test.com 172.16.0.4

ns2.it.test.com 172.16.0.7



在.com上:

正向区域:

test.com. IN NS ns1.test.com.

test.com. IN NS ns2.test.com.;

ns1.test.com. IN A 10.0.0.3

ns2.test.com. IN A 10.0.0.4




在test.com上:

正向区域:

fi.test.com. IN NS ns1.fi.test.com.

fi.test.com. IN NS ns2.fi.test.com.

ns1.fi.test.com. IN A 172.16.0.2

ns2.fi.test.com. IN A 172.16.0.5


market.test.cfom. IN NS ns1.market.test.com.

market.test.cfom. IN NS ns2.market.test.com.

ns1.market.test.com. IN A 172.16.0.3

ns1.market.test.com. IN A 172.16.0.6


it.test.com. IN NS ns1.it.test.com.

it.test.com. IN NS ns2.it.test.com.

ns1.it.test.com. IN A 172.16.0.4

ns1.it.test.com. IN A 172.16.0.7



#vim /var/named/test.com.zone

$TLL 600

test.com. IN SOA ns1.test.com. admin.test.com (

1

1H

5M

1W

1D)


test.com. IN NS ns1.test.com.

IN MX 10 mail

IN NS ns2.test.com.


ns1 IN A 10.0.0.3

mail IN A 10.0.0.4

www IN A 10.0.0.2

www IN A 10.0.0.5

ns2 IN A 10.0.0.6

ftp IN CNAME www

fi IN NS ns1.fi

ns1.fi IN A 172.16.0.2

market IN NS ns1.market

ns1.market IN A 172.16.0.3


it IN NS ns1.it

ns1.it IN A 172.16.0.4




#vim /var/named/10.0.0.zone

$TLL 600

@ IN SOA ns1.test.com. admin.test.com (

1

1H

5M

1W

1D)


IN NS ns1.test.com.

IN NS ns2.test.com.


3 IN PTR ns1.test.com.

4 IN PTR mail.test.com.

2 IN PTR www.test.com.

5 IN PTR www.test.com.

6 IN PTR ns2.test.com.




win:

nsloolup

server IP 指定DNS服务器

set q=A 指定资源记录类型


本文出自 “小私的blog” 博客,请务必保留此出处http://ggvylf.blog.51cto.com/784661/1626446

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。