Linux DNS之bind详解
BIND:
Berkeley Internet Name Domain
目前由ISC进行维护。DHCP也是其维护。
安装:
注意:默认情况下,安装好BIND后,默认配置为缓存DNS,然后才配置为住DNS及从DNS服务器。
1.使用rpm包安装:
所需rpm包:
bind97-
libs 库文件包
utils 工具包
devel 包含头文件和库文件的开发包
chroot 将根临时切换到其他目录
caching-nameserver
通过提供配置文件,让BIND服务器成为缓存DNS服务器。新版本中已经集成。不需要专门安装。
#yum install bind97
2.使用源码包安装:
配置文件:
/etc/named.conf
权限为640,属主为root,属组为named。
ZONEFILE可以使用相对路径,是对于DATAFILEDIR来说的相对路径。
文件定义格式:
每一个完整的语句都要以分号(;)结尾,花括号({})只要不在同一行,前后必须有空格。中间的指令也要以分号(;)结尾。
ACL:
访问控制列表,必须先定义后使用。定义在在配置文件最上部。
acl ACLNAME {
ADDR1;
ADDR2;
...
};
none;无
any; 任意的
全局选项:
options {
listen-on prot PORT {IP;};
指定监听在IP上PORT端口,省略{IP;};表示接收所有地址。
directory "DATAFILEDIR";
确定数据库存放位置。
recursion yes;
允许递归。
allow-recursion{IP|ACL;};
定义允许递归的客户端来源。
allow-qurey IP|ACL;};
定义允许进行查询的客户端来源。
allow-transfer {IP|ACL;};
允许指定的DNS服务器进行进行区域传送,可以定义在区域的内部。
notify yes;
启动通知功能,主服务端修改后将通知从服务器进行同步。
forward only|first;
only:接受到的请求都转发给指定的服务器,无结果,则无应答。
first:接受到的请求都转发给指定的服务器,无结果后向根查询。
fowarders {IP;};
定义将请求转发到指定的服务器上。
querylog yes:是否启动解析日志记录。
};
视图:
view VIEWNAME {
OPTIONS;
match-clients{IP1;...;}; 匹配客户端来源
};
注意:全局选项绝大部分都可以在视图中使用,所有的区域都必须定义在视图中。根区域只定义在需要递归的视图中。
日志系统:
格式如下:
logging {
channel CHANNELNAME {
file "FILE" versions NUM size SIZE;
severity LEVEL
};
channel CHANNELNAME {
syslog FILE;
severity LEVEL;
};
catagory CATAGORY { FILE };
};
catagory 日志源。
default
general
client
config
dispatch
dnssec
lame-servers
network
notify
querise
resovler
security
update
xfer-in
xfer-out
channel 定义日志目标。
LOGTYPE:
syslog /var/log/messages
FILE 自定义日志文件。
channel "CHANNELNAME" (LOGTYPE WRITER LEVEL)
例如:
logging {
channel my_file {
file "log.msgs" versions 3 size 20k;
serverity dynamic;
};
channel my_syslog {
syslog local0;
severity info;
};
category xfer-in { my_file; };
categroy upate { my_syslog; }
};
根区域:
zone "." IN {
type hint;
file "named.ca"
};
主区域:
zone "ZONEFILE" IN {
type master|;
file "ZONEFILE";
};
从区域:
zone "ZONENAME" IN {
type slave
file "slave/ZONEFILE"
master {MASTER1IP;MASTER2IP ;...};
};
例如:
有域为test.com. 10.0.0.0/8
dns ns1为10.0.0.3
ns2为 10.0.0.6
www为10.0.0.2 10.0.0.5
mail为10.0.0.4
ftp 在www主机上
1.创建缓存名称服务器并检测错误:
#vim /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca"
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback"
};
#chowm root:named /etc/named.conf
#chmod 640 /etc/named.conf
#named-checkconf
#named-checkzone "." /var/named/named.ca
#named-checkzone "localhost" /var/named/named.local
#named-checkzone "0.0.172.in-addr.arpa" /var/named/named.loopback
#service named start
2.接上题,创建主服务器:
#vim /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca"
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback"
};
zone "test.com" IN {
type master;
file "test.com.zone";
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "10.0.0.zone";
};
#vim /var/named/test.com.zone
$TLL 600
test.com. IN SOA ns1.test.com. admin.test.com (
1
1H
5M
1W
1D)
test.com. IN NS ns1.test.com.
IN MX 10 mail
ns1 IN A 10.0.0.3
mail IN A 10.0.0.4
www IN A 10.0.0.2
www IN A 10.0.0.5
ftp IN CNAME www
#vim /var/named/10.0.0.zone
$TLL 600
@ IN SOA ns1.test.com. admin.test.com (
1
1H
5M
1W
1D)
IN NS ns1.test.com.
3 IN PTR ns1.test.com.
4 IN PTR mail.test.com.
2 IN PTR www.test.com.
5 IN PTR www.test.com.
#chmod 640 /var/named/test.com.zone
#chown root:named /var/name/test.com.zone
#named-checkconf
#named-chcekzone "test.com" /var/named/test.com.zone
#name-checkzone "10.0.0.zone" /var/named/10.0.0.zone
#service named restart
3.设置服务器的递归和主从复制选项:
#vim /etc/named.conf
options {
directory "/var/named";
allow recursion {172.16.0.0/16;};
};
zone "." IN {
type hint;
file "named.ca"
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer {none;};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback"
allow-transfer {none;};
};
zone "test.com" IN {
type master;
file "test.com.zone";
allow-transfer {10.0.0.6;};
}
zone "0.0.10.in-addr.arpa" IN {
type master;
file "10.0.0.zone";
allow-transfer {10.0.0.6;};
};
4.创建DNS从服务器:
在从服务器上配置:
#vim /etc/named.conf
options {
directory "/var/named";
allow-recursion {172.16.0.0/16;};
};
zone "." IN {
type hint;
file "named.ca"
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer {none;};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback"
allow-transfer {none;};
};
zone "test.com" IN {
type slave;
master {10.0.0.3;};
file "slaves/test.com.zone";
allow-transfer {none;};
};
zone "0.0.10.in-addr.arpa" IN {
type slave;
master {10.0.0.3;};
file "slaves/10.0.0.zone";
allow-transfer {none;};
};
编辑主服务器上的区域文件:
#vim /var/named/test.com.zone
$TLL 600
test.com. IN SOA ns1.test.com. admin.test.com (
1
1H
5M
1W
1D)
test.com. IN NS ns1.test.com.
IN MX 10 mail
IN NS ns2.test.com.
ns1 IN A 10.0.0.3
mail IN A 10.0.0.4
www IN A 10.0.0.2
www IN A 10.0.0.5
ns2 IN A 10.0.0.6
ftp IN CNAME www
#vim /var/named/10.0.0.zone
$TLL 600
@ IN SOA ns1.test.com. admin.test.com (
1
1H
5M
1W
1D)
IN NS ns1.test.com.
IN NS ns2.test.com.
3 IN PTR ns1.test.com.
4 IN PTR mail.test.com.
2 IN PTR www.test.com.
5 IN PTR www.test.com.
6 IN PTR ns2.test.com.
5.创建转发服务器:
全局转发:
#vim /etc/named.conf
options {
directory "/var/named";
allow recursion {172.16.0.0/16;};
forward first;
forwarder {10.0.1.2;};
};
zone "." IN {
type hint;
file "named.ca"
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer {none;};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback"
allow-transfer {none;};
};
zone "test.com" IN {
type master;
file "test.com.zone";
allow-transfer {10.0.0.6;};
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "10.0.0.zone";
allow-transfer {10.0.0.6;};
};
区域转发:
#vim /etc/named.conf
options {
directory "/var/named";
allow-recursion {172.16.0.0/16;};
};
zone "." IN {
type hint;
file "named.ca"
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer {none;};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback"
allow-transfer {none;};
};
zone "test.com" IN {
type master;
file "test.com.zone";
allow-transfer {10.0.0.6;};
forward first;
forwarder {10.0.1.2;};
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "10.0.0.zone";
allow-transfer {10.0.0.6;};
};
6.视图和ACL:
NET1网段中中客户端访问www.test.com解析为10.0.0.2,其他网段客户端访问解析的地址为192.168.0.2。a.net域中的主机访问www.a.net一律解析为10.0.0.2。
#vim /etc/named.conf
acl NET1 {
172.16.0.0/16;
192.168.100.0/24;
127.0.0.0/8;
};
options {
directory "/var/named";
allow-recursion {NET1;};
};
view NET1{
match-client {NET1;};
zone "test.com" IN {
type master;
file "NET1.test.com.zone"
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "NET1.192.0.0.zone";
};
zone "a.net" IN {
type master;
file "a.net.zone"
};
};
view NET2{
match-client {any;};
zone "test.com" IN {
type master;
file "ANY.test.com.zone"
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "ANY.10.0.0.zone";
};
zone "a.net" IN {
type master;
file "a.net.zone"
};
};
zone "." IN {
type hint;
file "named.ca"
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer {none;};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback"
allow-transfer {none;};
};
#vim NET1.test.com.zone
$TLL 86400
$ORIGIN test.com.
@ IN SOA ns1.test.com. admin.test.com.(
1
1D
15M
1W
1D
)
IN NS ns1.test.com.
IN NS ns2.test.com.
IN MX 10 mail.test.com.
ns1 IN A 10.0.0.3
ns2 IN A 10.0.0.6
www IN A 10.0.0.2
www IN A 10.0.0.5
mail IN A 10.0.0.4
ftp IN CNAME www
#vim ANY.test.com.zone
$TLL 86400
$ORIGIN test.com.
@ IN SOA ns1.test.com. admin.test.com.(
1
1D
15M
1W
1D
)
IN NS ns1.test.com.
IN NS ns2.test.com.
IN MX 10 mail.test.com.
ns1 IN A 10.0.0.3
ns2 IN A 10.0.0.6
www IN A 192.168.0.2
www IN A 192.168.0.5
mail IN A 10.0.0.4
ftp IN CNAME www
#vim a.net.zone
$TLL 86400
$ORIGIN a.net.
@ IN SOA ns1.a.net. admin.a.net.(
1
1D
15M
1W
1D
)
IN NS ns1.a.net
ns1 IN A 10.0.0.3
www IN A 10.0.0.2
/etc/rndc.key
Remote Name Domain Controller 远程域名控制器。
让rndc能够正常工作的密钥文件。
/etc/rndc.conf
rndc工具的配置信息。
/var/named/*
区域数据文件,由管理员自行定义。
name.ca
13个根DNS服务器的地址,若没有此文件可以通过dig命令来生成。
name.localhost
专门将localhost解析为127.0.0.1
name.loopback
专门将loopback解析为127.0.0.1
/etc/rc.d/init.d/named
服务脚本,支持start|stop|status|restart|reload|try-restart|force-reload
主程序:
/usr/sbin/named
监听的端口:
TCP 53端口 主从复制时使用,保证数据完整性。
UTP 53端口 查询请求时使用,速度快。
TCP 953端口 rndc工具监听端口。
日志:
/var/log/message
工具:
/usr/sbin/named-checkconf 检查配置文件
/usr/sbin/named-checkzone 检查区域文件
/usr/sbin/named-compliezone 将区域文件编译为其他格式
/usr/sbin/named-journalprint
/usr/sbin/rndc 远程控制工具
/usr/sbin/rndc-confgen
rndc工具的配置文件生成器,生成/etc/rndc.conf文件。
DNS子域授权:
正向区域:
SUB_ZONE_NAME IN NS SUB_ZONE_DNS_NMAE
SUB_ZONE_DNS_NMAE IN A SUB_DNS_IP
反向区域:
例如:
有域为.com
test.com为子域。
DNS服务器如下:
ns1.test.com 10.0.0.3
ns2.test.com 10.0.0.4
其中有:fi、market、it3个子域,各部门中的DNS服务器如下:
ns1.fi.test.com 172.16.0.2
ns2.fi.test.com 172.16.0.5
ns1.market.test.com 172.16.0.3
ns2.market.test.com 172.16.0.6
ns1.it.test.com 172.16.0.4
ns2.it.test.com 172.16.0.7
在.com上:
正向区域:
test.com. IN NS ns1.test.com.
test.com. IN NS ns2.test.com.;
ns1.test.com. IN A 10.0.0.3
ns2.test.com. IN A 10.0.0.4
在test.com上:
正向区域:
fi.test.com. IN NS ns1.fi.test.com.
fi.test.com. IN NS ns2.fi.test.com.
ns1.fi.test.com. IN A 172.16.0.2
ns2.fi.test.com. IN A 172.16.0.5
market.test.cfom. IN NS ns1.market.test.com.
market.test.cfom. IN NS ns2.market.test.com.
ns1.market.test.com. IN A 172.16.0.3
ns1.market.test.com. IN A 172.16.0.6
it.test.com. IN NS ns1.it.test.com.
it.test.com. IN NS ns2.it.test.com.
ns1.it.test.com. IN A 172.16.0.4
ns1.it.test.com. IN A 172.16.0.7
#vim /var/named/test.com.zone
$TLL 600
test.com. IN SOA ns1.test.com. admin.test.com (
1
1H
5M
1W
1D)
test.com. IN NS ns1.test.com.
IN MX 10 mail
IN NS ns2.test.com.
ns1 IN A 10.0.0.3
mail IN A 10.0.0.4
www IN A 10.0.0.2
www IN A 10.0.0.5
ns2 IN A 10.0.0.6
ftp IN CNAME www
fi IN NS ns1.fi
ns1.fi IN A 172.16.0.2
market IN NS ns1.market
ns1.market IN A 172.16.0.3
it IN NS ns1.it
ns1.it IN A 172.16.0.4
#vim /var/named/10.0.0.zone
$TLL 600
@ IN SOA ns1.test.com. admin.test.com (
1
1H
5M
1W
1D)
IN NS ns1.test.com.
IN NS ns2.test.com.
3 IN PTR ns1.test.com.
4 IN PTR mail.test.com.
2 IN PTR www.test.com.
5 IN PTR www.test.com.
6 IN PTR ns2.test.com.
win:
nsloolup
server IP 指定DNS服务器
set q=A 指定资源记录类型
本文出自 “小私的blog” 博客,请务必保留此出处http://ggvylf.blog.51cto.com/784661/1626446
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。