Linux bind9配置
Linux下配置DNS服务器: 域名软件 : bind # berkely internet name domain bind: /etc/named.conf : root : named /var/named/ : 工作目录 配置文件: /etc/named.conf options { #全局配置 directory "/var/named"; }; zone "." IN { type hint; #( master -> 住 slave -> 从缓存 foward -> 转发器) file "named.ca" }; zone "localhost" IN { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; }; dig -t NS . >> named.ca # 存放在/var/named/目录下 """ 配置格式: 宏定义: $TTS $ORIGIN SOA: demo.com.(域) 600(TTS值) IN(关键字) SOA(类型) ns.demo.com.(主DNS服务器域名) admin.demo.com.(邮箱) ( 2014081201 # 版本号 20M # 每隔20分钟检查 5M # 访问主DNS 没有相应,再每隔5分钟请求 5D # 5天后没有相应宣布失败 1D # 没有记录的请求让请求者缓存1day之内不要再过来问了(否定回答) ) NS: demo.com. 600 IN NS ns1.demo.com. demo.com. 600 IN NS ns2.demo.com. ns1.demo.com. 600 IN A 1.1.1.1 ns2.demo.com. 600 IN A 1.1.1.2 MX: demo.com. 600 IN MX 10 mail.demo.com. mail.demo.com. 600 IN A 1.1.1.3 """ localhost.zone 文件配置(/etc/named/localhost.zone) ‘‘‘# (与/etc/named.conf localhost对应) $TTS 600 localhost. IN SOA localhost. admin.localhost.( 2014081201 1H 10M 1W 1D ) IN NS localhost. localhost. IN A 127.0.0.1 name.local 文件配置(/etc/named/name.local 反向解析文件) ‘‘‘ $TTS 600 @ IN SOA localhost. admin.localhost( 2014081201 10H 10M 1w 1D ) localhost. IN NS localhost. 1 IN PTR localhost. 为特殊的域添加DNS解析 1.编辑/etc/named.conf文件 添加一段 zone "demo.com" IN { type master; file "/var/named/demo.com.zone"; }; 2.编辑/var/named/demo.com.zone文件 $TTS 600 $ORIGIN demo.com. @ IN SOA ns admin.demo.com. ( 2014081201 1H 10M 1W 1D ) @ IN NS ns.demo.com. IN MX 10 mail ns IN A 1.1.1.1 mail IN A 1.1.1.2 www IN A 1.1.1.3 ftp IN A 1.1.1.4 imap IN A 1.1.1.3 pop IN CNAME mail 检查配置文件 1.named-checkzone "zone" zone-file 2.service named configtest 3.dig -t axfr domain.com #返回所有区域传送数据 Client ----> DNS Server /etc/resolv.conf nameserver SERVER local cache --> /etc/hosts --> DNS Server (luowen.com) DNS Server 1.如果查询请求是本机负责的区域的话,要通过查询区域数据文件返回结果 2.如果查询请求不是本机负责的区域的话,就查缓存 3.如果缓存没有,则向根发起请求 DNS类型: 1.主DNS:(某个区域第一台DNS解析etc:luowen.com) 2.辅助DNS:(提供与主DNS同样的服务DNS服务器,每个一段时间去主服务器获取最新数据) 3.hint 根服务 4.forward 转发服务器 ‘‘‘ zone ‘forward.com‘ IN{ type forward; forwarders { 1.1.1.1;}; }; ‘‘‘ 转发类型: 1.first : 转发机器没搭理,自己去找根 2.only : 转发机器没代理,自己啥也不干了 DNS远程控制器: # /etc/bind9/rndc.conf rndc: 1.stop 2.status 3.start 4.reload 5.freeze 配置rndc : 1.rndc-confgen >> /etc/bind/rndc.conf # 生成rndc文件,默认没有此文件 2.将一下段加到naned.conf(完成) key "rndc-key" { algorithm hmac-md5; secret "mEhP3esUPzvZZVk1RfUuEg=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; 3.rndc常用命令: 1.start # 开始服务 2.stop # 停止服务 3.reload # 重新加载 4.reload zone # 重新加载zone快 5.reconfig # 重新加载修改该过的配置 6.status # 状态信息 添加统计信息,在named.conf options段添加statstic-file "/var/named/data/stats" ,如需监听指定IP段 添加 listen-on { ip1; ip2; }; 7.flush # 清空缓存 从DNS服务器配置: 1.另外一台服务器和当前服务器一样配置:不同处如下: zone ‘主域服务器zone‘ IN { type slave; masters { 192.168.1.109; }; file "/var/named/slave/主域服务器.zone"; }; 2.allow-transfer { ip; } # 只允许ip主机来主DNS那到数据,定义options段表示所有域,定义在zone段,就表示一个区域生效 3.访问列表: #定义在options段前 acl SLAVES-OUR { 127.0.0.1; 192.168.1.1; 192.168.1.109; } acl SLAVE-CLIENTS { 172.168.0.0/16; }; 4.dns递归配置: 1. recursion no 在options段配置,表示所有不递归 2. allow-recursion { SLAVE-CLIENT } #定义在client中的地址在本机递归解析 DNS子域授权: 1.一级域配置: zone "demo.com" IN {# /etc/name.conf type master; file "/var/named/demo.com.zone"; }; # /var/named/demo.com.zone $TTL 600 $ORIGIN demo.com. IN SOA ns admin.( 2014081601 1H 10M 1W 1D ); IN NS ns ns IN A xxx.xxx.x.x www IN A xxx.x.x.x. it IN NS ns.it ns.it IN A yyy.yyy.y.y 2.二级域配置: zone "it.demo.com" IN { # /etc/it.demo.com type master; file "/var/named/it.demo.zone"; }; } $TTL 600 $ORIGIN it.demo.com. @ IN SOA ns admin. ( 2014081601 1H 10M 1W 1D); @ IN NS ns ns IN A xxx.xx.xx DNS : VIEW (#172.16.xx.解析到172.168.1.1 192.168.xx.xx对应解析到192.158.1.1) 1.配置:/etc/named.conf acl lnet { 172.16.0.0/16; 127.0.0.0/8; }; options { directory "/var/named"; }; view internet{ #内网访问 match-clients { lnet; }; recursion yes; zone "." IN { type hint; file "/var/named/name.ca"; }; zone "localhost" IN { type master; file "/var/named/localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "/var/named/named.local"; }; zone "demo.com" IN { type master; file "/var/named/demo.com.internet.zone"; allow-transfer { none; }; allow-update { noen; }; }; }; view external { match-client { any; }; recursion no; zone "demo.com" IN { type master; file "/var/named/demo.com.external.zone"; allow-transfer { none; }; allow-recursion { none; }; allow-update { none; }; } } 2.配置 /var/named/demo.com.internet.zone $TTL 600 $ORIGIN demo.com. IN SOA ns admin.demo.com.( 2014081701 1H 10M 1W 1D ); IN NS ns ns IN A 172.16.0.254 www IN A 172.16.1.1 配置/var/named/demo.com.external.zone $TTL 600 $ORIGIN demo.com. IN SOA ns admin.demo.com.( 2014081701 1H 10M 1W 1D ); IN NS ns ns IN A 172.16.1.254 ;同一台服务器两块网卡 www IN A 192.168.1.1 编译安装bind: 1.下载安装包,解压后 ./configure --sysconfdir=/etc --disable-ipv6 --enable-largefile --enable-thread=no --prefix=/usr/local/named --disable-openssl-version-check --localstatedir=/var
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。