Linux bind9配置

Linux下配置DNS服务器:
    域名软件 : bind # berkely internet name domain

    bind:
        /etc/named.conf : root : named
        /var/named/ : 工作目录

        配置文件:
            /etc/named.conf
                options { #全局配置
                        directory "/var/named";
                    };
                zone "." IN {
                        type hint;  #( master -> 住 slave -> 从缓存 foward -> 转发器)
                        file "named.ca"
                    };
                zone "localhost" IN {
                        type master;
                        file "localhost.zone";
                    };
                zone "0.0.127.in-addr.arpa" IN {
                        type master;
                        file "named.local";
                    };

                dig -t NS . >> named.ca # 存放在/var/named/目录下
"""
配置格式:
            宏定义:
            $TTS
            $ORIGIN
            SOA:
                demo.com.(域) 600(TTS值) IN(关键字) SOA(类型) ns.demo.com.(主DNS服务器域名) admin.demo.com.(邮箱) (
                            2014081201 # 版本号
                            20M # 每隔20分钟检查
                            5M # 访问主DNS 没有相应,再每隔5分钟请求
                            5D # 5天后没有相应宣布失败
                            1D # 没有记录的请求让请求者缓存1day之内不要再过来问了(否定回答)

                        )
            NS:
                demo.com. 600 IN NS ns1.demo.com.
                demo.com. 600 IN NS ns2.demo.com.
                ns1.demo.com. 600 IN A 1.1.1.1
                ns2.demo.com. 600 IN A 1.1.1.2

            MX:
                demo.com. 600 IN MX 10 mail.demo.com.
                mail.demo.com. 600 IN A 1.1.1.3
"""

                localhost.zone 文件配置(/etc/named/localhost.zone)
                ‘‘‘# (与/etc/named.conf localhost对应)
                $TTS 600
                localhost. IN SOA localhost. admin.localhost.(
                    2014081201
                    1H
                    10M
                    1W
                    1D
                )
                    IN NS localhost.
                localhost. IN A 127.0.0.1

                name.local 文件配置(/etc/named/name.local 反向解析文件)
                ‘‘‘
                $TTS 600
                @   IN SOA localhost. admin.localhost(
                            2014081201
                            10H
                            10M
                            1w
                            1D
                        )
                localhost. IN NS localhost.
                1 IN PTR localhost.

            为特殊的域添加DNS解析
                1.编辑/etc/named.conf文件
                    添加一段
                    zone "demo.com" IN {
                                type master;
                                file "/var/named/demo.com.zone";
                            };
                2.编辑/var/named/demo.com.zone文件
                    $TTS 600
                    $ORIGIN demo.com.
                    @       IN SOA ns admin.demo.com. (
                                2014081201
                                1H
                                10M
                                1W
                                1D
                            )
                    @ IN NS ns.demo.com.
                      IN MX 10 mail
                    ns IN A 1.1.1.1
                    mail IN A 1.1.1.2
                    www IN A 1.1.1.3
                    ftp IN A 1.1.1.4
                    imap IN A 1.1.1.3
                    pop IN CNAME mail
                       
            检查配置文件
                1.named-checkzone "zone"  zone-file
                2.service named configtest
                3.dig -t axfr domain.com #返回所有区域传送数据

Client ----> DNS Server
    /etc/resolv.conf
    nameserver SERVER

    local cache --> /etc/hosts --> DNS Server (luowen.com)

    DNS Server
        1.如果查询请求是本机负责的区域的话,要通过查询区域数据文件返回结果
        2.如果查询请求不是本机负责的区域的话,就查缓存
        3.如果缓存没有,则向根发起请求

    DNS类型:
        1.主DNS:(某个区域第一台DNS解析etc:luowen.com)
        2.辅助DNS:(提供与主DNS同样的服务DNS服务器,每个一段时间去主服务器获取最新数据)
        3.hint 根服务
        4.forward 转发服务器
            ‘‘‘
                zone ‘forward.com‘ IN{
                        type forward;
                        forwarders { 1.1.1.1;};
                    };
            ‘‘‘
            转发类型:
                1.first : 转发机器没搭理,自己去找根
                2.only : 转发机器没代理,自己啥也不干了

    DNS远程控制器: # /etc/bind9/rndc.conf
        rndc:
            1.stop
            2.status
            3.start
            4.reload
            5.freeze

    配置rndc :
        1.rndc-confgen >> /etc/bind/rndc.conf # 生成rndc文件,默认没有此文件
        2.将一下段加到naned.conf(完成)
            key "rndc-key" {
                algorithm hmac-md5;
                secret "mEhP3esUPzvZZVk1RfUuEg==";
            };
            options { 
                default-key "rndc-key";
                default-server 127.0.0.1;
                default-port 953;
            };

            3.rndc常用命令:
                1.start # 开始服务
                2.stop  # 停止服务
                3.reload # 重新加载
                4.reload zone # 重新加载zone快
                5.reconfig # 重新加载修改该过的配置
                6.status # 状态信息 添加统计信息,在named.conf options段添加statstic-file "/var/named/data/stats" ,如需监听指定IP段 添加 listen-on { ip1; ip2; };
                7.flush #  清空缓存

        从DNS服务器配置:
            1.另外一台服务器和当前服务器一样配置:不同处如下:
                    zone ‘主域服务器zone‘ IN { 
                                type slave;
                                masters { 192.168.1.109; };
                                file "/var/named/slave/主域服务器.zone";
                            };
            2.allow-transfer { ip; } # 只允许ip主机来主DNS那到数据,定义options段表示所有域,定义在zone段,就表示一个区域生效
            3.访问列表: #定义在options段前
                acl SLAVES-OUR {
                        127.0.0.1;
                        192.168.1.1;
                        192.168.1.109;
                        }
                acl SLAVE-CLIENTS {
                            172.168.0.0/16;
                        };
            4.dns递归配置: 
                1. recursion no 在options段配置,表示所有不递归
                2. allow-recursion { SLAVE-CLIENT } #定义在client中的地址在本机递归解析

        DNS子域授权:
                1.一级域配置:
                    zone "demo.com" IN {# /etc/name.conf
                                type master;
                                file "/var/named/demo.com.zone";
                            };
                    # /var/named/demo.com.zone
                    $TTL 600
                    $ORIGIN demo.com.
                        IN  SOA     ns  admin.(
                                    2014081601
                                    1H
                                    10M
                                    1W
                                    1D
                                );
                        IN  NS  ns
                    ns  IN  A   xxx.xxx.x.x
                    www IN  A   xxx.x.x.x.

                    it   IN  NS  ns.it
                    ns.it   IN  A   yyy.yyy.y.y
            2.二级域配置:
                zone "it.demo.com" IN { # /etc/it.demo.com
                            type master;
                            file "/var/named/it.demo.zone";
                        };
                        }
                $TTL 600
                $ORIGIN it.demo.com.
                @   IN  SOA  ns    admin. (
                        2014081601
                        1H
                        10M
                        1W
                        1D);
                @    IN  NS ns
                ns IN    A   xxx.xx.xx


    DNS : VIEW (#172.16.xx.解析到172.168.1.1 192.168.xx.xx对应解析到192.158.1.1)
            1.配置:/etc/named.conf
                acl lnet {
                        172.16.0.0/16;
                        127.0.0.0/8;
                    };

                options {
                        directory "/var/named";
                    };
                view internet{ #内网访问
                        match-clients { lnet; };
                        recursion yes;
                        zone "." IN {
                                type hint;
                                file "/var/named/name.ca";
                            };
                        zone "localhost" IN {
                                type master;
                                file "/var/named/localhost.zone";
                            };
                        zone "0.0.127.in-addr.arpa" IN {
                                type master;
                                file "/var/named/named.local";
                            };
                        zone "demo.com" IN {
                                type master;
                                file "/var/named/demo.com.internet.zone";
                                allow-transfer { none; };
                                allow-update { noen; };
                            };
                    };

                view external {
                        match-client { any; };
                        recursion no;
                        zone "demo.com" IN {
                                type master;
                                file "/var/named/demo.com.external.zone";
                                allow-transfer { none; };
                                allow-recursion { none; };
                                allow-update { none; };
                            }
                    }

                2.配置 /var/named/demo.com.internet.zone
                    $TTL 600
                    $ORIGIN demo.com.
                        IN  SOA     ns  admin.demo.com.(
                                2014081701
                                1H
                                10M
                                1W
                                1D );
                        IN  NS  ns
                    ns  IN  A   172.16.0.254
                    www IN  A   172.16.1.1

                   配置/var/named/demo.com.external.zone
                    $TTL 600
                    $ORIGIN demo.com.
                        IN  SOA     ns  admin.demo.com.(
                                2014081701
                                1H
                                10M
                                1W
                                1D );
                        IN  NS  ns
                    ns  IN  A   172.16.1.254   ;同一台服务器两块网卡
                    www IN  A   192.168.1.1

    编译安装bind:
        1.下载安装包,解压后
            ./configure --sysconfdir=/etc --disable-ipv6 --enable-largefile --enable-thread=no --prefix=/usr/local/named --disable-openssl-version-check --localstatedir=/var

  

Linux bind9配置,古老的榕树,5-wow.com

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。