安装 BIND 软件包
1. 安装
2. 配置
代码语言:javascript复制下面的例子是以公网IP(172.16.0.80/29),局域网IP(192.168.0.0/24),域名(wscon.cn)作说明。在配置你自己的服务器时,请使用你自己的IP和域名。
# vim /etc/named.conf
options {
directory "/var/named";
# query range
allow-query { localhost; 192.168.0.0/24; };
# transfer range
allow-transfer { localhost; 192.168.0.0/24; };
# recursion range
allow-recursion { localhost; 192.168.0.0/24; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
# here is the section for internal informations
vimew "internal" {
match-clients {
localhost;
192.168.0.0/24;
};
zone "." IN {
type hint;
file "named.ca";
};
# set zones for internal
zone "wscon.cn" IN {
type master;
file "wscon.cn.lan";
allow-update { none; };
};
# set zones for internal
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.db";
allow-update { none; };
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
};
vimew "external" {
match-clients {
any;
};
zone "." IN {
type hint;
file "named.ca";
};
# set zones for external
zone "wscon.cn" IN {
type master;
file "wscon.cn.wan";
allow-update { none; };
};
# set zones for external *note
zone "80.0.16.172.in-addr.arpa" IN {
type master;
file "80.0.16.172.db";
allow-update { none; };
};
};
include "/etc/rndc.key";
# *note : For How to write for reverse resolvimng, Write network address reversely like below.
the case for 192.168.0.0/24
network address? 192.168.0.0
range of network? 192.168.0.0 - 192.168.0.255
how to write? 0.168.192.in-addr.arpa
case of 172.16.0.80/29
network address? 172.16.0.80
range of network? 172.16.0.80 - 172.16.0.87
how to write? 80.0.16.172.in-addr.arp
设置Zones
创建zone文件以便服务器能解析域名IP。
1、内部zone文件
- 这个例子使用的是内网地址(192.168.0.0/24),域名(wscon.cn),请根据自己的具体情况配置。
# vim /var/named/wscon.cn.lan
$TTL 86400
@ IN SOA ns.wscon.cn. root.wscon.cn. (
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define name server
IN NS ns.wscon.cn.
# internal IP address of name server
IN A 192.168.0.17
# define mail exchanger
IN MX 10 ns.wscon.cn.
# define IP address and hostname
ns IN A 192.168.0.17
2、外部zone文件
- 这个例子使用的是外网地址(172.16.0.80/29),域名(wscon.cn),请替换成自己的。
<pre class="prism-highlight prism-language-bash"># vim /var/named/wscon.cn.wan
$TTL 86400
@ IN SOA ns.wscon.cn. root.wscon.cn. (
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define name server
IN NS ns.wscon.cn.
# external IP address of name server
IN A 172.16.0.82
# define Mail exchanger
IN MX 10 ns.wscon.cn.
# define IP address and hostname
ns IN A 172.16.0.82
- 创建zone文件使服务器能够反向解析IP到域名。
3、内部zone文件
- 这个例子使用的是内网地址(192.168.0.0/24),域名(wscon.cn),请使用自己的设置替换。
# vim /var/named/0.168.192.db
$TTL 86400
@ IN SOA ns.wscon.cn. root.wscon.cn. (
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define name server
IN NS ns.wscon.cn.
# define range that this domain name in
IN PTR wscon.cn.
# define IP address and hostname
IN A 255.255.255.0
17 IN PTR ns.wscon.cn.
4、外部zone文件
- 这例子使用外网地址(172.16.0.80/29),域名(wscon.cn),请替换成自己的。
# vim /var/named/80.0.16.172.db
$TTL 86400
@ IN SOA ns.wscon.cn. root.wscon.cn. (
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define name server
IN NS ns.wscon.cn.
# define range that this domain name in
IN PTR wscon.cn.
# define IP address and hostname
IN A 255.255.255.248
82 IN PTR ns.wscon.cn.
启动BIND
1、完成BIND的配置后,在启动named之前,还需要建立chroot环境。
代码语言:javascript复制# yum -y install bind-chroot
# /etc/rc.d/init.d/named start
# systemctl enable named
2、操作检验
- 确认服务器已经正确解析域名或IP地址。
<pre class="prism-highlight prism-language-markup"># dig ns.wscon.cn.
; <<>> DiG 9.3.4 <<>> ns.wscon.cn.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54592
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.wscon.cn. IN A
;; ANSWER SECTION:
ns.wscon.cn. 86400 IN A 192.168.0.17
;; AUTHORITY SECTION:
wscon.cn. 86400 IN NS ns.wscon.cn.
;; Query time: 0 msec
;; SERVER: 192.168.0.17#53(192.168.0.17)
;; WHEN: Thu Mar 8 19:35:19 2007
;; MSG SIZE rcvd: 68
# dig -x 192.168.0.17
; <<>> DiG 9.3.4 <<>> -x 192.168.0.17
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45743
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;17.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
17.0.168.192.in-addr.arpa. 86400 IN PTR ns.wscon.cn.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400 IN NS ns.wscon.cn.
;; ADDITIONAL SECTION:
ns.wscon.cn. 86400 IN A 192.168.0.17
;; Query time: 0 msec
;; SERVER: 192.168.0.17#53(192.168.0.17)
;; WHEN: Thu Mar 8 19:37:50 2007
;; MSG SIZE rcvd: 107
配置从DNS服务器比较简单。下面的例子主DNS是“ns.wscon.cn”,从DNS是“ns.example.info”。
1、在主DNS服务器的zone文件作如下配置
代码语言:javascript复制# vim /var/named/wscon.cn.wan
$TTL 86400
@ IN SOA ns.wscon.cn. root.wscon.cn. (
# update serial
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns.wscon.cn.
# add name server
IN NS ns.example.info.
IN A 172.16.0.82
IN MX 10 ns.wscon.cn.
ns IN A 172.16.0.82
# rndc reload
server reload successful
2、配置从DNS服务器
代码语言:javascript复制# vim /etc/named.conf
# add these lines below
zone "wscon.cn" IN {
type slave;
masters { 172.16.0.82; };
file "slaves/wscon.cn.wan";
};
# rndc reload
server reload successful
# ls /var/named/slaves
wscon.cn.wan # zone file in master DNS has been just transfered
代码语言:javascript复制设置别名记录,如果你想为你的主机设置另一个名称,在zone文件定义CNAME记录
<pre class="prism-highlight prism-language-bash"># vim /var/named/server-Linux.info.wan
$TTL 86400
@ IN SOA ns.server-linux.info. root.server-linux.info. (
# update serial
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns.server-linux.info.
IN A 172.16.0.82
IN MX 10 ns.server-linux.info.
ns IN A 172.16.0.82
# aliase IN CNAME server's name
ftp IN CNAME ns.server-linux.info.
# rndc reload
server reload successful
