Bind简介
Bind(Berkeley Internet Name Domain Service),是一款实现DNS服务器的开放源码软件,够提供双向解析,转发,子域授权,view等功能,是使用最为广泛的DNS服务器软件;bind的配置文件分两部分: bind配置文件 和zone配置文件;
官网下载bind包Downloads - ISC
下载编译Bind9.18.7
代码语言:javascript复制#下载bind-9.18.7
wget -P /opt https://ftp.isc.org/isc/bind9/9.18.7/bind-9.18.7.tar.xz
#创建bind用户和组
groupadd -r -g 53 named
useradd -r -u 53 -g 53 named
#解压并编译 bind-9.18.7
tar -xf bind-9.18.7.tar.xz
cd bind-9.18.7/
./configure --prefix=/usr/local/bind9 -sysconfdir=/etc/named/ --disable-chroot --disable-doh
make &&make install编译安装libuv
代码语言:javascript复制wget https://dist.libuv.org/dist/v1.38.0/libuv-v1.38.0.tar.gz
tar -zxvf v1.38.0.tar.gz
cd libuv-1.38.0
sh autogen.sh
./configure
make
make install
#默认安装到/usr/local/lib目录下环境变量
代码语言:javascript复制vim /etc/profile
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
source /etc/profile
pkg-config --list-all | grep libuv
Bind9基础配置
代码语言:javascript复制1、将bind9下配置文件加入PATH中
vim /etc/profile.d/named.sh
export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH
. /etc/profile.d/named.sh
2、导出库文件搜索路径
vim /etc/ld.so.conf.d/named.conf
/usr/local/bind9/lib
ldconfig -v
3、导出头文件搜索路径
ln -sv /usr/local/bind9/include /usr/include/named
"/usr/include/named" -> "/usr/local/bind9/include"
4、导出帮助文档搜索路径
$ vim /etc/man.config
MANPATH /usr/local/bind9/share/manBind9配置文件
1,Bind9主配置
vim /etc/named/named.conf
代码语言:javascript复制options {
listen-on port 53 { 192.168.100.161; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-validation no;
forward first;
forwarders {
114.114.114.114;
};
};
logging {
channel queries_log {
file "data/named.run" versions 3 size 30m; # 日志文件每30MB切割一次
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel query-errors_log {
file "data/query-errors.run" versions 5 size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
category queries { queries_log; };
category resolver { queries_log; };
category query-errors {query-errors_log; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named/named.rfc1912.zones";2,rndc配置
rndc是一个管理程序,可以用它来刷新配置,停止服务,强制同步等
代码语言:javascript复制rndc-confgen > /etc/named/rndc.conf打开rndc.conf文件,找到# Use with the following in named.conf, adjusting the allow list as needed:注释,复制其下所有行到named.conf并放开注释。
vim /etc/named/named.conf
代码语言:javascript复制key "rndc-key" {
algorithm hmac-md5;
secret "m71 oRZ5OonJ/3S7jWqTjg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
listen-on port 53 { 192.168.100.161; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-validation no;
forward first;
forwarders {
114.114.114.114;
};
};
logging {
channel queries_log {
file "data/named.run" versions 3 size 30m; # 日志文件每30MB切割一次
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel query-errors_log {
file "data/query-errors.run" versions 5 size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
category queries { queries_log; };
category resolver { queries_log; };
category query-errors {query-errors_log; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named/named.rfc1912.zones";3,zones 配置
vim /etc/named/named.rfc1912.zones
代码语言:javascript复制zone "zabbix.com" IN {
type master;
file "zabbix.com.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "100.168.192.loopback";
};4,配置zone
4.1,正向解析
vim /var/named/zabbix.com.zone
代码语言:javascript复制$TTL 10M
@ IN SOA kylin.zabbix.com. dnsadmin.zabbix.com. (
1 ;序列号
1H ;1小时后刷新
5M ;15分钟后重试
7D ;1星期后过期
1D );否定缓存TTL为1天
IN NS kylin
kylin IN A 192.168.100.161
kvm-node1 IN A 192.168.100.234
kvm-node2 IN A 192.168.100.235
zbxserver IN CNAME kylin4.2,反向解析
vim /var/named/100.168.192.loopback
代码语言:javascript复制$TTL 10M
@ IN SOA kylin.zabbix.com. dnsadmin.zabbix.com. (
20221015 ; serial
1H ; refresh
5M ; retry
7D ; expire
1D ) ; minimum
IN NS kylin.zabbix.com.
161 IN PTR kylin.zabbix.com.
234 IN PTR kvm-node1.zabbix.com.
235 IN PTR kvm-node2.zabbix.com.SOA记录:start of authority,起始授权机构,用于标示一个区的开始,其格式如下:zone IN SOA Hostname Contact ( SerialNumber Refresh Retry Expire Minimum )
- Hostname 存放本 Zone 的域名服务器的主机名
- Contact 管理域的管理员的邮件地址
- SerialNumber 本区配置数据的序列号,用于从服务器判断何时获取最新的区数据
- Refresh 辅助域名服务器多长时间更新数据库
- Retry 若辅助域名服务器更新数据失败,多长时间再试
- Expire 若辅助域名服务器无法从主服务器上更新数据,原有的数据何时失效
- Minimum 设置被缓存的否定回答的存活时间
5, 根区域配置
编译安装没有named.ca根文件,查询根的结果导入根区域配置文件
代码语言:javascript复制dig -t NS . > /var/named/named.ca6,修改文件属主属组
代码语言:javascript复制chown -R named:named /etc/named
chown -R named:named /var/named7,启动named服务
代码语言:javascript复制#检查配置
named-checkconf /etc/named/named.conf
named-checkconf /etc/named/named.rfc1912.zones
#检查区域文件
named-checkzone zabbix.com /var/named/zabbix.com.zone
named-checkzone 100.168.192.in-addr.arpa /var/named/100.168.192.loopback
#启动named服务
named -u named -c /etc/named/named.conf
#修改zone文件重载配置生效
rndc reload7.1,查看named启动进程端口号
8,dig解析测试
8.1,正向解析测试
代码语言:javascript复制dig kylin.zabbix.com
8.2,反向解析测试
代码语言:javascript复制dig -x 192.168.100.161 short
kylin.zabbix.com.9,使用rndc命令管理bind
rndc使用的是953/tcp端口
rndc参数:
- reload: 重新加载配置文件和所有zone
- reload zonename: 重新加载单个zone
- retransfer zonename: 重新传输单个zone,不检查序列号
- notify zonename: 重新发送zone的通知消息
- reconfig: 重新加载主配置文件
- querylog [ on | off ]: 启用/禁用查询日志记录
- trace: 将调试级别增加1
- trace LEVEL: 修改调试级别
- notrace: 修改调试级别为0
- flush: 清空DNS所有缓存记录
