一、 安装
1
2 3 |
apt-get install bind9
apt-get install bind9-host dnsutils apt-get install bind9-doc |
二、修改本机配置
我们要事先把Debian机器的DNS指向它自己。修改/etc/resolv.conf,修改成:
#DNS of test111.com
nameserver 192.168.10.2
192.168.10.2为DNS服务器IP地址。
三、配置
1,域名解析
这里以将 test111.com解析到192.168.10.2为例:
1
2 |
cd
/etc
/
bind
vim named.conf.local |
增加正向解析和反向解析区域(zone):
1
2 3 4 5 6 7 8 9 |
zone
"test111.com"
{
type master ; file "/etc/bind/db.test111.com" ; } ; zone "168.192.in-addr.arpa" { type master ; file "/etc/bind/db.192.168" ; } ; |
1.1正向解析:db.test111.com内容如下:
1
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
$TTL
604800
@ IN SOA test111.com. admin.test111.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.test111.com. @ IN A 192.168.10.2 ns IN A 192.168.10.2 www IN CNAME @ ftp IN CNAME @ proxy IN CNAME @ blog IN CNAME @ test IN CNAME @ mysql IN CNAME @ * IN A 192.168.10.2 |
这里指定了域test111.com的dns服务器为ns.test111.com. 即为本机。因为下面的正向解析记录的A记录将它解析到了本机了。
并且添加了好几个CNAME(别名)记录,都指向192.168.10.2 。
最后添加泛解析支持,所有对*.test111.com的請求都会被解析到192.168.10.2 。
1.2反向解析:db.192.168内容如下:
1
2 3 4 5 6 7 8 9 10 |
$TTL
604800
@ IN SOA test111.com. admin.test111.com. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.test111.com. 2.1 IN PTR test111.com. |
这里的反向解析很简单,就是将192.168.10.2指向test111.com
2.配置cache(缓存)dns服务器
1
|
vim named.conf.options
|
去掉其中几个注释符号(//) ,添加你所在网络的ISP (internet 信息服务提供商)的DNS 。最后内容如下:
1
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
options
{
directory "/var/cache/bind" ; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/ 800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all- 0's placeholder. forwarders { 218.2.135.1 ; 202.102.24.35 ; 61.147.37.1 ; } ; auth-nxdomain no ; # conform to RFC1035 listen-on-v6 { any ; }; } ; |