- 全局配置文件:/etc/named.conf
//单行注释类型
/*
多行注释
*/
//声明控制通道
key "rndc-key" {
algorithm hmac-md5;
secret "yHW3rkDu5RGTeYdnZB8E+A==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
//声明全局配置
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; }; //允许所有主机查询
#allow-transfer {192.168.1.3} //配置区域传送主机,主要用于主备数据同步。
recursion yes; //启用递归
dnssec-enable no; //关闭dns安全扩展
dnssec-validation no; //关闭dns安全扩展
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
include "/etc/crypto-policies/back-ends/bind.config";
forwarders { 8.8.8.8; }; //配置转发服务器地址
forward first; //only表示转发查询,first表示先进行转发,如果没查询到结果则向外迭代查询
};
//指明日志记录
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//指明区域信息
zone "." IN { //域定义格式
type hint; //[hint|master|slave|forward] 根、主、从、转发
file "named.ca"; //自定义解析域文件名称
};
//包含另一个文件的配置
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
- 区域配置文件:/etc/named.rfc1912.zones
//正向区域
zone "www.qitu.com" IN {
type master;
file "qitu.zone";
};
//反向区域
zone "31.168.192.in-addr.arpa" IN {
type master;
file "192.168.31.zone";
};
- 区域数据文件:/var/named/qitu.zone
$TTL 1D
@ IN SOA qitu.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.qitu.com //DNS服务器地址
A 127.0.0.1
AAAA ::1
www A 192.168.31.103 //www的域名正向解析的地址