因为要解决一个bug,需要用到DNS query,选择Bind9.8.0作为DNS Server.
结果发现从网上搜来的zone文件都没办法正确load. 以下是我的简单配置,希望可以节省大家时间。
1. named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};
//zone "100.137.168.192.in-addr.arpa" IN {
//type master;
//file "zone.example.com";
//allow-update { none;};
//};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. zone.example.com
$TTL 1D
$ORIGIN ccnsr.com.
@ IN SOA ccnsr.com. root(
20111220 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.137.100
3. 打开防火墙端口53
iptables -I INPUT -p udp --dport 53 -j ACCEPT
4. 反向查询文件还有点问题,暂时不影响我的工作,待以后补充,先在named.conf中注释掉了。
5. named -g #选择前台运行bind, 有什么错可以及时发现。
次配置nslookup example.com 可以得到正确的ip.