-
BIND的安装配置:
dns服务,程序包名bind,程序名named
-
程序包:
Bind—-主程序包
bind-libs—库文件
bind-utils—测试程序包
bind-chroot.x86_64—安全沙盒 —-一般测试不建议使用
bind-chroot: /var/named/chroot/ 圈禁在一个小范围里。
bind-lite-devel.i686 –开发环境
bind-lite-devel.x86_64 –开发环境
bind-sdb.x86_64 -数据库组件 把解析库放在非文件中,数据库中
bind-sdb-chroot.x86_64 –数据库安全组件
bind-dyndb-ldap.x86_64 -数据库组件
-
bind应用程序:
-
服务脚本:/etc/rc.d/init.d/named
-
主配置文件:/etc/named.conf, /etc/named.rfc1912.zones, /etc/rndc.key
-
/etc/named.conf, 主配置文件—切片了—–〉/etc/named.rfc1912.zones中
-
-
rndc: remote name domain controller,默认与bind安装在同一主机,且只能通过127.0.0.1来连接named进程;提供辅助性的管理功能;
-
953/tcp
主配置文件:
-
全局配置:options {}
-
日志子系统配置:logging {}
-
区域定义:本机能够为哪些zone进行解析,就要定义哪些zone;
zone “ZONE_NAME” IN {}
-
注意:任何服务程序如果期望其能够通过网络被其它主机访问,至少应该监听在一个能与外部主机通信的IP地址上;
-
缓存名称服务器的配置:监听外部地址即可;
-
dnssec: 建议测试时关闭dnssec;
-
解析库文件:/var/named/ZONE_NAME.ZONE
-
注意:
-
一台物理服务器可同时为多个区域提供解析;
-
必须要有根区域文件;named.ca
-
应该有两个(如果包括ipv6的,应该更多)实现localhost和本地回环地址的解析库;
-
-
配置缓存DNS服务器
-
备份配置文件
-
[root@repo etc]# cp /etc/named.conf{,.bak} -av
`/etc/named.conf’ -> `/etc/named.conf.bak’
[root@repo etc]# cat /etc/named.conf.bak
-
修改配置文件
[root@repo etc]# vim /etc/named.conf
listen-on port 53 { 172.16.31.125; };
allow-query { any; };
-
[root@repo etc]# named-checkconf 检查配置文件是否正确无返回说明正确
-
重新载入配置文件
-
检查端口监听是否正常
[root@repo etc]# ss –tunl
-
测试解析正常
-
主DNS名称服务器:
-
在主配置文件中定义区域
-
zone “ZONE_NAME” IN {
type {master|slave|hint|forward};
file “ZONE_NAME.zone”;
};
[root@repo etc]# vim /etc/named.rfc1912.zones
zone “cpe.com” IN {
type master;
file “cpe.com.zone“;
};
“ZONE_NAME” 区域名称(日后区域解析库@会调用它)
Type:master主服务器
file “cpe.com.zone“; 区域解析库文件
-
定义区域解析库文件
[root@repo etc]# vim /var/named/cep.com.zone
$TTL 86400
$ORIGIN cpe.com.
@ IN SOA cpe.com. admin.cpe.com (
2016021601
1H
5M
1W
1D
)
IN NS ns1
IN NS ns2
IN MX 20 mx1
IN MX 10 mx2
ns1 IN A 172.16.31.125
ns2 IN A 172.16.31.124
mx1 IN A 172.16.31.125
mx2 IN A 172.16.31.124
www IN A 172.16.31.124
www IN A 172.16.31.125
* IN A 172.16.31.124
ftp IN CNAME www
cpe.com. IN A 172.16.31.124
-
检查配置文件是否正确
[root@repo etc]# named-checkconf
[root@repo etc]# named-checkzone “cpe.com” /var/named/cep.com.zone
zone cpe.com/IN: loaded serial 2016021601
OK
-
重新载入配置文件
[root@repo etc]# service named reload
Reloading named: [ OK ]
-
测试配置
[root@repo named]# dig -t NS cpe.com @172.16.31.125
[root@repo named]# dig -t MX cpe.com
[root@repo named]# dig -t axfr cpe.com
-
出现的内容:
-
宏定义;$TTL 86400 $ORIGIN cpe.com.
-
资源记录;
-
示例:
$TTL 86400
$ORIGIN magedu.com.
@ IN SOA ns1.magedu.com. admin.magedu.com (
2015042201
1H
5M
7D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 172.16.100.11
ns2 IN A 172.16.100.12
mx1 IN A 172.16.100.13
mx2 IN A 172.16.100.14
www IN A 172.16.100.11
www IN A 172.16.100.12
ftp IN CNAME www
-
反向区域:
区域名称:网络地址反写.in-addr.arpa.172.16.100. –> 100.16.172.in-addr.arpa.
-
定义区域
zone “ZONE_NAME” IN {
type {master|slave|forward};
file “网络地址.zone”
};
[root@repo named]# vim /etc/named.rfc1912.zones
zone “31.16.172.in-addr.arpa” IN {
type master;
file “31.16.172.zone”;
};
-
区域解析库文件
注意:不需要MX和A,以及AAAA记录;以PTR记录为主;
示例:
$TTL 86400
$ORIGIN 100.16.172.in-addr.arpa.
@ IN SOA ns1.magedu.com. admin.magedu.com. (
2015042201
1H
5M
7D
1D )
IN NS ns1.magedu.com.
IN NS ns2.magedu.com.
11 IN PTR ns1.magedu.com.
11 IN PTR www.magedu.com.
12 IN PTR mx1.magedu.com.
12 IN PTR www.magedu.com.
13 IN PTR mx2.magedu.com.
[root@repo named]# vim /var/named/31.16.172.zone
$TTL 86400
$ORIGIN 31.16.172.in-addr.arpa.
@ IN SOA cpe.com. admin.cpe.com (
2016021601
1H
5M
1W
1D
)
IN NS ns1.cpe.com.
IN NS ns2.cpe.com.
125 IN PTR ns1.cpe.com.
124 IN PTR ns2.cpe.com.
125 IN PTR mx1.cpe.com.
124 IN PTR mx2.cpe.com.
125 IN PTR www.cpe.com.
125 IN PTR www.cpe.com.
-
测试配置文件
-
[root@repo named]# named-checkconf
没有反馈说明配置文件正确
-
[root@repo ~]# named-checkzone “31.16.172.in-addr.arpa.” /var/named/31.16.172.zone
-
zone 31.16.172.in-addr.arpa/IN: loaded serial 2016021601
-
OK
-
-
重载配置文件
[root@repo ~]# rndc reload
server reload successful
[root@repo ~]# rnds status
-bash: rnds: command not found
[root@repo ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6
CPUs found: 4
worker threads: 4
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@repo ~]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@repo ~]# service named reload
Reloading named: [ OK ]
-
测试解析
[root@repo ~]# dig -x 172.16.31.124 @172.16.31.125
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 172.16.31.124 @172.16.31.125
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2753
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;124.31.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
124.31.16.172.in-addr.arpa. 86400 IN PTR ns2.cpe.com.
124.31.16.172.in-addr.arpa. 86400 IN PTR mx2.cpe.com.
;; AUTHORITY SECTION:
31.16.172.in-addr.arpa. 86400 IN NS ns2.cpe.com.
;; ADDITIONAL SECTION:
ns2.cpe.com. 86400 IN A 172.16.31.124
;; Query time: 0 msec
;; SERVER: 172.16.31.125#53(172.16.31.125)
;; WHEN: Fri Feb 17 10:55:44 2017
;; MSG SIZE rcvd: 117
[root@repo ~]# host -t ptr 172.16.31.125
125.31.16.172.in-addr.arpa domain name pointer ns1.cpe.com.
125.31.16.172.in-addr.arpa domain name pointer mx1.cpe.com.
125.31.16.172.in-addr.arpa domain name pointer www.cpe.com.
-
修改区域库文件权限,安全考虑
[root@repo named]#chmod 640 cpe.zone 31.16.172.zone
[root@repo named]#chown :named cpe.zone 31.16.172.zone
[root@repo named]# ls /var/named/ -l
total 36
-rw-r—– 1 root named 310 Feb 17 10:59 31.16.172.zone
-rw-r—– 1 root named 364 Feb 17 10:28 cpe.zone
drwxrwx— 2 named named 4096 May 11 2016 data
drwxrwx— 2 named named 4096 May 11 2016 dynamic
-rw-r—– 1 root named 3171 Jan 11 2016 named.ca
-rw-r—– 1 root named 152 Dec 15 2009 named.empty
-rw-r—– 1 root named 152 Jun 21 2007 named.localhost
-rw-r—– 1 root named 168 Dec 15 2009 named.loopback
drwxrwx— 2 named named 4096 May 11 2016 slaves