BIND的安装配置
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了BIND的安装配置相关的知识,希望对你有一定的参考价值。
BIND的安装配置:
dns服务,程序包名bind,程序名named
程序包:
bind
bind-libs
bind-utils
bind-chroot: /var/named/chroot/
bind:
服务脚本:/etc/rc.d/init.d/named
主配置文件:/etc/named.conf, /etc/named.rfc1912.zones, /etc/rndc.key
解析库文件:/var/named/ZONE_NAME.ZONE
注意:
(1) 一台物理服务器可同时为多个区域提供解析;
(2) 必须要有根区域文件;named.ca
(3) 应该有两个(如果包括ipv6的,应该更多)实现localhost和本地回环地址的解析库;
rndc: remote name domain controller,默认与bind安装在同一主机,且只能通过127.0.0.1来连接named进程;提供辅助性的管理功能;
953/tcp
主配置文件:
全局配置:options {}
日志子系统配置:logging {}
区域定义:本机能够为哪些zone进行解析,就要定义哪些zone;
zone "ZONE_NAME" IN {}
注意:任何服务程序如果期望其能够通过网络被其它主机访问,至少应该监听在一个能与外部主机通信的IP地址上;
缓存名称服务器的配置:
监听外部地址即可;
[[email protected] named]# service named restart Stopping named: [ OK ] Starting named: [ OK ]
[[email protected] named]# ss -tunlp | grep :53 udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",3256,512)) udp UNCONN 0 0 ::1:53 :::* users:(("named",3256,513)) udp UNCONN 0 0 :::53552 :::* users:(("oracle",2207,14)) tcp LISTEN 0 3 ::1:53 :::* users:(("named",3256,21)) tcp LISTEN 0 3 127.0.0.1:53 *:* users:(("named",3256,20)) tcp LISTEN 0 128 :::53336 :::* users:(("oracle",2211,10))
dnssec:
建议测试时关闭dnssec;
主DNS名称服务器:
(1) 在主配置文件中定义区域
zone "ZONE_NAME" IN {
type {master|slave|hint|forward};
file "ZONE_NAME.zone";
(2) 定义区域解析库文件
出现的内容:
宏定义;
资源记录;
示例:
$TTL 86400
$ORIGIN magedu.com.
@ IN SOA ns1.magedu.com. admin.magedu.com (
2015042201
1H
5M
7D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 172.16.100.11
ns2 IN A 172.16.100.12
mx1 IN A 172.16.100.13
mx2 IN A 172.16.100.14
www IN A 172.16.100.11
www IN A 172.16.100.12
ftp IN CNAME www
测试命令:dig的使用
dig [-t type] name [@SERVER] [query options]
dig用于测试dns系统,因此,不会查询hosts文件进行解析;
查询选项:
+[no]trace:跟踪解析过程
+[no]recurse:进行递归解析
测试反向解析:
dig -x IP @SERVER
模拟区域传送:
dig -t axfr ZONE_NAME @SERVER
例如:dig -t axfr magedu.com @172.16.100.11
host命令:
host [-t type] name [SERVER]
nslookup命令:
nslookup [-option] [name | -] [server]
交互式模式:
nslookup>
server IP: 指明使用哪个DNS server进行查询;
set q=RR_TYPE: 指明查询的资源记录类型;
NAME: 要查询的名称;
反向区域:
区域名称:网络地址反写.in-addr.arpa.
172.16.100. --> 100.16.172.in-addr.arpa.
(1) 定义区域
zone "ZONE_NAME" IN {
type {master|slave|forward};
file "网络地址.zone"
};
(2) 区域解析库文件
注意:不需要MX和A,以及AAAA记录;以PTR记录为主;
示例:
$TTL 86400
$ORIGIN 100.16.172.in-addr.arpa.
@ IN SOA ns1.magedu.com. admin.magedu.com. (
2015042201
1H
5M
7D
1D )
IN NS ns1.magedu.com.
IN NS ns2.magedu.com.
11 IN PTR ns1.magedu.com.
11 IN PTR www.magedu.com.
12 IN PTR mx1.magedu.com.
12 IN PTR www.magedu.com.
13 IN PTR mx2.magedu.com.
[[email protected] named]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.1
完整的例子如下:前提条件已经安装bind
(1)为了方便测试 关闭一些服务 vim /etc/named.conf
[[email protected] named]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1;192.168.0.111; };
//listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; }; //表示可以查询所有
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
(2)编辑 /etc/named.rfc1912.zones
[[email protected] named]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
(3)在/var/named目录下面添加文件
vim magedu.com.zone
具体内容如下:
[[email protected] named]# vim magedu.com.zone $TTL 86400 $ORIGIN magedu.com. @ IN SOA ns1.magedu.com. admin.magedu.com ( 2015042201 1H 5M 7D 1D ) IN NS ns1 IN NS ns2 IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 172.16.100.11 ns2 IN A 172.16.100.12 mx1 IN A 172.16.100.13 mx2 IN A 172.16.100.14 www IN A 172.16.100.113 www IN A 172.16.100.123 ftp IN CNAME www
(4)检查配置文件是否正确:
[[email protected] named]# named-checkconf [[email protected] named]# [[email protected] named]# named-checkzone "magedu.com" /var/named/magedu.com.zone zone magedu.com/IN: loaded serial 2015042201 OK
(5)解析域名看结果如何?
192.168.0.111为我电脑的ip地址,这里写你自己的ip吧!!!!!!
[[email protected] named]# dig -t A www.magedu.com @192.168.0.111
结果如下:
[[email protected] named]# dig -t A www.magedu.com @192.168.0.111
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.magedu.com @192.168.0.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58333
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 172.16.100.113
www.magedu.com. 86400 IN A 172.16.100.123
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 172.16.100.11
ns2.magedu.com. 86400 IN A 172.16.100.12
;; Query time: 2 msec
;; SERVER: 192.168.0.111#53(192.168.0.111)
;; WHEN: Thu Sep 8 07:20:53 2016
;; MSG SIZE rcvd: 132
结论:dns解析成功
注意dig -t A www.magedu.com @192.168.0.111 与dig -t A www.magedu.com 192.168.0.111 不一样
dig -t A www.magedu.com 192.168.0.111表示通过这个配置文件解析cat /etc/resolv.conf
后面继续写bind主从配置管理,请多多关照!
本文出自 “梁小明的博客” 博客,请务必保留此出处http://7038006.blog.51cto.com/7028006/1850907
以上是关于BIND的安装配置的主要内容,如果未能解决你的问题,请参考以下文章