DNS服务器类型:
主DNS服务器:负责解析本地客户端请求
辅助DNS服务器:辅助服务器的区域数据都是从主服务器复制而来,其数据都是只读的
缓存服务器:不负责解析,仅为加速,不需要注册
bind详解:
包名:bind
进程:named
协议:dns
使用端口:53(tcp,udp)
相关包:
bind-chroot:将named进程的活动范围限定在chroot目录,保证安全性。
bind-devel:与开发相关的头文件和库文件(编译安装bind时所需)
bind-libs:bind服务器端和客户端都使用到的公共库文件
bind-utils : bind客户端工具
程序文件:/usr/sbin/named
【bind客户端工具】
[root@Centos ~]# rpm -ql bind-utils
/usr/bin/dig #最常用的DNS服务器测试工具
/usr/bin/host #一款轻量级DNS测试工具
/usr/bin/nslookup #DNS查询工具,在众多平台上都有实现(windows上也有)
/usr/bin/nsupdate #更新工具
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz
安装BIND
yum install -y bind bind-utils bind-chroot
主DNS服务器配置:
BIND的配置文件主要有两个位置:
/etc/named.conf --> /var/named/chroot/etc/named.conf ---BIND主配置文件
/var/named/ --> /var/named/chroot/var/named/ ---zone配置文件
BIND配置模板位置
/usr/share/doc/bind*/sample/etc/*
/usr/share/doc/bind*/sample/var/*
主配置文件:named.conf,每个语句都要使用分号结尾;其功能如下:
定义区域
定义各区域的全局配置
定义视图
定义日志
主配置文件named.conf最小配置:
options {
listen-on port 53 { 127.0.0.1; 172.16.1.11; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-query { any; };
recursion yes;
};
#zone "." IN {
# type hint;
# file "named.ca";
#};
zone "centos.com" IN {
type master;
file "centos.com.zone";
};
zone文件配置:
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
IN MX 10 mail.centos.com.
www IN A 172.16.1.11
blog IN A 172.16.1.11
bbs IN A 172.16.1.11
mail IN A 172.16.1.11
配置DNS解析服务器:
/etc/resolve.conf
[root@centos etc]# cat /etc/resolv.conf
nameserver 127.0.0.1
用dig或者host命令验证:
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> www.centos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39295
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;www.centos.com. IN A
;; ANSWER SECTION:
www.centos.com. 86400 IN A 172.16.1.11
;; AUTHORITY SECTION:
centos.com. 86400 IN NS centos.com.
;; ADDITIONAL SECTION:
centos.com. 86400 IN A 127.0.0.1
centos.com. 86400 IN AAAA ::1
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 7 09:08:51 2016
;; MSG SIZE rcvd: 106
[root@centos etc]# host www.centos.com
www.centos.com has address 172.16.1.11
查看BIND的日志文件:
[root@centos etc]# tail -10 /var/log/messages
Jul 7 09:05:08 centos named-sdb[2485]: automatic empty zone: 8.E.F.IP6.ARPA
Jul 7 09:05:08 centos named-sdb[2485]: automatic empty zone: 9.E.F.IP6.ARPA
Jul 7 09:05:08 centos named-sdb[2485]: automatic empty zone: A.E.F.IP6.ARPA
Jul 7 09:05:08 centos named-sdb[2485]: automatic empty zone: B.E.F.IP6.ARPA
Jul 7 09:05:08 centos named-sdb[2485]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jul 7 09:05:08 centos named-sdb[2485]: command channel listening on 127.0.0.1#953
Jul 7 09:05:08 centos named-sdb[2485]: command channel listening on ::1#953
Jul 7 09:05:08 centos named-sdb[2485]: zone centos.com/IN: loaded serial 0
Jul 7 09:05:08 centos named-sdb[2485]: managed-keys-zone ./IN: loaded serial 0
Jul 7 09:05:08 centos named-sdb[2485]: running
辅助DNS服务器配置:
在主服务器named.conf添加监听的主服务器的IP地址:
options {
listen-on port 53 { 127.0.0.1; 172.16.1.11; };
从服务器named.conf:
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-query { any; };
allow-query-cache { any; };
};
zone "centos.com" IN {
type slave;
masters { 172.16.1.11; };
file "slaves/centos.com.zone";
};
注意检查slaves文件夹的所属和权限:
[root@redhat named]# ll
total 36
drwxrwx--- 2 named named 4096 Jul 7 00:14 data
-rw-r----- 1 root named 198 Mar 16 21:17 localdomain.zone
-rw-r----- 1 root named 246 Jul 6 23:29 localhost.zone
-rw-r--r-- 1 root named 60 Jul 7 00:13 my.internal.zone.db
-rw-r----- 1 root named 427 Mar 16 21:17 named.broadcast
-rw-r----- 1 root named 1892 Mar 16 21:17 named.ca
-rw-r----- 1 root named 424 Mar 16 21:17 named.ip6.local
-rw-r----- 1 root named 427 Mar 16 21:17 named.zero
drwxrwx--- 2 named named 4096 Jul 7 12:37 slaves
[root@redhat named]#
zone配置文件会从主DNS服务器同步到辅助DNS服务器
[root@redhat slaves]# ll
total 4
-rw-r--r-- 1 named named 366 Jul 7 12:37 centos.com.zone
缓存服务器:
named.conf配置:
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-query { any; };
allow-query-cache { any; };
forwarders { 172.16.1.11; };
forward only;
};