yum -y install bind bind-utils
options {
listen
-
on port
53
{
10.3
.
13.47
; };
directory
"/var/named"
;
/
/
zone相关文件目录
dump
-
file
"/var/named/data/cache_dump.db"
;
statistics
-
file
"/var/named/data/named_stats.txt"
;
memstatistics
-
file
"/var/named/data/named_mem_stats.txt"
;
allow
-
query {
any
; };
/
/
允许访问的主机
allow
-
notify { none; };
/
/
允许通知到本机更新zone文件的消息,因为是Master,需要关闭别人到本机的通知,以防上恶意通知修改本机记录
recursion yes;
/
/
是否允许递归查询,比如外网的域名解析递归走forwarders解析
forwarders {
/
/
递归查询外网域名使用的DNS服务器
114.114
.
114.114
;
223.6
.
6.6
;
223.5
.
5.5
;
};
max
-
cache
-
ttl
60
;
/
/
最大正常解析缓存时长
max
-
ncache
-
ttl
30
;
/
/
最大异常解析缓存时长
max
-
cache
-
size
500M
;
/
/
最大解析缓存内存空间
clients
-
per
-
query
0
;
/
/
同一解析并发请求用户量,
0
不限制
version none;
/
/
关闭版本号显示,禁止CHAOS bind.version查询到BIND版本,加强安全
hostname none;
/
/
关闭主机名查询
server
-
id
none;
/
/
关闭server
-
id
查询
};
logging {
channel default_debug {
file
"data/named.run"
versions
3
size
100m
;
/
/
日志输出文件,滚动个数,大小
severity debug;
/
/
日志级别
print
-
time yes;
/
/
打印日志时间戳
};
};
/
/
默认区,非本地可解析域名,走默认区通过递归forwarders服务器解析
zone
"."
IN {
type
hint;
file
"named.ca"
;
};
include
"/etc/named.rfc1912.zones"
;
/
/
包含本地域名解析Zone定义
|
options {
listen
-
on port
53
{
10.3
.
13.48
; };
directory
"/var/named"
;
dump
-
file
"/var/named/data/cache_dump.db"
;
statistics
-
file
"/var/named/data/named_stats.txt"
;
memstatistics
-
file
"/var/named/data/named_mem_stats.txt"
;
allow
-
query {
any
; };
allow
-
transfer { none; };
/
/
不允许其它主机从本机拉取AXFR全记录
allow
-
notify {
10.3
.
13.47
; };
/
/
只允许Master到本机的更新通知
recursion yes;
forwarders {
114.114
.
114.114
;
223.6
.
6.6
;
223.5
.
5.5
;
};
max
-
cache
-
ttl
60
;
max
-
ncache
-
ttl
30
;
max
-
cache
-
size
500M
;
clients
-
per
-
query
0
;
version none;
hostname none;
};
logging {
channel default_debug {
file
"data/named.run"
versions
3
size
100m
;
severity debug;
print
-
time yes;
};
};
zone
"."
IN {
type
hint;
file
"named.ca"
;
};
include
"/etc/named.rfc1912.zones"
;
/
/
包含本地域名解析Zone定义
|
zone
"localhost.localdomain"
IN {
/
/
原有localhost Zone定义,不需要不管
type
master;
file
"named.localhost"
;
allow
-
update { none; };
};
zone
"localhost"
IN {
type
master;
file
"named.localhost"
;
allow
-
update { none; };
};
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
type
master;
file
"named.loopback"
;
allow
-
update { none; };
};
zone
"1.0.0.127.in-addr.arpa"
IN {
type
master;
file
"named.loopback"
;
allow
-
update { none; };
};
zone
"tyredis.me"
IN {
type
master;
/
/
Zone类型,master主节点,slave为从节点
file
"tyredis.me.zone"
;
/
/
zone文件,配合directory即为文件绝对路径
allow
-
transfer {
10.3
.
13.48
; };
/
/
允许从节点获取zone文件
allow
-
update { none; };
/
/
不允许任何人为的更新请求,防止DNS欺骗
check
-
names ignore;
/
/
关闭特殊RR记录名称检查,比如带下划线的RR记录 conf_sdk
};
zone
"vmtuyoo.me"
IN {
type
master;
file
"vmtuyoo.me.zone"
;
allow
-
transfer {
10.3
.
13.48
; };
allow
-
update { none; };
check
-
names ignore;
};
zone
"ywdier.com"
IN {
type
master;
file
"ywdier.com.zone"
;
allow
-
transfer {
10.3
.
13.48
; };
allow
-
update { none; };
check
-
names ignore;
};
/
/
如果主节点添加了新的Zone,请务必在从节点添加同样的zone定义,指向的zone文件不需要添加,可自动同步主节点zone文件内容
|
zone
"tyredis.me"
IN {
type
slave;
/
/
定义zone类型为从
file
"slaves/tyredis.me.zone"
;
masters {
10.3
.
13.47
; };
/
/
配置主节点IP
allow
-
update { none; };
check
-
names ignore;
};
zone
"vmtuyoo.me"
IN {
type
slave;
file
"slaves/vmtuyoo.me.zone"
;
masters {
10.3
.
13.47
; };
allow
-
update { none; };
check
-
names ignore;
};
zone
"ywdier.com"
IN {
type
master;
file
"slaves/ywdier.com.zone"
;
masters {
10.3
.
13.47
; };
allow
-
update { none; };
check
-
names ignore;
};
|
例:tyredis.me (添加,修改域名解析修改此文件即可,修改记录内容后,切记给SOA信息的序号更新,可以让从同步检测到变更更新ZONE文件)
$TTL
10
;本ZONE文件解析记录的默认TTL时长
@ IN SOA ns1.tyredis.me. admin.tyredis.me. (
2018041906
; serial 修改ZONE记录后,一定要将此序号加任意数,以保证从可以正常同步更新,否则变动不会更新到从节点
10
; refresh 从节点刷新时间
5
; retry 刷新失败重试的时间
1H
; expire 最长记录过期时间
10
) ; minimum 本地解析记录的最小TTL时长
IN NS ns1
IN NS ns2
A
127.0
.
0.1
AAAA ::
1
ns1 IN A
10.3
.
13.47
ns2 IN A
10.3
.
13.48
mix IN A
10.3
.
0.33
avatar IN A
10.3
.
0.56
img IN A
10.3
.
0.88
conf IN A
10.3
.
0.66
*
IN A
10.3
.
13.47
|
bind安装包下contrib下的queryperf编译安装,queryperf -d names.txt -s 10.3.13.47
[root@HY
-
10
-
3
-
13
-
48
~]$ queryperf
-
d names.txt
-
s
10.3
.
13.47
DNS Query Performance Testing Tool
Version: $
Id
: queryperf.c,v
1.12
2007
/
09
/
05
07
:
36
:
04
marka Exp $
[Status] Processing
input
data
[Status] Sending queries (beginning with
10.3
.
13.47
)
[Status] Testing complete
Statistics:
Parse
input
file
: once
Ended due to: reaching end of
file
Queries sent:
207676
queries
Queries completed:
207676
queries
Queries lost:
0
queries
Queries delayed(?):
0
queries
RTT
max
:
0.230923
sec
RTT
min
:
0.000150
sec
RTT average:
0.000449
sec
RTT std deviation:
0.001708
sec
RTT out of
range
:
0
queries
Percentage completed:
100.00
%
Percentage lost:
0.00
%
Started at: Fri Apr
20
16
:
32
:
07
2018
Finished at: Fri Apr
20
16
:
32
:
13
2018
Ran
for
:
5.697710
seconds
Queries per second:
36449.029522
qps
|