因为单位的 DNS 服务器放在网通,近来网通那边路由有问题,需要配置一台电信的服务器做DNS服务器,因此就在网上搜罗了一些资料,虽然不太完整,但是自己边测边配,弄出来啦,整理出来给大家分享,应该是目前比较完整的Bind教程了:

下载稳定版的bind服务器:
[url]http://ftp.isc.org/isc/bind9/9.2.6/bind-9.2.6.tar.gz[/url]

卸载原来系统自带的bind服务
# rpm -qa|grep bind
# rpm -e --nodeps bind


编译安装BIND
# tar zxvf bind-9.2.6.tar.gz
# cd bind-9.2.6
# ./configure -sysconfdir=/etc/bind
# make
# make install


修改配置文件
# mkdir /etc/bind
# mkdir /var/bind
# vi /etc/bind/named.conf
在named.conf 加入以下内容:
options {
directory "/var/bind";
};

zone "." {
type hint;
file "named.ca";
};


查询根DNS服务器
# dig -t NS .

; <<>> DiG 9.2.6 <<>> -t NS .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39532
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 490301 IN NS H.ROOT-SERVERS.NET.
. 490301 IN NS I.ROOT-SERVERS.NET.
. 490301 IN NS J.ROOT-SERVERS.NET.
. 490301 IN NS K.ROOT-SERVERS.NET.
. 490301 IN NS L.ROOT-SERVERS.NET.
. 490301 IN NS M.ROOT-SERVERS.NET.
. 490301 IN NS A.ROOT-SERVERS.NET.
. 490301 IN NS B.ROOT-SERVERS.NET.
. 490301 IN NS C.ROOT-SERVERS.NET.
. 490301 IN NS D.ROOT-SERVERS.NET.
. 490301 IN NS E.ROOT-SERVERS.NET.
. 490301 IN NS F.ROOT-SERVERS.NET.
. 490301 IN NS G.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 576701 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 576701 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 576701 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 576701 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 576701 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 576701 IN A 192.5.5.241
G.ROOT-SERVERS.NET. 576701 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 576701 IN A 128.63.2.53
I.ROOT-SERVERS.NET. 576701 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 576701 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 576701 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 576701 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 576701 IN A 202.12.27.33

;; Query time: 1 msec
;; SERVER: 127.0.0.1# 53(127.0.0.1)
;; WHEN: Tue Oct 10 23:34:53 2006
;; MSG SIZE rcvd: 436


将跟记录加入到/etc/resolv.conf文件中
# echo "nameserver 192.58.128.30" >/etc/resolv.conf


将跟服务器的信息导入到/var/bind/named.ca文件中
# dig -t NS . >/var/bind/named.ca
# cat /var/bind/named.ca

; <<>> DiG 9.2.6 <<>> -t NS .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15141
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90

;; Query time: 107 msec
;; SERVER: 192.58.128.30# 53(192.58.128.30)
;; WHEN: Tue Oct 10 10:16:47 2006
;; MSG SIZE rcvd: 436

配置rndc
# rndc-confgen >/etc/bind/rndc.conf
# cat -n /etc/bind/rndc.conf

1 # Start of rndc.conf
2 key "rndc-key" {
3 algorithm hmac-md5;
4 secret "6wVd+yM4v80YJuIdp0o+vg==";
5 };
6
7 options {
8 default-key "rndc-key";
9 default-server 127.0.0.1;
10 default-port 953;
11 };
12 # End of rndc.conf
13
14 # Use with the following in named.conf, adjusting the allow list as needed:
15 # key "rndc-key" {
16 # algorithm hmac-md5;
17 # secret "6wVd+yM4v80YJuIdp0o+vg==";
18 # };
19 #
20 # controls {
21 # inet 127.0.0.1 port 953
22 # allow { 127.0.0.1; } keys { "rndc-key"; };
23 # };
24 # End of named.conf

将rndc中的部分记录导入到/etc/bind/named.conf文件中,并修改/etc/bind/named.conf,将导入的配置前面的注释去掉。
# tail +13 /etc/bind/rndc.conf>>/etc/bind/named.conf
# cat /etc/bind/named.conf

options {
directory "/var/bind";
};

zone "." {
type hint;
file "named.ca";
};

key "rndc-key" {
algorithm hmac-md5;
secret "6wVd+yM4v80YJuIdp0o+vg==";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};

检查并重新启动named服务,查看日志文件并检查rndc访问状态
# ps -axu|grep named
# killall named
# ps -axu|grep named
# named
# ps -axu|grep named
# tail /var/log/messages
# rndc status
number of zones: 2
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running

修改/etc/resolv.conf,并使用host命令测试
# echo "nameserver 127.0.0.1" >/etc/resolv.conf
# host [url]www.blueberry.tw[/url]
[url]www.blueberry.tw[/url] has address 222.73.5.135


配置localhost的正向区域
修改/etc/bind/named.conf,插入如下内容
zone "localhost" {
type master;
file "db.local";
};


配置 /var/bind/db.local
$TTL 900
@ IN SOA localhost. root (
2006021401 ;serial number
1H ;refresh
15M ;retry
1W ;expire
1D ) ;TTL
IN NS @
IN A 127.0.0.1


记得要在IN前面加空格,否则会出现 zone localhost/IN: has no NS records 的错误,我也是搞了老半天才搞明白的。

测试
# rndc reload
# host localhost
localhost has address 127.0.0.1


配置127.0.0的反向区域
1、修改/etc/bind/named.conf,添加如下内容
zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0.zone";
};


2、创建/var/bind/127.0.0.zone,添加如下内容
$TTL 900
@ IN SOA @ root.localhost. (
20060214
1H
15M
1W
1D )
IN NS localhost.
1 IN PTR localhost.

3、重新启动rndc访问,并测试
# rndc reload
# host 127.0.0.1
1.0.0.127.in-addr.arpa domain name pointer localhost.


配置sky.net.cn区域

1、配置/etc/bind/named.conf文件,加入如下内容
zone "sky.net.cn" {
type master;
file "db.sky.net.cn";
};


2、配置/var/bind/db.sky.net.cn
$TTL 900
@ IN SOA sky.net.cn. root (
2006021401 ;serial number
1H ;refresh
15M ;retry
1W ;expire
1D ) ;TTL
IN NS @
IN MX 10 mail

IN A 59.42.10.53
ns IN A 59.42.10.53
www IN A 59.42.10.53

ftp IN A 59.42.10.54

mail IN A 59.42.10.55
smtp IN A 59.42.10.55
pop IN A 59.42.10.55

news IN CNAME www

3、重新启动rndc服务进行测试
# rndc reload
# host -t A [url]www.sky.net.cn[/url]
[url]www.sky.net.cn[/url] has address 59.42.10.53

# host -t A ftp.sky.net.cn
ftp.sky.net.cn has address 59.42.10.54

# host -t A mail.sky.net.cn
mail.sky.net.cn has address 59.42.10.55

# host -t NS sky.net.cn
sky.net.cn name server sky.net.cn.


增加的反向区域
1、修改/etc/bind/named.conf,添加如下内容
zone "10.42.59.in-addr.arpa" {
type master;
file "59.42.10.zone";
};


2、创建/var/bind/59.42.10.zone,添加如下内容
$TTL 900
@ IN SOA sky.net.cn root.sky.net.cn. (
2006022301
1H
15M
1W
1D )
IN NS sky.net.cn.

53 IN PTR [url]www.sky.net.cn.[/url]
54 IN PTR ftp.sky.net.cn.
55 IN PTR mail.sky.net.cn.

3、重新启动rndc访问,并测试
# rndc reload
# host 59.42.10.53
53.10.42.59.in-addr.arpa domain name pointer [url]www.sky.net.cn.[/url]
# host 59.42.10.53
54.10.42.59.in-addr.arpa domain name pointer ftp.sky.net.cn.
# host 59.42.10.53
55.10.42.59.in-addr.arpa domain name pointer mail.sky.net.cn.
至此,Bind 配置完毕。