Linux bind9配置

Linux下配置DNS服务器:

    域名软件 : bind # berkely internet name domain



    bind:

        /etc/named.conf : root : named

        /var/named/ : 工作目录



        配置文件:

            /etc/named.conf

                options { #全局配置

                        directory "/var/named";

                    };

                zone "." IN {

                        type hint;  #( master -> 住 slave -> 从缓存 foward -> 转发器)

                        file "named.ca"

                    };

                zone "localhost" IN {

                        type master;

                        file "localhost.zone";

                    };

                zone "0.0.127.in-addr.arpa" IN {

                        type master;

                        file "named.local";

                    };



                dig -t NS . >> named.ca # 存放在/var/named/目录下

"""

配置格式:

            宏定义:

            $TTS

            $ORIGIN

            SOA:

                demo.com.(域) 600(TTS值) IN(关键字) SOA(类型) ns.demo.com.(主DNS服务器域名) admin.demo.com.(邮箱) (

                            2014081201 # 版本号

                            20M # 每隔20分钟检查

                            5M # 访问主DNS 没有相应,再每隔5分钟请求

                            5D # 5天后没有相应宣布失败

                            1D # 没有记录的请求让请求者缓存1day之内不要再过来问了(否定回答)



                        )

            NS:

                demo.com. 600 IN NS ns1.demo.com.

                demo.com. 600 IN NS ns2.demo.com.

                ns1.demo.com. 600 IN A 1.1.1.1

                ns2.demo.com. 600 IN A 1.1.1.2



            MX:

                demo.com. 600 IN MX 10 mail.demo.com.

                mail.demo.com. 600 IN A 1.1.1.3

"""



                localhost.zone 文件配置(/etc/named/localhost.zone)

                '''# (与/etc/named.conf localhost对应)

                $TTS 600

                localhost. IN SOA localhost. admin.localhost.(

                    2014081201

                    1H

                    10M

                    1W

                    1D

                )

                    IN NS localhost.

                localhost. IN A 127.0.0.1



                name.local 文件配置(/etc/named/name.local 反向解析文件)

                '''

                $TTS 600

                @   IN SOA localhost. admin.localhost(

                            2014081201

                            10H

                            10M

                            1w

                            1D

                        )

                localhost. IN NS localhost.

                1 IN PTR localhost.



            为特殊的域添加DNS解析

                1.编辑/etc/named.conf文件

                    添加一段

                    zone "demo.com" IN {

                                type master;

                                file "/var/named/demo.com.zone";

                            };

                2.编辑/var/named/demo.com.zone文件

                    $TTS 600

                    $ORIGIN demo.com.

                    @       IN SOA ns admin.demo.com. (

                                2014081201

                                1H

                                10M

                                1W

                                1D

                            )

                    @ IN NS ns.demo.com.

                      IN MX 10 mail

                    ns IN A 1.1.1.1

                    mail IN A 1.1.1.2

                    www IN A 1.1.1.3

                    ftp IN A 1.1.1.4

                    imap IN A 1.1.1.3

                    pop IN CNAME mail

                       

            检查配置文件

                1.named-checkzone "zone"  zone-file

                2.service named configtest

                3.dig -t axfr domain.com #返回所有区域传送数据



Client ----> DNS Server

    /etc/resolv.conf

    nameserver SERVER



    local cache --> /etc/hosts --> DNS Server (luowen.com)



    DNS Server

        1.如果查询请求是本机负责的区域的话,要通过查询区域数据文件返回结果

        2.如果查询请求不是本机负责的区域的话,就查缓存

        3.如果缓存没有,则向根发起请求



    DNS类型:

        1.主DNS:(某个区域第一台DNS解析etc:luowen.com)

        2.辅助DNS:(提供与主DNS同样的服务DNS服务器,每个一段时间去主服务器获取最新数据)

        3.hint 根服务

        4.forward 转发服务器

            '''

                zone 'forward.com' IN{

                        type forward;

                        forwarders { 1.1.1.1;};

                    };

            '''

            转发类型:

                1.first : 转发机器没搭理,自己去找根

                2.only : 转发机器没代理,自己啥也不干了



    DNS远程控制器: # /etc/bind9/rndc.conf

        rndc:

            1.stop

            2.status

            3.start

            4.reload

            5.freeze



    配置rndc :

        1.rndc-confgen >> /etc/bind/rndc.conf # 生成rndc文件,默认没有此文件

        2.将一下段加到naned.conf(完成)

            key "rndc-key" {

                algorithm hmac-md5;

                secret "mEhP3esUPzvZZVk1RfUuEg==";

            };

            options { 

                default-key "rndc-key";

                default-server 127.0.0.1;

                default-port 953;

            };



            3.rndc常用命令:

                1.start # 开始服务

                2.stop  # 停止服务

                3.reload # 重新加载

                4.reload zone # 重新加载zone快

                5.reconfig # 重新加载修改该过的配置

                6.status # 状态信息 添加统计信息,在named.conf options段添加statstic-file "/var/named/data/stats" ,如需监听指定IP段 添加 listen-on { ip1; ip2; };

                7.flush #  清空缓存



        从DNS服务器配置:

            1.另外一台服务器和当前服务器一样配置:不同处如下:

                    zone '主域服务器zone' IN { 

                                type slave;

                                masters { 192.168.1.109; };

                                file "/var/named/slave/主域服务器.zone";

                            };

            2.allow-transfer { ip; } # 只允许ip主机来主DNS那到数据,定义options段表示所有域,定义在zone段,就表示一个区域生效

            3.访问列表: #定义在options段前

                acl SLAVES-OUR {

                        127.0.0.1;

                        192.168.1.1;

                        192.168.1.109;

                        }

                acl SLAVE-CLIENTS {

                            172.168.0.0/16;

                        };

            4.dns递归配置: 

                1. recursion no 在options段配置,表示所有不递归

                2. allow-recursion { SLAVE-CLIENT } #定义在client中的地址在本机递归解析



        DNS子域授权:

                1.一级域配置:

                    zone "demo.com" IN {# /etc/name.conf

                                type master;

                                file "/var/named/demo.com.zone";

                            };

                    # /var/named/demo.com.zone

                    $TTL 600

                    $ORIGIN demo.com.

                        IN  SOA     ns  admin.(

                                    2014081601

                                    1H

                                    10M

                                    1W

                                    1D

                                );

                        IN  NS  ns

                    ns  IN  A   xxx.xxx.x.x

                    www IN  A   xxx.x.x.x.



                    it   IN  NS  ns.it

                    ns.it   IN  A   yyy.yyy.y.y

            2.二级域配置:

                zone "it.demo.com" IN { # /etc/it.demo.com

                            type master;

                            file "/var/named/it.demo.zone";

                        };

                        }

                $TTL 600

                $ORIGIN it.demo.com.

                @   IN  SOA  ns    admin. (

                        2014081601

                        1H

                        10M

                        1W

                        1D);

                @    IN  NS ns

                ns IN    A   xxx.xx.xx





    DNS : VIEW (#172.16.xx.解析到172.168.1.1 192.168.xx.xx对应解析到192.158.1.1)

            1.配置:/etc/named.conf

                acl lnet {

                        172.16.0.0/16;

                        127.0.0.0/8;

                    };



                options {

                        directory "/var/named";

                    };

                view internet{ #内网访问

                        match-clients { lnet; };

                        recursion yes;

                        zone "." IN {

                                type hint;

                                file "/var/named/name.ca";

                            };

                        zone "localhost" IN {

                                type master;

                                file "/var/named/localhost.zone";

                            };

                        zone "0.0.127.in-addr.arpa" IN {

                                type master;

                                file "/var/named/named.local";

                            };

                        zone "demo.com" IN {

                                type master;

                                file "/var/named/demo.com.internet.zone";

                                allow-transfer { none; };

                                allow-update { noen; };

                            };

                    };



                view external {

                        match-client { any; };

                        recursion no;

                        zone "demo.com" IN {

                                type master;

                                file "/var/named/demo.com.external.zone";

                                allow-transfer { none; };

                                allow-recursion { none; };

                                allow-update { none; };

                            }

                    }



                2.配置 /var/named/demo.com.internet.zone

                    $TTL 600

                    $ORIGIN demo.com.

                        IN  SOA     ns  admin.demo.com.(

                                2014081701

                                1H

                                10M

                                1W

                                1D );

                        IN  NS  ns

                    ns  IN  A   172.16.0.254

                    www IN  A   172.16.1.1



                   配置/var/named/demo.com.external.zone

                    $TTL 600

                    $ORIGIN demo.com.

                        IN  SOA     ns  admin.demo.com.(

                                2014081701

                                1H

                                10M

                                1W

                                1D );

                        IN  NS  ns

                    ns  IN  A   172.16.1.254   ;同一台服务器两块网卡

                    www IN  A   192.168.1.1



    编译安装bind:

        1.下载安装包,解压后

            ./configure --sysconfdir=/etc --disable-ipv6 --enable-largefile --enable-thread=no --prefix=/usr/local/named --disable-openssl-version-check --localstatedir=/var