bind 配置 dns
环境介绍
主机名 IP 服务
a.test.com 192.168.50.10 named
www.test.com 192.168.50.100 客户端
修改resolve
- echo "nameserver 192.168.50.10" > /etc/resolv.confg
下载软件包
- wget http://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz
编译安装 bind
- tar -zxvf bind-9.6.1-P1.tar.gz
- cd bind-9.6.1-P1
- ./configure --prefix=/usr/local/named --enable-threads --disable-openssl-version-check --disable-ipv6
- make && make install
创建配置文件
- cd /usr/local/named
- sbin/rndc-confgen > etc/rndc.conf
- cd etc
- tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf
- cd /usr/local/named/var
- dig > named.root
- dig > named.ca
- dig -t NS . > named.ca
配置修改:named.conf
- vim /usr/local/named/etc/named.conf
- key "rndc-key" {
- algorithm hmac-md5;
- secret "I41GYqjnkfmJIyZXOd7bAg==";
- };
- controls {
- inet 127.0.0.1 port 953
- allow { 127.0.0.1; } keys { "rndc-key"; };
- };
- options {
- directory "/usr/local/named/var";
- // pid-file "/usr/local/named/var/run/named.pid";
- pid-file "/var/run/named/named.pid";
- version "0.0.0";
- forwarders {
- 202.99.96.68;
- 202.99.104.68;
- };
- /*
- * If there is a firewall between you and nameservers you want
- * to talk to, you might need to uncomment the query-source
- * directive below. Previous versions of BIND always asked
- * questions using port 53, but BIND 8.1 uses an unprivileged
- * port by default.
- */
- allow-transfer {none;};
- // recursion no;
- // recursion yes;
- // allow-recursion {trusted;};
- allow-query-cache { any; };
- query-source address * port 53;
- // default-key "rndckey";
- // default-server 127.0.0.1;
- // default-port 953;
- };
- logging {
- channel warning
- { file "/var/log/named/dns_warnings" versions 3 size 1240k;
- severity warning;
- print-category yes;
- print-severity yes;
- print-time yes;
- };
- channel general_dns
- { file "/var/log/named/dns_logs" versions 3 size 1240k;
- severity info;
- print-category yes;
- print-severity yes;
- print-time yes;
- };
- category default { warning; };
- category queries { general_dns; };
- };
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "localhost" {
- type master;
- file "named.local";
- };
- zone "0.0.127.in-addr.arpa" IN {
- type master;
- file "named.local";
- };
配置域文件named.local
- vim /usr/local/named/var/named.local
添加以下内容:
- $TTL 900
- @ IN SOA localhost. root.localhost. (
- 1997022700 ; Serial
- 28800 ; Refresh
- 14400 ; Retry
- 3600000 ; Expire
- 86400 ) ; Minimum
- IN NS localhost.
- 1 IN PTR localhost.
五、配置反向配置文件:0.0.127.in-addr.arpa
- vim /usr/local/named/var/0.0.127.in-addr.arpa
添加以下内容
- $TTL 900
- @ IN SOA localhost. root.localhost. (
- 1997022700 ; Serial
- 28800 ; Refresh
- 14400 ; Retry
- 3600000 ; Expire
- 86400 ) ; Minimum
- IN NS localhost.
- 1 IN PTR localhost.
测试配置:
- /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf
检查状态:
- /usr/local/named/sbin/rndc status
更新数据:
- /usr/local/named/sbin/rndc reload
测试本地没有问题后 添加新的域
- vim /usr/local/named/etc/named.conf
添加新域的配置:
- zone "test.com" {
- type master;
- file "test.local";
- };
- zone "50.168.192.in-addr.arpa" IN {
- type master;
- file "50.168.192.in-addr.arpa";
- };
修改配置文件
- vim /usr/local/named/var/test.local
添加一下内容:
- $TTL 900
- @ IN SOA localhost. root.localhost.(
- 1997022701 ; Serial
- 28800 ; Refresh
- 14400 ; Retry
- 3600000 ; Expire
- 86400 ) ; Minimum
- IN NS a.test.com
- a IN A 192.168.50.10
- www IN A 192.168.50.100
修改反向配置文件:
- vim /usr/local/named/var/50.168.192.in-addr.arpa
添加以下内容:
- $TTL 900
- @ IN SOA a.test.com. root.a.test.com. (
- 1997022700 ; Serial
- 28800 ; Refresh
- 14400 ; Retry
- 3600000 ; Expire
- 86400 ) ; Minimum
- IN NS a.test.com.
- 10 IN PTR a.test.com.
- 100 IN PTR www.test.com.
测试配置:
- /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf
检查没有问题之后 客户端的DNS 指向192.168.50.10
用nslookup 解析a.test.com www.test.com