安装bind 软件包
emerge -av bind bind-tools
/etc/bind/named.conf
options { directory "/var/bind"; // uncomment the following lines to turn on DNS forwarding, // and change the forwarding ip address(es) : //forward first; //forwarders { // 123.123.123.123; // 123.123.123.123; //}; listen-on-v6 { none; }; listen-on { 127.0.0.1; }; // to allow only specific hosts to use the DNS server: //allow-query { // 127.0.0.1; //}; // if you have problems and are behind a firewall: //query-source address * port 53; pid-file "/var/run/named/named.pid"; }; // Briefly, a zone which has been declared delegation-only will be effectively // limited to containing NS RRs for subdomains, but no actual data beyond its // own apex (for example, its SOA RR and apex NS RRset). This can be used to // filter out "wildcard" or "synthesized" data from NAT boxes or from // authoritative name servers whose undelegated (in-zone) data is of no // interest. // See http://www.isc.org/products/BIND/delegation-only.html for more info //zone "COM" { type delegation-only; }; //zone "NET" { type delegation-only; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "pri/localhost.zone"; allow-update { none; }; notify no; }; zone "127.in-addr.arpa" IN { type master; file "pri/127.zone"; allow-update { none; }; notify no; };
/etc/resol.conf 文件中至少有一个可用的nameserver
运行如下命令
#dig -t NS . (点表示根域 NS 表示域名服务器)
产生的上半部分为根服务器的域名,下半部分为相应的IP
将这些IP 加到/etc/resol.conf 文件中
用根查根
#dig -t NS . >/var/bind/named.ca
把/etc/resol.conf 文件内容改为
nameserver 127.0.0.1
启动服务
/etc/init.d/named start
用以下命令测试可否成功
host www.google.com
如果不工作运行以下命令
rndc-confgen
生成两部分, 一部分为named.conf 的内容人,一部分为rndc.conf 文件
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "f3gs/HIyKNPnO7e96ttnAQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "f3gs/HIyKNPnO7e96ttnAQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
重启服务 即可
dig 挖nameserver的IP ,域名等
内个命令 rndc stauts 查询状态
tar -n +13 filename
显示从第13行以后的内容
host www.google.com 查google.com 对应的IP
=========================================================================================================
下面:如果我想将jf.org 解析成127.0.0.1 这个地址
那么需要在/etc/bind/named.conf
中添加一段zone "jf.org" IN { type master; file "pri/jf.org.zone"; allow-update { none; }; notify no; };
可以copy 一段named.conf 中的其他内容进行修改 比如将localhost 改成jf.org
然后copy /var/bind/pri/localhost.zone /var/bind/pri/jf.org.zone
修改里面的内容,基本也是将localhost 关键字替换成jf.org
例如修改后的内容
$TTL 1W @ IN SOA jf.org. root.jf.org. ( 2010091800 ; Serial 28800 ; Refresh 14400 ; Retry 604800 ; Expire - 1 week 86400 ) ; Minimum @ IN NS jf.org. @ IN A 127.0.0.1 @ IN AAAA ::1
重启named 服务,
host jf.org 就会显示为127.0.0.1 了
===========================================================================================================
zone "." IN { // .表示 根zone ,
type hint; //hint 默认
file "named.cache"; 表示根zone 的信息位于named.cache 文件内 所以#dig -t NS . >/var/bind/named.cache 也就是把查到的根 域名服务器放到这个文件中
};
zone "jixiuf.org" IN {
type master; //master 表示对于jixiuf.org 只有我能解析,如果我解析不了,其他域名服务器也解析不了,它们从我这里得到关于是jixiuf.org 域的结果, 也就是我是jixiuf.org 主域名解析器
file "pri/jixiuf.org.zone"; 文件位于/var/bind/pri/jixiuf.org.zone
allow-update { none; };
notify no;
};
//反向域名解析,表示127开头的ip 地址根据/var/bind/pri/127.zone 这个规则文件反向解析,
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
//反向域名解析,表示127.0.0开头的ip
zone "0.0.127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
jf pri # cat /var/bind/pri/localhost.zone
$TTL 1W //表示生存周期,你从我的这里解析得到结果,在你的缓存里存一周的时间,
@ IN SOA localhost(表示dns 服务器的完整域名). root.localhost(管理root 的邮箱 实际第一个. 是@符号,root@localhost). ( //这里的@符号表示当前域,因为在/etc/bind/named.conf 中localhost 域指向文件pri/localhost.zone 则@ 表示localhost 域
2008122601 ; Serial //序列号,对zone 进行修改,建议自增一,以便告诉其他的从dns 服务器我这里有更新
28800 ; Refresh //告诉从dns 服务器每28800s 过来找我一次,比较一下序列号
14400 ; Retry //若我不反应,每隔14400s 再试一次
604800 ; Expire - 1 week //我不反应,你连续retry 了604800s ,我仍没反应,则认为我出问题了
86400 ) ; Minimum //从dns 服务器缓存里最小保存时间
@ IN NS localhost. //NS 记录, 记录了这个区域里谁是dns 服务器
@ IN A 127.0.0.1 //A 表示正向的dns 记录, 对应的ip ,注意@表示当前域localhost
mail IN CNAME host.localhost. //mail 后面没加点,表示它不完整,是相对当前域的 相当于mail.localhost. (这里末尾有点) ,CNAME 表示别名, 表示mail.localhost. 和host.localhost. 相同,具有相同ip
www IN CNAME host2.localhost.
@ IN AAAA ::1 //ipv6 版
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
反向解析文件
jf pri # cat /var/bind/pri/127.zone
$ORIGIN 127.in-addr.arpa.
$TTL 1W
@ 1D IN SOA localhost. root.localhost. (
2008122601 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ 1D IN NS localhost.
1.0.0 1D IN PTR localhost. 反向解析 ,表示127.0.0.1 反向解析对应的域名是localhost ,注意1.0.0 倒序,然后加上前缀127 因为 /etc/bind/ zone "127 .in-addr.arpa" IN
==========================================================================================================
/etc/bind/named.conf
添加
zone "jixiuf2.org" IN {
type master;
file "pri/jixiuf2.org.zone";
allow-update { none; };
notify no;
};
//jixiuf.org 域对应192.168.0.*
zone "0.168.192.in-addr.arpa" IN {
type master;
file "pri/jixiuf2_fanxiang.zone";
allow-update { none; };
notify no;
};
/var/bind/pri/jixiuf2.org.zone
$TTL 1W
@ IN SOA jixiuf2.org root.mail.jixiuf2.org. (
2010091808 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
@ IN NS jixiuf2.org.
IN NS dns1.jixiuf2.org.
IN NS dns2.jixiuf2.org.
jixiuf2.org. IN A 192.168.0.222
dns1.jixiuf2.org. IN A 192.168.0.1
dns2.jixiuf2.org. IN A 192.168.0.2
www IN CNAME dns1.jixiuf2.org.
mail IN CNAME dns2.jixiuf2.org.
/var/bind/pri/jixiuf2_fanxiang.zone
$ORIGIN 0.168.192.in-addr.arpa
$TTL 1W
@ 1D IN SOA jixiuf2.org. root.mail.jixiuf2.org. (
2010091801 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ 1D IN NS jixiuf2.org.
1 1D IN PTR dns1.jixiuf2.org
2 1D IN PTR dns2.jixiuf2.org
1 1D IN PTR www.jixiuf2.org
2 1D IN PTR mail.jixiuf2.org
测试结果 :
jf pri # host dns1.jixiuf2.org
dns1.jixiuf2.org has address 192.168.0.1
jf pri # host dns2.jixiuf2.org
dns2.jixiuf2.org has address 192.168.0.2
jf pri # host www.jixiuf2.org
www.jixiuf2.org is an alias for dns1.jixiuf2.org.
dns1.jixiuf2.org has address 192.168.0.1
jf pri # host mail.jixiuf2.org
mail.jixiuf2.org is an alias for dns2.jixiuf2.org.
dns2.jixiuf2.org has address 192.168.0.2
jf pri # host jixiuf2.org
jixiuf2.org has address 192.168.0.222
==========================================================================================================
关于本地127.0.0.1 对应多个域名,如localhost ,jixiuf
/etc/bind/named.conf
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone "jixiuf.org" IN {
type master;
file "pri/jixiuf.org.zone";
allow-update { none; };
notify no;
};
/var/bin/pri/jixiuf.org.zone
$TTL 1W
@ IN SOA jixiuf.org. root.jixiuf.org. (
2010091804 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
@ IN NS jixiuf.org.
@ IN A 127.0.0.1
mail IN CNAME jixiuf.org.
@ IN MX 5 mail.jixiuf.org.
/var/bin/pri/127.zone
$ORIGIN 127.in-addr.arpa.
$TTL 1W
@ 1D IN SOA localhost. root.localhost. (
2010091800 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ 1D IN NS localhost.
1.0.0 1D IN PTR jixiuf.org.
1.0.0 1D IN PTR localhost.
/etc/init.d/named restart
测试
jf pri # nslookup
> jixiuf.org ----------------------------------------------------正向解析
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: jixiuf.org
Address: 127.0.0.1
> 127.0.0.1 -------------------------------------------------反向解析
Server: 127.0.0.1
Address: 127.0.0.1#53
1.0.0.127.in-addr.arpa name = jixiuf.org.
1.0.0.127.in-addr.arpa name = localhost.