1> centos 7.6
① 安装软件
yum update
yum -y install bind bind-chroot bind-utils
| 目录文件 |
说明 |
| /etc/named.conf |
主配置文件 |
| /etc/sysconfig/named |
配置是否启动chroot及额外的参数 |
| /var/named |
数据库文件存放目录,存放主机名对应ip的文件 |
| /run/named |
named程序执行时pid-file文件存放目录 |
② 修改主配置文件
cp /etc/named.conf /etc/named.conf.bak
vi /etc/named.conf
a 配置文件
options {
listen-on port 53 { 127.0.0.1; }; # 127.0.0.1改成any接收所有请求
listen-on-v6 port 53 { ::1; }; # ::1改成any接收所有请求
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; }; # localhost改成any
recursion yes;
dnssec-enable yes;
dnssec-validation no; # 网络验证
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
③ 配置区域数据信息
a 修改主服务器配置
vi /etc/named.rfc1912.zones
# 正向解析
zone "google.cn" IN {
type master;
file "google.cn.zone";
allow-update { none; };
};
# 反向解析
zone "31.25.100.in-addr.arpa" IN {
type master;
file "google.cn.re.zone";
};
b 修改从服务器配置
# 正向解析
zone "google.cn" IN {
type slave;
masters {192.168.100.231;}; # 主服务器的ip地址
file "slaves/google.cn.zone";
};
# 反向解析
zone "31.25.100.in-addr.arpa" IN {
type slave;
masters {192.168.100.231;}; # 主服务器的ip地址
file "slaves/google.cn.re.zone";
};
④ 配置解析数据
a 正向解析数据
cp /var/named/ named.localhost /var/named/google.cn.zone
$TTL 600
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.google.cn.
dns A 192.168.100.231 # dns服务器地址
@ A 100.25.31.245 # 域名ip
b 反向解析数据
cp /var/named/named.loopback /var/named/google.cn.re.zone
$TTL 600
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.google.cn.
245 IN PTR google.cn
c 检查语法
named-checkconf /etc/named.conf
named-checkzone google.cn /var/named/google.cn.zone
named-checkzone 31.25.100.in-addr.arpa /var/named/google.cn.re.zone
⑤ 去除ipv6解析
vi /etc/sysconfig/named
OPTIONS="-4"
⑥ 重启服务
systemctl start named.service
⑦ named.conf配置文件
| 参数 |
说明 |
| acl |
定义ip地址的访问控制清单 |
| control |
定义ndc使用的控制通道 |
| include |
把其他文件的内容包含到配置文件中 |
| key |
定义授权的安全密钥 |
| logging |
定义日志写说明 |
| options |
定义全局配置的选项和缺省值 |
| server |
定义远程服务器的特征 |
| trunsted-keys |
为服务器定义DNSSEC加密密钥 |
| zone |
定义一个区域 |
options {
[ directory path_name; ] # 定义服务器的工作目录
[ forward ( only | first ); ] # 当forwarders列表中有内容的时候才有意义,first:先转发给forwarders选项中所指定的远端DNS服务器,only:只会把请求转发到其它服务器上
[ forwarders { [ ip_addr [port ip_port] ; ... ] }; ] # 指定转发后访问的DNS服务器的ip地址
[ allow-notify { address_match_list }; ] # 设定除了主域名服务器之外,那台主机还可以发送通知消息
[ allow-query { address_match_list }; ] # 设定哪个主机可以进行普通的查询
[ allow-transfer { address_match_list }; ] # 设定哪台主机允许和本地服务器进行域传输
[ allow-recursion { address_match_list }; ] # 设定哪台主机可以进行递归查询
[ allow-v6-synthesis { address_match_list }; ] # 设定哪台主机能接收对ipv6的响应
[ blackhole { address_match_list }; ] # 设定一个地址列表,服务器将不会接收来自这个列表的查询请求
[ listen-on [ port ip_port ] { address_match_list }; ] # 网络接口和端口
[ listen-on-v6 [ port ip_port ] { address_match_list }; ] # ipv6网络接口和端口
[ query-source address ip4_addr port ip_port ;] # 如果域名服务器在本地查询不到要解析的域名,那么它将会查询其他的域名服务器
[ query-source-v6 address ip4_addr port ip_port ;]
};
# 对该域的查询请求转由其他DNS服务器处理
zone "zone_name" IN {
type forward ;
[ forward ( only | first ); ]
[ forwarders { [ ip_addr [port ip_port] ; ... ] }; ]
};
2> ubuntu 18.04
① 安装软件
apt-get install bind9
② 编辑主配置文件
# vi /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
listen-on { any; }; # 此处填写ns1的内网IP地址。仅在内网监听
allow-transfer { none; }; # 默认禁用zone transfer
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
③ 配置区域数据信息
# vi /etc/bind/named.conf.default-zones
#正向解析
zone "google.cn" {
type master; //服务器类型:主服务器
file "/etc/bind/db.google.cn"; // 数据文件地址
};
#反向解析
zone "60.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.google.cn.ip";
};
④ 配置解析数据
a. 正向解析数据
# vim /var/cache/bind/db.google.cn
$TTL 604800
@ IN SOA google.cn. root.google.cn. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.google.cn.
@ IN A 192.168.60.25
dns IN A 127.0.0.1
b. 反向解析数据
$TTL 604800
@ IN SOA google.cn. root.google.cn. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS 127.0.0.1.
25 IN PTR www.google.cn
⑤ 检查配置
named-checkconf
named-checkzone google.cn /var/cache/bind/db.google.cn
sudo service bind9 restart