bind 使用和配置记录
1,安装bind html
yum -y install bind* caching-nameserverlinux
能够使用 rpm -qa | grep bind 查看bind是否已经安装web
2,配置centos
配置文件/etc/named.conf缓存
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { # listen-on port 53 { 127.0.0.1; }; // 只监听本地的53号端口 listen-on port 53 { any; }; // 监听全部的53号端口,此处能够根据须要设置须要监听的IP # listen-on-v6 port 53 { ::1; }; // for IPv6 directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; # forwarders {202.38.64.1;202.39.64.7;}; // 设置转发(若是本DNS服务器没法解析,就转发其余DNS服务器) # allow-query { localhost; }; // 只容许本地的查询 allow-query { any; }; // 容许全部的查询 recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; // 根DNS服务器的列表 }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
named.ca这个文件在安装bind会自动生成,也能够在 ftp://ftp.internic.net/domain 上下载 named.root文件,并修改文件名为named.ca服务器
使用自带的name.ca和使用name.root,对同一个域名的查询获得结果不同,但彷佛都是对的。dom
在/etc/name.rfc1912.zones中添加本身的域名测试 ide
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; };
// for IPv6 , you can comment it if you want . zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { type master; file "test.com.zone"; allow-update { none; }; }; zone "2.168.192.in-addr.arpa" IN { type master; file "2.168.192.in-addr.local"; allow-update { none; }; };
而后在/var/named目录下建立test.com.zone和2.168.192.in-addr.local两个文件分别做正向查询和反向查询。这两个文件的用户组和改目录下的named.localhost等文件同样(通常必须是root:named),不然会出现意想不到的错误。oop
test.com.zone测试
$TTL 86400 @ IN SOA tom jerry ( ; tom & jerry 这两个参数本应是主机名和邮件地址,这里随便填写,没有问题 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns.test.com. ; notice : don't forget the dot in the end IN MX 10 mail.test.com. www IN A 192.168.2.80 www IN A 192.168.2.70 ns IN A 192.168.2.90 mail IN A 192.168.2.80 ftp IN CNAME www
1)注意域名后面的点,表示是一个FQDN(Full Qualified Domain Name),详见TCP/IP详解:卷1。若是不加就会出错,系统认为是不完整的,会自动补上后缀,报以下错误:
zone test.com/IN: NS 'ns.test.com.test.com' has no address records (A or AAAA)
2)ns.test.com.不能写成test.com.,受某些博客误导,没有写全,报以下错误:
zone test.com/IN: NS 'test.com' has no address records (A or AAAA)
逆向解析文件2.168.192.in-addr.local的写法与test.com.zone相似
$TTL 86400 @ IN SOA ns.test.com. root ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS ns.test.com. 80 IN PTR www.test.com. 70 IN PTR www.test.com. 80 IN PTR mail.test.com. 90 IN PTR ns.test.com.
配置完成后, /etc/sysconfig/network-scripts/ifcfg-eth0文件中对主机的域名服务器地址修改:
DNS1=127.0.0.1 //此处若是配置成内网IP,则不能对本身定义的test.com等进行解析,不知为什么 DOMAIN=test.com //默认搜索域,若是要查找的域名不是完整的域名,则将默认搜索域加到待查名以后,如ftp变成ftp.test.com
尝试运行以下:
[root@Ivy-centos-32 ~]# /etc/init.d/named restart Stopping named: [ OK ] Starting named: [ OK ] [root@Ivy-centos-32 ~]# nslookup www.test.com Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.test.com Address: 192.168.2.80 Name: www.test.com Address: 192.168.2.70 [root@Ivy-centos-32 ~]# nslookup ftp.test.com Server: 127.0.0.1 Address: 127.0.0.1#53 ftp.test.com canonical name = www.test.com. Name: www.test.com Address: 192.168.2.70 Name: www.test.com Address: 192.168.2.80 [root@Ivy-centos-32 ~]# nslookup 192.168.2.80 Server: 127.0.0.1 Address: 127.0.0.1#53 80.2.168.192.in-addr.arpa name = www.test.com. 80.2.168.192.in-addr.arpa name = mail.test.com. [root@Ivy-centos-32 ~]# nslookup www.sina.com Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: www.sina.com canonical name = us.sina.com.cn. us.sina.com.cn canonical name = news.sina.com.cn. news.sina.com.cn canonical name = jupiter.sina.com.cn. jupiter.sina.com.cn canonical name = auriga.sina.com.cn. Name: auriga.sina.com.cn Address: 61.172.201.195 Name: auriga.sina.com.cn Address: 61.172.201.194
将子网内的其余机器的域名服务器地址改为该域名服务器的子网IP地址(例如:192.168.2.90),便可使用Ivy-centos-32为其完成域名解析服务。若是该域名服务器不能为子网提供域名解析服务出现以下错误:
[root@lab-webserver ~]# nslookup www.baidu.com ;; connection timed out; trying next origin ;; connection timed out; no servers could be reached
检查/etc/named.conf中对listen-on和allow-query两项的配置是否正确,确认无误后,若是仍是不行,则多是域名服务器的防火墙的问题。
在/var/named目录下建立和修改的文件会被复制到 /var/named/chroot/var/named目录下,可能和chroot有关系,有待研究.
[root@Ivy-centos-32 named]# pwd /var/named [root@Ivy-centos-32 named]# ls -p 2.168.192.in-addr.local chroot/ data/ dynamic/ named.ca named.ca.bk named.empty named.localhost named.loopback named.root slaves/ test.com.zone
运行named后,/var/named/chroot/var/named目录下的内如以下:
[root@Ivy-centos-32 named]# pwd /var/named/chroot/var/named [root@Ivy-centos-32 named]# ls -p 2.168.192.in-addr.local chroot/ data/ dynamic/ named.ca named.ca.bk named.empty named.localhost named.loopback named.root slaves/ test.com.zone
3,bind view
验证bind view 的智能DNS解析,就是将不一样IP地址段发来的查询响应到不一样的DNS解析 。
这里咱们假设127.0.0.1和192.168.2.80是Telecom的IP,192.168.2.245是Unicom的IP,其余的IP统一为Others全部,咱们在Telecom.test.com.zone、Unicom.test.com.zone、Others.test.com.zone三个文件中对www.test.com作不一样的地址解析:分别是Telecom-88.88.88.88\Unicom-99.99.99.99\Others-77.77.77.77,配置的方法和上文相同。
修改/etc/name.conf,由于在使用view时,全部的zone都必须定义在view语句里面,因此作以下的添加和修改:
acl Telecomacl { 127.0.0.1; 192.168.2.80; }; acl Unicomacl { 192.168.2.245; }; acl Othersacl { any; }; view "Telecom" { match-clients {"Telecomacl";}; zone "test.com" IN { type master; file "Telecom.test.com.zone"; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; }; view "Unicom" { match-clients {"Unicomacl";}; zone "test.com" IN { type master; file "Unicom.test.com.zone"; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; }; view "Others" { match-clients {"Othersacl";}; zone "test.com" IN { type master; file "Others.test.com.zone"; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; };
实验结果以下:
server-80
[root@80-server ~]# nslookup www.test.com Server: 192.168.2.90 Address: 192.168.2.90#53 Name: www.test.com Address: 88.88.88.88 Name: www.test.com Address: 192.168.2.70
server-245
[root@245-server ~]# nslookup www.test.com Server: 192.168.2.90 Address: 192.168.2.90#53 Name: www.test.com Address: 99.99.99.99 Name: www.test.com Address: 192.168.2.70
server-70
[root@70-server ~]# nslookup www.test.com Server: 192.168.2.90 Address: 192.168.2.90#53 Name: www.test.com Address: 77.77.77.77 Name: www.test.com Address: 192.168.2.70
4,清除DNS缓存
清除BIND服务器上的DNS缓存,能够使用以下命令:
[root@Ivy-centos-32 ~]# rndc flush
参考文献:
http://hi.baidu.com/yum_install/item/edd01b306402bbd56d15e9a4(主要参考)
http://mark.koli.ch/2010/03/howto-setting-up-your-own-local-dns-server.html
http://jingyan.baidu.com/article/fcb5aff7e3cc75edaa4a71e4.html
http://jingyan.baidu.com/article/67508eb4ee1ed59cca1ce416.html
http://www.linuxquestions.org/questions/linux-networking-3/dns-error-%3B%3B-connection-timed-out-%3B-no-servers-could-be-reached-760598/ ( Connection timed out ; no servers could be reached)
http://space.itpub.net/23071790/viewspace-714483(参数解释)
http://man.lupaworld.com/content/manage/DNS-bind.html(参数解释)
http://yuanbin.blog.51cto.com/363003/108572 (DNS配置详解)
http://yuanbin.blog.51cto.com/363003/108578
http://yuanbin.blog.51cto.com/363003/108583
http://www.mike.org.cn/articles/how-to-clear-dns-cache/(如何清空DNS缓存)
http://dl528888.blog.51cto.com/2382721/1249311(master & slave)
http://dl528888.blog.51cto.com/2382721/1279643(bind view 智能DNS)
http://os.51cto.com/art/201111/305114.htm(bind-dlz 智能DNS)
- 1. bind soa记录 配置参数讲解
- 2. Hadoop配置和使用问题记录
- 3. 【记录】经常使用的vim插件及配置和使用
- 4. 记录一下使用Ubuntu16.0.4配置和使用docker registry
- 5. dns bind 安装和配置
- 6. DNS和Bind配置指南
- 7. Linux 使用BIND配置DNS方法
- 8. 【linux】使用bind进行DNS配置
- 9. vue配置element使用记录
- 10. log4j 使用及配置分析记录
- 更多相关文章...
- • ADO 添加记录 - ADO 教程
- • ADO 更新记录 - ADO 教程
- • IntelliJ IDEA 代码格式化配置和快捷键
- • IDEA下SpringBoot工程配置文件没有提示
-
每一个你不满意的现在,都有一个你没有努力的曾经。