Bind domain name server for linux service configuration

Source: Internet
Author: User
Tags domain name server dnssec mx record nslookup command

1. Install bind
This software is to provide the software to build a DNS server. Here is not the description of what is the DNS and so on inside the concept of the class of things, because there is a lot of information on the network, so back and forth I think it is not interesting.
Configure Yum source to start download

2, start the named service, and set the automatic operation of the boot
Named service, which is the process name of the bind service.

3, the configuration file named.conf in the configuration of a simple introduction

These two graphs are about the configuration of global variables, and any configuration done in this context will affect the DNS service environment.
options{} global variable configuration, all global configurations will be displayed in this curly brace
Listen-on set the port number of the service and IP, the port number is generally UDP port number 53rd, IP default is the loopback address, we configure the time must be changed here to the server host static IP or to any to represent any IP on the server.
Directory defines the working directory for Bind
Allow-query defines a host that can allow DNS queries, typically configured as any, to allow DNS lookups for all hosts.
Recursion Yes whether recursive queries (two queries in DNS resolution, recursive queries, and iterative queries) are generally set to Yes.
Dnssec-enable Yes supports DNSSEC switches (DNSSEC technology: A series of DNS security authentication mechanisms provided by the IETF that does not encrypt data. It simply verifies that the site address you are visiting is valid. Settings in order to improve the efficiency of DNS resolution, generally set to No
Dnssec-validation Yes dnssec confirm switch, default yes, for efficiency it is recommended to close No.

We know that every DNS server has an address to the server, and here is the lookup zone for the defined root.
Zone defines a zone name, defined here as Yige "." Represents the root domain
The type defines the zone types. Hint represents the root domain, in addition to the master domain master, from the domain slave, our own created area is generally master
file specifies the zone configuration file, which is saved by default in the/var/named/directory.
4, we start to configure a basic configuration of DNS
(1) Modifying the global configuration
Listen-on the IP of the server being monitored to any;
Allow-query allows DNS query client IP to be set to any, allowing all people to perform DNS resolution;
Dndsec-enable,dnssec-validation two to No (special note that when the change here, dnssec-enable to No when you must be the following one Yegaiweino otherwise cannot restart the service, Because the first one is whether to support DNSSEC technology, the second is a switch. When the first set to No is not supported by DNSSEC technology, the following switch is useless, set to Yes will be error)
After we have configured the global, we can restart the service and authenticate with the client.
Client authentication.
First in the local authentication, modify the configuration file/etc/resolv.conf, the service IP to the home IP, and then to ping Baidu, to see if Baidu can be resolved to IP

Modify the client's profile/etc/resolv.conf to point the DNS server's IP to our own configured server IP. Then ping Baidu

None of this is any problem.
4. Configuring the primary Domain name server
First create a lookup zone in configuration file/etc/named.conf

The lookup zone is of type Master. Represents the primary domain.
The zone configuration file is named Because the configuration file exists under the/var/named/directory, we must be under/var/named/when creating the configuration file.
Then, create the zone configuration file
Because the format of the configuration file is very strict, inadvertently will lead to errors, restart the service is unsuccessful, so we use other configuration files to make templates, configuration, only need to change the individual places to reduce the probability of error.

Before modifying the configuration file, please explain the configuration of the file in detail.

$TTL 1 D indicates the client-resolved domain name cache time
Here are the various types of DNS records:
SOA indicates the host server for the current zone and contains some parameters for synchronizing data from the server
@ represents the current region; In the SOA record type is the SOA type
A record is used to map host names to IP addresses
CNAME record defines an alias for a record
MX record describes the mail server for the current zone
NS records indicate that the current zone is resolved by those domain name servers

To start configuring a zone configuration file

Special attention:
1. Do not forget to write the domain name when writing the root "."
2, e-mail address [email protected] @ to "." Because in this configuration file @ means the current domain
Complete configuration files Remember to modify the permissions of the configuration file the default file belongs to the root group and we should modify it to the named user group

After configuration, you can restart the service, client authentication

nslookup command, you can see if the domain name resolves to an IP address or if the IP address resolves to a domain name

You can also use the ping command to see if the corresponding IP of the server can be resolved

Successful parsing, configuration is no problem.
Note: When you do any configuration, when there is no restart, be sure to carefully troubleshoot your configuration, you may have a symbol can cause your configuration error. There is also a pit can be the server's SELinux if the client cannot resolve, or the firewall does not shut down the reason.

Bind domain name server for linux service configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.