DNS is a basic service on the Internet. In Linux systems, the software that provides DNS services is bind. Being able to use bind to configure DNS services is an essential skill for O & M engineers, the BIND installation and configuration process is as follows:
Hosts used during the test:
DNS server, IP: 192.168.1.132
Mail Server IP: 192.168.1.135
WWW Server IP: 192.168.1.128
First install bind, # Yum install-y bind
Modify the configuration file:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/AF/wKiom1PiNIrA13l5AAHrlOAWWhw193.jpg "Title =" 2014-08-06 21_02_45-root @ sueking _~ -Xshell 4.jpg" alt = "wkiom1pinira13l5aahrloawwhw193.jpg"/>
In options, listen on port listens to port 127.0.0.1 of the Local Machine by default. you can comment out the port so that all ports of the local machine are listened to by default. In addition, the default allow-query function is the local query capability, and the DNS service needs to provide the query function. By default, this item must be modified or directly annotated to enable the query function, recursion is a provided recursive function. In the test, the default configuration is used first, and restrictions must be imposed in actual use.
Check the syntax of the configuration file after the configuration file is modified: # named-checkconf
Start Service: # service named start. rndc is generated when the service is started for the first time. key file. In this process, the random number in the entropy pool is used. If the random number is not enough, the generated key will be blocked. in a simple way, open another terminal and enter characters at will, generate a random number, rndc for a while. the key is automatically generated. In addition, you can use/dev/urandom in the script section of the named script configuration file to generate rndc-Key to generate random numbers using software simulation, in this case, the rndc-key will not get stuck during the generation process.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/ AB /wKiom1PiKv_AJnPGAAF_Y4sAqSs725.jpg "Title =" 2014-08-06 21_16_59-root @ sueking _~ -Xshell 4.jpg" alt = "wkiom1pikv_ajnpgaaf_y4saqss725.jpg"/>
View the port status of the Service listener after the service is started, # SS-tunl;
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/44/ AB /wKioL1PiLJqByEgKAAIof8XWSZw092.jpg "Title =" 2014-08-06 21_19_10-root @ stu04 _~ -Xshell 4.jpg" alt = "wkiol1piljqbyegkaaiof8xwszw092.jpg"/> you can see that both TCP and UDP ports 53 are listened on.
Add a new region definition in the configuration file:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/44/ AB /wKiom1PiLCLgmlB9AABoAz3w148214.jpg "Title =" 2014-08-05 19_37_07-root @ stu04 _~ -Xshell 4.jpg" alt = "wkiom1pilclgmlb9aabaz3w148214.jpg"/>
Add the resolution library file for the new region. The edited content is as follows:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/44/AC/wKiom1PiLNmzan9pAAEIOtnAs_4527.jpg "Title =" 2014-08-05 20_22_41-root @ stu04 _ var_named-xshell 4.jpg" alt = "wkiom1pilnmzan9paaeiotnas_4527.jpg"/>
Modify the file attributes of the region resolution database, set the group to named, and set the permission to 640:
# Chgrp named sueking.com. Zone
# Chmod 640 suekig.com. Zone
Check the syntax error of the region resolution library file: # named-checkzone "sueking.com"/var/named/sueking.com. Zone
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/44/AC/wKiom1PiLeOgIbb_AADE2AtuPDc892.jpg "Title =" 2014-08-05 19_55_36-root @ stu04 _ var_named-xshell 4.jpg" alt = "success"/> restart the service: # rndc reload
Use the dig, host, and NSLookup tools to test whether the forward resolution function of the DNS server is normal. These tools are provided by the bind-utils toolkit.
Host tool test. Generally, the host tool test uses the local/etc/resolv first by default. the DNS server address defined in the conf file is resolved. Therefore, we need to specify the DNS server address when using this command to test whether DNS Server Resolution is normal, the test result must be determined by specifying an IP address:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/AD/wKiom1PiL8nyueseAADcT3YZ1ec175.jpg "Title =" 2014-08-05 20_10_40-root @ stu04 _ var_named-xshell 4.jpg" alt = "success"/> the other test results are as follows:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/44/AD/wKiom1PiMBGz0paHAADQihYByUY746.jpg "Title =" 2014-08-05 20_16_24-root @ stu04 _ var_named-xshell 4.jpg" alt = "wkiom1pimbgz0pahaadqihybyuy746.jpg"/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/AD/wKiom1PiMCaznXNpAADZKUOS95A047.jpg "Title =" 2014-08-05 20_16_43-root @ stu04 _ var_named-xshell 4.jpg" alt = "wkiom1pimcaznxnpaadzkuos95a047.jpg"/>
After the forward region resolution test is successful, add the reverse region and add the following region definitions in the configuration file:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/ AE /wKioL1PiMd3xgAGUAABwN0HuZIY425.jpg "Title =" 2014-08-05 21_05_20-root @ stu04 _~ -Xshell 4.jpg" alt = "wkiol1pimd3xgaguaabwn0huziyy.jpg"/>
Check the syntax error of the configuration file: # named-checkconf
Add the reverse region resolution file: # Vim/var/named/192.168.1.zone. The file content is as follows:
650) This. length = 650; "src =" http://s3.51cto.com/wyfs02/M01/44/ AE /wKiom1PiMWSTmxcvAADAiGQD5H0314.jpg "Title =" 2014-08-05 21_17_32-root @ stu04 _ var_named-xshell 4.jpg" alt = "inline"/> check the syntax of the reverse region file and modify the attributes of the file: # named-checkzone "1.168.192.in-ADDR. ARPA "/var/named/192.168.1.zone
# Chmod 640/var/named/192.168.1.zone
After the syntax check is passed, restart the service and then use a tool to check whether the DNS reverse resolution function is normal:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/44/ AE /wKioL1PiM3bBBqJEAALEyLh6PE4228.jpg "Title =" 2014-08-05 21_26_37-root @ stu04 _ var_named-xshell 4.jpg" alt = "wkiol1pim3bbbqjeaaleylh6pe4228.jpg"/> 650 this. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/44/ AE /wKiom1PiMpGReamyAALM5i_N0h8266.jpg "Title =" 2014-08-05 21_28_52-root @ stu04 _ var_named-xshell 4.jpg" alt = "wkiom1pimpgreamyaalm5i_n0h8266.jpg"/>
Note: The name of the record defined in the region resolution file. Except for SOA and NS records, other name fields can be abbreviated as "hostname" only, the zone name is defined in the configuration file of the domain name section, the zone name will be automatically added to these resolution files or the custom variable $ origin can be used to specify an incomplete domain name in the resolution file of the region.