Centos BIND configuration full version

First, installCentosOperating System, latest versionCentos6.4 To minimize installation.

[Root @ localhost named] # ifconfig-

Eth1 link encap: Ethernet hwaddr 00: 15: 5D: 01: 69: 2C
Inet ADDR: 192.168.1.20.bcast: 192.168.1.255 mask: 255.255.255.0
Inet6 ADDR: f180: 225: 5cff: fe01: 691c/64 scope: Link
Up broadcast running Multicast MTU: 1500 Metric: 1
RX packets: 10252 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 5782 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 FIG: 1000
RX Bytes: 9993401 (9.5 MIB) TX Bytes: 471402 (460.3 kib)

Lo link encap: local loopback
Inet ADDR: 127.0.0.1 mask: 255.0.0.0
Inet6 ADDR: 1/128 scope: Host
Up loopback running MTU: 16436 Metric: 1
RX packets: 21 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 21 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 txqueuelen: 0
RX Bytes: 1944 (1.8 kib) TX Bytes: 1944 (1.8 kib)

You can see that the local Nic is eth1 and lookback, and edit eth1 Nic.

[Root @ localhost named] # vi/etc/sysconfig/network-scripts/ifcfg-eth1

Device = eth1 # Nic device name
Bootproto = static # static IP
Ipaddr = 192.168.1.133 # static IP Address
Netmask = 255.255.255.0 # Subnet Mask
Gateway = 192.168.1.1 # Gateway

IfConfigurationThe correct situation is that you can access the Internet now. Ping An IP address to test. However, domain name resolution fails, so you need to set the local DNS.
[Root @ localhost named] # vi/etc/resolv. conf

Content:

Nameserver 8.8.8.8 # DNS Server
Nameserver 8.8.4.4 # backup DNS Server

At this time, the network hasConfigurationEnabled.BindConfigurationA journey!

[Root @ localhost ~] # Yum installBind
Downloading packages:
(1/4 ):Bind-9.8.2-0.17.rc1.el6 _ 4.5.i686.rpm | 4.0 MB
(2/4 ):Bind-Chroot-9.8.2-0.17.rc1.el6_4.5.i686.rpm | 71 KB 00: 00
(3/4 ):Bind-Libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm | 890 KB
(4/4 ):Bind-Utils-9.8.2-0.17.rc1.el6_4.5.i686.rpm | 181 KB
[Root @ localhost ~] # Service named restart
Stop named [OK]
Generating/etc/rndc. Key:
In the new window, enter:
[[Email protected] ~] # Rndc-confgen-r/dev/urandom-
Wrote key file "/etc/rndc. Key"
[[Email protected] ~] # Service named restart
Stop named [OK]
Start named [OK]
[[Email protected] ~] #
InstallBind-In the case of chroot,ConfigurationThe file is saved in the/var/named/chroot/etc/directory.
[[Email protected] ~] # Cd/var/named/chroot/etc/
[[Email protected] etc] # vi named. conf
Named. confConfigurationThe file is as follows:

//
// Named. conf
//
// Provided by Red Hat Bind package to configure the isc bind named (8) DNS
// Server as a caching only nameserver (as a localhost DNS resolver only ).
//
// See/usr/share/doc/Bind */sample/For example named configuration files.
//

Options {
Listen-on port 53 {Any ;};
Listen-on-v6 port 53 {: 1 ;};
Directory "/var/named"; # server working directory, relative path of the configuration file
Dump-file "/var/named/data/cache_dump.db"; # The default server stores database files.
Statistics-file "/var/named/data/named_stats.txt"; # default statistics path
Memstatistics-file "/var/named/data/named_mem_stats.txt"; # default memory usage statistics File
Allow-query {Any ;}; # queryable host
Allow-query-Cache {Any ;}; # Cache
Recursion yes; # Whether recursive queries are allowed
DNSSEC-enable yes;
DNSSEC-validation yes;
DNSSEC-lookaside auto;

/* Path to isc dlv key */
Bindkeys-file "/etc/named. iscdlv. Key ";

Managed-keys-directory "/var/named/dynamic ";
};

// Logging {
// Channel default_debug {
// File "Data/named. Run ";
// Severity dynamic;
//};
//};
Logging {
Channel default_debug {
File "Data/named. Run ";
Severity dynamic;
};
Channel gsquery {
File "Data/query. log" versions 3 size 20 m;
Severity Info;
Print-time Yes;
Print-category Yes;
Print-severity yes;
};
CATEGORY queries {gsquery ;};
};

Zone "." In {
Type hint;
File "named. ca ";
};

Include "/etc/named. rfc1912.zones ";
Include "/etc/named. Root. Key ";

At this point, the DNS server can basically run. Oh, don't forget to change/etc/resolv. conf to the IP address of your server !~ Create a domain and a domain file.

You can directly modify named. conf or create it under named. rfc1912.zones. I like to create it under named. rfc1912.zones.

[[Email protected] etc] # vi/var/named/chroot/etc/named. rfc1912.zones
Or
[[Email protected] etc] # vi/etc/named. rfc1912.zones

Can be modified. We create an a.com domain.

Zone "a.com" in {
Type master;
File "a.com. Zone ";
Allow-update {none ;};
};

Then
[[Email protected] etc] # cd/var/named/chroot/var/named/
Or
[[Email protected] etc] # cd/var/named/
Create a forward region file named a.com. Zone.
[[Email protected] named] # vi/var/named/a.com. Zone
The contents of a.com. Zone are as follows:

$ TTL 1d
$ TTL 600
@ In SOA ns.a.com admin.a.com .(
0; Serial
1D; refresh
1 h; retry
1 W; expire
3 H); Minimum
In NS
In a 192.168.1.250
In AAAA: 1
WWW in a 192.168.1.191
NS in a 192.168.1.250
Qwer in a 4.3.2.1

Pay attention to the second line !! @ In SOA a.com admin.a.com. Is very important !~
Then, create a reverse region file.
First, create a reverse region in named. rfc1912.zones.

Zone "a.com" in {# This is positive
Type master;
File "a.com. Zone ";
Allow-update {none ;};
};
Zone "1.168.192.in-ADDR. Arpa" in {# This is reverse
Type master;
File "192.168.1.zone ";
Allow-update {none ;};
};

Then create a file named 192.168.1.zone.
[[Email protected] named] # vi/var/named/192.168.1.zone

$ TTL 1d
@ In SOA a.com admin.a.com .(
0; Serial
1D; refresh
1 h; retry
1 W; expire
3 H); Minimum
NS @
A 127.0.0.1
Aaaa: 1
250 in PTR ns.a.com.
1.2.3.4 in PTR qwer.a.com.

The basic creation is complete. After testing, the forward and reverse operations are correct. I have referenced a lot of network articles, not to mention them one by one.ConfigurationSuccessful.

Oh, right. Do not forget to enable the TCP and UDP 53 ports of the firewall !!
[[Email protected] ~] # Vi/etc/sysconfig/iptables
Add the following content:

-A input-M state -- state new-m tcp-p tcp -- dport 53-J accept
-A input-M state -- state new-m udp-p udp -- dport 53-J accept

The reference document is as follows:
Http://www.linuxidc.com/related under this websiteBindAll articles read

Http://blog.sina.com.cn/s/blog_bd846d6e0101dw5q.html

Http://yuanbin.blog.51cto.com/363003/108578/

Http://docs.oracle.com/cd/E24847_01/html/E22302/dnsref-13.html

Http://www.chinaz.com/web/2011/0513/179982.shtml