Bind installation configuration and application of DNS service

Bind is a set of software that implements the DNS service (official site: isc.org), which contains server-side programs named (provided by the BIND package, listening sockets: 53/tcp, 53/UDP), and client Tools host, Nslookup, Dig (provided by the Bind-utils package). To ensure the security of the server, bind also provides a "sandbox mechanism", bind-chroot is to replace the original filesystem's Root "/" with "/var/named/chroot" to use.

The current mainstream bind program is still the 9.x series. Use the Yum install bind command to install the BIND program and automatically add the named user, named group after the installation is complete. Use RPM-QC bind to see a list of profiles that are generated after the installation is complete.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6B/81/wKioL1UvdUyiPt1oAAJ4zzIs4Nc670.jpg "title=" 2015-04-07_190906.png "alt=" Wkiol1uvduyipt1oaaj4zzis4nc670.jpg "/>

Its service scripts are:/etc/rc.d/init.d/, Master profile:/etc/named.conf,/etc/named.rfc1912.zones, and/var/named/Zone Data resolution library file with ". Zone" suffix. /etc/named.conf is made up of 3 paragraphs, see illustration.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6B/81/wKioL1UvdS3AQhT3AAUmLHDAkuo895.jpg "title=" 2015-04-08_090553.png "alt=" Wkiol1uvds3aqht3aaumlhdakuo895.jpg "/>

To configure it as a DNS server for others to serve, you also need to modify the profile/etc/named.conf (Help document Man named.conf). The required configurations are:

① Listening Address: Configuration can communicate with the external address, can also be commented out, indicating that listening in the machine (note: This machine does not represent 127.0.0.1), such as: The native IP is 172.16.24.1, you can configure the following:

Listen-on Port 53 {127.0.0.1;172.16.24.1;};

② allows all hosts to query (also defined as part of the host query, see below):

allow-query {any;};

③ close the DNSSEC-related configuration and comment out the ISC DLV key:

Dnssec-enable No;      Dnssec-validation No;      Dnssec-lookaside No;      /* Path to ISC DLV key Bindkeys-file "/etc/named.iscdlv.key";      Managed-keys-directory "/var/named/dynamic"; */

④ defines the zone, which is in the following format:

Zone "Zone_name" in {type master|slave|forward;/* only has root domain. The type is hint*/file "Zonedata_file";/* Zone Data Resolution library files, working directory is:/V ar/named/, usually named after a. Zone. */       };

Note: A. Zone_name definition, directly to the region to write the domain name, the reverse region definition format is: Reverse network address. In-addr.arpa, such as: 1.168.192.in-addr.arpa

B. If type is slave, also specify the IP of the master server, if Forward,file is not available.

⑤ Customize the Zone Data resolution library file (in the/var/named/directory) based on the actual requirements, and remember to change the file's genus to named after the definition is complete.

After each configuration is complete, you can use named-checkconf to check the configuration file for syntax errors, using Named-checkzone "Zone_name"/path/to/zonedata_ File checks if the zone resolves a database file for syntax errors.

⑥ start named, and test

Service named start dig-t A www.baidu.com @localhost

Use of the client tool dig

Dig commonly used to test the DNS service is a normal tool for the Siege division in time to troubleshoot DNS failures. Its common syntax format is

Dig [@DNS_Server] [-t rr_type] Name [query_options]

When Dns_server is not specified, dig will use the DNS server defined in/etc/resolv.conf

Dig @192.168.120.132-t A www.test.com

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6B/81/wKioL1UvdxLiQFzHAATCg-SWwW0005.jpg "title=" 2015-04-16_162044.png "alt=" Wkiol1uvdxliqfzhaatcg-swww0005.jpg "/>

Its common commands: Dig @192.168.120.132-t AXFR Zone_name represents all resource types that view the zone file

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6B/82/wKioL1UvfGDBAP4QAASbG1GZSNU789.jpg "title=" 2015-04-16_163000.png "alt=" Wkiol1uvfgdbap4qaasbg1gzsnu789.jpg "/>

Its common query options are +[no]trace to indicate whether to track its query process

Dig @192.168.120.132-t A www.baidu.com +trace

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6B/82/wKioL1UvfJ6i6nj2AAqd9_wf8g0653.jpg "title=" 2015-04-16_155817.png "alt=" Wkiol1uvfj6i6nj2aaqd9_wf8g0653.jpg "/>

Example configuring a DNS server to be a primary DNS server for a forward zone (test.com)

① configure it to be a cache DNS server

② define zone zone in/etc/named.rfc1912.zones

Vim/etc/named.rfc1912.zones

... zone "test.com" in {type Master; "..". "" "" "" "" "". "" "".       File "Test.com.zone";       allow-update {none;}; };

③ Define the Zone Data resolution library file Test.com.zone, and refer to Named.empty to modify its access rights as well as the owner, genus Group

Vim Test.com.zone

        $TTL  600        $ORIGIN   Test.com.       @ in soa ns.test.com. admin.ns.test.com .  (                              201504101 ; Serial Number                        Refresh after         1h ;1 hours                                5m ;5 minutes after retry                               1w  ;1 weeks after failure                               1H ) cache TTL is 1 hours            IN NS ns ; because of the definition of origin, here is the equivalent of ns.test.com.          IN MX 10 mx        ns IN A 1.1.1.1       mx IN A  2.2.2.2       www in a 3.3.3.3        www IN A 3.3.3.4       pop3 IN A  4.4.4.4       web in cname www        imap4 in cname pop3

chmod 640 Test.com.zone chown:named Test.com.zone

④ Check if syntax is configured incorrectly

named-checkconf named-checkzone "test.com" Test.com.zone

⑤ Overloaded DNS Service

Service named Reload

⑥ verifying results using the Dig tool

Dig-t A www.test.com @localhost

The results show that when there are multiple A records for the same host, the DNS server provides a query service to the client in a "poll" manner.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6B/82/wKioL1UvfdazR3ciAAITv3rwAho608.jpg "title=" 2015-04-16_151318.png "alt=" Wkiol1uvfdazr3ciaaitv3rwaho608.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6B/86/wKiom1UvfIKysdzrAAISUN4DfNQ601.jpg "title=" 2015-04-16_151333.png "alt=" Wkiom1uvfikysdzraaisun4dfnq601.jpg "/>

This article is from the "Bobcat Without fish" blog, so be sure to keep this source http://itzhi.blog.51cto.com/9146446/1633518

Bind installation configuration and application of DNS service