"Experimental description"
Objective: To install BIND on Linux, configure forward parsing and direction resolution, and implement the basic domain name resolution service.
Experimental topology: 650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6C/DE/wKioL1VUt9SB27mdAAEiJgdCTv0364.jpg "title=" Dns3.png "alt=" Wkiol1vut9sb27mdaaeijgdctv0364.jpg "/>
"Configuration Process"
1, install bind;
[email protected] ~]# Yum install bind-yloaded plugins:fastestmirror, Refresh-packagekit, security-----slightly----- complete!
2, modify the master configuration file;
[[email protected] ~] #vim /etc/named.conf// named.conf//// provided by red hat bind package to configure the isc bind named (8) DNS// server as a caching only nameserver (As a localhost dns resolver only).//// see /usr/share/doc/bind*/sample/ for example named configuration files.// # "//" indicates the behavior of the comment information, if you do not want to enable an option at the beginning of the Add//Can;options { // listen-on port 53 { 127.0.0.1; }; # Specify the number of ports on that address to monitor; // listen-on-v6 port 53 { ::1; }; #监听在所有主机上的53号端口上; directory "/var/named"; #定义工作目录; dump-file &nbsP; " /var/named/data/cache_dump.db "; #指定缓存存储文件; statistics-file "/var/named/data/named_stats.txt"; #记录内存使用情况的统计信息; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; #定义允许查询的主机; recursion yes; #是否允许递归; // dnssec-enable yes; // dnssec-validation yes; // dnssec-lookaside auto; /* path to isc dlv key */ // bindkeys-file "/etc/named.iscdlv.key"; // managed-keys-directory "/var/named/dynamic";}; logging { #日志信息; channel default_debug { file "Data/named.run"; severity dynamic; };}; zone "." IN { #根域的定义; type hint; file "named.ca";}; include "/etc/named.rfc1912.zones";//include "/etc/named.root.key"; #-----At this point, if you do not make other modifications, start the DNS service, This server is a cache DNS server! -------[[email protected] ~]# vim /etc/named.rfc1912.zones #通过修改此配置文件, configure the forward reverse parsing zone; #--- Slightly---zone "test.com" IN { #定义 "test.com" forward parsing area; type master; #定义服务器的类型为主服务器; file "Test.com.zone" #指定正向解析区域文件;};zone "0.168.192.in-addr.arpa" in { #定义 Reverse parsing area of "test.com"; type master; file "192.168.0.arpa";}; [[email protected] named]# named-checkconf /etc/named.conf #检验配置文件是否有语法错误; [Email protected] named]#
3, providing a parse library for each region;
[[email protected] named]# vim /var/named/test.com.zone #配置正向解析库; $TTL 86400 #默认ttl值;@ in soa ns.test.com. admin.test.com. ( 2015051105 ; #解析库的版本号, such as 2015051106 , the function of this serial number is when the secondary domain service to copy this file, if the number is increased, copy the; 2H ; #周期性同步的时间间隔 10M ; #重试的时间间隔, when the secondary domain service tries to query for updates on the primary server, the connection fails, How often the secondary domain server accesses the primary domain name server; 7D; #过期时长; 1d ) ; #否定答案的统一缓存时长; in NS ns.test.com. #定义域名服务器; in mx 10 mail.test.com. #邮件服务器;www in a 192.168.0.120 mail in a 192.168.0.121ns in a 192.168.0.111pop3 in cname mail.test.com. #邮件服务器的别名;[[email protected] named]# named-checkzone " test.com " ./test.com.zone #检查解析库是否有错误;zone test.com/in: loaded serial 2015051105ok [[email protected] named]# vim /var/named/192.168.0.arpa #配置反向解析库; $TTL 86400@ IN SOA ns.test.com. admin.test.com. ( 2015051105 2h 10M 7D 1D ) in ns ns.test.com. 120 in ptr www.test.com.121 in ptr mail.test.com.111 in ptr ns.test.com. [[email protected] named] # named-checkzone "0.168.192.in-addr.arpa" ./192.168.0.arpa #检查解析库是否有错误;zone 0.168.192.in-addr.arpa/in: loaded serial 2015051105ok [[email protected] named]# service named start #启动DNS服务;starting named: [ ok ] #--The basic DNS service configuration is complete ——————
" test Result "
[[email protected] named]# host -t ns test.com 192.168.0.111 # Through 0.111 This server resolves test.com domain host; using domain server:name: 192.168.0.111address: 192.168.0.111# 53aliases: test.com name server ns.test.com. #OK, the domain host is ns.test.com. [[email protected] named]# host -t mx test.com 192.168.0.111using Domain server:name: 192.168.0.111address: 192.168.0.111#53aliases: test.com mail is handled by 10 mail.test.com. #OK, mail server is mail.test.com. [[email protected] named]# host -t a www.test.com 192.168.0.111using Domain server:name: 192.168.0.111address: 192.168.0.111#53aliases: www.test.com has address 192.168.0.120 #解析成功; [[Email protected] named]# host -t a mail.test.com 192.168.0.111using domain server:name: 192.168.0.111address: 192.168.0.111#53aliases: mail.test.com has address 192.168.0.121[[email protected] named]# dig -t a www.test.com @ 192.168.0.111; <<>> dig 9.8.2rc1-redhat-9.8.2-0.17.rc1.el6_4.6 <<> > -t A www.test.com @192.168.0.111;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13687;; flags: qr aa rd ra; query: 1, answer: 1, authority: 1, ADDITIONAL: 1;; QUESTION SECTION: #查询的问题;; www.test.com.INA;; ANSWER SECTION: #查询的结果; www.test.com.86400INA192.168.0.120; AUTHORITY SECTION: #权威回答的来源; test.com.86400innsns.test.com.; ADDITIONAL SECTION: #权威回答的来源的补充说明; ns.test.com.86400ina192.168.0.111; Query time: 1 msec;; server: 192.168.0.111#53 (192.168.0.111); WHEN: Fri May 15 06:21:21 2015;; MSG SIZE rcvd: 79[[email protected] named]# dig -x 192.168.0.120 @192.168.0.111 ; <<>> dig 9.8.2rc1-redhat-9.8.2-0.17.rc1.el6_4.6 <<>> -x 192.168.0.120 @192.168.0.111;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27168;; flags: qr aa rd ra; query: 1, answer: 1, authority: 1, ADDITIONAL: 1;; QUESTION SECTION:;120.0.168.192.in-addr.arpa.INPTR;; ANSWER SECTION:120.0.168.192.in-addr.arpa. 86400 INPTRwww.test.com.;; AUTHORITY SECTION:0.168.192.in-addr.arpa.86400INNSns.test.com.;; additional section:ns.test.com.86400INA192.168.0.111;; Query time: 8 msec;; server: 192.168.0.111#53 (192.168.0.111); WHEN: Fri May 15 06:22:25 2015;; msg size rcvd: 103
Client Testing Tools:
1. host-t rrtype NAME [SERVER]
Example: Host-t NS test.com 192.168.0.111
Host-t A www.test.com 192.168.0.111
Note:-t specifies the resource type, followed by the name that is allowed by the resource record, and the DNS that is set by/etc/resolv.conf when you do not specify the server.
2, Nslookup
Nslookup>
Server IP: Specifies the DNS server address;
Set type={a| soa| ns| MX}
Name
3, Dig
DIG-T TYPE name @server
Type can be used: AXFR full zone transfer, showing all resource records;
Example: Dig-t AXFR test.com @192.168.0.111
Test inverse does not use-t PTR, while using the-X option example: Diag-x 192.168.0.120 @192.168.0.111
Dig: Query Options
+trace start route tracking;
+notrace
+recurse enable recursion;
+norecurse
This article is from the "Flying Snail" blog, please be sure to keep this source http://ljmsky.blog.51cto.com/2878/1651416
Implementation of DNS server configuration under Linux (i)