Objective:
Linux friends know that Bind is Linux under the DNS service software, but many people do not know, it can also run in Windows System, Windows system with DNS, weak, is not capable of intelligent DNS resolution, in Windows 2008 R2 version also did not solve this problem, some companies have weak technical strength, has been using Windows system, so this article from Windows, install BIND, use its view function, do intelligent DNS, solve the dual-line room North-South Telecom Unicom access problem.
First, the environment:
System: Windows 2003 Enterprise Edition SP2
Software: Bind9.9.0 (for Windows)
Design resolved domain name and IP address:
Www.qq.com Telecom ip:119.145.254.1
Www.qq.com Unicom ip:112.90.180.1
Second, download and install the software
2.1 Download
Bind official website address: http://www.bind.com/
Bind Download Address: Ftp://ftp.isc.org/isc/bind9/9.9.0/BIND9.9.0.zip
2.2 Installation
Will download Bind9.9.0.zip decompression, into the unpacked folder, run BINDInstall.exe, in the pop-up installation window to enter a password, has been installed on the default line, do not need to change what settings. The default installation is in the Windows\system32\dns directory.
third, DNS server configuration
3.1 Directory weighting
When we are planning a Windows system, the C disk is formatted as NTFS, according to the second installation procedure, the BIND installer creates a new named account, which controls the bind-related process and configuration file, and is not subordinate to any department, for security reasons, Do not add it to the Administrators group. We have just installed bind in the default C:\windows\system32\dns directory, so we have to assign this directory to the named account read and write permissions.
3.2 Generating Rhdc.key files
Open the DOS window, enter the DNS directory, and use the Rndc-config.exe program to produce the Rndc.key.
Rndc-confgen-a (Rndc.key will be generated in the ETC directory after the run is completed)
Rndc-confgen > ... Etcrndc.conf
3.3 New named.conf main configuration file
Linux system installed BIND, there will be a named.conf module, and Windows system, there is no this file, so not familiar with bind friends, recommended reference to Linux under the format to write.
Enter etc directory, with Notepad (Notepad) built named.conf content as follows:
Copy Code code as follows:
ACL "Trust-lan" {127.0.0.1/8; 192.168.0.0/16;};
#全局参数设置, valid for the entire bind
Options {
Directory "C:\WINDOWS\SYSTEM32\DNS\ETC";
#recursion Yes;
Version "0.0.0"; #屏蔽版本
Allow-transfer {"Trust-lan";}; #允许trust IP from-lan to zone transfer from primary DNS
allow-notify {"Trust-lan";}; #从服务器接收主服务器的更新通知
allow-query {"Trust-lan";}; #允许普通查询
allow-recursion{"Trust-lan"}; #打开BIND递归查询功能
Auth-nxdomain No; #默认值为0, if yes, the AA bit will always be set to Nxdomain response
Forwarders {#把DNS请求转发至上一级DNS商
202.96.134.133;
202.103.96.112;
};
};
#这一段KEY内容来自rndc. conf, plus this section, Easy RNDC control DNS process
Include "C:\WINDOWS\system32\dns\etc\rndc.key";
Controls {
inet 127.0.0.1 Port 953
Allow {127.0.0.1} keys {"Rndc-key";};
};
Logging {
Channel warning #下面内容会介绍新建dns_warnings. txt and Dns_logs.txt
{file "C:\WINDOWS\system32\dns\log\dns_warnings.txt" versions 3 size 1240k;
Severity warning;
Print-category Yes;
Print-severity Yes;
Print-time Yes;
};
Channel General_dns
{file "C:\WINDOWS\system32\dns\log\dns_logs.txt" versions 3 size 1240k;
Severity info;
Print-category Yes;
Print-severity Yes;
Print-time Yes;
};
Category default {warning;};
Category queries {General_dns;};
};
Include "cnc.conf"; #将网通的IP地址范围数据, included in
View "VIEW_CNC" {#判断如果是网通的地址范围, this is done here (read Cnc.def file)
match-clients {CNC;};
Zone "." {
Type hint;
File "Named.root";
};
Zone "0.0.127.in-addr. ARPA "{
Type master;
File "Localhost.rev";
};
Include "C:\WINDOWS\system32\dns\etc\master\cnc.def"; #自定义域名, content in Cnc.def
};
View "View_any" {# To determine the IP address range of a non-netcom, then execute here (read Telecom.def file)
match-clients {any;};
Zone "." {
Type hint;
File "Named.root";
};
Zone "0.0.127.in-addr. ARPA "{
Type master;
File "Localhost.rev";
};
Include "C:\WINDOWS\system32\dns\etc\master\telecom.def";
};
3.4 Establish Unicom IP address ACL policy file
Establish cnc.conf files in windows\system32\dns\etc\
Cnc.conf contents are as follows:
Copy Code code as follows:
# 2012-03-19 11:50 by liuguohua.com
#
ACL "CNC" {
192.168.134.0/24;
192.168.145.0/24;
};
3.5 Custom Header File
Create a new master folder under C:\WINDOWS\system32\dns\etc
Create a new four file cnc.def,telecom.def under C:\WINDOWS\system32\dns\etc\master.
Cnc_qq.com.txt,tel_qq.com.txt.
Cnc.def Content
Copy Code code as follows:
Zone "Qq.com" {
Type master;
File "C:\WINDOWS\system32\dns\etc\master\cnc_qq.com.txt";
};
Telecom.def Content
Copy Code code as follows:
Zone "Qq.com" {
Type master;
File "C:\WINDOWS\system32\dns\etc\master\tel_qq.com.txt";
};
Cnc_qq.com.txt Content
Copy Code code as follows:
$TTL 3600
@ in SOA ns1.qq.com. Root.qq.com. (
2012031620;
3600;
900;
68400;
15);
@ in NS ns1.qq.com.
NS1 in A 192.168.145.228
www in A 112.90.180.1
Tel_qq.com.txt Content
Copy Code code as follows:
$TTL 3600
@ in SOA ns1.qq.com. Root.qq.com. (
2012031602;
3600;
900;
68400;
15);
@ in NS ns1.qq.com.
NS1 in A 192.168.145.228
www in A 119.145.254.1
3.6 Establishing the log file
Create a new log folder under C:\WINDOWS\system32\dns
Create a new two file under C:\WINDOWS\system32\dns\log dns_logs.txt,dns_warnings.txt
3.7 Bind Overall directory structure:
3.8 Start Service
3.8.1 Start bind
To the Windows Service Management tool, find the ISC bind service, right-click to start, you can see this server is started with the operating system to start automatically, starting with the account number is named.
3.8.2 View Log
Normal boot, the Dns_warnings.txt file size should be 0, if more than 0, there must be alarm or error and so on, open the view content.
You can also find information about named in Windows Event Viewer, and normally you should not see a red warning in the Type field.
3.9 Test
3.9.1 with nslookup validation in Windows
Query www.qq.com, verify that the smart DNS is valid, query www.sohu.com, and verify that DNS has forwarded requests to other DNS.
3.9.2 in Linux with dig validation
Query www.qq.com, verify that the smart DNS is valid, query www.sohu.com, and verify that DNS has forwarded requests to other DNS.
This test, from the picture to see all normal.
Iv. Ease of work
4.1 Send C:\WINDOWS\system32\dns A shortcut to the desktop, in the future to add a domain name or a record, directly on the desktop to find the file.
4.2 To create a reload_bind.bat file, add a record or domain name, double click the bat overload bind, you do not need to go to the management tool to restart the service, the content is as follows:
Copy Code code as follows:
@echo off
C:\WINDOWS\SYSTEM32\DNS\BIN\RNDC Reload
Pause
This article originates from the "System Network Operation Dimension" blog