Linux BIND9 Configuration

Configure DNS server under Linux: domain name software: Bind # berkely Internet Name Domain bind:/etc/named.conf:root:named/var/n amed/: Working directory configuration file:/etc/named.conf Options {#全局配置 directory "/var                    /named ";                }; Zone "."  in {type hint;                # (Master-and-live slave, from cache foward, forwarder) file "named.ca"};                        Zone "localhost" in {type Master;                    File "Localhost.zone";                };                        Zone "0.0.127.in-addr.arpa" in {type Master;                    File "Named.local";                }; Dig-t NS.                >> named.ca # stored in/var/named/directory "" "Configuration format: Macro definition: $TTS $ORIGIN SOA: Demo.com. (domain) the (TTS value) in (keyword) SOA (type) ns.demo.com. (Primary DNS server domain name) admin.demo.com. Mailbox                   (         2014081201 # version Number 20M # every 20 minutes Check 5M # access to primary DNS is not appropriate, and then every 5 minutes requests                        5D # 5 days later no corresponding announcement failed 1D # no record requests let the requestor cache within 1day don't come over and ask (negative answer) ) NS:demo.com.                In NS ns1.demo.com.                Demo.com. In NS ns2.demo.com. Ns1.demo.com. In A 1.1.1.1 ns2.demo.com. In A 1.1.1.2 MX:demo.com.                In MX ten mail.demo.com. mail.demo.com. 1.1.1.3 "" "Localhost.zone file Configuration (/etc/named/localhost.zone)" # (with/et c/named.conf localhost corresponds) $TTS. In SOA localhost. Admin.localhost.                (2014081201 1H 10M 1W 1D                ) in NS localhost. localhost.           In A 127.0.0.1     Name.local file configuration (/etc/named/name.local reverse parsing file) "$TTS @ SOA Lo Calhost.                            Admin.localhost (2014081201 10H 10M 1w 1D) localhost.                In NS localhost.            1 in PTR localhost.                                Add DNS resolution for a particular domain 1. Edit the/etc/named.conf file add a zone "demo.com" in {                                Type master;                            File "/var/named/demo.com.zone";                };                    2. Edit/var/named/demo.com.zone file $TTS $ORIGIN demo.com. @ in SOA NS admin.demo.com.                                (2014081201 1H 10M                1W                1D) @ in NS ns.demo.com.                    In MX ten mail ns in a 1.1.1.1 mail with a 1.1.1.2 www in a 1.1.1.3                                   FTP in a 1.1.1.4 IMAP in a 1.1.1.3 pops in CNAME Mail                Check configuration file 1.named-checkzone "zone" Zone-file 2.service named Configtest    3.dig-t AXFR domain.com #返回所有区域传送数据Client----> DNS server/etc/resolv.conf nameserver Server        Local Cache---/etc/hosts DNS server (luowen.com) DNS server 1. If the query request is a local-responsible zone, you want to return the results by querying the zone data file 2. If the query request is not the local responsible area, check cache 3. If the cache is not present, the request DNS type is initiated to the root: 1. Primary DNS: (first DNS resolution etc:luowen.com for a zone) 2. Secondary DNS: (provides Same service DNS server with primary DNS, each time go to master server to get the latest data) 3.hint root service 4.forward forwarding server ' zone ' FORWARD.C Om ' in{type FOrward;                    Forwarders {1.1.1.1;};            }; "Forwarding type: 1.first: Forwarding machine did not respond, to find the root 2.only: Forwarding machine no agent, I do not do anything. DNS remote controller: #/ETC/BI nd9/rndc.conf rndc:1.stop 2.status 3.start 4.reload 5.freez            e config Rndc:1.rndc-confgen >>/etc/bind/rndc.conf # Generate RNDC file, default does not have this file 2. Add a paragraph to the naned.conf (complete)                Key "Rndc-key" {algorithm hmac-md5;            Secret "mehp3esupzvzzvk1rfuueg==";            };                Options {Default-key "Rndc-key";                Default-server 127.0.0.1;            Default-port 953;            }; 3.RNDC Common command: 1.start # start Service 2.stop # Stop Service 3.reload # reload 4.re Load Zone # Reload zone Fast 5.reconfig # Reload Modify the configured 6.status # status information add statistics in the Named.conf Options section to add Statstic-file "/var/namEd/data/stats ", if you want to listen to the specified IP segment add listen-on {ip1; ip2;};                                 7.flush # Empty the cache from the DNS server configuration: 1. Another server is configured as the current server: different: Zone ' primary domain Server zone ' in {                                Type slave;                                Masters {192.168.1.109;};                            File "/var/named/slave/primary domain server. Zone";            };                2.allow-transfer {IP;} # only allow IP hosts to the primary DNS that to the data, the definition options segment represents all domains, defined in the zone segment, represents a zone effective 3. Access list: #定义在options段前                        ACL Slaves-our {127.0.0.1;                        192.168.1.1;                        192.168.1.109;                        } ACL slave-clients {172.168.0.0/16;            }; 4.dns recursive configuration: 1. Recursion no is configured in the Options section, which means that all non-recursive 2. allow-recursion {slave-client} #定义在client中的地址在本机递归解析 DNS subdomain authorization: 1. First-level domain configuration: zone "de Mo.com "in {#/etc/name.conf Type master;                            File "/var/named/demo.com.zone";                    };                        #/var/named/demo.com.zone $TTL $ORIGIN demo.com. In SOA NS admin. (2014081601 1H 1                        0M 1W 1D);                    In NS NS-a xxx.xxx.x.x www in a xxx.x.x.x. It in NS ns.it ns.it in A yyy.yyy.y.y 2. Two level domain configuration: zone "It.dem                            O.com "In {#/etc/it.demo.com type master;                        File "/var/named/it.demo.zone";                        }; } $TTL 600 $ORIGIN it.demo.com. @ in SOA NS admin.                        (2014081601 1H 10M 1W                1D); @ in NS NS NS in A xxx.xx.xx dns:view (#172.16.xx. Resolution to 172.168.1.1 192.168.xx.xx corresponds to 192.158.1.                        1) 1. Configuration:/etc/named.conf ACL lnet {172.16.0.0/16;                    127.0.0.0/8;                };                    Options {directory "/var/named";                };                        View internet{#内网访问 match-clients {lnet;};                        recursion Yes; Zone "."                                in {type hint;                            File "/var/named/name.ca";                        };             Zone "localhost" in {type Master;                   File "/var/named/localhost.zone";                        };                                Zone "0.0.127.in-addr.arpa" in {type Master;                            File "/var/named/named.local";                        };                                Zone "demo.com" in {type Master;                                File "/var/named/demo.com.internet.zone";                                Allow-transfer {none;};                            allow-update {noen;};                    };                };                        View External {match-client {any;};                        Recursion No;                                Zone "demo.com" in {type Master;                                File "/var/named/demo.com.external.zone";                                Allow-transfer {none;};           allow-recursion {none;};                     allow-update {none;};                    }} 2. Configure/var/named/demo.com.internet.zone $TTL 600                        $ORIGIN demo.com. In SOA NS admin.demo.com.                                (2014081701 1H 10M                        1W 1D); In NS NS in a 172.16.0.254 www in a 172.16.1.1 configuration/var/                        Named/demo.com.external.zone $TTL $ORIGIN demo.com. In SOA NS admin.demo.com.                                (2014081701 1H 10M                        1W 1D); In NS NS in A 172.16.1.254; two NICs on the same server www in A 192.168.1.1 compile and install bind:1. Download the installation package, unzip it./configure--s Ysconfdir=/etc--disable-ipv6--enable-largefile--enable-thread=no--prefix=/usr/local/named-- Disable-openssl-version-check--localstatedir=/var