Write in front
Redhat5.8 for the environment, bind and bind-chroot are mainly related to
dns. bind-chroot will change the configuration directory of bind to improve the security of the dns server. The basic configuration mainly includes the configuration of named.conf, the configuration of forward analysis records and reverse analysis records. Analysis records generally include A records, www, dns, ftp, mail, etc.
Install bind, bind-chroot
Check whether the system has installed the corresponding software.
rpm -q bind
rpm -q bind-chroot
I just didn't install it, bind-libs, and bind-utils come with the system.
installation
yum install bind
yum install bind-chroot
After the installation is complete, query all files contained in the installed package
rpm -ql bind
rpm -ql bind-chroot
Basic
DNS configuration
Set the domain name to dnstest.com, the network address to 192.168.64.0/24, add dns, www, ftp host name, add alias record, the IP address corresponding to these hosts is the IP address of your own machine, and add the corresponding PTR record to the reverse zone file .
The dns server address is the IP address of this machine: 192.168.64.130
Find the right place, give the right name, write the right content
Write the main configuration file, copy the following content directly, and change the corresponding content.
Note that the path of this file is not "/var/named", but is as follows:
Because of bind-chroot, all configuration files related to bind are in the class root directory of the chroot/ path. There are only configurations related to bind, which is more secure.
[root@localhost etc]# pwd
/var/named/chroot/etc
options{
directory "/var/named";
};
zone "dnstest.com." IN {
type master;
file "dnstest.zone";
};
zone "64.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
};
The specific explanation is as follows:
options{
directory "/var/named";
};
Specific information meaning:
options defines the global configuration options of the server, there can only be one in a named.conf file
directory "/var/named"; The storage location of the zone file, and /var/named here is under the /var/named/chroot/var/named directory by default
zone “dnstest.com.” IN {
type master;
file "dnstest.zone";
};
The zone statement is used to define a zone, where information such as the domain name, DNS server type, and zone file name must be specified. This is a forward record.
zone “64.168.192.in-addr.arpa” IN {
type master;
file "reverse.zone";
};
This is a reverse record. Remember, the ip in front of "64.168.192.in-addr.arpa" should be written backwards, it turned out to be 192.168.64. It must be written as 64.168.192.
Pay attention to the dot behind com, it must not be missing.
Write forward analysis data file
File directory: /var/named/chroot/var/named/dnstest.zone
$TTL 86400
@ IN SOA dns.dnstest.com. root.dnstest.com. (
2015111701
3H
15M
1W
1D)
IN NS dns.dnstest.com.
dns IN A 192.168.64.130
www IN A 192.168.64.2
ftp IN A 192.168.64.131
The specific explanation is as follows:
@: Specify the domain name
dns.dnstest.com. The host name, ending with ., represents the complete host name
root.dnstest.com. Administrator's email address
IN: indicates that the resource record uses the TCP/IP address
The () part specifies the values of various options in the SOA record, which are mainly used when synchronizing data with the auxiliary domain name server. About several time explanations, (from top to next comparison):
Serial: Serial number, every time the file is updated, the serial number should be increased, mainly using the automatic update of master/slave mode. The format is usually "year, month, day + modification order" (but it doesn't have to be the case, you just need to remember it). When the slave (secondary domain name server) wants to synchronize data, it will compare this number. If it is found that the number here is "larger" than the value there, update it, otherwise ignore it. But there is one thing you should pay attention to when setting serial: no more than 10 digits!
Refresh: This is to tell the slave how often to synchronize the data (whether to synchronize or not depends on the comparison result of Serial).
Retry: If the slave fails to update, how long does it take to retry?
Expire: This is the record expiration time: when the slave has failed to get in touch with the master, it will give up the retry here, and the data here will also be marked as expired (expired).
Minimum: Specify the time that the resource record information is stored in the cache. This is the minimum preset TTL value. If you did not define it with "$TTL" before, this value will prevail.
NS record: name server, indicates the host name of the DNS server in the zone, and is also an indispensable resource record in the zone file.
Write reverse analysis data file
File directory: /var/named/chroot/var/named/reverse.zone
$TTL 86400
@ IN SOA dns.dnstest.com. root.dnstest.com. (
2015111701
3H
15M
1W
1D)
IN NS dns.dnstest.com.
130 IN PTR dns.dnstest.com.
2 IN PTR www.dnstest.com.
131 IN PTR ftp.dnstest.com.
Start the DNS server
service named start
service named restart
Change the local DNS server address
/etc/resolv.conf, this file is the DNS client configuration file, just modify the address of nameserver to the address of the dns server you just configured.
Test DNS server
The commands for testing DNS are nslookup, host, dig, the most commonly used nslookup, which can also be used under windows.
Resource records
CNAME CNAME
After adding the CNAME record for www.dnstest.com as follows, www.dnstest.com can be accessed with abc.dnstest.com.
abc IN CNAME www.dnstest.com.
Mail analysis record
host -t dnstest.com Use this command to test mail exchange records.
mail IN A [ip add (mail server address)]
dnstest.com. IN MX 10 mail.dnstest.com.
DNS other configuration
Pan-domain name resolution record
All the resolution records that are not included all point to the following IP address.
*.dnstest.com. IN A IP address
Realize direct resolution of domain names
Visit the IP address resolved by dnstest.com directly.
dnstest.com. IN A [IP address]
Implement load balancing function
The content of the three FTP servers is the same. The DNS server will return different analysis results for each ftp.dnstest.com query of the customer in order, and guide the customer's visit to different computers, so that the customer can visit different servers. as follows:
ftp IN A 192.168.64.50
ftp IN A 192.168.64.51
ftp IN A 192.168.64.52
DNS secondary domain name server configuration
The secondary domain name server only needs to modify the named.conf file and does not need to create a zone file, because the zone file will be automatically copied from the primary domain name server to the slave directory of the secondary domain name server.
named.conf
options{
directory "/var/named";
};
zone "zhoudi.com." IN {
type slave;
file "slaves/forward analysis (custom).zone";
masters {ip of master dns;};
};
zone "132.17.172.in-addr.arpa" IN {
type slave;
file "slaves/reverse analysis (custom).zone";
masters {ip of master dns;};
};
