Linux上DNS上伺服器只要是BIND,是伯克利大學開發的。下面是主要的安裝以及配置,
yum install bind*
bind安裝好之後主要的daemon是named,一般情況下會自動安裝好bind-chroot,chroot的存在主要就是為了保護系統的安全性,就算bind被黑了,駭客也只能在chroot的目錄裡面活動,有點vsftpd裡的味道,但是不相同。
bind通用設定檔 /etc/named.conf
bind通過對每個網域名稱和IP映射關係形成zone來工作,每個zone的設定檔在 /var/named/ 下面,由於使用了chroot,bind會把 / 變更到 /var/named/chroot 下(預設yum安裝好的情況),也就是說
/etc/named.conf <==> /var/named/chroot/etc/named.conf
/var/named/ <==> /var/named/chroot/var/named/
可以測試下,啟動了bind-chroot之後,你對/etc/named.conf修改會同步到/var/named/chroot/etc/named.conf ,同樣的也適用於/var/named/ 下的zone設定檔
下面介紹下named.conf
//named.conf
options { //通用配置
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN { //定義根域的zone,對應的 /var/named/named.ca 列出所有根網域名稱伺服器
type hint;
file "named.ca"; //可以在 /usr/share/doc/bind-9.8.2/sample/var/named/ 擷取named.ca模板
};
zone "localhost" IN { //定義“localhost”的zone,對應 /var/named/named.localhost
type master; //master 就是主DNS Server
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.127.0.0";
};
include "/etc/named.root.key";
//以上可以是預設的基本配置,下面添加一個zone,網域名稱是fire.net
zone "fire.net" IN {
type master;
file "fire.zone";
};
本地正向解析檔案 /var/named/named.localhost
1
2
3
4
5
6
7
8
9
$TTL 3600
@ IN SOA localhost. root.localhost. ( ; @就是代表對應/etc/named.conf zone對應的名字 zone "xxx"
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS localhost. ; IN 代表一條資源記錄(RR),NS = NameServer 代表DNS Server
localhost. IN A 127.0.0.1 ; A 是正向解析的標誌,[hostname] IN A [IP] 代表該主機對應該IP
本地反向解析檔案 /var/named/named.127.0.0
1
2
3
4
5
6
7
8
9
$TTL 600
@ IN SOA localhost. root.localhost. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS localhost.
1 IN PTR localhost. ; PTR為反向解析,與上面的 A 標誌對應
上面是基本配置,可以作為模組,下面是/var/named/fire.zone的配置。
1
2
3
4
5
6
7
8
9
10
11
12
$TTL 3600
@ IN SOA fire.net. root.localhost. ( ;
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS localhost. ; @ 就是 fire.net(zone指定),尋找fire.net則向主機(NS)localhost. 發出查詢
localhost. IN A 127.0.0.1 ; NS對應的IP記錄
www IN A 1.1.1.1 ; 這裡就是真正的主機名稱的解析,www自動擴充成 www.fire.net
FTP IN A 2.2.2.2 ; FTP.fire.net
注意:對於/var/named下面的zone設定檔,宿主都必須是 root:named (chown root:namedzone_file)!!!
bind的daemon主要是named
bind伺服器啟動 /etc/init.d/named start
bind伺服器停止 /etc/init.d/names stop
測試
vim /etc/resolv.conf
nameserver 127.0.0.1
[root@localhost named]# nslookup
> server
Default server: 127.0.0.1
Address: 127.0.0.1#53
> localhost
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: localhost
Address: 127.0.0.1
> 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
1.0.0.127.in-addr.arpa name = localhost.
> www.fire.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.fire.net
Address: 1.1.1.1
> FTP.fire.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: FTP.fire.net
Address: 2.2.2.2
以上為完整的搭建流程!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
