BIND9私人DNS伺服器小環境搭建實驗 1. 伺服器基本配置 1) 主根伺服器 192.168.56.1012) 從根伺服器 192.168.56.1023) COM伺服器 192.168.56.1034) 解析伺服器 192.168.56.104 2. 編譯及安裝BI11:01 2013-8-22ND91) # tar xvf bind-9.6.1.tar.gz# cd bind-9.6.1# ./configure --prefix=/usr/local/named --enable-threads //開啟多執行緒能力# make && make install2) 從rndc.conf檔案中提取named.conf用的key# cd /usr/local/named# sbin/rndc-confgen > etc/rndc.conf#cd etc/# tail -10 rndc.conf | head -9 | sed s/#\//g > named.conf# cat named.conf [plain]key "rndc-key" { algorithm hmac-md5; secret "wk7NzsvLaCobiCFxHB2LXQ=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; 以上環境安裝設定在每台伺服器上是一樣的。 3. 配置主根伺服器 在IP為192.168.56.101的伺服器上1) 開啟named.conf, 添加如下內容# vi named.conf[plain]key "rndc-key" { algorithm hmac-md5; secret "wk7NzsvLaCobiCFxHB2LXQ=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/var/named/"; pid-file "/var/named/named.pid"; recursion no; }; zone "." IN { type master; file "db.root"; allow-transfer {192.168.56.102;}; }; 其中: recursion no; 關閉遞迴查詢。 allow-transfer {192.168.56.102;}; 允許地區傳送,且僅對給出的IP地址的伺服器 有效。 這裡192.168.56.102是我們的從根伺服器 2) 建立區設定檔# cd /var # mkdir named# cd named# touch db.root# vi db.root[plain]$TTL 86400 @ IN SOA @ root ( 12169 1m 1m 1m 1m ) . IN NS root.ns. root.ns. IN A 192.168.56.101 com. IN NS ns.com. ns.com. IN A 192.168.56.103 其中: com. IN NS ns.com. 這裡必須要授權出去, 否則遞迴解析時,將找不到類似 My.com 所對應的地址3) 啟動BIND 並測試# cd /usr/local/named# sbin/named -g &# dig @192.168.56.101 . NS[plain]root@simba-1:/var/named# dig @192.168.56.101 . NS ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 . NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10193 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 86400 IN NS root.ns. ;; ADDITIONAL SECTION: root.ns. 86400 IN A 192.168.56.101 ;; Query time: 19 msec ;; SERVER: 192.168.56.101#53(192.168.56.101) ;; WHEN: Wed Aug 21 07:15:38 2013 ;; MSG SIZE rcvd: 64 # dig @192.168.56.101 com. NS [plain]root@simba-1:/var/named# dig @192.168.56.101 com. NS ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 com. NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20443 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;com. IN NS ;; AUTHORITY SECTION: com. 86400 IN NS ns.com. ;; ADDITIONAL SECTION: ns.com. 86400 IN A 192.168.56.103 ;; Query time: 17 msec ;; SERVER: 192.168.56.101#53(192.168.56.101) ;; WHEN: Wed Aug 21 07:18:16 2013 ;; MSG SIZE rcvd: 65 4. 配置從根伺服器 在IP為192.168.56.102上1) 開啟named.conf, 添加如下內容# vi named.conf[plain]key "rndc-key" { algorithm hmac-md5; secret "JaHjteR5sZxVrMWWcOne9g=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/var/named"; pid-file "/var/run/named/named.pid"; transfer-format many-answers; recursion no; }; zone "." IN { type slave; file "db.root"; masters { 192.168.56.101; }; }; 其中: recursion no; 關閉遞迴查詢。 masters {192.168.56.101;}; 指明主伺服器地址,這樣就可以根據SOA中指定的重新整理時間去與主根同步 2) 建立區設定檔# cd /var # mkdir named從伺服器不需要手動建立 地區檔案。因為從伺服器會自動向主伺服器更新。 3) 啟動BIND 並測試# cd /usr/local/named# sbin/named -g & 等待一段時間,確定已經擷取到了區檔案# ls /var/named/ db.root # dig @192.168.56.102 . NS[plain]; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 . NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18918 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 86400 IN NS root.ns. ;; ADDITIONAL SECTION: root.ns. 86400 IN A 192.168.56.101 ;; Query time: 12 msec ;; SERVER: 192.168.56.102#53(192.168.56.102) ;; WHEN: Wed Aug 21 07:27:18 2013 ;; MSG SIZE rcvd: 64 # dig @192.168.56.102 com. NS [plain]root@simba-2:/usr/local/named/etc# dig @192.168.56.102 com. NS ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 com. NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17412 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;com. IN NS ;; AUTHORITY SECTION: com. 86400 IN NS ns.com. ;; ADDITIONAL SECTION: ns.com. 86400 IN A 192.168.56.103 ;; Query time: 19 msec ;; SERVER: 192.168.56.102#53(192.168.56.102) ;; WHEN: Wed Aug 21 07:35:10 2013 ;; MSG SIZE rcvd: 65 5. 配置COM伺服器 在伺服器192.168.56.103上 1) 開啟named.conf, 添加如下內容# vi named.conf[plain]key "rndc-key" { algorithm hmac-md5; secret "kMOStrdGYC5WmE1obk7LJg=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/var/named"; pid-file "/var/run/named/named.pid"; allow-query {any;}; recursion no; }; zone "." IN { type hint; file "db.root"; }; zone "com." IN { type master; file "db.com"; }; 其中: recursion no; 關閉遞迴查詢。 2) 建立區設定檔# cd /var # mkdir named# cd named# touch db.root# vi db.root[plain]$TTL 86000 @ IN SOA @ root ( 1 1m 1m 1m 1m ) . IN NS root.ns. root.ns. IN A 192.168.56.101 com. IN NS ns.com. ns.com. IN A 192.168.56.103 其中: com. IN NS ns.com. 這裡必須要授權出去, 否則遞迴解析時,將找不到類似 My.com 所對應的地址該檔案和主伺服器上的db.root一樣 # vi db.com[plain] $TTL 86400 @ IN SOA @ root ( 2 1m 1m 1m 1m ) com. IN NS ns.com. ns.com. IN A 192.168.56.103 my.com. IN A 192.168.56.201 3) 啟動BIND 並測試# cd /usr/local/named# sbin/named -g &# dig @192.168.56.103 com. NS[plain] root@simba-2:/usr/local/named/etc# dig @192.168.56.103 com. NS ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 com. NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19097 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;com. IN NS ;; ANSWER SECTION: com. 86400 IN NS ns.com. ;; ADDITIONAL SECTION: ns.com. 86400 IN A 192.168.56.103 ;; Query time: 21 msec ;; SERVER: 192.168.56.103#53(192.168.56.103) ;; WHEN: Wed Aug 21 07:45:15 2013 ;; MSG SIZE rcvd: 65 # dig @192.168.56.103 my.com. A[plain]root@simba-2:/usr/local/named/etc# dig @192.168.56.103 my.com. A ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 my.com. A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23466 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;my.com. IN A ;; ANSWER SECTION: my.com. 86400 IN A 192.168.56.201 ;; AUTHORITY SECTION: com. 86400 IN NS ns.com. ;; ADDITIONAL SECTION: ns.com. 86400 IN A 192.168.56.103 ;; Query time: 17 msec ;; SERVER: 192.168.56.103#53(192.168.56.103) ;; WHEN: Wed Aug 21 07:46:41 2013 ;; MSG SIZE rcvd: 84 6. 配置解析伺服器 在伺服器 192.168.56.104上 1) 開啟named.conf, 添加如下內容# vi named.conf[plain]key "rndc-key" { algorithm hmac-md5; secret "kMOStrdGYC5WmE1obk7LJg=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/var/named"; pid-file "/var/run/named/named.pid"; allow-query {any;}; recursion yes; allow-recursion {any;}; }; zone "." IN { type hint; file "db.root"; }; 其中: recursion yes; 開啟遞迴查詢。 allow-recursion {any;}; 也是開啟遞迴查詢的另一個方法,具體區別再次不表。 2) 建立區設定檔# cd /var # mkdir named# cd named# touch db.root# vi db.root[plain]$TTL 8600 @ IN SOA @ root ( 1 1m 1m 1m 1m ) . IN NS root.ns. root.ns. IN A 192.168.56.101 其中: 這裡只需給出根 的NS 和A 記錄即可 3) 啟動BIND 並測試# cd /usr/local/named# sbin/named -g & Dig 預設是發送遞迴查詢 # dig @192.168.56.104 com. SOA [plain] root@simba-2:/usr/local/named/etc# dig @192.168.56.104 com. SOA ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 com. SOA ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44824 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;com. IN SOA ;; ANSWER SECTION: com. 86358 IN SOA com. root.com. 2 60 60 60 60 ;; AUTHORITY SECTION: com. 86354 IN NS ns.com. ;; ADDITIONAL SECTION: ns.com. 86354 IN A 192.168.56.103 ;; Query time: 16 msec ;; SERVER: 192.168.56.104#53(192.168.56.104) ;; WHEN: Wed Aug 21 07:52:46 2013 ;; MSG SIZE rcvd: 106 可以看出 ;; flags: qr rd ra; 此處沒有aa, 表明是非 權威查詢 # dig @192.168.56.104 my.com. A[plain]root@simba-2:/usr/local/named/etc# dig @192.168.56.104 my.com. A ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 my.com. A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21228 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;my.com. IN A ;; ANSWER SECTION: my.com. 86286 IN A 192.168.56.201 ;; AUTHORITY SECTION: com. 86259 IN NS ns.com. ;; ADDITIONAL SECTION: ns.com. 86259 IN A 192.168.56.103 ;; Query time: 15 msec ;; SERVER: 192.168.56.104#53(192.168.56.104) ;; WHEN: Wed Aug 21 07:54:21 2013 ;; MSG SIZE rcvd: 84
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
