Linux上DNS上服务器只要是BIND,是伯克利大学开发的。下面是主要的安装以及配置,
yum install bind*
bind安装好之后主要的daemon是named,一般情况下会自动安装好bind-chroot,chroot的存在主要就是为了保护系统的安全性,就算bind被黑了,黑客也只能在chroot的目录里面活动,有点vsftpd里的味道,但是不相同。
bind通用配置文件
/etc/named.conf
bind通过对每个域名和IP映射关系形成
zone
来工作,每个zone的配置文件在
/var/named/
下面,由于使用了
chroot
,bind会把 / 变更到 /var/named/chroot 下(默认yum安装好的情况),也就是说
/etc/named.conf <==> /var/named/chroot/etc/named.conf
/var/named/ <==> /var/named/chroot/var/named/
可以测试下,启动了bind-chroot之后,你对/etc/named.conf修改会同步到/var/named/chroot/etc/named.conf ,同样的也适用于/var/named/ 下的zone配置文件
下面介绍下named.conf
================================================================================
|
1
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
//named.conf options { //通用配置 listen – on port 53 { 127.0.0.1 ; } ; listen – on – v6 port 53 { :: 1 ; } ; directory “/var/named” ; dump – file “/var/named/data/cache_dump.db” ; statistics – file “/var/named/data/named_stats.txt” ; memstatistics – file “/var/named/data/named_mem_stats.txt” ; allow – query { localhost ; } ; recursion yes ; dnssec – enable yes ; dnssec – validation yes ; dnssec – lookaside auto ; /* Path to ISC DLV key */ bindkeys – file “/etc/named.iscdlv.key” ; managed – keys – directory “/var/named/dynamic” ; } ; logging { channel default_debug { file “data/named.run” ; severity dynamic ; } ; } ; zone “.” IN { //定义根域的zone,对应的 /var/named/named.ca 列出所有根域名服务器 type hint ; file “named.ca” ; //可以在 /usr/share/doc/bind-9.8.2/sample/var/named/ 获取named.ca模板 } ; zone “localhost” IN { //定义“localhost”的zone,对应 /var/named/named.localhost type master ; //master 就是主DNS Server file “named.localhost” ; } ; zone “0.0.127.in-addr.arpa” IN { type master ; file “named.127.0.0” ; } ; include “/etc/named.root.key” ; //以上可以是默认的基本配置,下面添加一个zone,域名是fire.net zone “fire.net” IN { type master ; file “fire.zone” ; } ; |
================================================================================
本地正向解析文件 /var/named/named.localhost
|
1
2 3 4 5 6 7 8 9 |
$TTL
3600 @ IN SOA localhost. root . localhost . ( ; @就是代表对应 / etc / named. conf zone对应的名字 zone “xxx” 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS localhost. ; IN 代表一条资源记录(RR),NS = NameServer 代表DNS Server localhost. IN A 127.0.0.1 ; A 是正向解析的标志, [ hostname ] IN A [ IP ] 代表该主机对应该IP |
本地反向解析文件 /var/named/named.127.0.0
|
1
2 3 4 5 6 7 8 9 |
$TTL
600 @ IN SOA localhost. root . localhost . ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS localhost. 1 IN PTR localhost. ; PTR为反向解析,与上面的 A 标志对应 |
上面是基本配置,可以作为模块,下面是/var/named/fire.zone的配置。
|
1
2 3 4 5 6 7 8 9 10 11 12 |
$TTL
3600 @ IN SOA fire. net . root . localhost . ( ; 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS localhost. ; @ 就是 fire. net ( zone指定 ) , 寻找fire. net 则向主机(NS)localhost. 发出查询 localhost. IN A 127.0.0.1 ; NS对应的IP记录 www IN A 1.1.1.1 ; 这里就是真正的主机名的解析,www自动扩展成 www. fire . net FTP IN A 2.2.2.2 ; FTP. fire . net |
注意:对于/var/named下面的zone配置文件,
宿主都必须是 root:named
(chown
root:named
zone_file)!!!
bind的daemon主要是named
-
bind服务器启动 /etc/init.d/named start
-
bind服务器停止 /etc/init.d/names stop
测试
vim /etc/resolv.conf
nameserver 127.0.0.1
[root@localhost named]# nslookup
> server
Default server: 127.0.0.1
Address: 127.0.0.1#53
> localhost
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: localhost
Address: 127.0.0.1
> 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
1.0.0.127.in-addr.arpa name = localhost.
> www.fire.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.fire.net
Address: 1.1.1.1
> FTP.fire.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: FTP.fire.net
Address: 2.2.2.2
以上为完整的搭建流程!