1.overview
a.packages:
bind #主程序
bind-libs #库
bind-utils #查询工具
bind-chroot #chroot
b.port: udp(53)-->request,
tcp(53)-->synchronize date between master and slaveserver
c.script:/etc/init.d/named
d.configurationfile:
/etc/named.conf #主配置文件
/etc/named/ #额外的配置文件,会被named.conf读取
/etc/sysconfig/named #chroot额外参数
e.working directory:
/var/named/
/var/named/chroot/var/named/
2.tools
a.host
host [-a] FQDN [server]
b.nslookup
server
set type=any|mx
c.dig [options] FQDN [@server]
d.whois #查询域名所有者信息
3.configuration
a.cache-only DNS
#在预设的情况下,这个文件会去读取/etc/named.rfc1912.zones 所以请记得要修改成底下的样式啊!
options
{
listen-on port 53 { any; }; //可不设定,代表全部接受
directory "/var/named"; //数据库默认放置的目录所在
dump-file "/var/named/data/cache_dump.db"; //一些统计信息
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query { any; }; //可不设定,代表全部接受
recursion yes; //将自己视为客户端的一种查询模式
forward only; //可暂时不设定
forwarders { //是重点!
168.95.1.1; //先用中华电信的 DNS 当上层
139.175.10.20; //再用 seednet 当上层
};
}; //最终记得要结尾符号!
#注:启动服务是提示Generating/etc/rndc.key:
#解决方案:生成rndc.key文件:rndc-confgen-r /dev/urandom -a (权限)
b.主区域DNS设置
1.修改主配置文件:添加如下行 //option配置参考cache-only
zone "solo.com" IN {
type master; #区域类型,可为hint(链接),master(主),slave(从)
file"zone.solo.com"; #区域文件
}; //正向解析域
zone"1.16.172.in-addr.arpa" IN {
typemaster;
file "zone.172.16.1";
};反向解析域
2.建立并修改区域文件
a.zone.solo.com
$TTL 1D #记录的默认生存时间,对缓存dns服务器来说
@ IN SOA dns1.solo.com. admin.solo.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns1.solo.com.
dns1 IN A 192.168.1.1
web.solo.com. IN A 192.168.1.2
ftp IN CNAME web.solo.com.
@ IN MX 10 192.168.1.3
b.zone.172.16.1
1D ; refresh
1W ; expire
1 IN PTR dns1.solo.com.
2 IN PTR web.solo.com.
3 IN PTR solo.com.
3.重启服务,放行防火墙,测试
c.辅助DNS设置
1.在主DNS服务器的区域配置中添加:
type master;
file"zone.solo.com";
allow-transfer {172.16.1.40; };
};
zone "1.16.172.in-addr.arpa" IN {
file"zone.172.16.1";
2.在相应的区域文件中添加ns记录
a. zone.solo.com
IN NS dns2.solo.com.
dns2 IN A 172.16.1.40
IN NS dns2.solo.com.
3.配置从服务器主配置文件
zone "centos.vbird" IN {
type slave;
file"slaves/named.centos.vbird";
masters {192.168.100.254; };
zone "100.168.192.in-addr.arpa" IN {
file "slaves/named.192.168.100";
4.配置防火墙,tcp53用于master和slave之间的数据同步
d.子域的设置
1. 在上层dns的区域文件中添加下层dns的ns和A记录就可
xu.solo.com. IN NS dns1.xu.solo.com.
dns1.xu.solo.com IN A 172.16.1.40
2.在下层dns服务器的主配置文件中添加
zone "xu.solo.com" IN {
file"zone.xu.solo.com";
3.在下层dns服务器配置区域文件
$TTL 1D
@ IN SOA dns1.xu.solo.com. admin.xu.solo.com. (
3 ; serial
1D ; refresh
1H ; retry
IN NS dns1.xu.solo.com.
dns1 IN A 172.16.1.40
www IN A 172.16.1.40
ftp IN CNAME www.xu.solo.com.
4.测试
e.智能DNS(view)
1.书写acl访问列表(可在在文件中,之后用include写入主配置文件.可也直接在主配置文件中书写)
acl intranet { 192.168.100.0/24; }; //针对 intranet 给予的来源 IP指定
acl internet { ! 192.168.100.0/24; any; }; //加上惊叹号 (!) 代表反向选择的意思
2.在主配置文件中书写view语句(所有区域文件都应包含进view语句中,不懂view语句中的区域文件名和内容不同)
view "lan" { //只是一个名字,代表的是内网
match-clients {"intranet"; }; //吻合这个来源的才使用底下的 zone
zone "." IN {
type hint;
file"named.ca";
zone"centos.vbird" IN {
type master;
file"named.centos.vbird";
allow-transfer {192.168.100.10; };
zone"100.168.192.in-addr.arpa" IN {
file"named.192.168.100";
include "/etc/named.rfc1912.zones";
};
view "wan" { //同样,只是个名字而已!
match-clients {"internet"; }; //代表的则是外网的 internet 来源
file"named.centos.vbird.inter"; //档名必须与原有的不同!
// 外网因为没有使用到内网的 IP,所以 IP 反解部分可以不写于此
};
3.修改不同区域文件中主机对应
f.智能DNS主从同步
1. 在主服务器上生成key,并复制到从服务器相应目录下(scp)
# rndc-confgen -a -c/etc/intranel.key -k intranel //时间较长,一分钟左右
# rndc-confgen -a -c/etc/internel.key -k internel
# scp int* [email protected]:/etc/
2. 配置主服务器named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query-cache { any; };
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
acl intranet {172.16.10.30; };
//定义客户端范围,可写入文件后使用include调用,intranet只是名称
acl internet {172.16.10.40; };
view "lan" {
//lan为视图名称
match-clients {"intranet";key intranel; };
server 172.16.10.20 { keysintranel; }; //从服务器地址
zone "." IN {
type hint;
file "named.ca";
zone "single.com" IN {
type master;
file"lan.single.com.zone";
allow-transfer { key intranel;172.16.10.20; };
include"/etc/named.rfc1912.zones";
view "wan" {
match-clients {"internet";key internel; };
server 172.16.10.20 {keys internel; };
file"wan.single.com.zone";
allow-transfer { key internel;172.16.10.20; };
include"/etc/named.root.key";
include"/etc/rndc.key";
include"/etc/intranel.key";
include"/etc/internel.key";
3. 配置 从服务器named.conf
listen-on port 53 { any; };
memstatistics-file"/var/named/data/named_mem_stats.txt";
key "internel"{
algorithm hmac-md5;
secret"blI8tfLnXCApoRgLVmu4Ug==";
key "intranel"{
secret "bjDNCEoCJl5+rdw1w5xSQA==";
acl intranet {172.16.10.30; };
server 172.16.10.10 { keys intranel; };
type slave;
file"slaves/lan.single.com.zone";
masters { 172.16.10.10; };
zone "xu.single.com" IN {
file"xu.single.com.zone";
match-clients {"internet";keyinternel; };
server 172.16.10.10 { keys internel; };
file"slaves/wan.single.com.zone";
masters { 172.16.10.10; };
![node-request()[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)