Bind 筆記

要點速記：

TTL為0時：所有DNS 不會緩存  TTL非0時：被查DNS會緩存  （RR方式多記錄也會被緩存） 查不到的域名也會緩存 一段時間查不到

# NS記錄  後面不可寫IP 隻可是域名

yum install bind caching-nameserver chroot

可選安裝bind-chroot...rpm

acl "corpnets" { 192.168.4.0/24; 192.168.7.0/24; };

泛解析方法: *    IN    A   73.23.12.44

allow-query { "corpnets"; };

match-clients { !192.168.0.120; !192.168.0.233; any; };

更新MASTER的ZONES時同時别忘更新SOA序列号

#name TTL

soft 3600  IN A 61.25.36.159

mail  IN MX 10 54.156.32.240

mail1  IN MX 20 54.156.32.241

mail2  IN MX 20 54.156.32.242

     # 數字小優先級高 相同有多個時RR

工具與指令：

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

#bind-chroot-admin

  -e | --enable:   enable the bind-chroot environment

  -d | --disable:  disable the bind-chroot environment

  -s | --sync:     sync files between the bind chroot and / environments,

                   so they are correct for the current state of the bind-chroot

                   (enabled / disabled)

rndc reconfig   #重載入named.conf and new zone files

rndc reload    

rndc reload example.com

#/etc/init.d/named {start|stop|status|restart|condrestart|reload|probe}

實驗項目：

正向解析DNS 反向解析DNS 智能DNS 主從DNS caching-DNS

環境：3台RHEL5 處在同一網段 （可用VMware）

裝包：bind bind-chroot caching-nameserver

主從DNS

master  ip:192.168.65.1

slave   ip:192.168.65.2

forward ip:192.168.65.3

client ip:192.168.65.101

*MASTER*

***********************************************************************

cd /var/named/chroot/etc/

cp -p named.caching-nameserver.conf named.conf

一

vim named.conf       # 修改為any

#---------------------------------------------------------

 listen-on port 53 { any; };

 allow-query     { any; };

view localhost_resolver {

        match-clients      { any; };

        match-destinations { any; };

二

#--追加如下至/etc/named.rfc1912.zones---------------------

zone "example.com" IN {

        type master;

        file "data/example.com.zone";   # 此檔案/var/named/chroot/var/named建立

        allow-update { 192.168.65.2; };   # 允許從DNS的更新

};

zone "65.168.192.in-addr.arpa" IN {

        file "192.168.65.in-addr.zone";   # 反解檔案位置

        allow-update { none; };

三

$TTL 86400   # 預設TTL

@ IN SOA         @      webmaster.example.com.  (

                                101; Serial Number

                                1H; Refresh Time

                                1M; Retry Time

                                1W; Expire Time

                                1D; Minimum Time to Live

);

@        IN NS ns1.example.com.

@        IN NS ns2.example.com.

@        IN NS ns3.example.com.

ns1     IN A 192.168.65.11

ns2     IN A 192.168.65.12

ns3     IN A 192.168.65.13

www   IN A 192.168.65.1

www   IN A 192.168.65.2

www   IN A 192.168.65.3

# 使用者将會随機以 1，2，3 和  2，3，1 和 3，1，2的順序得到解析結果。

# 大多數使用者會使用傳回的第一條紀錄而忽略掉其餘的紀錄。

# 注意！！ 不寫TTL時

mail  IN A 192.168.65.6

mail1 IN A 192.168.65.7

mail2 IN A 192.168.65.8

@ IN MX 5 mail.example.com.

@ IN MX 8 mail1.example.com.

@ IN MX 10 mail2.example.com.

----------------------------------------------------------

四

#-----反解ZONE檔案内容:192.168.65.addr--------------------

$TTL 86400

@ IN SOA ns.example.com. root (

                                1997022700      ; Serial

                                28800           ; Refresh

                                14400           ; Retry

                                3600000         ; Expire

                                86400 )         ; Minimum

        IN NS ns.example.com.

1       IN PTR ns.example.com.

3       IN PTR www.example.com.

*SLAVE*

# 修改為any

vim /etc/named.rfc1912.zones

-------------------------------------------------------

        type slave;      # 聲明類型為 從DNS

        masters { 192.168.65.1; };    # 主DNS的IP

        file "slaves/example.com.zone";    # 此檔案從DNS會從主DNS更新後自動建立

        type slave;

 masters { 192.168.65.1; };

        file "slaves/192.168.65.in-addr.zone";        

*FORWARD*CACHING*

******************************************************************************************

-----------------------------------------------

options {

allow-query { 192.168.0.0/24; };

forwarders { 192.168.22.250; };

forward only;

*******************************************************************************************

*智能DNS*

**********************************************************************************************************************************************

vim named.conf

-----------------------------------

listen-on port 53 { any; };

listen-on-v6 port 53 { any; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

query-source port 53;

query-source-v6 port 53;

allow-query { any; };

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

view tel {

match-clients { 192.168.0.120; };

match-destinations { any; };

recursion yes;

include "/etc/named.tel.zones";

view cnc {

match-clients { 192.168.0.233; };

include "/etc/named.cnc.zones";

view other {

include "/etc/named.rfc1912.zones";

------------------------------------------------

cp -p named.rfc1912.zones named.cnc.zones

cp -p named.rfc1912.zones named.tel.zones

----------------------------------

# named.CNC.zones

zone "sina.com" IN {

type master;

file "sina.com_CNC.zone";

allow-update { none; };

# named.TEL.zones

file "sina.com_TEL.zone";

-------------------------------

# named.OTHER.zones

file "sina.com_OTHER.zone";

*CHECK*

# 檢查配置檔案是否有文法錯誤

named-checkconf /var/named/chroot/etc/named.rfc1912.zones

named-checkconf /var/named/chroot/etc/named.caching-nameserver.conf

# 檢查uplooking.com這個區域的資料庫檔案有沒有文法錯誤

named-checkzone example.com /var/named/chroot/var/named/example.com.zone

named-checkzone example.com /var/named/chroot/var/named/0.168.192.in-addr.zone

service named start

netstat -ntl |grep 53

tail -f /var/named/chroot/var/named/data/named.run  # DNS日志位置

啟動服務并測試

用戶端 vim /etc/resolv.conf

 nameserver 192.168.65.3

# DIG HOST NSLOOKUP  # 查詢如果有問題請檢查iptables和SElinux