1.overview
a.packages:
bind #主程式
bind-libs #庫
bind-utils #查詢工具
bind-chroot #chroot
b.port: udp(53)-->request,
tcp(53)-->synchronize date between master and slaveserver
c.script:/etc/init.d/named
d.configurationfile:
/etc/named.conf #主配置檔案
/etc/named/ #額外的配置檔案,會被named.conf讀取
/etc/sysconfig/named #chroot額外參數
e.working directory:
/var/named/
/var/named/chroot/var/named/
2.tools
a.host
host [-a] FQDN [server]
b.nslookup
server
set type=any|mx
c.dig [options] FQDN [@server]
d.whois #查詢域名所有者資訊
3.configuration
a.cache-only DNS
#在預設的情況下,這個檔案會去讀取/etc/named.rfc1912.zones 是以請記得要修改成底下的樣式啊!
options
{
listen-on port 53 { any; }; //可不設定,代表全部接受
directory "/var/named"; //資料庫預設放置的目錄所在
dump-file "/var/named/data/cache_dump.db"; //一些統計資訊
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query { any; }; //可不設定,代表全部接受
recursion yes; //将自己視為用戶端的一種查詢模式
forward only; //可暫時不設定
forwarders { //是重點!
168.95.1.1; //先用中華電信的 DNS 當上層
139.175.10.20; //再用 seednet 當上層
};
}; //最終記得要結尾符号!
#注:啟動服務是提示Generating/etc/rndc.key:
#解決方案:生成rndc.key檔案:rndc-confgen-r /dev/urandom -a (權限)
b.主區域DNS設定
1.修改主配置檔案:添加如下行 //option配置參考cache-only
zone "solo.com" IN {
type master; #區域類型,可為hint(連結),master(主),slave(從)
file"zone.solo.com"; #區域檔案
}; //正向解析域
zone"1.16.172.in-addr.arpa" IN {
typemaster;
file "zone.172.16.1";
};反向解析域
2.建立并修改區域檔案
a.zone.solo.com
$TTL 1D #記錄的預設生存時間,對緩存dns伺服器來說
@ IN SOA dns1.solo.com. admin.solo.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns1.solo.com.
dns1 IN A 192.168.1.1
web.solo.com. IN A 192.168.1.2
ftp IN CNAME web.solo.com.
@ IN MX 10 192.168.1.3
b.zone.172.16.1
1D ; refresh
1W ; expire
1 IN PTR dns1.solo.com.
2 IN PTR web.solo.com.
3 IN PTR solo.com.
3.重新開機服務,放行防火牆,測試
c.輔助DNS設定
1.在主DNS伺服器的區域配置中添加:
type master;
file"zone.solo.com";
allow-transfer {172.16.1.40; };
};
zone "1.16.172.in-addr.arpa" IN {
file"zone.172.16.1";
2.在相應的區域檔案中添加ns記錄
a. zone.solo.com
IN NS dns2.solo.com.
dns2 IN A 172.16.1.40
IN NS dns2.solo.com.
3.配置從伺服器主配置檔案
zone "centos.vbird" IN {
type slave;
file"slaves/named.centos.vbird";
masters {192.168.100.254; };
zone "100.168.192.in-addr.arpa" IN {
file "slaves/named.192.168.100";
4.配置防火牆,tcp53用于master和slave之間的資料同步
d.子域的設定
1. 在上層dns的區域檔案中添加下層dns的ns和A記錄就可
xu.solo.com. IN NS dns1.xu.solo.com.
dns1.xu.solo.com IN A 172.16.1.40
2.在下層dns伺服器的主配置檔案中添加
zone "xu.solo.com" IN {
file"zone.xu.solo.com";
3.在下層dns伺服器配置區域檔案
$TTL 1D
@ IN SOA dns1.xu.solo.com. admin.xu.solo.com. (
3 ; serial
1D ; refresh
1H ; retry
IN NS dns1.xu.solo.com.
dns1 IN A 172.16.1.40
www IN A 172.16.1.40
ftp IN CNAME www.xu.solo.com.
4.測試
e.智能DNS(view)
1.書寫acl通路清單(可在在檔案中,之後用include寫入主配置檔案.可也直接在主配置檔案中書寫)
acl intranet { 192.168.100.0/24; }; //針對 intranet 給予的來源 IP指定
acl internet { ! 192.168.100.0/24; any; }; //加上驚歎号 (!) 代表反向選擇的意思
2.在主配置檔案中書寫view語句(所有區域檔案都應包含進view語句中,不懂view語句中的區域檔案名和内容不同)
view "lan" { //隻是一個名字,代表的是内網
match-clients {"intranet"; }; //吻合這個來源的才使用底下的 zone
zone "." IN {
type hint;
file"named.ca";
zone"centos.vbird" IN {
type master;
file"named.centos.vbird";
allow-transfer {192.168.100.10; };
zone"100.168.192.in-addr.arpa" IN {
file"named.192.168.100";
include "/etc/named.rfc1912.zones";
};
view "wan" { //同樣,隻是個名字而已!
match-clients {"internet"; }; //代表的則是外網的 internet 來源
file"named.centos.vbird.inter"; //檔名必須與原有的不同!
// 外網因為沒有使用到内網的 IP,是以 IP 反解部分可以不寫于此
};
3.修改不同區域檔案中主機對應
f.智能DNS主從同步
1. 在主伺服器上生成key,并複制到從伺服器相應目錄下(scp)
# rndc-confgen -a -c/etc/intranel.key -k intranel //時間較長,一分鐘左右
# rndc-confgen -a -c/etc/internel.key -k internel
# scp int* [email protected]:/etc/
2. 配置主伺服器named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query-cache { any; };
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
acl intranet {172.16.10.30; };
//定義用戶端範圍,可寫入檔案後使用include調用,intranet隻是名稱
acl internet {172.16.10.40; };
view "lan" {
//lan為視圖名稱
match-clients {"intranet";key intranel; };
server 172.16.10.20 { keysintranel; }; //從伺服器位址
zone "." IN {
type hint;
file "named.ca";
zone "single.com" IN {
type master;
file"lan.single.com.zone";
allow-transfer { key intranel;172.16.10.20; };
include"/etc/named.rfc1912.zones";
view "wan" {
match-clients {"internet";key internel; };
server 172.16.10.20 {keys internel; };
file"wan.single.com.zone";
allow-transfer { key internel;172.16.10.20; };
include"/etc/named.root.key";
include"/etc/rndc.key";
include"/etc/intranel.key";
include"/etc/internel.key";
3. 配置 從伺服器named.conf
listen-on port 53 { any; };
memstatistics-file"/var/named/data/named_mem_stats.txt";
key "internel"{
algorithm hmac-md5;
secret"blI8tfLnXCApoRgLVmu4Ug==";
key "intranel"{
secret "bjDNCEoCJl5+rdw1w5xSQA==";
acl intranet {172.16.10.30; };
server 172.16.10.10 { keys intranel; };
type slave;
file"slaves/lan.single.com.zone";
masters { 172.16.10.10; };
zone "xu.single.com" IN {
file"xu.single.com.zone";
match-clients {"internet";keyinternel; };
server 172.16.10.10 { keys internel; };
file"slaves/wan.single.com.zone";
masters { 172.16.10.10; };
![node-request()[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)