安裝bind 軟體包
emerge -av bind bind-tools
/etc/bind/named.conf
options {
directory "/var/bind";
// uncomment the following lines to turn on DNS forwarding,
// and change the forwarding ip address(es) :
//forward first;
//forwarders {
// 123.123.123.123;
// 123.123.123.123;
//};
listen-on-v6 { none; };
listen-on { 127.0.0.1; };
// to allow only specific hosts to use the DNS server:
//allow-query {
// 127.0.0.1;
//};
// if you have problems and are behind a firewall:
//query-source address * port 53;
pid-file "/var/run/named/named.pid";
};
// Briefly, a zone which has been declared delegation-only will be effectively
// limited to containing NS RRs for subdomains, but no actual data beyond its
// own apex (for example, its SOA RR and apex NS RRset). This can be used to
// filter out "wildcard" or "synthesized" data from NAT boxes or from
// authoritative name servers whose undelegated (in-zone) data is of no
// interest.
// See http://www.isc.org/products/BIND/delegation-only.html for more info
//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
/etc/resol.conf 檔案中至少有一個可用的nameserver
運作如下指令
#dig -t NS . (點表示根域 NS 表示域名伺服器)
産生的上半部分為根伺服器的域名,下半部分為相應的IP
将這些IP 加到/etc/resol.conf 檔案中
用根查根
#dig -t NS . >/var/bind/named.ca
把/etc/resol.conf 檔案内容改為
nameserver 127.0.0.1
啟動服務
/etc/init.d/named start
用以下指令測試可否成功
host www.google.com
如果不工作運作以下指令
rndc-confgen
生成兩部分, 一部分為named.conf 的内容人,一部分為rndc.conf 檔案
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "f3gs/HIyKNPnO7e96ttnAQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "f3gs/HIyKNPnO7e96ttnAQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
重新開機服務 即可
dig 挖nameserver的IP ,域名等
内個指令 rndc stauts 查詢狀态
tar -n +13 filename
顯示從第13行以後的内容
host www.google.com 查google.com 對應的IP
=========================================================================================================
下面:如果我想将jf.org 解析成127.0.0.1 這個位址
那麼需要在/etc/bind/named.conf
中添加一段zone "jf.org" IN {
type master;
file "pri/jf.org.zone";
allow-update { none; };
notify no;
};
可以copy 一段named.conf 中的其他内容進行修改 比如将localhost 改成jf.org
然後copy /var/bind/pri/localhost.zone /var/bind/pri/jf.org.zone
修改裡面的内容,基本也是将localhost 關鍵字替換成jf.org
例如修改後的内容
$TTL 1W
@ IN SOA jf.org. root.jf.org. (
2010091800 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
@ IN NS jf.org.
@ IN A 127.0.0.1
@ IN AAAA ::1
重新開機named 服務,
host jf.org 就會顯示為127.0.0.1 了
===========================================================================================================
zone "." IN { // .表示 根zone ,
type hint; //hint 預設
file "named.cache"; 表示根zone 的資訊位于named.cache 檔案内 是以#dig -t NS . >/var/bind/named.cache 也就是把查到的根 域名伺服器放到這個檔案中
};
zone "jixiuf.org" IN {
type master; //master 表示對于jixiuf.org 隻有我能解析,如果我解析不了,其他域名伺服器也解析不了,它們從我這裡得到關于是jixiuf.org 域的結果, 也就是我是jixiuf.org 主域名解析器
file "pri/jixiuf.org.zone"; 檔案位于/var/bind/pri/jixiuf.org.zone
allow-update { none; };
notify no;
};
//反向域名解析,表示127開頭的ip 位址根據/var/bind/pri/127.zone 這個規則檔案反向解析,
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
//反向域名解析,表示127.0.0開頭的ip
zone "0.0.127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
jf pri # cat /var/bind/pri/localhost.zone
$TTL 1W //表示生存周期,你從我的這裡解析得到結果,在你的緩存裡存一周的時間,
@ IN SOA localhost(表示dns 伺服器的完整域名). root.localhost(管理root 的郵箱 實際第一個. 是@符号,[email protected]). ( //這裡的@符号表示目前域,因為在/etc/bind/named.conf 中localhost 域指向檔案pri/localhost.zone 則@ 表示localhost 域
2008122601 ; Serial //序列号,對zone 進行修改,建議自增一,以便告訴其他的從dns 伺服器我這裡有更新
28800 ; Refresh //告訴從dns 伺服器每28800s 過來找我一次,比較一下序列号
14400 ; Retry //若我不反應,每隔14400s 再試一次
604800 ; Expire - 1 week //我不反應,你連續retry 了604800s ,我仍沒反應,則認為我出問題了
86400 ) ; Minimum //從dns 伺服器緩存裡最小儲存時間
@ IN NS localhost. //NS 記錄, 記錄了這個區域裡誰是dns 伺服器
@ IN A 127.0.0.1 //A 表示正向的dns 記錄, 對應的ip ,注意@表示目前域localhost
mail IN CNAME host.localhost. //mail 後面沒加點,表示它不完整,是相對目前域的 相當于mail.localhost. (這裡末尾有點) ,CNAME 表示别名, 表示mail.localhost. 和host.localhost. 相同,具有相同ip
www IN CNAME host2.localhost.
@ IN AAAA ::1 //ipv6 版
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
反向解析檔案
jf pri # cat /var/bind/pri/127.zone
$ORIGIN 127.in-addr.arpa.
$TTL 1W
@ 1D IN SOA localhost. root.localhost. (
2008122601 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ 1D IN NS localhost.
1.0.0 1D IN PTR localhost. 反向解析 ,表示127.0.0.1 反向解析對應的域名是localhost ,注意1.0.0 倒序,然後加上字首127 因為 /etc/bind/ zone "127 .in-addr.arpa" IN
==========================================================================================================
/etc/bind/named.conf
添加
zone "jixiuf2.org" IN {
type master;
file "pri/jixiuf2.org.zone";
allow-update { none; };
notify no;
};
//jixiuf.org 域對應192.168.0.*
zone "0.168.192.in-addr.arpa" IN {
type master;
file "pri/jixiuf2_fanxiang.zone";
allow-update { none; };
notify no;
};
/var/bind/pri/jixiuf2.org.zone
$TTL 1W
@ IN SOA jixiuf2.org root.mail.jixiuf2.org. (
2010091808 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
@ IN NS jixiuf2.org.
IN NS dns1.jixiuf2.org.
IN NS dns2.jixiuf2.org.
jixiuf2.org. IN A 192.168.0.222
dns1.jixiuf2.org. IN A 192.168.0.1
dns2.jixiuf2.org. IN A 192.168.0.2
www IN CNAME dns1.jixiuf2.org.
mail IN CNAME dns2.jixiuf2.org.
/var/bind/pri/jixiuf2_fanxiang.zone
$ORIGIN 0.168.192.in-addr.arpa
$TTL 1W
@ 1D IN SOA jixiuf2.org. root.mail.jixiuf2.org. (
2010091801 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ 1D IN NS jixiuf2.org.
1 1D IN PTR dns1.jixiuf2.org
2 1D IN PTR dns2.jixiuf2.org
1 1D IN PTR www.jixiuf2.org
2 1D IN PTR mail.jixiuf2.org
測試結果 :
jf pri # host dns1.jixiuf2.org
dns1.jixiuf2.org has address 192.168.0.1
jf pri # host dns2.jixiuf2.org
dns2.jixiuf2.org has address 192.168.0.2
jf pri # host www.jixiuf2.org
www.jixiuf2.org is an alias for dns1.jixiuf2.org.
dns1.jixiuf2.org has address 192.168.0.1
jf pri # host mail.jixiuf2.org
mail.jixiuf2.org is an alias for dns2.jixiuf2.org.
dns2.jixiuf2.org has address 192.168.0.2
jf pri # host jixiuf2.org
jixiuf2.org has address 192.168.0.222
==========================================================================================================
關于本地127.0.0.1 對應多個域名,如localhost ,jixiuf
/etc/bind/named.conf
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone "jixiuf.org" IN {
type master;
file "pri/jixiuf.org.zone";
allow-update { none; };
notify no;
};
/var/bin/pri/jixiuf.org.zone
$TTL 1W
@ IN SOA jixiuf.org. root.jixiuf.org. (
2010091804 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
@ IN NS jixiuf.org.
@ IN A 127.0.0.1
mail IN CNAME jixiuf.org.
@ IN MX 5 mail.jixiuf.org.
/var/bin/pri/127.zone
$ORIGIN 127.in-addr.arpa.
$TTL 1W
@ 1D IN SOA localhost. root.localhost. (
2010091800 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ 1D IN NS localhost.
1.0.0 1D IN PTR jixiuf.org.
1.0.0 1D IN PTR localhost.
/etc/init.d/named restart
測試
jf pri # nslookup
> jixiuf.org ----------------------------------------------------正向解析
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: jixiuf.org
Address: 127.0.0.1
> 127.0.0.1 -------------------------------------------------反向解析
Server: 127.0.0.1
Address: 127.0.0.1#53
1.0.0.127.in-addr.arpa name = jixiuf.org.
1.0.0.127.in-addr.arpa name = localhost.