要点速记:
TTL为0时:所有DNS 不会缓存 TTL非0时:被查DNS会缓存 (RR方式多记录也会被缓存) 查不到的域名也会缓存 一段时间查不到
# NS记录 后面不可写IP 只可是域名
yum install bind caching-nameserver chroot
可选安装bind-chroot...rpm
acl "corpnets" { 192.168.4.0/24; 192.168.7.0/24; };
泛解析方法: * IN A 73.23.12.44
allow-query { "corpnets"; };
match-clients { !192.168.0.120; !192.168.0.233; any; };
更新MASTER的ZONES时同时别忘更新SOA序列号
#name TTL
soft 3600 IN A 61.25.36.159
mail IN MX 10 54.156.32.240
mail1 IN MX 20 54.156.32.241
mail2 IN MX 20 54.156.32.242
# 数字小优先级高 相同有多个时RR
工具与命令:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#bind-chroot-admin
-e | --enable: enable the bind-chroot environment
-d | --disable: disable the bind-chroot environment
-s | --sync: sync files between the bind chroot and / environments,
so they are correct for the current state of the bind-chroot
(enabled / disabled)
rndc reconfig #重载入named.conf and new zone files
rndc reload
rndc reload example.com
#/etc/init.d/named {start|stop|status|restart|condrestart|reload|probe}
实验项目:
正向解析DNS 反向解析DNS 智能DNS 主从DNS caching-DNS
环境:3台RHEL5 处在同一网段 (可用VMware)
装包:bind bind-chroot caching-nameserver
主从DNS
master ip:192.168.65.1
slave ip:192.168.65.2
forward ip:192.168.65.3
client ip:192.168.65.101
*MASTER*
***********************************************************************
cd /var/named/chroot/etc/
cp -p named.caching-nameserver.conf named.conf
一
vim named.conf # 修改为any
#---------------------------------------------------------
listen-on port 53 { any; };
allow-query { any; };
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
二
#--追加如下至/etc/named.rfc1912.zones---------------------
zone "example.com" IN {
type master;
file "data/example.com.zone"; # 此文件/var/named/chroot/var/named建立
allow-update { 192.168.65.2; }; # 允许从DNS的更新
};
zone "65.168.192.in-addr.arpa" IN {
file "192.168.65.in-addr.zone"; # 反解文件位置
allow-update { none; };
三
$TTL 86400 # 默认TTL
@ IN SOA @ webmaster.example.com. (
101; Serial Number
1H; Refresh Time
1M; Retry Time
1W; Expire Time
1D; Minimum Time to Live
);
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
@ IN NS ns3.example.com.
ns1 IN A 192.168.65.11
ns2 IN A 192.168.65.12
ns3 IN A 192.168.65.13
www IN A 192.168.65.1
www IN A 192.168.65.2
www IN A 192.168.65.3
# 用户将会随机以 1,2,3 和 2,3,1 和 3,1,2的顺序得到解析结果。
# 大多数用户会使用返回的第一条纪录而忽略掉其余的纪录。
# 注意!! 不写TTL时
mail IN A 192.168.65.6
mail1 IN A 192.168.65.7
mail2 IN A 192.168.65.8
@ IN MX 5 mail.example.com.
@ IN MX 8 mail1.example.com.
@ IN MX 10 mail2.example.com.
----------------------------------------------------------
四
#-----反解ZONE文件内容:192.168.65.addr--------------------
$TTL 86400
@ IN SOA ns.example.com. root (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns.example.com.
1 IN PTR ns.example.com.
3 IN PTR www.example.com.
*SLAVE*
# 修改为any
vim /etc/named.rfc1912.zones
-------------------------------------------------------
type slave; # 声明类型为 从DNS
masters { 192.168.65.1; }; # 主DNS的IP
file "slaves/example.com.zone"; # 此文件从DNS会从主DNS更新后自动建立
type slave;
masters { 192.168.65.1; };
file "slaves/192.168.65.in-addr.zone";
*FORWARD*CACHING*
******************************************************************************************
-----------------------------------------------
options {
allow-query { 192.168.0.0/24; };
forwarders { 192.168.22.250; };
forward only;
*******************************************************************************************
*智能DNS*
**********************************************************************************************************************************************
vim named.conf
-----------------------------------
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { any; };
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
view tel {
match-clients { 192.168.0.120; };
match-destinations { any; };
recursion yes;
include "/etc/named.tel.zones";
view cnc {
match-clients { 192.168.0.233; };
include "/etc/named.cnc.zones";
view other {
include "/etc/named.rfc1912.zones";
------------------------------------------------
cp -p named.rfc1912.zones named.cnc.zones
cp -p named.rfc1912.zones named.tel.zones
----------------------------------
# named.CNC.zones
zone "sina.com" IN {
type master;
file "sina.com_CNC.zone";
allow-update { none; };
# named.TEL.zones
file "sina.com_TEL.zone";
-------------------------------
# named.OTHER.zones
file "sina.com_OTHER.zone";
*CHECK*
# 检查配置文件是否有语法错误
named-checkconf /var/named/chroot/etc/named.rfc1912.zones
named-checkconf /var/named/chroot/etc/named.caching-nameserver.conf
# 检查uplooking.com这个区域的数据库文件有没有语法错误
named-checkzone example.com /var/named/chroot/var/named/example.com.zone
named-checkzone example.com /var/named/chroot/var/named/0.168.192.in-addr.zone
service named start
netstat -ntl |grep 53
tail -f /var/named/chroot/var/named/data/named.run # DNS日志位置
启动服务并测试
客户端 vim /etc/resolv.conf
nameserver 192.168.65.3
# DIG HOST NSLOOKUP # 查询如果有问题请检查iptables和SElinux
![8个道理,让你的程序人生受益终生[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)