配置之前先了解一下BIND DNS服务器软件:BIND是一种开源的DNS(Domain Name System)协议的实现,包含对域名的查询和响应所需的所有软件。它是互联网上最广泛使用的一种DNS服务器,对于类Unix系统来说,已经成为事实上的标准。
为了构架DNS服务器来解析域名或IP地址,我们得安装BIND和caching-nameserver。为了TCP和UDP53数据包能通过,我们也有必要配置路由器。
安装 BIND 软件包
1、安装
# yum -y install bind caching-nameserver
2、配置
下面的例子是以公网IP(172.16.0.80/29),局域网IP(192.168.0.0/24),域名()作说明。在配置你自己的服务器时,请使用你自己的IP和域名。
# vim /etc/named.conf
options {
directory "/var/named";
# query range
allow-query { localhost; 192.168.0.0/24; };
# transfer range
allow-transfer { localhost; 192.168.0.0/24; };
# recursion range
allow-recursion { localhost; 192.168.0.0/24; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
# here is the section for internal informations
vimew "internal" {
match-clients {
localhost;
192.168.0.0/24;
};
zone "." IN {
type hint;
file "named.ca";
};
# set zones for internal
zone "" IN {
type master;
file ".lan";
allow-update { none; };
};
# set zones for internal
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.db";
allow-update { none; };
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
};
vimew "external" {
match-clients {
any;
};
zone "." IN {
type hint;
file "named.ca";
};
# set zones for external
zone "" IN {
type master;
file ".wan";
allow-update { none; };
};
# set zones for external *note
zone "80.0.16.172.in-addr.arpa" IN {
type master;
file "80.0.16.172.db";
allow-update { none; };
};
};
include "/etc/rndc.key";
# *note : For How to write for reverse resolvimng, Write network address reversely like below.
the case for 192.168.0.0/24
network address? 192.168.0.0
range of network? 192.168.0.0 - 192.168.0.255
how to write? 0.168.192.in-addr.arpa
case of 172.16.0.80/29
network address? 172.16.0.80
range of network? 172.16.0.80 - 172.16.0.87
how to write? 80.0.16.172.in-addr.arp
设置Zones
创建zone文件以便服务器能解析域名IP。
1、内部zone文件
这个例子使用的是内网地址(192.168.0.0/24),域名(),请根据自己的具体情况配置。
# vim /var/named/.lan
$TTL 86400
@ IN SOA ns.. root.. (
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define name server
IN NS ns..
# internal IP address of name server
IN A 192.168.0.17
# define Mail exchanger
IN MX 10 ns..
# define IP address and hostname
ns IN A 192.168.0.17
2、外部zone文件
这个例子使用的是外网地址(172.16.0.80/29),域名(),请替换成自己的。
# vim /var/named/.wan
$TTL 86400
@ IN SOA ns.. root.. (
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define name server
IN NS ns..
# external IP address of name server
IN A 172.16.0.82
# define Mail exchanger
IN MX 10 ns..
# define IP address and hostname
ns IN A 172.16.0.82
创建zone文件使服务器能够反向解析IP到域名。
3、内部zone文件
这个例子使用的是内网地址(192.168.0.0/24),域名(),请使用自己的设置替换。
# vim /var/named/0.168.192.db
$TTL 86400
@ IN SOA ns.. root.. (
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define name server
IN NS ns..
# define range that this domain name in
IN PTR .
# define IP address and hostname
IN A 255.255.255.0
17 IN PTR ns..
4、外部zone文件
这例子使用外网地址(172.16.0.80/29),域名(),请替换成自己的。
# vim /var/named/80.0.16.172.db
$TTL 86400
@ IN SOA ns.. root.. (
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define name server
IN NS ns..
# define range that this domain name in
IN PTR .
# define IP address and hostname
IN A 255.255.255.248
82 IN PTR ns..
启动BIND
1、完成BIND的配置后,在启动named之前,还需要建立chroot环境。
# yum -y install bind-chroot
# /etc/rc.d/init.d/named start
# chkconfig named on
2、操作检验
确认服务器已经正确解析域名或IP地址。
# dig ns..
; <<>> DiG 9.3.4 <<>> ns..
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54592
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.. IN A
;; ANSWER SECTION:
ns.. 86400 IN A 192.168.0.17
;; AUTHORITY SECTION:
. 86400 IN NS ns..
;; Query time: 0 msec
;; SERVER: 192.168.0.17#53(192.168.0.17)
;; WHEN: Thu Mar 8 19:35:19 2007
;; MSG SIZE rcvd: 68
# dig -x 192.168.0.17
; <<>> DiG 9.3.4 <<>> -x 192.168.0.17
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45743
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;17.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
17.0.168.192.in-addr.arpa. 86400 IN PTR ns..
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400 IN NS ns..
;; ADDITIONAL SECTION:
ns.. 86400 IN A 192.168.0.17
;; Query time: 0 msec
;; SERVER: 192.168.0.17#53(192.168.0.17)
;; WHEN: Thu Mar 8 19:37:50 2007
;; MSG SIZE rcvd: 107
配置从DNS服务器
配置从DNS服务器比较简单。下面的例子主DNS是“ns.”,从DNS是“ns.example.info”。
1、在主DNS服务器的zone文件作如下配置
# vim /var/named/.wan
$TTL 86400
@ IN SOA ns.. root.. (
# update serial
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns..
# add name server
IN NS ns.example.info.
IN A 172.16.0.82
IN MX 10 ns..
ns IN A 172.16.0.82
# rndc reload
server reload successful
2、配置从DNS服务器
# vim /etc/named.conf
# add these lines below
zone "" IN {
type slave;
masters { 172.16.0.82; };
file "slaves/.wan";
};
# rndc reload
server reload successful
# ls /var/named/slaves
.wan # zone file in master DNS has been just transfered
设置别名记录,如果你想为你的主机设置另一个名称,在zone文件定义CNAME记录
# vim /var/named/server-Linux.info.wan
$TTL 86400
@ IN SOA ns.server-linux.info. root.server-linux.info. (
# update serial
2007041501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns.server-linux.info.
IN A 172.16.0.82
IN MX 10 ns.server-linux.info.
ns IN A 172.16.0.82
# aliase IN CNAME server's name
ftp IN CNAME ns.server-linux.info.
# rndc reload
server reload successful
