====== bind DNS 安裝與設定 ======
以下是針對 CentOS 6.x 預設 bind 的安裝與設定來說明, 似乎在 CentOS 7.x/5.x/4.x 也可以適用
===== bind 安裝程序 ====
yum install bind
* CentOS 7.x 安裝 bind 版本為 : 9.9.4-61.el7_5.1
* CentOS 6.x 安裝 bind 版本為 : 9.8.2-0.17
* CentOS 5.x 安裝 bind 版本為 : 9.3.4-6
* CentOS 4.x 安裝 bind 版本為 : 9.2.4-28
===== bind 設定程序 ====
* 要產生 log 檔在 /var/log/named/named.log 內 ++語法|
su - root
cd /var/log/
mkdir named
cd named/
touch named.log
cd ..
chown -R named:named named/
++
* 讓 220.130.131.238 / 220.130.131.240 可以同步傳送存取
* 有更動時可主動通知 192.168.11.250 / 192.168.11.251 這兩台的 DNS
* 除了 192.168.11.* 可以查詢外部 Domain Name 其餘只能查 DNS 有定義的 Domain Name
vi /etc/named.conf
logging {
channel Named_log {
file "/var/log/named/named.log" versions unlimited;
severity info;
print-severity yes;
print-time yes; };
category default {Named_log; };
category xfer-out {Named_log; };
category queries {Named_log; };
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 30m;
severity dynamic;
print-time yes; };
category security {security_file; };
};
options {
#listen-on port 53 { 0.0.0.0; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 0.0.0.0/0; };
auth-nxdomain yes;
allow-recursion { localhost; 192.168.11.0/24;};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
allow-transfer {
220.130.131.238;
220.130.131.240;
};
allow-notify {
192.168.11.250;
192.168.11.251;
};
};
* 如果要限制 DNS 給所有 Internet 存取, 可以將 allow-query 加上 #
#allow-query { localhost; 0.0.0.0/0; };
* 如果只想要提供 ipv4 的查詢, 可以編輯 /etc/sysconfig/named 後重新啟動 named
:
OPTIONS="-4"
===== 內外 DNS 與 IP 反查設定 =====
==== /etc/named.conf ====
:
:
acl "lan" {
192.168.11.0/24;
};
view "internal" {
match-clients { lan; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
// -------------------------------------------------------------------
// 192.168.11.xxx reverse address hosts
// -------------------------------------------------------------------
zone "11.168.192.in-addr.arpa" IN {
type master;
file "data/named.rev-192.168.11";
};
// -------------------------------------------------------------------
// ichiayi.com domain
// -------------------------------------------------------------------
zone "ichiayi.com" {
type master;
file "data/internal.ichiayi.com";
allow-transfer { none; };
};
};
view "external" {
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
// -------------------------------------------------------------------
// ichiayi.com domain
// -------------------------------------------------------------------
zone "ichiayi.com" {
type master;
file "data/named.ichiayi.com";
notify yes;
};
:
:
:
:
};
include "/etc/named.root.key";
==== /var/named/data/internal.ichiayi.com ====
;
; ns1: /var/named/internal.ichiayi.com
; Zone hosts file for internal of ichiayi.com
;
$TTL 86400
$ORIGIN ichiayi.com.
@ 3H IN SOA ns7.ichiayi.com. root.ichiayi.com. (
200811050234 ; serial (d. adams)
2H ; refresh
15M ; retry
1W ; expiry
12H ) ; default_ttl (minimum)
3H IN NS ns7.ichiayi.com.
;
; Mail exchanger
;
ichiayi.com. IN A 192.168.11.232
ichiayi.com. 0 IN MX 10 mail.ichiayi.com.
:
web IN A 192.168.11.232
www IN CNAME web
webmail IN CNAME web
webmail IN CNAME web
svn IN A 192.168.11.250
isms IN A 192.168.11.246
:
==== /var/named/data/named.ichiayi.com ====
;
; ns1: /var/named/named.ichiayi.com
; Zone hosts file for ichiayi.com
;
$TTL 86400
$ORIGIN ichiayi.com.
@ 3H IN SOA ns7.ichiayi.com. ns4.everplast.net. (
200811040420 ; serial (d. adams)
2H ; refresh
15M ; retry
1W ; expiry
12H ) ; default_ttl (minimum)
3H IN NS ns7.ichiayi.com.
3H IN NS ns4.everplast.net.
;
; Mail exchanger
;
ichiayi.com. IN A 122.116.133.14
ichiayi.com. 0 IN MX 10 mail.ichiayi.com.
:
web IN A 122.116.133.14
www IN CNAME web
webmail IN CNAME web
svn IN CNAME web
isms IN CNAME web
:
==== /var/named/data/named.rev-192.168.11 ====
$ttl 38400
$ORIGIN 11.168.192.in-addr.arpa.
@ IN SOA kvm-dns.ichiayi.com. sysop.ichiayi.com. (
1092937215 ; serial number
3h ; refresh
15m ; update retry
3w ; expiry
3h ; nx = nxdomain ttl
)
IN NS kvm-dns.ichiayi.com.
IN NS ns.ichiayi.com.
232 IN PTR xen-www.ichiayi.com.
:
:
* **設定預設名稱/萬用指向**
因為有需求在網站上提供名稱網址功能, 所以無法在 DNS 上一一的定義所有網址名稱, 因此在 DNS 內設定預設名稱/萬用指向對應到特定的 ip 來達成這樣的目的, 設定方式其實也很簡單, 只要在 DNS 定義檔最後一行加入
:
;
* IN A 1.2.3.4
這樣所有在這 Domain Name 底下查詢不到的名稱, 就會有預設回覆對應的 1.2.3.4 IP
===== 設定開機自動啟動 =====
*
systemctl enable named
systemctl start named
===== 參考網址 =====
* http://cha.homeip.net/blog/archives/2006/05/bind9_view_stat.html
* http://www.ihao.org/ss/html/30/t-230.html
* http://www.zytrax.com/books/dns/ch3/
{{tag>named bind dns}}