bind DNS 安裝與設定
以下是針對 CentOS 6.x 預設 bind 的安裝與設定來說明, 似乎在 CentOS 7.x/5.x/4.x 也可以適用
bind 安裝程序
yum install bind
- CentOS 7.x 安裝 bind 版本為 : 9.9.4-61.el7_5.1
- CentOS 6.x 安裝 bind 版本為 : 9.8.2-0.17
- CentOS 5.x 安裝 bind 版本為 : 9.3.4-6
- CentOS 4.x 安裝 bind 版本為 : 9.2.4-28
bind 設定程序
- 要產生 log 檔在 /var/log/named/named.log 內 語法
- 讓 220.130.131.238 / 220.130.131.240 可以同步傳送存取
- 有更動時可主動通知 192.168.11.250 / 192.168.11.251 這兩台的 DNS
- 除了 192.168.11.* 可以查詢外部 Domain Name 其餘只能查 DNS 有定義的 Domain Name
vi /etc/named.conf
logging { channel Named_log { file "/var/log/named/named.log" versions unlimited; severity info; print-severity yes; print-time yes; }; category default {Named_log; }; category xfer-out {Named_log; }; category queries {Named_log; }; channel default_debug { file "data/named.run"; severity dynamic; }; channel security_file { file "/var/log/named/security.log" versions 3 size 30m; severity dynamic; print-time yes; }; category security {security_file; }; }; options { #listen-on port 53 { 0.0.0.0; }; #listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 0.0.0.0/0; }; auth-nxdomain yes; allow-recursion { localhost; 192.168.11.0/24;}; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; allow-transfer { 220.130.131.238; 220.130.131.240; }; allow-notify { 192.168.11.250; 192.168.11.251; }; };
- 如果要限制 DNS 給所有 Internet 存取, 可以將 allow-query 加上 #
#allow-query { localhost; 0.0.0.0/0; };
- 如果只想要提供 ipv4 的查詢, 可以編輯 /etc/sysconfig/named 後重新啟動 named
: OPTIONS="-4"
內外 DNS 與 IP 反查設定
/etc/named.conf
: : acl "lan" { 192.168.11.0/24; }; view "internal" { match-clients { lan; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; // ------------------------------------------------------------------- // 192.168.11.xxx reverse address hosts // ------------------------------------------------------------------- zone "11.168.192.in-addr.arpa" IN { type master; file "data/named.rev-192.168.11"; }; // ------------------------------------------------------------------- // ichiayi.com domain // ------------------------------------------------------------------- zone "ichiayi.com" { type master; file "data/internal.ichiayi.com"; allow-transfer { none; }; }; }; view "external" { match-clients { any; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; // ------------------------------------------------------------------- // ichiayi.com domain // ------------------------------------------------------------------- zone "ichiayi.com" { type master; file "data/named.ichiayi.com"; notify yes; }; : : : : }; include "/etc/named.root.key";
/var/named/data/internal.ichiayi.com
; ; ns1: /var/named/internal.ichiayi.com ; Zone hosts file for internal of ichiayi.com ; $TTL 86400 $ORIGIN ichiayi.com. @ 3H IN SOA ns7.ichiayi.com. root.ichiayi.com. ( 200811050234 ; serial (d. adams) 2H ; refresh 15M ; retry 1W ; expiry 12H ) ; default_ttl (minimum) 3H IN NS ns7.ichiayi.com. ; ; Mail exchanger ; ichiayi.com. IN A 192.168.11.232 ichiayi.com. 0 IN MX 10 mail.ichiayi.com. : web IN A 192.168.11.232 www IN CNAME web webmail IN CNAME web webmail IN CNAME web svn IN A 192.168.11.250 isms IN A 192.168.11.246 :
/var/named/data/named.ichiayi.com
; ; ns1: /var/named/named.ichiayi.com ; Zone hosts file for ichiayi.com ; $TTL 86400 $ORIGIN ichiayi.com. @ 3H IN SOA ns7.ichiayi.com. ns4.everplast.net. ( 200811040420 ; serial (d. adams) 2H ; refresh 15M ; retry 1W ; expiry 12H ) ; default_ttl (minimum) 3H IN NS ns7.ichiayi.com. 3H IN NS ns4.everplast.net. ; ; Mail exchanger ; ichiayi.com. IN A 122.116.133.14 ichiayi.com. 0 IN MX 10 mail.ichiayi.com. : web IN A 122.116.133.14 www IN CNAME web webmail IN CNAME web svn IN CNAME web isms IN CNAME web :
/var/named/data/named.rev-192.168.11
$ttl 38400 $ORIGIN 11.168.192.in-addr.arpa. @ IN SOA kvm-dns.ichiayi.com. sysop.ichiayi.com. ( 1092937215 ; serial number 3h ; refresh 15m ; update retry 3w ; expiry 3h ; nx = nxdomain ttl ) IN NS kvm-dns.ichiayi.com. IN NS ns.ichiayi.com. 232 IN PTR xen-www.ichiayi.com. : :
* 設定預設名稱/萬用指向
因為有需求在網站上提供名稱網址功能, 所以無法在 DNS 上一一的定義所有網址名稱, 因此在 DNS 內設定預設名稱/萬用指向對應到特定的 ip 來達成這樣的目的, 設定方式其實也很簡單, 只要在 DNS 定義檔最後一行加入
: ; * IN A 1.2.3.4
這樣所有在這 Domain Name 底下查詢不到的名稱, 就會有預設回覆對應的 1.2.3.4 IP
設定開機自動啟動
systemctl enable named systemctl start named