使用者工具

網站工具


tech:bind

bind DNS 安裝與設定

以下是針對 CentOS 6.x 預設 bind 的安裝與設定來說明, 似乎在 CentOS 7.x/5.x/4.x 也可以適用

bind 安裝程序

yum install bind
  • CentOS 7.x 安裝 bind 版本為 : 9.9.4-61.el7_5.1
  • CentOS 6.x 安裝 bind 版本為 : 9.8.2-0.17
  • CentOS 5.x 安裝 bind 版本為 : 9.3.4-6
  • CentOS 4.x 安裝 bind 版本為 : 9.2.4-28

bind 設定程序

  • 要產生 log 檔在 /var/log/named/named.log 內 語法
  • 讓 220.130.131.238 / 220.130.131.240 可以同步傳送存取
  • 有更動時可主動通知 192.168.11.250 / 192.168.11.251 這兩台的 DNS
  • 除了 192.168.11.* 可以查詢外部 Domain Name 其餘只能查 DNS 有定義的 Domain Name

vi /etc/named.conf

logging {
        channel Named_log {
                file "/var/log/named/named.log" versions unlimited;
                severity info;
                print-severity  yes;
                print-time yes; };
        category default {Named_log; };
        category xfer-out {Named_log; };
        category queries {Named_log; };
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
        channel security_file {
                file "/var/log/named/security.log" versions 3 size 30m;
                severity dynamic;
                print-time yes; };
        category security {security_file; };
};

options {
        #listen-on port 53 { 0.0.0.0; };
        #listen-on-v6 port 53 { ::1; };
        directory "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 0.0.0.0/0; };
        auth-nxdomain yes;
        allow-recursion { localhost; 192.168.11.0/24;};
        recursion yes;
        
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
        
        allow-transfer {
                220.130.131.238;
                220.130.131.240;
        };
        allow-notify {
                192.168.11.250;
                192.168.11.251;
        };
};
  • 如果要限制 DNS 給所有 Internet 存取, 可以將 allow-query 加上 #
            #allow-query     { localhost; 0.0.0.0/0; };
  • 如果只想要提供 ipv4 的查詢, 可以編輯 /etc/sysconfig/named 後重新啟動 named
    :
    OPTIONS="-4"

內外 DNS 與 IP 反查設定

/etc/named.conf

:
:

acl "lan" {
        192.168.11.0/24;
};

view "internal" {
        match-clients { lan; };
        zone "." IN {
                type hint;
                file "named.ca";
        };

        include "/etc/named.rfc1912.zones";

        // -------------------------------------------------------------------
        //        192.168.11.xxx reverse address hosts
        // -------------------------------------------------------------------
        zone "11.168.192.in-addr.arpa" IN {
                type master;
                file "data/named.rev-192.168.11";
        };


        // -------------------------------------------------------------------
        //        ichiayi.com domain
        // -------------------------------------------------------------------
        zone "ichiayi.com" {
                type master;
                file "data/internal.ichiayi.com";
                allow-transfer { none; };
        };
};

view "external" {
        match-clients { any; };

        zone "." IN {
                type hint;
                file "named.ca";
        };

        include "/etc/named.rfc1912.zones";

        // -------------------------------------------------------------------
        //        ichiayi.com domain
        // -------------------------------------------------------------------
        zone "ichiayi.com" {
                type master;
                file "data/named.ichiayi.com";
                notify yes;
        };

:
:
:
:
};

include "/etc/named.root.key";

/var/named/data/internal.ichiayi.com

;
;       ns1: /var/named/internal.ichiayi.com
;       Zone hosts file for internal of ichiayi.com
;
$TTL    86400
$ORIGIN ichiayi.com.
@               3H IN SOA       ns7.ichiayi.com. root.ichiayi.com. (
                                200811050234            ; serial (d. adams)
                                2H                      ; refresh
                                15M                     ; retry
                                1W                      ; expiry
                                12H )                   ; default_ttl (minimum)
                3H IN NS        ns7.ichiayi.com.
;
;       Mail exchanger
;
ichiayi.com.    IN      A       192.168.11.232
ichiayi.com. 0  IN      MX      10      mail.ichiayi.com.
:
web             IN      A       192.168.11.232
www             IN      CNAME   web
webmail         IN      CNAME   web
webmail         IN      CNAME   web
svn             IN      A       192.168.11.250
isms            IN      A       192.168.11.246
:

/var/named/data/named.ichiayi.com

;
;       ns1: /var/named/named.ichiayi.com
;       Zone hosts file for ichiayi.com
;
$TTL    86400
$ORIGIN ichiayi.com.
@               3H IN SOA       ns7.ichiayi.com. ns4.everplast.net. (
                                200811040420            ; serial (d. adams)
                                2H                      ; refresh
                                15M                     ; retry
                                1W                      ; expiry
                                12H )                   ; default_ttl (minimum)
                3H IN NS        ns7.ichiayi.com.
                3H IN NS        ns4.everplast.net.
;
;       Mail exchanger
;
ichiayi.com.    IN      A       122.116.133.14
ichiayi.com. 0  IN      MX      10      mail.ichiayi.com.
:
web             IN      A       122.116.133.14
www             IN      CNAME   web
webmail         IN      CNAME   web
svn             IN      CNAME   web
isms            IN      CNAME   web
:

/var/named/data/named.rev-192.168.11

$ttl 38400
$ORIGIN 11.168.192.in-addr.arpa.
@               IN      SOA     kvm-dns.ichiayi.com. sysop.ichiayi.com. (
                        1092937215      ; serial number
                        3h              ; refresh
                        15m             ; update retry
                        3w              ; expiry
                        3h              ; nx = nxdomain ttl
                        )
        IN      NS      kvm-dns.ichiayi.com.
        IN      NS      ns.ichiayi.com.
232     IN      PTR     xen-www.ichiayi.com.
:
:
* 設定預設名稱/萬用指向 因為有需求在網站上提供名稱網址功能, 所以無法在 DNS 上一一的定義所有網址名稱, 因此在 DNS 內設定預設名稱/萬用指向對應到特定的 ip 來達成這樣的目的, 設定方式其實也很簡單, 只要在 DNS 定義檔最後一行加入
:
;
*       IN      A       1.2.3.4

這樣所有在這 Domain Name 底下查詢不到的名稱, 就會有預設回覆對應的 1.2.3.4 IP

設定開機自動啟動

  • systemctl enable named
    systemctl start named

參考網址

tech/bind.txt · 上一次變更: 2019/03/08 18:42 由 jonathan_tsai