差異處
這裏顯示兩個版本的差異處。
兩邊的前次修訂版 前次修改 下次修改 | 前次修改 | ||
tech:bind [2008/09/28 18:16] – jonathan | tech:bind [2021/01/16 14:38] (目前版本) – 更換 plugin jonathan | ||
---|---|---|---|
行 1: | 行 1: | ||
+ | ====== bind DNS 安裝與設定 ====== | ||
+ | 以下是針對 CentOS 6.x 預設 bind 的安裝與設定來說明, | ||
+ | ===== bind 安裝程序 ==== | ||
+ | < | ||
+ | yum install bind | ||
+ | </ | ||
+ | * CentOS 7.x 安裝 bind 版本為 : 9.9.4-61.el7_5.1 | ||
+ | * CentOS 6.x 安裝 bind 版本為 : 9.8.2-0.17 | ||
+ | * CentOS 5.x 安裝 bind 版本為 : 9.3.4-6 | ||
+ | * CentOS 4.x 安裝 bind 版本為 : 9.2.4-28 | ||
+ | |||
+ | ===== bind 設定程序 ==== | ||
+ | * 要產生 log 檔在 / | ||
+ | su - root | ||
+ | cd /var/log/ | ||
+ | mkdir named | ||
+ | cd named/ | ||
+ | touch named.log | ||
+ | cd .. | ||
+ | chown -R named:named named/ | ||
+ | </ | ||
+ | |||
+ | * 讓 220.130.131.238 / 220.130.131.240 可以同步傳送存取 | ||
+ | * 有更動時可主動通知 192.168.11.250 / 192.168.11.251 這兩台的 DNS | ||
+ | * 除了 192.168.11.* 可以查詢外部 Domain Name 其餘只能查 DNS 有定義的 Domain Name | ||
+ | <cli> | ||
+ | vi / | ||
+ | </ | ||
+ | < | ||
+ | logging { | ||
+ | channel Named_log { | ||
+ | file "/ | ||
+ | severity info; | ||
+ | print-severity | ||
+ | print-time yes; }; | ||
+ | category default {Named_log; }; | ||
+ | category xfer-out {Named_log; }; | ||
+ | category queries {Named_log; }; | ||
+ | channel default_debug { | ||
+ | file " | ||
+ | severity dynamic; | ||
+ | }; | ||
+ | channel security_file { | ||
+ | file "/ | ||
+ | severity dynamic; | ||
+ | print-time yes; }; | ||
+ | category security {security_file; | ||
+ | }; | ||
+ | |||
+ | options { | ||
+ | #listen-on port 53 { 0.0.0.0; }; | ||
+ | # | ||
+ | directory "/ | ||
+ | dump-file | ||
+ | statistics-file "/ | ||
+ | memstatistics-file "/ | ||
+ | allow-query | ||
+ | auth-nxdomain yes; | ||
+ | allow-recursion { localhost; 192.168.11.0/ | ||
+ | recursion yes; | ||
+ | | ||
+ | dnssec-enable yes; | ||
+ | dnssec-validation yes; | ||
+ | dnssec-lookaside auto; | ||
+ | |||
+ | /* Path to ISC DLV key */ | ||
+ | bindkeys-file "/ | ||
+ | |||
+ | managed-keys-directory "/ | ||
+ | | ||
+ | allow-transfer { | ||
+ | 220.130.131.238; | ||
+ | 220.130.131.240; | ||
+ | }; | ||
+ | allow-notify { | ||
+ | 192.168.11.250; | ||
+ | 192.168.11.251; | ||
+ | }; | ||
+ | }; | ||
+ | |||
+ | </ | ||
+ | < | ||
+ | * 如果要限制 DNS 給所有 Internet 存取, 可以將 allow-query 加上 # < | ||
+ | # | ||
+ | </ | ||
+ | |||
+ | * 如果只想要提供 ipv4 的查詢, 可以編輯 / | ||
+ | : | ||
+ | OPTIONS=" | ||
+ | </ | ||
+ | |||
+ | </ | ||
+ | ===== 內外 DNS 與 IP 反查設定 ===== | ||
+ | ==== / | ||
+ | < | ||
+ | : | ||
+ | : | ||
+ | |||
+ | acl " | ||
+ | 192.168.11.0/ | ||
+ | }; | ||
+ | |||
+ | view " | ||
+ | match-clients { lan; }; | ||
+ | zone " | ||
+ | type hint; | ||
+ | file " | ||
+ | }; | ||
+ | |||
+ | include "/ | ||
+ | |||
+ | // ------------------------------------------------------------------- | ||
+ | // 192.168.11.xxx reverse address hosts | ||
+ | // ------------------------------------------------------------------- | ||
+ | zone " | ||
+ | type master; | ||
+ | file " | ||
+ | }; | ||
+ | |||
+ | |||
+ | // ------------------------------------------------------------------- | ||
+ | // ichiayi.com domain | ||
+ | // ------------------------------------------------------------------- | ||
+ | zone " | ||
+ | type master; | ||
+ | file " | ||
+ | allow-transfer { none; }; | ||
+ | }; | ||
+ | }; | ||
+ | |||
+ | view " | ||
+ | match-clients { any; }; | ||
+ | |||
+ | zone " | ||
+ | type hint; | ||
+ | file " | ||
+ | }; | ||
+ | |||
+ | include "/ | ||
+ | |||
+ | // ------------------------------------------------------------------- | ||
+ | // ichiayi.com domain | ||
+ | // ------------------------------------------------------------------- | ||
+ | zone " | ||
+ | type master; | ||
+ | file " | ||
+ | notify yes; | ||
+ | }; | ||
+ | |||
+ | : | ||
+ | : | ||
+ | : | ||
+ | : | ||
+ | }; | ||
+ | |||
+ | include "/ | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | < | ||
+ | ; | ||
+ | ; ns1: / | ||
+ | ; Zone hosts file for internal of ichiayi.com | ||
+ | ; | ||
+ | $TTL 86400 | ||
+ | $ORIGIN ichiayi.com. | ||
+ | @ 3H IN SOA | ||
+ | 200811050234 | ||
+ | 2H ; refresh | ||
+ | 15M ; retry | ||
+ | 1W ; expiry | ||
+ | 12H ) ; default_ttl (minimum) | ||
+ | 3H IN NS ns7.ichiayi.com. | ||
+ | ; | ||
+ | ; Mail exchanger | ||
+ | ; | ||
+ | ichiayi.com. | ||
+ | ichiayi.com. 0 IN MX 10 mail.ichiayi.com. | ||
+ | : | ||
+ | web | ||
+ | www | ||
+ | webmail | ||
+ | webmail | ||
+ | svn | ||
+ | isms IN A | ||
+ | : | ||
+ | </ | ||
+ | ==== / | ||
+ | < | ||
+ | ; | ||
+ | ; ns1: / | ||
+ | ; Zone hosts file for ichiayi.com | ||
+ | ; | ||
+ | $TTL 86400 | ||
+ | $ORIGIN ichiayi.com. | ||
+ | @ 3H IN SOA | ||
+ | 200811040420 | ||
+ | 2H ; refresh | ||
+ | 15M ; retry | ||
+ | 1W ; expiry | ||
+ | 12H ) ; default_ttl (minimum) | ||
+ | 3H IN NS ns7.ichiayi.com. | ||
+ | 3H IN NS ns4.everplast.net. | ||
+ | ; | ||
+ | ; Mail exchanger | ||
+ | ; | ||
+ | ichiayi.com. | ||
+ | ichiayi.com. 0 IN MX 10 mail.ichiayi.com. | ||
+ | : | ||
+ | web | ||
+ | www | ||
+ | webmail | ||
+ | svn | ||
+ | isms IN CNAME web | ||
+ | : | ||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | < | ||
+ | $ttl 38400 | ||
+ | $ORIGIN 11.168.192.in-addr.arpa. | ||
+ | @ | ||
+ | 1092937215 | ||
+ | 3h ; refresh | ||
+ | 15m ; update retry | ||
+ | 3w ; expiry | ||
+ | 3h ; nx = nxdomain ttl | ||
+ | ) | ||
+ | IN NS kvm-dns.ichiayi.com. | ||
+ | IN NS ns.ichiayi.com. | ||
+ | 232 | ||
+ | : | ||
+ | : | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | * **設定預設名稱/ | ||
+ | 因為有需求在網站上提供名稱網址功能, | ||
+ | : | ||
+ | ; | ||
+ | * | ||
+ | </ | ||
+ | 這樣所有在這 Domain Name 底下查詢不到的名稱, | ||
+ | </ | ||
+ | |||
+ | ===== 設定開機自動啟動 ===== | ||
+ | * <code sh> | ||
+ | systemctl enable named | ||
+ | systemctl start named | ||
+ | </ | ||
+ | |||
+ | ===== 參考網址 ===== | ||
+ | * http:// | ||
+ | * http:// | ||
+ | * http:// | ||
+ | |||
+ | {{tag> |