bindind的程序包
bind-libs:被bind和bind-utils包中的程序共同用到的库文件;
bind-utils:bind客户端程序集;提供了,dig , host, nslookup等相关工具;
bind:提供 dns server程序,以及几个常用的测试程序;
bind-chroot:选装;提供了一种安全机制;通常公司内部使用不需要安装;安装bind
1:安装bind
yum -y install bind
1.1:启动服务方法
CentOS6:service named start
CentOS7:systemctl start named.service
1.2:主配置文件的格式
# 全局配置段
options{...}
# 日志配置段
logging{...}
# 区域配置段
zone{...}
注意:每个配置语句必须以分号结尾;否则为语法错误;
2:缓存服务器的配置
1:安装完bind以后默认启动就是缓存服务器;
配置监听能与外部主机通信的IP地址;
# 在全局配置段中修改
[root@Bj-1-141 ~]# vim /etc/named.conf
listen-on port 53 { 127.0.0.1; 192.168.214.140; };
2、检查配置文件是否有语法错误
named-checkconf [/etc/named.conf]
3、启动named服务
[root@dongdong ~]# systemctl start named.service
4、测试
[root@dongdong ~]# dig -t A www.baidu.com @192.168.1.141
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.1 <<>> -t A www.baidu.com @192.168.1.141
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57431
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
www.a.shifen.com. 300 IN A 119.75.218.70
www.a.shifen.com. 300 IN A 119.75.217.109
;; AUTHORITY SECTION:
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
;; ADDITIONAL SECTION:
ns2.a.shifen.com. 1200 IN A 180.149.133.241
ns3.a.shifen.com. 1200 IN A 61.135.162.215
ns5.a.shifen.com. 1200 IN A 119.75.222.17
ns1.a.shifen.com. 1200 IN A 61.135.165.224
ns4.a.shifen.com. 1200 IN A 115.239.210.176
;; Query time: 277 msec
;; SERVER: 192.168.1.141#53(192.168.1.141)
;; WHEN: 四 1月 19 18:08:58 CST 2017
;; MSG SIZE rcvd: 271
5、测试工具
dig [-t RR_TYPE] name [@server] [query options]
[root@dongdong named]# dig -t A www.baidu.com @192.168.214.140
配置解析一个正向区域
1:定义区域
[root@dongdong ~]# vim /etc/named.rfc1912.zones
zone "dongdong.com" IN {
type master; //{master|slave|hint|forward};
file "dongdong.com.zone";
};
2:建立区域数据文件
[root@dongdong named]# vim /var/named/dongdong.com.zone
$TTL 86400
$ORIGIN dongdong.com.
@ IN SOA ns1.dongdong.com. admin.dongdong.com (
2015042201
1H
5M
7D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.214.140
ns2 IN A 192.168.214.141
mx1 IN A 192.168.214.142
mx2 IN A 192.168.214.143
www IN A 192.168.214.140
www IN A 192.168.214.141
ftp IN CNAME www
注意:
$TTL 3600:表示定义默认TTL值,所以在下面的所有资源记录都不用在写TTL值;
$ORIGIN enzhi.com.:作用是在资源记录中像"ns1.enzhi.com."就可以简写为ns1,会继承$ORIGIN后面定义的域名;
3:修改区域文件的权限及属组
# 修改区域文件的属组为named用户
[root@dongdong named]# chown :named dongdong.com.zone
# 修改区域文件的权限为640
[root@dongdong named]# chmod 640 dongdong.com.zone
4:检查配置文件和区域文件是否有语法错误
[root@dongdong named]# named-checkconf
[root@dongdong named]# named-checkzone enzhi.com. /var/named/dongdong.com.zone
zone enzhi.com/IN: loaded serial 2017011901
OK
5:让服务器重载配置文件和区域文件
[root@Bj-1-141 ~]# rndc reload
server reload successful
# 或者执行
[root@dongdong ~]# systemctl reload named.service
6:测试
[root@Bj-1-141 ~]# dig -t A www.dongdong.com @192.168.214.140
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40269
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.dongdong.com. IN A
;; ANSWER SECTION:
www.dongdong.com. 86400 IN A 192.168.214.141
www.dongdong.com. 86400 IN A 192.168.214.140
;; AUTHORITY SECTION:
dongdong.com. 86400 IN NS ns1.dongdong.com
dongdong.com. 86400 IN NS ns2.dongdong.com
;; ADDITIONAL SECTION:
ns1.dongdong.com. 86400 IN A 192.168.140
ns2.dongdong.com. 86400 IN A 192.168.141
;; Query time: 0 msec
;; SERVER: 192.168.1.141#53(192.168.1.141)
;; WHEN: 四 1月 19 19:06:12 CST 2017
;; MSG SIZE rcvd: 92
反向区域及主从同步
注意:反向区域的名字,为反写的网断地址.in-addr.arpa;例如:214.168.192.in-addr.arpa;
1:定义区域
[root@dongdong named]# vim /etc/named.rfc1912.zones
zone "214.168.192.in-addr.arpa" IN {
type master;
file "192.168.214.zone";
};
2:创建反向解析区域文件;
[root@dongdong named]# vim /var/named/192.168.214.zone
$TTL 86400
$ORIGIN 214.168.192.in-addr.arpa.
@ IN SOA ns1.dongdong.com admin.dongdong.com. (
2015042201
1H
5M
7D
1D )
IN NS ns1.dongdong.com.
IN NS ns2.dongdong.com.
140 IN PTR ns1.dongdong.com.
140 IN PTR www.dongdong.com.
141 IN PTR ns2.dongdong.com.
141 IN PTR www.dongdong.com.
142 IN PTR mx1.dongdong.com.
143 IN PTR mx2.dongdong.com.
3、修改区域文件属组及权限
[root@dongdong named]# chmod 310 192.168.214.zone
[root@dongdong named]# chmod :named 192.168.214.zone
4:检查配置文件及反向区域文件配置语法
[root@dongdong named]# named-checkconf
[root@dongdong named]# named-checkzone "214.168.192.in-addr.arpa" /var/named/192.168.214.zone
zone 214.168.192.in-addr.arpa/IN: loaded serial 2015042201
OK
5、重载配置文件和区域文件
[root@dongdong named]# rndc reload
server reload successful 或者执行
[root@dongdong ~]# systemctl reload named.service
6.测试
[root@dongdong named]# dig -x 192.168.214.141 @192.168.214.140
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> -x 192.168.214.141 @192.168.214.140
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47942
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;141.214.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
141.214.168.192.in-addr.arpa. 86400 IN PTR www.dongdong.com.
141.214.168.192.in-addr.arpa. 86400 IN PTR ns2.dongdong.com.
;; AUTHORITY SECTION:
214.168.192.in-addr.arpa. 86400 IN NS ns1.dongdong.com.
214.168.192.in-addr.arpa. 86400 IN NS ns2.dongdong.com.
;; ADDITIONAL SECTION:
ns1.dongdong.com. 86400 IN A 192
[root@dongdong named]# dig -x 192.168.214.141 @192.168.214.140
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> -x 192.168.214.141 @192.168.214.140
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47942
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;141.214.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
141.214.168.192.in-addr.arpa. 86400 IN PTR www.dongdong.com.
141.214.168.192.in-addr.arpa. 86400 IN PTR ns2.dongdong.com.
;; AUTHORITY SECTION:
214.168.192.in-addr.arpa. 86400 IN NS ns1.dongdong.com.
214.168.192.in-addr.arpa. 86400 IN NS ns2.dongdong.com.
;; ADDITIONAL SECTION:
ns1.dongdong.com. 86400 IN A 192.168.214.140
ns2.dongdong.com. 86400 IN A 192.168.214.141
;; Query time: 0 msec
;; SERVER: 192.168.214.140#53(192.168.214.140)
;; WHEN: 六 12月 09 02:13:37 CST 2017
;; MSG SIZE rcvd: 169
bind9正向区域及主从同步
配置主从服务器 | |||
操作系统版本 | 主DNS服务器IP地址 | 演示域 | 内核版本 |
CentOS Linux release 7.2.1511 (Core) | 192.168.214.140 | dongdong.com | 3.10.0-327.el7.x86_64 |
操作系统版本 | 从DNS服务器IP地址 | 演示域 | 内核版本 |
CentOS Linux release 7.2.1511 (Core) | 192.168.214.147 | dongdongns2.com | 3.10.0-327.el7.x86_64 |
安装bind软件包
root@dongdongns2 ~]# yum -y install bind bind-utils
1:首先设置缓存域名服务器:
[root@dongdongns2 ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.214.147; 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
};
systemctl start named.service
2:定义从DNS服务器配置文件
1:[root@dongdongns2 ~]# vim /etc/named.rfc1912.zones
zone "dongdong.com" IN {
type slave;
masters { 192.168.214.140; };
file "slaves/dongdong.com.zone";
};
Systemctl restart named.service
2:配置文件语法检查
root@dongdongns2 slaves]# named-checkconf
3:启动named服务
[root@localhostns2 named]# rndc reload
4:修改主dns服务器区域数据文件
(1):确保区域数据文件中为每个从服务器配置NS记录;并且在正向区域文件中,需要为每个从服务器的NS记录的主机名配置一个A记录,且此A记录后面的地址为真正的从服务器的IP地址;
[root@dongdong named]# vim /var/named/dongdong.com.zone
$TTL 86400
$ORIGIN dongdong.com.
@ IN SOA ns1.dongdong.com. admin.dongdong.com (
2015042201
1H
5M
7D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.214.140
ns2 IN A 192.168.214.141
ns3 IN A 192.168.214.147
mx1 IN A 192.168.214.142
mx2 IN A 192.168.214.143
www IN A 192.168.214.140
www IN A 192.168.214.141
www IN A 192.168.214.147
ftp IN CNAME www
5:检查配置文件及区域文件是否存在语法错误
[root@localhost named]# named-checkconf
[root@localhost named]# named-checkzone dongdong.com. dongdong.com.zone
zone dongdong.com/IN: loaded serial 2015042204
OK
6:重载主服务器配置文件
[root@localhost named]# rndc reload
7:测试
[root@dongdongns2 slaves]# dig -t A www.dongdong.com @192.168.214.147
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> -t A www.dongdong.com @192.168.214.147
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62879
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.dongdong.com. IN A
;; ANSWER SECTION:
www.dongdong.com. 86400 IN A 192.168.214.147
www.dongdong.com. 86400 IN A 192.168.214.140
www.dongdong.com. 86400 IN A 192.168.214.141
;; AUTHORITY SECTION:
dongdong.com. 86400 IN NS ns2.dongdong.com.
dongdong.com. 86400 IN NS ns1.dongdong.com.
;; ADDITIONAL SECTION:
ns1.dongdong.com. 86400 IN A 192.168.214.140
ns2.dongdong.com. 86400 IN A 192.168.214.141
;; Query time: 0 msec
;; SERVER: 192.168.214.147#53(192.168.214.147)
;; WHEN: Sat Dec 09 23:06:55 CST 2017
;; MSG SIZE rcvd: 161