bind 配置
bind 安装
yum -y install bind bind-libs bind-utils bind-chroot
bind主配置文件: /etc/named.conf /etc/named.rfc1912.zones, /etc/rndc.key
解析库文件: /var/named/ZONE_NAME.ZONE
一台服务器可以同时为多个区域提供解析, 必须要有根区域文件。
rfc(网络注解文档)
rndc: 远程域名控制器。功能包括 清理缓存,重新加载配置文件,查看当前的解析状态,默认只允许工作在本地,与bind安装在同一主机,且只能通过127.0.0.1来连接name进程
,提供辅助性的管理功能。 tcp: 953
配置文件
全局配置: options {}
日志子系统配置: logging {}
区域定义: 本机能够为那些zone进行解析,就是定义那些zone;
zone “zone_name” IN {}
vim /etc/named.conf
options { listen-on port 53 { any;}; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; /* dnssec-enable yes; dnssec-validation yes; */ /* Path to ISC DLV key */ /* bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; */ pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
vim /etc/named.rfc1912.zones
添加: zone "fengpic.cn" IN { type master; file "/var/named/fengpic.cn.zone"; allow-update { none; }; };
vim /var/named/fengpic.cn.zone
$TTL 86400 $ORIGIN fengpic.cn. @ IN SOA ns1 root ( 2017060917 1H 5M 7D 1D ) IN NS ns1 IN NS ns2 ns1 IN A 192.168.20.229 ns2 IN A 192.168.20.230 www IN A 192.168.20.226 feng IN CNAME www ftp IN A 172.16.230.114
检查named.conf 配置文件是否有语法错误
[root@k8s1 named]# named-checkconf
检查zone文件是否正确
[root@k8s1 named]# named-checkzone fengpic.cn /var/named/fengpic.cn.zone zone fengpic.cn/IN: loaded serial 2017060917 OK
设置 fengpic.cn.zone 数组和权限
[root@k8s1 named]# chmod 640 /var/named/fengpic.cn.zone
[root@k8s1 named]# chown root.named /var/named/fengpic.cn.zone
重启named.service 进程
[root@k8s1 ~]# systemctl restart named.service
使用rndc status 查看工作状态
[root@k8s1 ~]# rndc status
version: 9.9.4-RedHat-9.9.4-38.el7_3.3 <id:8f9657aa>
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 101
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
解析测试
[root@k8s1 ~]# dig -t A www.fengpic.cn @192.168.20.229 ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -t A www.fengpic.cn @192.168.20.229 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54667 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.fengpic.cn. IN A ;; ANSWER SECTION: www.fengpic.cn. 86400 IN A 192.168.20.226 ;; AUTHORITY SECTION: fengpic.cn. 86400 IN NS ns2.fengpic.cn. fengpic.cn. 86400 IN NS ns1.fengpic.cn. ;; ADDITIONAL SECTION: ns1.fengpic.cn. 86400 IN A 192.168.20.229 ns2.fengpic.cn. 86400 IN A 192.168.20.230 ;; Query time: 0 msec ;; SERVER: 192.168.20.229#53(192.168.20.229) ;; WHEN: Fri Jun 09 18:09:06 CST 2017 ;; MSG SIZE rcvd: 127
测试命令dig
dig [ -t type ] www.fengpic.cn [@本机IP地址]
dig -t MX www.fengpic.cn @192.168.20.229
dig -t A www.fengpic.cn @192.168.20.229
dig -t SOA www.fengpic.cn @192.168.20.229
