options { directory "/var/named"; version "unknown"; ← 不表示bind的版本信息 dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; //追加 allow-query{ localnet; }; ← 仅向内部开放DNS(外部开放另外设置) allow-recursion{ localnet; }; ← ””” 缓冲 allow-transfer{ localnet; }; ← ””” ZONE forwarders{ 192.168.1.1; ← 指定路由器的IP(如果通过路由器) XXX.XXX.XXX.XXX; ← ISP提供的DNS IP (如果是PPPoE直接连接猫) XXX.XXX.XXX.XXX; ← ISP提供的DNS IP (如果是PPPoE直接连接猫) }; //追加完了 };
//追加 // aoiday.com 正向索引信息 zone "aoiday.com" IN { type master; file "aoiday.com.db.lan"; allow-update { none; }; };
};
// 面向外部 view "wan" { match-clients { any; };
// aoiday.com 正向索引信息 zone "aoiday.com" IN { type master; file "aoiday.com.db"; allow-query { any; }; ← 允许外部访问DNS主机 }; }; //追加完了
面向内网aoiday.com正向索引数据库
[root@linux ~]# vi /var/named/chroot/var/named/aoiday.com.db.lan
↑ 面向内网aoiday.com的正向索引数据库 $TTL 86400 @ IN SOA aoiday.com. root.aoiday.com.( 2006071201 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS aoiday.com. IN MX 10 aoiday.com. @ IN A 192.168.1.1 ← A 设定(aoiday.com用) www IN A 192.168.1.1 ← A 设定(用) ftp IN A 192.168.1.1 ← A 设定(ftp.aoiday.com用) mail IN A 192.168.1.1 ← A 设定(mail.aoiday.com用)
面向外部aoiday.com正向索引数据库
[root@linux ~]# vi /var/named/chroot/var/named/aoiday.com.db
↑ 面向外部aoiday.com的正向索引数据库 $TTL 86400 @ IN SOA ns1.aoiday.com. root.aoiday.com.( 2006071201 ; Serial 7200 ; Refresh 7200 ; Retry 2419200 ; Expire 86400 ) ; Minimum IN NS ns1.aoiday.com. IN MX 10 aoiday.com. @ IN A XXX.XXX.XXX.XXX← A 设定(aoiday.com用) www IN A XXX.XXX.XXX.XXX← A 设定(用) ftp IN A XXX.XXX.XXX.XXX← A 设定(ftp.aoiday.com用) mail IN A XXX.XXX.XXX.XXX← A 设定(mail.aoiday.com用) aoiday.com. IN TXT "v=spf1 a mx ~all"
