分类: LINUX
2009-03-23 11:15:54
因为单位的 DNS 服务器放在网通,近来网通那边路由有问题,需要配置一台电信的服务器做DNS服务器,因此就在网上搜罗了一些资料,虽然不太完整,但是自己边测边配,弄出来啦,整理出来给大家分享,应该是目前比较完整的Bind教程了: 下载稳定版的bind服务器: 卸载原来系统自带的bind服务 # rpm -qa|grep bind # rpm -e --nodeps bind 编译安装BIND # tar zxvf bind-9.2.6.tar.gz # cd bind-9.2.6 # ./configure -sysconfdir=/etc/bind # make # make install 修改配置文件 # mkdir /etc/bind 在named.conf 加入以下内容:# mkdir /var/bind # vi /etc/bind/named.conf options { directory "/var/bind"; }; zone "." { type hint; file "named.ca"; }; 查询根DNS服务器 # dig -t NS . ; <<>> DiG 9.2.6 <<>> -t NS . ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39532 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 490301 IN NS H.ROOT-SERVERS.NET. . 490301 IN NS I.ROOT-SERVERS.NET. . 490301 IN NS J.ROOT-SERVERS.NET. . 490301 IN NS K.ROOT-SERVERS.NET. . 490301 IN NS L.ROOT-SERVERS.NET. . 490301 IN NS M.ROOT-SERVERS.NET. . 490301 IN NS A.ROOT-SERVERS.NET. . 490301 IN NS B.ROOT-SERVERS.NET. . 490301 IN NS C.ROOT-SERVERS.NET. . 490301 IN NS D.ROOT-SERVERS.NET. . 490301 IN NS E.ROOT-SERVERS.NET. . 490301 IN NS F.ROOT-SERVERS.NET. . 490301 IN NS G.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 576701 IN A 198.41.0.4 B.ROOT-SERVERS.NET. 576701 IN A 192.228.79.201 C.ROOT-SERVERS.NET. 576701 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 576701 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 576701 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 576701 IN A 192.5.5.241 G.ROOT-SERVERS.NET. 576701 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 576701 IN A 128.63.2.53 I.ROOT-SERVERS.NET. 576701 IN A 192.36.148.17 J.ROOT-SERVERS.NET. 576701 IN A 192.58.128.30 K.ROOT-SERVERS.NET. 576701 IN A 193.0.14.129 L.ROOT-SERVERS.NET. 576701 IN A 198.32.64.12 M.ROOT-SERVERS.NET. 576701 IN A 202.12.27.33 ;; Query time: 1 msec ;; SERVER: 127.0.0.1# 53(127.0.0.1) ;; WHEN: Tue Oct 10 23:34:53 2006 ;; MSG SIZE rcvd: 436 将跟记录加入到/etc/resolv.conf文件中 # echo "nameserver 192.58.128.30" >/etc/resolv.conf 将跟服务器的信息导入到/var/bind/named.ca文件中 # dig -t NS . >/var/bind/named.ca # cat /var/bind/named.ca ; <<>> DiG 9.2.6 <<>> -t NS . ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15141 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 ;; Query time: 107 msec ;; SERVER: 192.58.128.30# 53(192.58.128.30) ;; WHEN: Tue Oct 10 10:16:47 2006 ;; MSG SIZE rcvd: 436 配置rndc # rndc-confgen >/etc/bind/rndc.conf # cat -n /etc/bind/rndc.conf 1 # Start of rndc.conf 2 key "rndc-key" { 3 algorithm hmac-md5; 4 secret "6wVd+yM4v80YJuIdp0o+vg=="; 5 }; 6 7 options { 8 default-key "rndc-key"; 9 default-server 127.0.0.1; 10 default-port 953; 11 }; 12 # End of rndc.conf 13 14 # Use with the following in named.conf, adjusting the allow list as needed: 15 # key "rndc-key" { 16 # algorithm hmac-md5; 17 # secret "6wVd+yM4v80YJuIdp0o+vg=="; 18 # }; 19 # 20 # controls { 21 # inet 127.0.0.1 port 953 22 # allow { 127.0.0.1; } keys { "rndc-key"; }; 23 # }; 24 # End of named.conf 将rndc中的部分记录导入到/etc/bind/named.conf文件中,并修改/etc/bind/named.conf,将导入的配置前面的注释去掉。 # tail +13 /etc/bind/rndc.conf>>/etc/bind/named.conf # cat /etc/bind/named.conf options { directory "/var/bind"; }; zone "." { type hint; file "named.ca"; }; key "rndc-key" { algorithm hmac-md5; secret "6wVd+yM4v80YJuIdp0o+vg=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; 检查并重新启动named服务,查看日志文件并检查rndc访问状态 # ps -axu|grep named # killall named # ps -axu|grep named # named # ps -axu|grep named # tail /var/log/messages # rndc status number of zones: 2 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF server is up and running 修改/etc/resolv.conf,并使用host命令测试 # echo "nameserver 127.0.0.1" >/etc/resolv.conf # host has address 222.73.5.135 配置localhost的正向区域 修改/etc/bind/named.conf,插入如下内容 zone "localhost" { type master; file "db.local"; }; 配置 /var/bind/db.local $TTL 900 @ IN SOA localhost. root ( 2006021401 ;serial number 1H ;refresh 15M ;retry 1W ;expire 1D ) ;TTL IN NS @ IN A 127.0.0.1 记得要在IN前面加空格,否则会出现 zone localhost/IN: has no NS records 的错误,我也是搞了老半天才搞明白的。 测试 # rndc reload # host localhost localhost has address 127.0.0.1 配置127.0.0的反向区域 1、修改/etc/bind/named.conf,添加如下内容 zone "0.0.127.in-addr.arpa" { type master; file "127.0.0.zone"; }; 2、创建/var/bind/127.0.0.zone,添加如下内容 $TTL 900 @ IN SOA @ root.localhost. ( 20060214 1H 15M 1W 1D ) IN NS localhost. 1 IN PTR localhost. 3、重新启动rndc访问,并测试 # rndc reload # host 127.0.0.1 1.0.0.127.in-addr.arpa domain name pointer localhost. 配置sky.net.cn区域 1、配置/etc/bind/named.conf文件,加入如下内容 zone "sky.net.cn" { type master; file "db.sky.net.cn"; }; 2、配置/var/bind/db.sky.net.cn $TTL 900 @ IN SOA sky.net.cn. root ( 2006021401 ;serial number 1H ;refresh 15M ;retry 1W ;expire 1D ) ;TTL IN NS @ IN MX 10 mail IN A 59.42.10.53 ns IN A 59.42.10.53 www IN A 59.42.10.53 ftp IN A 59.42.10.54 mail IN A 59.42.10.55 smtp IN A 59.42.10.55 pop IN A 59.42.10.55 news IN CNAME www 3、重新启动rndc服务进行测试 # rndc reload # host -t A has address 59.42.10.53 # host -t A ftp.sky.net.cn ftp.sky.net.cn has address 59.42.10.54 # host -t A mail.sky.net.cn mail.sky.net.cn has address 59.42.10.55 # host -t NS sky.net.cn sky.net.cn name server sky.net.cn. 增加的反向区域 1、修改/etc/bind/named.conf,添加如下内容 zone "10.42.59.in-addr.arpa" { type master; file "59.42.10.zone"; }; 2、创建/var/bind/59.42.10.zone,添加如下内容 $TTL 900 @ IN SOA sky.net.cn root.sky.net.cn. ( 2006022301 1H 15M 1W 1D ) IN NS sky.net.cn. 53 IN PTR 54 IN PTR ftp.sky.net.cn. 55 IN PTR mail.sky.net.cn. 3、重新启动rndc访问,并测试 # rndc reload 至此,Bind 配置完毕。# host 59.42.10.53 53.10.42.59.in-addr.arpa domain name pointer # host 59.42.10.53 54.10.42.59.in-addr.arpa domain name pointer ftp.sky.net.cn. # host 59.42.10.53 55.10.42.59.in-addr.arpa domain name pointer mail.sky.net.cn. |