bind安装域名解析服务,以及分离服务
安装DNS
rpm -ivh bind*.rpm
进入/etc/named/chroot/etc 设置named.conf
[root@localhost named]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };//监听端口
listen-on-v6 port 53 { ::1; };/ipv6监听端口
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.2.0/24;192.168.4.0/24; };//允许访问的IP段
allow-transfer { 192.168.2.1;};//配置主从DNS使用下发同步
recursion yes;
forwarders{192.168.119.2;114.114.114.114;};//当遇到自身没有的域名映射IP时,向上一级请求
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {//解析器
match-clients { 192.168.4.0/24; };//可以使用该解析的IP段
match-destinations { localhost; };
# recursion yes;
include "/etc/baishan.zones";//指定zones位置
};
view localhost_resolver2 {
match-clients { 192.168.2.0/24; };
match-destinations { localhost; };
# recursion yes;
include "/etc/named.root.key";
include "/etc/named.rfc1912.zones";
};
配置zones
zone"4.168.192.in-addr.arpa" IN {
type master; //主从 关系时使用
file "4.168.192.in-addr.arpa";//正向解析
allow-update { none; };
};
zone"example.com" IN{
type master;
file "example.com";//指定反向解析文件名,在var/name下
allow-update{none;};
};
配置解析文件
正向
$TTL 1D
@ IN SOA example.com. admin.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
www IN A 192.168.4.131
~反向
$TTL 1D
@ IN SOA example.com. admin.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
131 IN PTR www.example.com.
检测命令
使用named-checkconfig named.conf检测错误
使用naned-checkzone 2.168.192.in-addr.arpa test.com
无错误后启动DNS
Service named restart
分离解析
分离解析的域名服务器实际上还是主域名服务器,这里所说的分离解析主要针对不同的客户端提供不同的解析记录,如当dns同时为internet和内网提供服务时,可能需要内网用户访问公司的web服务和mail服务直接发往位于内网的web和mail服务器上,减轻服务器地址转换的负担在、/etc/named.conf
view "LAN" {
match-clients { 192.168.4.0/24; };\\该LAN只能是192.168.4.0/24访问
zone "tech.org" IN {
type master;
file "tech.org.zone.lan";};
}
view "WAN" {
match-clients { any; };
zone "tech.org" IN {
type master;
file "tech.org.wan";};
};