Bind是一款開放源碼的DNS服務器軟件,由美國加州大學Berkeley分校開發和維護的,全名為Berkeley Internet Name Domain它是目前世界上使用最為廣泛的DNS服務器軟件,支持各種unix平台和windows平台。
一、安裝bind
1、檢查是否已安裝bind
# dpkg -l |grep bind
2、安裝bind9
# apt-get install bind9
再次檢查,現在已經安裝成功了。
root@nfsserver:~# dpkg -l |grep bind ii bind9 1:9.8.1.dfsg.P1-4ubuntu0.10 Internet Domain Name Server
DNS配置文件在/etc/bind目錄中,查看bind安裝目錄
root@nfsserver:/etc/bind# ls -l total 52 -rw-r--r-- 1 root root 2389 Feb 18 21:45 bind.keys -rw-r--r-- 1 root root 237 Feb 18 21:45 db.0 -rw-r--r-- 1 root root 271 Feb 18 21:45 db.127 -rw-r--r-- 1 root root 237 Feb 18 21:45 db.255 -rw-r--r-- 1 root root 353 Feb 18 21:45 db.empty -rw-r--r-- 1 root root 270 Feb 18 21:45 db.local -rw-r--r-- 1 root root 2994 Feb 18 21:45 db.root -rw-r--r-- 1 root bind 463 Feb 18 21:45 named.conf -rw-r--r-- 1 root bind 490 Feb 18 21:45 named.conf.default-zones -rw-r--r-- 1 root bind 165 Feb 18 21:45 named.conf.local -rw-r--r-- 1 root bind 890 Mar 20 14:37 named.conf.options -rw-r----- 1 bind bind 77 Mar 20 14:37 rndc.key -rw-r--r-- 1 root root 1317 Feb 18 21:45 zones.rfc1918
安裝bind9后會生成如下三個配置文件:named.conf,named.conf.options,named.conf.local 。
其中name.conf是主配置文件,里面包含了name.conf.options和named.conf.local。我們在假設本地dns時,只需要改動named.conf.local即可。
root@nfsserver:/etc/bind# cat named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";
3、name.conf.options配置
root@nfsserver:/etc/bind# cat named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; 0.0.0.0; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };
該配置文件用來設置bind的forwards 地址。當bind遇到不能解析的IP地址時,它會交給forwards address DNS去處理。
二、環境和需求
Server的ip:10.1.101.188
Client的ip范圍為10.1.101.1——10.1.101.254相互能Ping通。
現在將Server架設成主dns服務器,任務的需求是能解析
master.lxy.com 10.1.101.11
www.lxy.com 10.1.101.11
slave1.lxy.com 10.1.101.12
slave2.lxy.com 10.1.101.15
分析:根據上面的主機名和對應ip可以看出:
- 需要添加正向區域"lxy.com"和反向區域"101.1.10.in-addr.arpa".
- 在"lxy.com"區域中添加A記錄master對應10.1.101.11,CNAME(別名記錄)記錄www對應master
- 在"101.1.10.in-addr.arpa"區域中添加各個ip地址對應的主機名
三、配置
1、編輯name.conf.local
root@nfsserver:/etc/bind# cat named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; //正向解析域 zone "lxy.com"{ type master; #定義DNS服務器為主DNS file "/etc/bind/db.lxy.com"; }; # For reverse DNS //反向解析域 zone "101.1.10.in-addr.arpa"{ type master; notify no; file "/etc/bind/rev.101.1.10.in-addr.arpa."; };
反解析zone名稱定義規定前部分ip倒着寫。如ip 192.168.1.2,名稱定義為1.168.192.in-addr.arpa。
2、新建name.conf.local中指定的區域文件
在/etc/bind下新建正向區域文件(復制一份)
命令:# cp /etc/bind/db.local /etc/bind/db.lxy.com
root@nfsserver:/etc/bind# cp db.local db.lxy.com root@nfsserver:/etc/bind# ls bind.keys db.127 db.empty db.lxy.com named.conf named.conf.local rndc.key db.0 db.255 db.local db.root named.conf.default-zones named.conf.options zones.rfc1918 root@nfsserver:/etc/bind#
在/etc/bind下新建反向區域文件(復制一份)
命令:cp /etc/bind/db.127 /etc/bind/rev.101.1.10.in-addr.arpa
root@nfsserver:/etc/bind# cp db.127 rev.101.1.10.in-addr.arpa root@nfsserver:/etc/bind# ls bind.keys db.127 db.empty db.lxy.com named.conf named.conf.local rev.101.1.10.in-addr.arpa zones.rfc1918 db.0 db.255 db.local db.root named.conf.default-zones named.conf.options rndc.key
3、編輯正向解析域文件
root@nfsserver:/etc/bind# cat db.lxy.com ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 127.0.0.1 @ IN AAAA ::1 master IN A 10.1.101.11 www IN CNAME master slave1 IN A 10.1.101.12 slave2 IN A 10.1.101.15
4、編輯反向解析域文件
root@nfsserver:/etc/bind# cat rev.101.1.10.in-addr.arpa ; ; BIND reverse data file for local loopback interface ; $TTL 604800 #指示為每個沒有特殊TTL設置的RR給出了一個默認的TTL。 @ IN SOA localhost. root.localhost. ( #定義SOA記錄,包括Zone的名字,一個技術聯系人和各種不同的超時值。 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. 1.0.0 IN PTR localhost. 11 IN PTR master.lxy.com 11 IN PTR www.lxy.com 12 IN PTR slave1.lxy.com 15 IN PTR slave2.lxy.com
反解析域可以不設置。
5、重啟DNS服務
# service bind9 restart
或者
# /etc/init.d/bind9 restart
四、指定Linux系統使用DNS服務
現在我在10.1.101.189中配置DNS為剛才配置的10.1.101.188。
有一點需要注意不要在/etc/resolv.conf中去修改DNS,重啟網絡后配置就丟失了。
root@nfsclient:~# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 10.1.101.188
在/etc/network/interface中設置DNS
root@nfsclient:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.1.101.189 netmask 255.255.255.0 gateway 10.1.101.254 dns-nameservers 10.1.101.188
重啟網絡,然后就可以ping通剛才配置的域名了。
root@nfsclient:~# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 10.1.101.188 root@nfsclient:~# ping -c 4 master.lxy.com PING master.lxy.com (10.1.101.11) 56(84) bytes of data. 64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=1 ttl=64 time=0.978 ms 64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=2 ttl=64 time=0.626 ms 64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=3 ttl=64 time=0.628 ms 64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=4 ttl=64 time=0.591 ms --- master.lxy.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3005ms rtt min/avg/max/mdev = 0.591/0.705/0.978/0.161 ms root@nfsclient:~# ping -c 4 www.lxy.com PING master.lxy.com (10.1.101.11) 56(84) bytes of data. 64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=1 ttl=64 time=1.06 ms 64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=2 ttl=64 time=0.655 ms 64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=3 ttl=64 time=0.556 ms 64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=4 ttl=64 time=0.577 ms --- master.lxy.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.556/0.714/1.068/0.207 ms root@nfsclient:~# ping -c 4 slave1.lxy.com PING slave1.lxy.com (10.1.101.12) 56(84) bytes of data. 64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=1 ttl=64 time=1.07 ms 64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=2 ttl=64 time=0.352 ms 64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=3 ttl=64 time=0.346 ms 64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=4 ttl=64 time=0.321 ms --- slave1.lxy.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.321/0.523/1.075/0.319 ms
root@nfsclient:~# ping -c 4 slave2.lxy.com
PING slave2.lxy.com (10.1.101.15) 56(84) bytes of data.
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=1 ttl=64 time=3.69 ms
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=2 ttl=64 time=1.63 ms
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=3 ttl=64 time=1.59 ms
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=4 ttl=64 time=1.56 ms
--- slave2.lxy.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 1.566/2.122/3.696/0.909 ms
root@nfsclient:~#
五、常見錯誤處理
root@dns:/etc/bind# /etc/init.d/bind9 restart * Stopping domain name service... bind9 rndc: connect failed: 127.0.0.1#953: connection refused [ OK ] * Starting domain name service... bind9 [fail]
原因是在name.conf.local中配置了兩個相同的www.teststack.com,刪除多余的一條域名記錄,然后就可以重啟了。
六、資源鏈接
http://linuxnx.blog.51cto.com/6676498/1169567
了解更多DNS知識推薦一個人的博客: