Bind是一款开放源码的DNS服务器软件,由美国加州大学Berkeley分校开发和维护的,全名为Berkeley Internet Name Domain它是目前世界上使用最为广泛的DNS服务器软件,支持各种unix平台和windows平台。
一、安装bind
1、检查是否已安装bind
# dpkg -l |grep bind
2、安装bind9
# apt-get install bind9
再次检查,现在已经安装成功了。
root@nfsserver:~# dpkg -l |grep bind ii bind9 1:9.8.1.dfsg.P1-4ubuntu0.10 Internet Domain Name Server
DNS配置文件在/etc/bind目录中,查看bind安装目录
root@nfsserver:/etc/bind# ls -l total 52 -rw-r--r-- 1 root root 2389 Feb 18 21:45 bind.keys -rw-r--r-- 1 root root 237 Feb 18 21:45 db.0 -rw-r--r-- 1 root root 271 Feb 18 21:45 db.127 -rw-r--r-- 1 root root 237 Feb 18 21:45 db.255 -rw-r--r-- 1 root root 353 Feb 18 21:45 db.empty -rw-r--r-- 1 root root 270 Feb 18 21:45 db.local -rw-r--r-- 1 root root 2994 Feb 18 21:45 db.root -rw-r--r-- 1 root bind 463 Feb 18 21:45 named.conf -rw-r--r-- 1 root bind 490 Feb 18 21:45 named.conf.default-zones -rw-r--r-- 1 root bind 165 Feb 18 21:45 named.conf.local -rw-r--r-- 1 root bind 890 Mar 20 14:37 named.conf.options -rw-r----- 1 bind bind 77 Mar 20 14:37 rndc.key -rw-r--r-- 1 root root 1317 Feb 18 21:45 zones.rfc1918
安装bind9后会生成如下三个配置文件:named.conf,named.conf.options,named.conf.local 。
其中name.conf是主配置文件,里面包含了name.conf.options和named.conf.local。我们在假设本地dns时,只需要改动named.conf.local即可。
root@nfsserver:/etc/bind# cat named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";
3、name.conf.options配置
root@nfsserver:/etc/bind# cat named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; 0.0.0.0; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };
该配置文件用来设置bind的forwards 地址。当bind遇到不能解析的IP地址时,它会交给forwards address DNS去处理。
二、环境和需求
Server的ip:10.1.101.188
Client的ip范围为10.1.101.1——10.1.101.254相互能Ping通。
现在将Server架设成主dns服务器,任务的需求是能解析
master.lxy.com 10.1.101.11
www.lxy.com 10.1.101.11
slave1.lxy.com 10.1.101.12
slave2.lxy.com 10.1.101.15
分析:根据上面的主机名和对应ip可以看出:
- 需要添加正向区域"lxy.com"和反向区域"101.1.10.in-addr.arpa".
- 在"lxy.com"区域中添加A记录master对应10.1.101.11,CNAME(别名记录)记录www对应master
- 在"101.1.10.in-addr.arpa"区域中添加各个ip地址对应的主机名
三、配置
1、编辑name.conf.local
root@nfsserver:/etc/bind# cat named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; //正向解析域 zone "lxy.com"{ type master; #定义DNS服务器为主DNS file "/etc/bind/db.lxy.com"; }; # For reverse DNS //反向解析域 zone "101.1.10.in-addr.arpa"{ type master; notify no; file "/etc/bind/rev.101.1.10.in-addr.arpa."; };
反解析zone名称定义规定前部分ip倒着写。如ip 192.168.1.2,名称定义为1.168.192.in-addr.arpa。
2、新建name.conf.local中指定的区域文件
在/etc/bind下新建正向区域文件(复制一份)
命令:# cp /etc/bind/db.local /etc/bind/db.lxy.com
root@nfsserver:/etc/bind# cp db.local db.lxy.com root@nfsserver:/etc/bind# ls bind.keys db.127 db.empty db.lxy.com named.conf named.conf.local rndc.key db.0 db.255 db.local db.root named.conf.default-zones named.conf.options zones.rfc1918 root@nfsserver:/etc/bind#
在/etc/bind下新建反向区域文件(复制一份)
命令:cp /etc/bind/db.127 /etc/bind/rev.101.1.10.in-addr.arpa
root@nfsserver:/etc/bind# cp db.127 rev.101.1.10.in-addr.arpa root@nfsserver:/etc/bind# ls bind.keys db.127 db.empty db.lxy.com named.conf named.conf.local rev.101.1.10.in-addr.arpa zones.rfc1918 db.0 db.255 db.local db.root named.conf.default-zones named.conf.options rndc.key
3、编辑正向解析域文件
root@nfsserver:/etc/bind# cat db.lxy.com ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 127.0.0.1 @ IN AAAA ::1 master IN A 10.1.101.11 www IN CNAME master slave1 IN A 10.1.101.12 slave2 IN A 10.1.101.15
4、编辑反向解析域文件
root@nfsserver:/etc/bind# cat rev.101.1.10.in-addr.arpa ; ; BIND reverse data file for local loopback interface ; $TTL 604800 #指示为每个没有特殊TTL设置的RR给出了一个默认的TTL。 @ IN SOA localhost. root.localhost. ( #定义SOA记录,包括Zone的名字,一个技术联系人和各种不同的超时值。 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. 1.0.0 IN PTR localhost. 11 IN PTR master.lxy.com 11 IN PTR www.lxy.com 12 IN PTR slave1.lxy.com 15 IN PTR slave2.lxy.com
反解析域可以不设置。
5、重启DNS服务
# service bind9 restart
或者
# /etc/init.d/bind9 restart
四、指定Linux系统使用DNS服务
现在我在10.1.101.189中配置DNS为刚才配置的10.1.101.188。
有一点需要注意不要在/etc/resolv.conf中去修改DNS,重启网络后配置就丢失了。
root@nfsclient:~# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 10.1.101.188
在/etc/network/interface中设置DNS
root@nfsclient:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.1.101.189 netmask 255.255.255.0 gateway 10.1.101.254 dns-nameservers 10.1.101.188
重启网络,然后就可以ping通刚才配置的域名了。
root@nfsclient:~# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 10.1.101.188 root@nfsclient:~# ping -c 4 master.lxy.com PING master.lxy.com (10.1.101.11) 56(84) bytes of data. 64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=1 ttl=64 time=0.978 ms 64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=2 ttl=64 time=0.626 ms 64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=3 ttl=64 time=0.628 ms 64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=4 ttl=64 time=0.591 ms --- master.lxy.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3005ms rtt min/avg/max/mdev = 0.591/0.705/0.978/0.161 ms root@nfsclient:~# ping -c 4 www.lxy.com PING master.lxy.com (10.1.101.11) 56(84) bytes of data. 64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=1 ttl=64 time=1.06 ms 64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=2 ttl=64 time=0.655 ms 64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=3 ttl=64 time=0.556 ms 64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=4 ttl=64 time=0.577 ms --- master.lxy.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.556/0.714/1.068/0.207 ms root@nfsclient:~# ping -c 4 slave1.lxy.com PING slave1.lxy.com (10.1.101.12) 56(84) bytes of data. 64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=1 ttl=64 time=1.07 ms 64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=2 ttl=64 time=0.352 ms 64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=3 ttl=64 time=0.346 ms 64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=4 ttl=64 time=0.321 ms --- slave1.lxy.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.321/0.523/1.075/0.319 ms
root@nfsclient:~# ping -c 4 slave2.lxy.com
PING slave2.lxy.com (10.1.101.15) 56(84) bytes of data.
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=1 ttl=64 time=3.69 ms
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=2 ttl=64 time=1.63 ms
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=3 ttl=64 time=1.59 ms
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=4 ttl=64 time=1.56 ms
--- slave2.lxy.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 1.566/2.122/3.696/0.909 ms
root@nfsclient:~#
五、常见错误处理
root@dns:/etc/bind# /etc/init.d/bind9 restart * Stopping domain name service... bind9 rndc: connect failed: 127.0.0.1#953: connection refused [ OK ] * Starting domain name service... bind9 [fail]
原因是在name.conf.local中配置了两个相同的www.teststack.com,删除多余的一条域名记录,然后就可以重启了。
六、资源链接
http://linuxnx.blog.51cto.com/6676498/1169567
了解更多DNS知识推荐一个人的博客: