bind安装域名解析服务,以及分离服务

BOPOB • 2025年1月1日 17:05:05 • DNS解析

安装DNS

rpm -ivh bind*.rpm

进入/etc/named/chroot/etc 设置named.conf

[root@localhost named]# vim /etc/named.conf

// named.conf

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

// See /usr/share/doc/bind*/sample/ for example named configuration files.

options {

listen-on port 53 { any; };//监听端口

listen-on-v6 port 53 { ::1; };/ipv6监听端口

directory “/var/named”;

dump-file “/var/named/data/cache_dump.db”;

statistics-file “/var/named/data/named_stats.txt”;

memstatistics-file “/var/named/data/named_mem_stats.txt”;

allow-query { 192.168.2.0/24;192.168.4.0/24; };//允许访问的IP段

allow-transfer { 192.168.2.1;};//配置主从DNS使用下发同步

recursion yes;

forwarders{192.168.119.2;114.114.114.114;};//当遇到自身没有的域名映射IP时，向上一级请求

dnssec-enable yes;

dnssec-validation yes;

/* Path to ISC DLV key */

bindkeys-file “/etc/named.iscdlv.key”;

managed-keys-directory “/var/named/dynamic”;

};

logging {

channel default_debug {

file “data/named.run”;

severity dynamic;

};

view localhost_resolver {//解析器

match-clients { 192.168.4.0/24; };//可以使用该解析的IP段

match-destinations { localhost; };

# recursion yes;

include “/etc/baishan.zones”;//指定zones位置

};

view localhost_resolver2 {

match-clients { 192.168.2.0/24; };

match-destinations { localhost; };

# recursion yes;

include “/etc/named.root.key”;

include “/etc/named.rfc1912.zones”;

};

配置zones

zone”4.168.192.in-addr.arpa” IN {

type master; //主从关系时使用

file “4.168.192.in-addr.arpa”;//正向解析

allow-update { none; };

};

zone”example.com” IN{

type master;

file “example.com”;//指定反向解析文件名，在var/name下

allow-update{none;};

};

配置解析文件

正向

$TTL 1D

@ IN SOA example.com. admin.example.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS @

A 127.0.0.1

AAAA ::1

www IN A 192.168.4.131

~反向

$TTL 1D

@ IN SOA example.com. admin.example.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS @

A 127.0.0.1

AAAA ::1

131 IN PTR www.example.com.

检测命令

使用named-checkconfig named.conf检测错误

使用naned-checkzone 2.168.192.in-addr.arpa test.com

无错误后启动DNS

Service named restart

分离解析

分离解析的域名服务器实际上还是主域名服务器，这里所说的分离解析主要针对不同的客户端提供不同的解析记录，如当dns同时为internet和内网提供服务时，可能需要内网用户访问公司的web服务和mail服务直接发往位于内网的web和mail服务器上，减轻服务器地址转换的负担在、/etc/named.conf

view “LAN” {

match-clients { 192.168.4.0/24; };\\该LAN只能是192.168.4.0/24访问

zone “tech.org” IN {

type master;

file “tech.org.zone.lan”;};

}

view “WAN” {

match-clients { any; };

zone “tech.org” IN {

type master;

file “tech.org.wan”;};

};