centos 7 install bind

bind is the de facto standard for nameservers. Install under centos 7:

 

 

yum install -y bind
systemctl enable named

 

bind has two more components  

bind-chroot: Change the running root directory of bind to improve security

bind-utils : provides several tools dig, nsloopg, host, nsupdate, nsupdate

 

configure

By default, the entry configuration of bind is /etc/named.conf

 The file contains the following configuration

options :{} specifies the named running directory, safe

logging: {} log

zone: {} domain name configuration

 

basic configuration

 

#/etc/named.conf
options {
        directory "var/named";
        recursion yes;
};
zone "my.com" {
        type master;
        file "my.com.zone";
};
zone "cname.com" {
        type master;
        file "cname.com.zone";
};

The domain name information in the zone is specified by the file field, and the file is stored in the directory in options, for example, the my.com.zone file is as follows

 

 

$TTL 7200  
my.com. IN SOA my.com. mailuser.my.com. (1111 1H 20M 1W 1D)
my.com. IN NS dns1.my.com.
dns1.my.com. IN A 192.168.137.77
www.my.com. IN A 2.8.2.2

  For the above configuration, first specify that the valid time of the domain name is 7200 seconds

 

  Then specify SOA (authoritative site) as my.com. The administrator's email address is [email protected]. Due to the special meaning of the @ character in the bind configuration file, it is written as mailuser.my.com. (1111 1H 20M 1W 1D) expresses: the serial number is 1111, the update period is 1 hour, the failure retry time is 20 minutes, the validity period is 1 week, and the shortest validity period is 1 day

  Then specify that the NS record of my.com. is at dns1.my.com., and the A record of dns1.my.com. is 192.168.137.77 

  The last A record specifying www.my.com is 2.8.2.2

 

CNAME configuration

For example, the CNAME of www.cname.com is www.my.com. In cname.com.zone:

 

$TTL 8200
@ IN SOA cname.com. ccc.cname.com (1200 1H 20M 1W 1D)
@ IN NS dns1.cname.com.
dns1 IN A 192.168.137.77
www IN CNAME www.my.com. 

 

The meaning of the @ sign

   The @ sign appears in the cname.com.zone file above. The meaning of the @ sign is: the current site. In the above configuration, it refers to cname.com

 subdomain query

If there is a third-level domain name third.my.com. and a fourth-level domain name fourth.third.my.com under my.com., but the fourth-level domain name information is stored in another DNS server, you can query through the subdomain name . Subdomain queries require recursion under options to be turned on.

$TTL 7200  
my.com. IN SOA my.com. mailuser.my.com. (1111 1H 20M 1W 1D)
my.com. IN NS dns1.my.com.
dns1.my.com. IN A 192.168.137.77
www.my.com. IN A 2.8.2.2
thir.my.com IN NS dns3.third
dns3.thrid IN A 192.168.137.23

FORWARD query

Forward query generally refers to forwarding the request of this machine to another DNS machine

zone "other.com" {
    type forward;
    forward {192.168.2.33l};
}

 

Reverse parsing configuration

Reverse resolution is to query the domain name according to the IP address. Generally, the mail server queries the source domain name information according to the source IP after receiving the email. For example, the domain name of an existing machine 192.168.4.50 is mail.my.com

zone "4.168.192.in-addr.arpa" {
    type master;
    file  "192.168.4.zone";
}

in the  192.168.4.zone file

@TTL 3600
@ IN SOA 4.168.192.in-addr.arpa mailuser.my.com (3001 1H 20M 1W 1D)
@ IN NS dns1.my.com

In the my.com.zone file, the A address of the email domain name is also provided, and the MA record is added at the same time.

$TTL 7200  
my.com. IN SOA my.com. mailuser.my.com. (1111 1H 20M 1W 1D)
my.com. IN NS dns1.my.com.
dns1.my.com. IN A 192.168.137.77
www.my.com. IN A 2.8.2.2
@ IN MX 10 mail
mail.my.com  IN A 192.168.4.55

 

 

master-slave configuration

 

#main server
zone "lb.com" {
    type master;
    notify yes;
    also-notify {192.168.137.55;};
    allow-transfer {192.168.137.55;};
    file "lb.com.zone"
}

# from the server
zone "lb.com" {
    type slave;
    file "lb.com.zone";
    master-ip {xxx.xxx.xxx.xxx;};
}

 If the zone configuration file of the master server is changed, the serial number of the SOA must be changed, because the slave is incrementally updated according to the serial number

 

#file lb.com.zone before changing
$TTL 7200
lb.com IN STD lb.com. mailuser.lb.com (1111 1H 10M 1W 1D)

#after change
lb.com IN SOA lb.com. mailuser.lb.com (1112 IH 1M 1W 1D)

 In addition, in order to ensure safety, on the host, we should pay attention to adding the transmission limit, that is,

allow-transfer {192.168.137.55;};

 In addition to specifying IP, it can also be restricted by cryptographic signatures.

 

Smart DNS

The so-called smart DNS is to provide different A records according to the visitor's region. Let users find the nearest server. Two new configurations are required:

1 ACL represents a batch of IP segments under this area,

2. view, specify the corresponding ACL in each view, and the corresponding zone configuration

#ACL file
acl alcname {
   102.56.8.0/24;
   .....
}

  #/etc/named.conf

options {
        directory "var/named";
        recursion yes;
};
include "/var/named/chineunicom.acl"
include "/var/named/chinemobile.acl"
view "chineunicom"{
   recursion no;
   client-match {chineunicom;}
   zone "my.com" {
        type master;
        file "my.com.zone";
   };
   zone "cname.com" {
        type master;
        file "cname.com.zone";
   };
}
view "chinemobile"{
  ...
}

 

 

Client Tools

The client tools include host, nslookup, and dig, which can perform forward and reverse queries. The most powerful dig tool

#forward query
dig www.my.com
# reverse query
dig -x 192.168.4.55

#Specify DNS server
dig @ 8.8.8.8 www.csdn.com