BIND
Dns service program package name for the bind, the service name is named;
BIND installation:
yum List * All bind bind -libs // library bind-utils // bind tool bind.x86_64 // main package file bind-devel // bind development tools bind-sdb // associate bind content to the database when packets
yum install bind -y // package to install the main program
Common file of BIND
rpm -ql bind | less
Service script: /etc/rc.d/init.d/named
We named this service startup script is used;
The main configuration file: /etc/named.conf,/etc/named.rfc1912.zones,/etc/rndc.key
rndc (remote name domain controller) Remote control management tool, then we say this; /etc/rndc.key is shared with rndc key file;
/etc/named.conf is a global master configuration file, / etc / named.rfc1912.zones is reverse to the domain definition file;
Parsing library: /var/named/ZONE_NAME.ZONE
To be responsible for all data stored in the region when parsing file library;
note:
A physical server can be resolved to provide a plurality of regions simultaneously; (library file can have multiple analytical)
Must have a root zone file: name.ca // we find the root domain name servers on the Internet through name.ca file;
By default, there are two (including Ipv6, or even more) to achieve the local loopback address localhost and parsing library file;
Configuration forward resolution
1, configure the primary configuration file /etc/named.conf
Here, we can note two configurations: 1, listen-on listening NIC port address of the DNS resolution; 2, specify allow-query to resolve all DNS requests;
The main configuration file format Description:
Global configuration: option {};
Logging subsystem is configured to: logging {}; // specified log file
Area definition: The machine is capable of analyzing those zone, necessary to define those Zone;
zone "ZONE_NAME"IN {};
Start the DNS service, view the listening port:
/etc/init.d/networking named start ss -tunlp | grep : 53
2, arranged to specify the analytical positive region /etc/named.rfc1912.zones
/etc/named.rfc1912.zones configuration file format:
zone "ZONE_NAME" IN {
type {master | slave | hint | foward}; // hint only as a cache server
file "ZONE_NAME.zone";
};
vim /etc/named.rfc1912.zones
Here test.com.zone specified directory file is specified in the named.conf directory / var / named directory;
3, the forward configuration file library
vim /var/named/test.com.zone
Among them, first define the two macros, $ TTL and $ ORIIGIN, then we must first define the SOA record, then it is associated with NS records and MX-mail records, all these records need to write A record; and finally defines a CNAME for the www server recording;
checkconf-named // detect domain is incorrectly configured or not named-checkzone " test.com " /var/named/test.com.zone // detect whether test.com forward parsing library file errors
4, configure authorization
Here we want to limit what other users have access to this ah even with those, so we have to restrict follows:
chmod 640 test.com.zone chown :named test.com.zone
5, restart the service
/etc/init.d/named restart
6, no matter what the customer visits, our dns servers are not given point No answer
vim / var / named / test.com.zone * the IN CNAME www // access point to a particular host can test.com the IN CNAME www. // If you do not enter a host name, you can point directly to www host;
/etc/init.d/named reload
Test Tool Usage
Here, we need to use some test tools to test the configuration of our dns server;
you
安装dig工具
yum install bind-utils //安装bind工具
测试我们的正向解析情况
dig -t A www.test.com @192.168.94.128
如果这里不指定192.168.94.128地址来指定DNS服务,就默认使用/etc/resolv.conf的域名来进行dns解析;
dig的用法:
dig工具用于测试dns系统,因此,不会查询hosts文件的内容;
dig [-t type] name [@SERVER] [query options]
例如:
dig -t NS test.com @192.168.94.128 dig -t SOA test.com @192.168.94.128
其中 flag 位中的 aa 就是标识这个解析答案位权威答案;
dig -t A www.baidu.com
可以看到,这个就不是一个权威答案,且我们这里时指定了CNAME记录了的;
查询选项:
+[no]trace //跟踪解析过程
+[no]recurse //进行递归解析,默认就是递归解析;
dig -t A www.baidu.com +trace
模拟区域传送,全脸查送【这非常危险】
dig -t axfr ZONE_NAME @SERVER
dig -t axfr test.com @192.168.94.128
host
host : DNS lookup utility DNS查看工具
host [-t type] name [SERVER]
nslookup
交互式的dns解析工具
nslookup [-option] [name | -] [server ip]
在交互式模式下使用这个模式
server ip指明使用那个DNS server 进行查询解析;
这个工具使用起来不太方便;
配置反向解析
反向区域
区域名称:完了过地址的反写.in-addr.arpa //这种写法时固定的,无法改变;
1、配置/etc/named.rfc1912.zones 文件,添加zone文件,添加反向zone区域;
zone "ZONE_NAME" IN {
type {master|slave|forword};
file "完了过地址.zone"; //可以随意命名,但是不能冲突
};
vim /etc/named.rfc1912.zone
2、配置区域解析库文件
需要注意的时:不需要MX和A,以及AAAA记录,以PTR记录为主;
vim /var/named/192.168.94.zone
3、修改文件权限
chmod 640 /var/named/192.168.94.zone chown :named 192.168.94.zone
检查配置文件语法是否正确
named-checkconf named-checkzone "94.168.192.in-addr.arpa" 192.168.94.zone
从新载入配置文件
/etc/init.d/named reload
4、测试反向解析
也可以使用dig来及逆行测试
dig -x 192.168.94.131 @192.168.94.128