Linux下搭建DNS服務(wù)器和配置文件（named.conf）祥解

配置之前先了解一下BIND DNS服務(wù)器軟件：BIND是一種開源的DNS（Domain Name System）協(xié)議的實現(xiàn)，包含對域名的查詢和響應(yīng)所需的所有軟件。它是互聯(lián)網(wǎng)上最廣泛使用的一種DNS服務(wù)器，對于類Unix系統(tǒng)來說，已經(jīng)成為事實上的標準。

為了構(gòu)架DNS服務(wù)器來解析域名或IP地址，我們得安裝BIND和caching-nameserver。為了TCP和UDP53數(shù)據(jù)包能通過，我們也有必要配置路由器。

安裝 BIND 軟件包

1、安裝

# yum -y install bind caching-nameserver

2、配置

下面的例子是以公網(wǎng)IP（172.16.0.80/29），局域網(wǎng)IP（192.168.0.0/24），域名（）作說明。在配置你自己的服務(wù)器時，請使用你自己的IP和域名。

# vim /etc/named.conf

options {
directory "/var/named";
# query range
allow-query { localhost; 192.168.0.0/24; };
# transfer range
allow-transfer { localhost; 192.168.0.0/24; };
# recursion range
allow-recursion { localhost; 192.168.0.0/24; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
# here is the section for internal informations
vimew "internal" {
match-clients {
localhost;
192.168.0.0/24;
};
zone "." IN {
type hint;
file "named.ca";
};
# set zones for internal
zone "" IN {
type master;
file ".lan";
allow-update { none; };
};
# set zones for internal
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.db";
allow-update { none; };
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
};

vimew "external" {
match-clients {
any;
};

zone "." IN {
type hint;
file "named.ca";
};

# set zones for external
zone "" IN {
type master;
file ".wan";
allow-update { none; };
};

# set zones for external *note
zone "80.0.16.172.in-addr.arpa" IN {
type master;
file "80.0.16.172.db";
allow-update { none; };
};
};

include "/etc/rndc.key";

# *note : For How to write for reverse resolvimng, Write network address reversely like below.

the case for 192.168.0.0/24
network address? 192.168.0.0
range of network? 192.168.0.0 - 192.168.0.255
how to write? 0.168.192.in-addr.arpa

case of 172.16.0.80/29
network address? 172.16.0.80
range of network? 172.16.0.80 - 172.16.0.87
how to write? 80.0.16.172.in-addr.arp

設(shè)置Zones

創(chuàng)建zone文件以便服務(wù)器能解析域名IP。

1、內(nèi)部zone文件

這個例子使用的是內(nèi)網(wǎng)地址（192.168.0.0/24），域名()，請根據(jù)自己的具體情況配置。

# vim /var/named/.lan

$TTL    86400
@        IN    SOA   ns.. root.. (
               2007041501   ;Serial
               3600         ;Refresh
               1800         ;Retry
               604800       ;Expire
               86400        ;Minimum TTL

)
               # define name server
               IN    NS     ns..
               # internal IP address of name server
               IN    A       192.168.0.17
               # define Mail exchanger
               IN    MX 10   ns..

               # define IP address and hostname
ns             IN    A       192.168.0.17

2、外部zone文件

這個例子使用的是外網(wǎng)地址（172.16.0.80/29），域名（），請?zhí)鎿Q成自己的。

# vim /var/named/.wan

$TTL      86400
@          IN    SOA    ns.. root.. (
                 2007041501    ;Serial
                 3600          ;Refresh
                 1800          ;Retry
                 604800        ;Expire
                 86400         ;Minimum TTL
)
                 # define name server
                 IN        NS   ns..
                 # external IP address of name server
                 IN        A    172.16.0.82
                 # define Mail exchanger
                 IN        MX 10 ns..

                 # define IP address and hostname
ns               IN        A     172.16.0.82

創(chuàng)建zone文件使服務(wù)器能夠反向解析IP到域名。

3、內(nèi)部zone文件

這個例子使用的是內(nèi)網(wǎng)地址（192.168.0.0/24），域名（），請使用自己的設(shè)置替換。

# vim /var/named/0.168.192.db

$TTL    86400
@       IN    SOA  ns.. root.. (
              2007041501     ;Serial
              3600           ;Refresh
              1800           ;Retry
              604800         ;Expire
              86400          ;Minimum TTL
)
              # define name server
              IN        NS    ns..

              # define range that this domain name in
              IN        PTR   .
              # define IP address and hostname
              IN        A     255.255.255.0

17            IN        PTR   ns..

4、外部zone文件

這例子使用外網(wǎng)地址（172.16.0.80/29），域名（），請?zhí)鎿Q成自己的。

# vim /var/named/80.0.16.172.db

$TTL     86400
@        IN    SOA  ns.. root.. (
               2007041501     ;Serial
               3600           ;Refresh
               1800           ;Retry
               604800         ;Expire
               86400          ;Minimum TTL
)
               # define name server
               IN        NS   ns..

               # define range that this domain name in
               IN        PTR  .
               # define IP address and hostname
               IN        A     255.255.255.248

82             IN        PTR   ns..

啟動BIND

1、完成BIND的配置后，在啟動named之前，還需要建立chroot環(huán)境。

# yum -y install bind-chroot
# /etc/rc.d/init.d/named start
# chkconfig named on

2、操作檢驗

確認服務(wù)器已經(jīng)正確解析域名或IP地址。

# dig ns..
; <<>> DiG 9.3.4 <<>> ns..
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54592
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns..           IN   A

;; ANSWER SECTION:
ns.. 86400   IN   A    192.168.0.17

;; AUTHORITY SECTION:
.     86400   IN   NS   ns..

;; Query time: 0 msec
;; SERVER: 192.168.0.17#53(192.168.0.17)
;; WHEN: Thu Mar 8 19:35:19 2007
;; MSG SIZE rcvd: 68

# dig -x 192.168.0.17
; <<>> DiG 9.3.4 <<>> -x 192.168.0.17
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45743
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;17.0.168.192.in-addr.arpa.           IN   PTR

;; ANSWER SECTION:
17.0.168.192.in-addr.arpa. 86400   IN   PTR   ns..

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa.     86400   IN   NS     ns..

;; ADDITIONAL SECTION:
ns..          86400   IN   A       192.168.0.17

;; Query time: 0 msec
;; SERVER: 192.168.0.17#53(192.168.0.17)
;; WHEN: Thu Mar 8 19:37:50 2007
;; MSG SIZE rcvd: 107

配置從DNS服務(wù)器

配置從DNS服務(wù)器比較簡單。下面的例子主DNS是“ns.”，從DNS是“ns.example.info”。

1、在主DNS服務(wù)器的zone文件作如下配置

# vim /var/named/.wan

$TTL     86400
@        IN   SOA   ns.. root.. (
              # update serial
              2007041501      ;Serial
              3600            ;Refresh
              1800            ;Retry
              604800          ;Expire
              86400           ;Minimum TTL
)
              IN         NS   ns..
              # add name server
              IN         NS   ns.example.info.
              IN         A    172.16.0.82
              IN         MX 10 ns..

ns            IN         A    172.16.0.82

# rndc reload
server reload successful

2、配置從DNS服務(wù)器

# vim /etc/named.conf

    # add these lines below
    zone "" IN {
          type slave;
          masters { 172.16.0.82; };
          file "slaves/.wan";
};

# rndc reload
server reload successful
# ls /var/named/slaves
.wan # zone file in master DNS has been just transfered

設(shè)置別名記錄，如果你想為你的主機設(shè)置另一個名稱，在zone文件定義CNAME記錄

# vim /var/named/server-Linux.info.wan