系统管理

CentOS 安装 Bind

配置成功前提,需要到你域名注册商注册合法的dns,如笔者的ns1.123admin.com和ns2.123admin.com,然后去http://www.internic.net/whois.html查询是否注册成功

系统约定:

域名:123admin.com

要配置的DNS为:

主DNS:ns1.123admin.com,对应ip为:12.34.56.78

从DNS:ns2.123admin.com,对用ip为:12.34.56.90

网站服务器IP为:12.34.56.80

安装bind相关软件

# yum -y install bind bind-utils bind-chroot

配置named.conf

# vim /etc/named.conf

修改如下:

options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

这里主要解释下recursion no;这一句的作用,设置为no代表禁止递归,将dns服务器只能用于解析自己配置的域名,如果为默认的yes,那么这个dns可以用做公用的dns,比如google的8.8.8.8

配置named.rfc1912.zones

# vim /etc/named.rfc1912.zones

增加如下正向解析和反向解析zone:

zone "123admin.com" IN {
type master;
file "named.123admin.com";
allow-update { none; };
};

zone "56.34.12.in-addr.arpa" IN {
type master;
file "named.56.34.12";
allow-update { none; };
};

这里要说明一下,公网IP的反向解析不是自己的配置的,要向你的IP提供商申请,我这里配置反向解析的作用只是事例,我们一般配置反向解析的都是内网IP,务必注意

配置正向解析

# vim /var/named/named.123admin.com

添加如下内容:

$TTL 1D
@ IN SOA ns1.123admin.com. admin.123admin.com. (
2013123100 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.123admin.com.
NS ns2.123admin.com.
A 12.34.56.80
MX 5 mxbiz1.qq.com.
MX 10 mxbiz2.qq.com.
TXT "v=spf1 include:spf.mail.qq.com ~all"
mail CNAME exmail.qq.com.
ns1 A 12.34.56.78
ns2 A 12.34.56.90
www A 12.34.56.80

具体参数我就不解释了,具体查看官方解释,范例中提供了腾讯企业QQ邮箱的MX记录、spf记录以及mail.123admin.com的别名,方便大家参考

配置反向解析

vim /var/named/named.56.34.12

添加如下内容:

$TTL 1D
@ IN SOA ns1.123admin.com. admin.123admin.com. (
2014010830 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.123admin.com.
78 PTR ns1.123admin.com.

防火墙打开tcp与udp 53端口

# vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

重启防火墙,使规则生效

配置bind开机启动

# chkconfig named on

检查配置文件

# named-checkconf

启动named

# service named start

如果启动失败,请查看/var/log/messages

DNS主从配置

更改主dns服务器配置
# vim /etc/named.rfc1912.zones

在zone “123admin.com”和”56.34.21.in-addr.arpa”下修改如下:

zone "123admin.com" IN {
type master;
file "named.123admin.com";
notify yes;
also-notify { 12.34.56.90; };
allow-update { none; };
allow-transfer { 12.34.56.90; };
};

zone "56.34.12.in-addr.arpa" IN {
type master;
file "named.56.34.12";
notify yes;
also-notify { 12.34.56.90; };
allow-update { none; };
allow-transfer { 12.34.56.90; };
};
从dns服务器配置

从服务器和主服务器named.conf配置一样,只需要修改named.rfc1912.zones中zone的type类型即可,如下:

zone "123admin.com" IN {
type slave;
file "named.123admin.com";
masters { 12.34.56.78; };
allow-update { none; };
};

zone "56.34.12.in-addr.arpa" IN {
type slave;
file "named.56.34.12";
masters { 12.34.56.78; };
allow-update { none; };
};

配置从dns开机启动

# chkconfig named on

检查从dns配置文件

# named-checkconf

启动从dns

# service named start