Bind 配置非递归服务器

最新推荐文章于 2024-05-10 17:32:08 发布

josunna

最新推荐文章于 2024-05-10 17:32:08 发布

阅读量1.7k

点赞数

CC 4.0 BY-SA版权

文章标签： 360 file soa recursion 服务器 2010

本文链接：https://blog.youkuaiyun.com/josunna/article/details/6621101

本文详细介绍了如何安装并配置非递归式的Bind DNS服务器，包括安装过程、配置文件修改要点以及启动和运行的步骤，适用于提升服务器安全性和优化DNS查询效率。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

作为test.com的权威服务器
非递归服务器
将bind chroot在/usr/local/bind/chroot下

安装

wget http://www.bind.com/pub/bind9/9.7.2rc1/bind-9.7.2rc1.tar.gz
tar zxf bind-9.7.2rc1.tar.gz
cd bind-9.7.2rc1/
./configure --prefix=/usr/local/bind --enable-epoll --enable-threads
make && make install
#建立chroot相关文件
mkdir /usr/local/bind/chroot
cd /usr/local/bind/chroot
mkdir -p dev etc var/{run,log}
#建立dev文件
mknod dev/null c 1 3
mknod dev/random c 1 8
chmod 666 dev/{null,random}
#将localtime拷贝至etc目录下
cp /etc/localtime etc
#建立用户
useradd -M -s /sbin/nologin named

配置文件

#named.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "xxxxxxxxxxxxxxxxxxxxxxx";
};

controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };

acl "myserver" { 127.0.0.1; };

logging {
    channel default {
        file "/var/log/named.log" versions 2 size 10k;
        severity debug;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
};

options {
    directory "/";
    pid-file "/var/run/named.pid";
    notify yes;
    recursion no;
    zone-statistics yes;
    statistics-file "/var/log/dns-stats.log";
    allow-transfer { "myserver"; };
    allow-query { any; };
    listen-on-v6 { none; };
};

zone "." IN {
    type hint;
    file "/etc/named.root";
};

zone "localhost" IN {
    type master;
    file "/etc/localhost.zone";
    allow-update { none; };
};

zone "test.com" IN {
    type master;
    file "/etc/test.com.zone";
    allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "/etc/localhost-rev.zone";
    allow-update { none; };
};

zone "220.164.76.in-addr.arpa" IN {
    type master;
    file "/etc/test.com-rev.zone";
    allow-update { none; };
};
#named.root
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Jun 17, 2010
;       related version of root zone:   2010061700
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
; End of File
# localhost.zone
$TTL 86400
@   IN  SOA     localhost. root.localhost.  (
                2010091214      ; Serial
                3600            ; Refresh
                900             ; Retry
                3600000         ; Expire
                3600 )          ; Minimum

            IN      NS      localhost.
localhost.  IN      A       127.0.0.1
# localhost-rev.zone
$TTL 86400
@   IN  SOA     localhost. root.localhost.  (
                2010091214      ; Serial
                3600            ; Refresh
                900             ; Retry
                3600000         ; Expire
                3600 )          ; Minimum

            IN      NS      localhost.
1           IN      PTR     localhost.
# test.com.zone
$TTL 86400
@   IN  SOA     ns1.test.com. root.test.com.  (
                2010091220      ; Serial
                3600            ; Refresh
                900             ; Retry
                3600000         ; Expire
                3600 )          ; Minimum

            IN      NS      ns1.test.com.
            IN      NS      ns2.test.com.
ns1         IN      A       76.164.220.132
ns2         IN      A       76.164.220.132
@           IN      A       76.164.220.132
www         IN      A       76.164.220.132
cacti       IN      A       76.164.220.132
blog        IN      A       76.164.220.132
nagios      IN      A       76.164.220.132
awstats     IN      A       76.164.220.132
*           IN      A       76.164.220.132
# test.com-rev.zone
$TTL 86400
@   IN  SOA     ns1.test.com. root.test.com.  (
                2010091221      ; Serial
                3600            ; Refresh
                900             ; Retry
                3600000         ; Expire
                3600 )          ; Minimum

            IN      NS      ns1.test.com.
            IN      NS      ns2.test.com.
132         IN      PTR     test.com.
132         IN      PTR     ns2.test.com.
132         IN      PTR     ns1.test.com.
132         IN      PTR     www.test.com.
132         IN      PTR     blog.test.com.
132         IN      PTR     cacti.test.com.
132         IN      PTR     nagios.test.com.
132         IN      PTR     awstats.test.com.

运行

# 使用调试方式运行named
named -g -u named -c /etc/named.conf -t /usr/local/bind/chroot
# 查看message日志
# 注意事项
根据directory "/";调整配置文件中指定目录的位置.此处使用chroot方式,/etc/named.conf为实际目录/usr/local/bind/chroot/etc/named.conf