要点速记:
TTL为0时:所有DNS 不会缓存  TTL非0时:被查DNS会缓存  (RR方式多记录也会被缓存) 查不到的域名也会缓存 一段时间查不到
# NS记录  后面不可写IP 只可是域名
yum install bind caching-nameserver chroot
可选安装bind-chroot...rpm
acl "corpnets" { 192.168.4.0/24; 192.168.7.0/24; };
泛解析方法: *    IN    A   73.23.12.44
allow-query { "corpnets"; };
match-clients { !192.168.0.120; !192.168.0.233; any; };
更新MASTER的ZONES时同时别忘更新SOA序列号

#name TTL
soft 3600  IN A 61.25.36.159
mail  IN MX 10 54.156.32.240
mail1  IN MX 20 54.156.32.241
mail2  IN MX 20 54.156.32.242
     # 数字小优先级高 相同有多个时RR

工具与命令:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#bind-chroot-admin
  -e | --enable:   enable the bind-chroot environment
  -d | --disable:  disable the bind-chroot environment
  -s | --sync:     sync files between the bind chroot and / environments,
                   so they are correct for the current state of the bind-chroot
                   (enabled / disabled)
rndc reconfig   #重载入named.conf and new zone files
rndc reload    
rndc reload example.com

#/etc/init.d/named {start|stop|status|restart|condrestart|reload|probe}
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

实验项目:
正向解析DNS 反向解析DNS 智能DNS 主从DNS caching-DNS
环境:3台RHEL5 处在同一网段 (可用VMware)
装包:bind bind-chroot caching-nameserver
主从DNS
master  ip:192.168.65.1
slave   ip:192.168.65.2
forward ip:192.168.65.3
client ip:192.168.65.101
 
*MASTER*
***********************************************************************
cd /var/named/chroot/etc/
cp -p named.caching-nameserver.conf named.conf

vim named.conf       # 修改为any
#---------------------------------------------------------
 listen-on port 53 { any; };
 allow-query     { any; };

view localhost_resolver {
        match-clients      { any; };
        match-destinations { any; };
#---------------------------------------------------------

#--追加如下至/etc/named.rfc1912.zones---------------------
zone "example.com" IN {
        type master;
        file "data/example.com.zone";   # 此文件/var/named/chroot/var/named建立
        allow-update { 192.168.65.2; };   # 允许从DNS的更新
};
zone "65.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.65.in-addr.zone";   # 反解文件位置
        allow-update { none; };
#---------------------------------------------------------

#---------------------------------------------------------
$TTL 86400   # 默认TTL
@ IN SOA         @      webmaster.example.com.  (
                                101; Serial Number
                                1H; Refresh Time
                                1M; Retry Time
                                1W; Expire Time
                                1D; Minimum Time to Live
);
@        IN NS ns1.example.com.
@        IN NS ns2.example.com.
@        IN NS ns3.example.com.
ns1     IN A 192.168.65.11
ns2     IN A 192.168.65.12
ns3     IN A 192.168.65.13

www   IN A 192.168.65.1
www   IN A 192.168.65.2
www   IN A 192.168.65.3
# 用户将会随机以 1,2,3 和  2,3,1 和 3,1,2的顺序得到解析结果。
# 大多数用户会使用返回的第一条纪录而忽略掉其余的纪录。
# 注意!! 不写TTL时
mail  IN A 192.168.65.6
mail1 IN A 192.168.65.7
mail2 IN A 192.168.65.8
@ IN MX 5 mail.example.com.
@ IN MX 8 mail1.example.com.
@ IN MX 10 mail2.example.com.
----------------------------------------------------------

#-----反解ZONE文件内容:192.168.65.addr--------------------
$TTL 86400
@ IN SOA ns.example.com. root (
                                1997022700      ; Serial
                                28800           ; Refresh
                                14400           ; Retry
                                3600000         ; Expire
                                86400 )         ; Minimum
        IN NS ns.example.com.
1       IN PTR ns.example.com.
3       IN PTR www.example.com.
#---------------------------------------------------------
***********************************************************************
 
*SLAVE*
***********************************************************************
# 修改为any
vim /etc/named.rfc1912.zones
-------------------------------------------------------
zone "example.com" IN {
        type slave;      # 声明类型为 从DNS
        masters { 192.168.65.1; };    # 主DNS的IP
        file "slaves/example.com.zone";    # 此文件从DNS会从主DNS更新后自动建立
        allow-update { none; };
};
zone "65.168.192.in-addr.arpa" IN {
        type slave;
 masters { 192.168.65.1; };
        file "slaves/192.168.65.in-addr.zone";        
        allow-update { none; };
};
-------------------------------------------------------
***********************************************************************

*FORWARD*CACHING*
******************************************************************************************
-----------------------------------------------
options {
allow-query { 192.168.0.0/24; };
forwarders { 192.168.22.250; };
forward only;
};
-----------------------------------------------

*******************************************************************************************
 
*智能DNS*
**********************************************************************************************************************************************
vim named.conf
-----------------------------------
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view tel {
match-clients { 192.168.0.120; };
match-destinations { any; };
recursion yes;
include "/etc/named.tel.zones";
};
view cnc {
match-clients { 192.168.0.233; };
match-destinations { any; };
recursion yes;
include "/etc/named.cnc.zones";
};
view other {
match-clients { !192.168.0.120; !192.168.0.233; any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
------------------------------------------------
cp -p named.rfc1912.zones named.cnc.zones
cp -p named.rfc1912.zones named.tel.zones
----------------------------------
# named.CNC.zones

zone "sina.com" IN {
type master;
file "sina.com_CNC.zone";
allow-update { none; };
};
----------------------------------
# named.TEL.zones

zone "sina.com" IN {
type master;
file "sina.com_TEL.zone";
allow-update { none; };
};
-------------------------------
# named.OTHER.zones

zone "sina.com" IN {
type master;
file "sina.com_OTHER.zone";
allow-update { none; };
};
-------------------------------
**********************************************************************************************************************************************
 

*CHECK*
***********************************************************************
# 检查配置文件是否有语法错误
named-checkconf /var/named/chroot/etc/named.rfc1912.zones
named-checkconf /var/named/chroot/etc/named.caching-nameserver.conf
# 检查uplooking.com这个区域的数据库文件有没有语法错误
named-checkzone example.com /var/named/chroot/var/named/example.com.zone
named-checkzone example.com /var/named/chroot/var/named/0.168.192.in-addr.zone
service named start
netstat -ntl |grep 53
tail -f /var/named/chroot/var/named/data/named.run  # DNS日志位置
启动服务并测试
service named start
客户端 vim /etc/resolv.conf
-----------------------------------------------
 nameserver 192.168.65.3
-----------------------------------------------
# DIG HOST NSLOOKUP  # 查询如果有问题请检查iptables和SElinux
***********************************************************************