debian下bind9设置DNS服务
(2006-04-02 19:38:08)
DNS服务(Domain
Name
Service)应该是做所有服务的基础。分为:主域名服务、从域名服务及缓存域名服务。但才接触该服务配置时,就几行的配置,常常解析不出来,主要是对
DNS服务的理解不够透,加上不同版本在语法上要求不同,有时颇费时间,这里以主域名服务为例简要说明配置方法。
本文按照自己的理解,从对bind9简单分析,说明一种简单而有快速有效的配置方法,本测试在debian 3.1
stable下通过。
1.服务配置环境:
硬件:
dell D800,mem 256M,HD 40G
软件:
debian 3.1 stable
bind9
网络:
IP:192.168.167.111
域名:main.8280666.com
2.bind9的文件结构
debian:~# dpkg --contents
/var/cache/apt/archives/bind9_1%3a9.2.4-1_i386.deb
drwxr-xr-x root/root 0 2004-09-23
23:25:48 ./
drwxr-xr-x root/root 0 2004-09-23
23:25:44 ./etc/
drwxr-xr-x root/root 0 2004-09-23
23:25:41 ./etc/bind/
-rw-r--r-- root/root 237 2004-09-23
23:25:41 ./etc/bind/db.0
-rw-r--r-- root/root 237 2004-09-23
23:25:41 ./etc/bind/db.255
-rw-r--r-- root/root 353 2004-09-23
23:25:41 ./etc/bind/db.empty
-rw-r--r-- root/root 1317 2004-09-23
23:25:41
./etc/bind/zones.rfc1918
-rw-r--r-- root/root 271 2004-09-23
23:25:41 ./etc/bind/db.127
-rw-r--r-- root/root 256 2004-09-23
23:25:41 ./etc/bind/db.local
-rw-r--r-- root/root 1507 2004-09-23
23:25:41 ./etc/bind/db.root
-rw-r--r-- root/root 1611 2004-09-23
23:25:41
./etc/bind/named.conf
-rw-r--r-- root/root 165 2004-09-23
23:25:41
./etc/bind/named.conf.local
-rw-r--r-- root/root 672 2004-09-23
23:25:41
./etc/bind/named.conf.options
drwxr-xr-x root/root 0 2004-09-23
23:25:44 ./etc/init.d/
-rwxr-xr-x root/root 1272 2004-09-23
23:20:54 ./etc/init.d/bind9
drwxr-xr-x root/root 0 2004-09-23
23:25:45 ./usr/
drwxr-xr-x root/root 0 2004-09-23
23:25:46 ./usr/sbin/
-rwxr-xr-x root/root 277624 2004-09-23
23:25:46 ./usr/sbin/named
-rwxr-xr-x root/root 20120 2004-09-23
23:25:46 ./usr/sbin/rndc
-rwxr-xr-x root/root 11288 2004-09-23
23:25:46
./usr/sbin/rndc-confgen
-rwxr-xr-x root/root 17352 2004-09-23
23:25:46
./usr/sbin/dnssec-keygen
-rwxr-xr-x root/root 19104 2004-09-23
23:25:46
./usr/sbin/dnssec-makekeyset
-rwxr-xr-x root/root 20096 2004-09-23
23:25:46
./usr/sbin/dnssec-signkey
-rwxr-xr-x root/root 44260 2004-09-23
23:25:46
./usr/sbin/dnssec-signzone
-rwxr-xr-x root/root 6996 2004-09-23
23:25:46
./usr/sbin/named-checkconf
-rwxr-xr-x root/root 8220 2004-09-23
23:25:46
./usr/sbin/named-checkzone
drwxr-xr-x root/root 0 2004-09-23
23:25:43 ./usr/share/
drwxr-xr-x root/root 0 2004-09-23
23:25:45 ./usr/share/man/
drwxr-xr-x root/root 0 2004-09-23
23:25:46
./usr/share/man/man8/
-rw-r--r-- root/root 2626 2004-09-23
23:25:40
./usr/share/man/man8/named.conf.5.gz
-rw-r--r-- root/root 1893 2004-09-23
23:25:40
./usr/share/man/man8/rndc.8.gz
-rw-r--r-- root/root 2555 2004-09-23
23:25:41
./usr/share/man/man8/dnssec-keygen.8.gz
-rw-r--r-- root/root 2017 2004-09-23
23:25:41
./usr/share/man/man8/dnssec-makekeyset.8.gz
-rw-r--r-- root/root 1821 2004-09-23
23:25:41
./usr/share/man/man8/dnssec-signkey.8.gz
-rw-r--r-- root/root 2505 2004-09-23
23:25:41
./usr/share/man/man8/dnssec-signzone.8.gz
-rw-r--r-- root/root 1031 2004-09-23
23:25:41
./usr/share/man/man8/named-checkconf.8.gz
-rw-r--r-- root/root 2268 2004-09-23
23:25:40
./usr/share/man/man8/named.8.gz
-rw-r--r-- root/root 1149 2004-09-23
23:25:41
./usr/share/man/man8/named-checkzone.8.gz
-rw-r--r-- root/root 1917 2004-09-23
23:25:40
./usr/share/man/man8/rndc-confgen.8.gz
drwxr-xr-x root/root 0 2004-09-23
23:25:46
./usr/share/man/man5/
-rw-r--r-- root/root 2242 2004-09-23
23:25:40
./usr/share/man/man5/rndc.conf.5.gz
-rw-r--r-- root/root 2626 2004-08-23
07:35:44
./usr/share/man/man5/named.conf.5.gz
drwxr-xr-x root/root 0 2004-09-23
23:25:43 ./usr/share/doc/
drwxr-xr-x root/root 0 2004-09-23
23:25:46
./usr/share/doc/bind9/
-rw-r--r-- root/root 3003 2004-09-23
23:20:54
./usr/share/doc/bind9/README.Debian.gz
-rw-r--r-- root/root 5307 2004-09-23
23:20:54
./usr/share/doc/bind9/changelog.Debian.gz
-rw-r--r-- root/root 1003 2004-09-23
23:20:54
./usr/share/doc/bind9/copyright
-rw-r--r-- root/root 55886 2004-09-20
08:49:13
./usr/share/doc/bind9/changelog.gz
-rw-r--r-- root/root 6192 2004-08-17
08:28:40
./usr/share/doc/bind9/FAQ.gz
-rw-r--r-- root/root 4706 2004-08-20
13:58:59
./usr/share/doc/bind9/README.gz
drwxr-xr-x root/root 0 2004-09-23
23:25:34 ./var/
drwxr-xr-x root/root 0 2004-09-23
23:25:34 ./var/cache/
drwxr-xr-x root/root 0 2004-09-23
23:25:34 ./var/cache/bind/
drwxr-xr-x root/root 0 2004-09-23
23:25:34 ./var/run/
drwxr-xr-x root/root 0 2004-09-23
23:25:34 ./var/run/bind/
drwxr-xr-x root/root 0 2004-09-23
23:25:34 ./var/run/bind/run/
从上面可看出:
2.1.默认的配置文件在/etc/bind/目录下
通过对主配置文件named.conf进一步分析,将发现,其余文件几乎都是从named.conf分枝出来的,用于解析的文件都是以db开头,余下的为
named.conf的包含文件,就是说为了条理清楚,语句可以分类写在包含文件里,和写在named.conf里效果是一样的。如果需要,我们可以自己
定义包含文件。
2.2./usr/sbin/目录下放置命令文件,主要是调试工具
2.3./usr/share/{mam,doc}目录下为帮助说明文件
2.4./etc/init.d/bind9用于服务启动、关闭等
3.一个主域名服务器快速简单的配置方法:
3.1安装
apt-get install bind9 bind9-doc dnsutils
3.2编辑 /etc/resolv.conf
search main.8280666.com
nameserver 192.168.167.111
3.3在/etc/bind/named.conf.options文件中提供对域名正向解析和ip的反向解析的入口
options {
directory "/var/cache/bind";//这是默认值,用户存放配置文件的目录
// If there is a firewall between you and nameservers you
want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an
unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses
replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
};
zone "main.8280666.com" { //正向解析入口
type master;
file "db.main";//没有指明路径,是默认值,用户存放配置文件的目录在/var/cache/bind/下
};
zone "167.168.192.in-addr.arpa" { //反向解析入口
type master;
file "db.181";
};
3.4正向解析文件/var/cache/bind/db.main
cp /etc/bind/db.local /var/cache/bind/db.main
把localhost换成自己域名:
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA main.8280666.com. root.main.8280666.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS main.8280666.com.
@ IN MX 10 main.8280666.com.
@ IN A 192.168.167.111
www IN A 192.168.167.111
mail IN A 192.168.167.112
www1 CNAME main.8280666.com.
用这种方法可以解析出若干域名
3.5反向解析文件/var/cache/bind/db.181
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA main.8280666.com. root.main.8280666.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS main.8280666.com.
111.167.168.192.IN-ADDR.ARPA. IN PTR main.8280666.com.
112.167.168.192.IN-ADDR.ARPA. IN PTR mail.main.8280666.com.
3.6启动或装载bind9
3.6.1启动:
/etc/init.d/bind9 start
3.6.2如果已经启动,可快速重新装载:
/usr/sbin/rndc reload
/usr/sbin/rndc reconfig
3.7测试
3.7.1host 或dig (-x)测试
host main.8280666.com
host www.main.8280666.com
host mail.main.8280666.com
....
3.7.2nslookup
debian:~# nslookup
> 192.168.167.111
Server: 192.168.167.111
Address: 192.168.167.111#53
111.167.168.192.in-addr.arpa name = main.8280666.com.
> www
Server: 192.168.167.111
Address: 192.168.167.111#53
Name: www.main.8280666.com
Address:192.168.167.111
> www1
Server: 192.168.167.111
Address: 192.168.167.111#53
www1.main.8280666.com canonical name = main.8280666.com.
Name: main.8280666.com
Address:192.168.167.111
> mail.main.8280666.com
Server: 192.168.167.111
Address: 192.168.167.111#53
Name: mail.main.8280666.com
Address: 192.168.167.111
> set q=ma
unknown query type: ma
> set q=mx
> 192.168.167.111
Server: 192.168.167.111
Address: 192.168.167.111#53
181.167.168.192.in-addr.arpa name = main.8280666.com.
> main.8280666.com
Server: 192.168.167.111
Address: 192.168.167.111#53
main.8280666.com mail exchanger = 10 main.8280666.com.
>exit
以上网友发言只代表其个人观点,不代表新浪网的观点或立场。