dns主配置文件的格式
[root@centos7 named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@centos7 named]# cat /etc/named.conf.kk
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
// listen-on port 53 { 127.0.0.1; }; //如果不注釋掉掉表示只給本機(jī)提供域名解析服務(wù);只監(jiān)聽本地的127.0.0.1地址;也可改
成localhost表示本機(jī)所有IP listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; }; //表示只允許本地主機(jī)查詢;或者在{}里加上運(yùn)行解析的主機(jī)ip地址;或者注釋允許所有主
機(jī)訪問(wèn);只提供服務(wù)的ip地址
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic"; // #/var/named/dynamic表示名字解析數(shù)據(jù)庫(kù);用來(lái)提供名字解析而非跑
互聯(lián)網(wǎng)問(wèn)其他的DNS服務(wù)器
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones"; \\存放數(shù)據(jù)庫(kù)與域存放關(guān)系的文件;也可在此文件中更改
include "/etc/named.root.key";
存放數(shù)據(jù)庫(kù)與域存放關(guān)系的文件格式、
實(shí)例
[root@centos7 named]# cat /etc/name.rfc1912.back
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "chenxi.conm" { #以chenxi.com域?yàn)槔? type master; #相對(duì)晨曦域來(lái)說(shuō)這是他的第一個(gè)域
file "chenxi.zone";
allow-update {none;};
}
#zone(區(qū)域) "."(區(qū)域名字) IN (字段可省) {
# type(類型) hint; 如果類型的值是master表示第一個(gè)域
# file "named.ca"; 區(qū)域數(shù)據(jù)庫(kù)的名字;路徑不用寫默認(rèn)放在/var/named/目錄下;存放區(qū)域數(shù)據(jù)庫(kù)文件的名字
#;}
[root@centos7 named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "chenxi.com" {
type master; //hahah
file "chenxi.com.zone";
allow-update {none;};
};
名字解析數(shù)據(jù)庫(kù)格式
[root@centos7 named]# vim /var/named/chenxi.com.zone 表示名字解析數(shù)據(jù)庫(kù);用來(lái)提供名字解析而非跑互聯(lián)網(wǎng)問(wèn)其他的DNS服務(wù)器
$TTL 1D ;$TTL值表示生命期;只是全局設(shè)置;自己去其他DNS的域名解析的結(jié)果緩存的時(shí)間1D表示一天
@ IN SOA dns1.chenxi.com. rname.invalid. ( ;IN表示intnet的類型;可以繼承上一條記錄的;
下一條可以不寫@表示當(dāng)前區(qū)數(shù)據(jù)庫(kù)對(duì)應(yīng)的域;繼承上一條的;SOA表示資源記錄類型;區(qū)域數(shù)據(jù)庫(kù)必須且只能有一個(gè)soa記錄也必須位于與
區(qū)域數(shù)據(jù)庫(kù)的第一條記錄;@主DNS服務(wù)器的名字;省略表示繼承上一條的記錄;一般格式dns1.yuming.com.注意最后一個(gè)點(diǎn)一定要寫 ;最
后一行郵箱地址.用來(lái)表示@;因?yàn)锧在這里表示本域
0 ; serial版本號(hào);根據(jù)版本號(hào)來(lái)同步
1D ; refresh備用服務(wù)器;到主服務(wù)器的同步間隔時(shí)間;刷新時(shí)間一天
1H ; retry重試時(shí)間;表示當(dāng)備服務(wù)到主服務(wù)器同不是,發(fā)現(xiàn)網(wǎng)絡(luò)中斷;隔多久再來(lái)步
;這里是1小時(shí)
1W ; expire 過(guò)期時(shí)間;表示長(zhǎng)達(dá)指定的時(shí)間無(wú)法連接主服務(wù)器;表示主服務(wù)器失效從
服務(wù)器
3H ) ; minimum 否定答案的TTL值;表示當(dāng)主服務(wù)器這里無(wú)從服務(wù)器要要查的結(jié)果時(shí);主
服務(wù)告訴從服務(wù)器我查不到;指定的時(shí)間內(nèi)別再問(wèn)我了
NS dns1 ;NS記錄用來(lái)指定誰(shuí)提供DNS服務(wù);
NS dns2
dns1 A 192.168.206.128 ;表示該域的主域服務(wù)器對(duì)應(yīng)的服務(wù)器地址
dns2 A 192.168.206.128 ;表示dns2的主機(jī)IP
websrv A 1.1.1.1 ;websrvb表示本域別名;寫全的話websrv.chenxi.com
[root@centos7 named]# named-checkzone chenxi.com /var/named/chenxi.com.zone 該文件檢查語(yǔ)法的命令
zone chenxi.com/IN: loaded serial 0
OK
