读书人
栏目

BIND应用

发布时间: 2012-07-04 19:33:55 作者: rapoo

BIND使用

一.BIND 安装 ?

? ? ? ? ?./configure ?--prefix=/usr/local/bind

? ? ? ? ?make?

? ? ? ? ?make install

二.配置

?

? ? ? ? 目录:/usr/local/bind/etc/named.conf

?

?

?

acl allow_ip{192.168.1.154;

? ? ? ? ? ? ? 192.168.1.163;

?};

?acl intranet{192.168.1.154;};

?acl internet{!192.168.1.154;any;};

?key "rndc-key" {

? ? ? ? algorithm hmac-md5;

? ? ? ? secret "hQkOpTgg5NsKdpgmnMf/iw==";

};

key dns{

? ? ? ? algorithm hmac-md5;

? ? ? ? secret "XACxrlZ4yTm7jmN0jzf8RA=="; ? //dnssec-keygen 生成

};

?

?server 192.168.1.154{ ? ? ? ? ? //TSIG 加密

? ? ? ? keys{dns;};

?};

controls {

? ? ? ? inet 127.0.0.1 port 953

? ? ? ? ? ? ? ? allow { 127.0.0.1; } keys { "rndc-key"; };

?};

?options {?

? ? ? ? directory "/var/named";

? ? ? ? pid-file "named.pid";

// ? ? ?forward only;

// ? ? ?forwarders {

// ? ? ? ? 168.95.1.1;

// ? ? ? ? 139.175.10.20;

// ? ? ?};

?

?};

?

?view "lan"{

?match-clients {"intranet";};

?

?zone "."IN{

? ? ? ? type master;

? ? ? ? file "named.root";

?};

?zone "localhost" IN{

? ? ? ? type master;

? ? ? ? file "named.localhost";

?};

?zone "0.0.127.in-addr.arpa"IN{

? ? ? ? type master;

? ? ? ? file "named.127.0.0";

?};

?zone "company.com" IN {

? ? ? ? type master;

? ? ? ? file "named.company.com";

? ? ? ? allow-query{any;};

? ? ? ? //allow-update {none;};

? ? ? ? allow-transfer{key dns;};

};

?zone "1.168.192.in-addr.arpa" IN{

? ? ? ? type master;

? ? ? ? file "named.192.168.1";

? ? ? ? allow-update {none;};

? ? ? ? allow-transfer{key dns;};

?

};

};

?

?

?view "wan"{

?match-clients {"internet";};

?zone "."IN {

? ? ? ? type master;

? ? ? ? file "named.root";

?};

?zone "localhost"IN{

? ? ? ? type master;

? ? ? ? file "named.localhost";

?};

?zone "company.com" IN {

? ? ? ? type master;

? ? ? ? file "named.company.com.inter";

? ? ? ? //allow-query{allow_ip;};

? ? ? ? //allow-update {none;};

? ? ? ? //allow-transfer{192.168.1.154;};

};

};

?

?

slave 配置

? ? ? 目录:/usr/local/bind/etc/named.conf

?

?

?

acl allow_ip{

? ? 192.168.1.163;

? ? 192.168.1.154;

};

?key "rndc-key" {

? ? ? ? algorithm hmac-md5;

? ? ? ? secret "hQkOpTgg5NsKdpgmnMf/iw==";

};

key dns{

? ? ? ? algorithm hmac-md5;

? ? ? ? secret "XACxrlZ4yTm7jmN0jzf8RA==";

};

server 192.168.1.163{

? ? ? ? keys{dns;};

};

controls {

? ? ? ? inet 127.0.0.1 port 953

? ? ? ? ? ? ? ? allow { 127.0.0.1; } keys { "rndc-key"; };

?};

?options {?

? ? ? ? directory "/var/named";

? ? ? ? pid-file "named.pid";

// ? ? ?forward only;

// ? ? ?forwarders {

// ? ? ? ? 168.95.1.1;

// ? ? ? ? 139.175.10.20;

// ? ? ?};

?

?};

?zone "." IN{

? ? ? ? type hint;

? ? ? ? file "named.root";

? ? ? ?};

?zone "localhost" IN{

?

? ? ? ? type master;

? ? ? ? file "named.localhost";

? ? ? ? allow-update {none;};

?};

?zone "0.0.127.in-addr.arpa" IN{

? ? ? ? type master;

? ? ? ? file "named.127.0.0";

? ? ? ? allow-update {none;};

?};

?

?zone "company.com" IN {

? ? ? ? type slave;

? ? ? ? file "named.company.com";

? ? ? ? masters{192.168.1.163;};

};

?zone "1.168.192.in-addr.arpa" IN{

? ? ? ? type slave;

? ? ? ? file "named.192.168.1";

? ? ? ? masters{192.168.1.163;};

};

?

?

正反解设定

?

?

? ? ? ? name.root (工具生成)?

? ? ? ? named.localhost

? ? ? ? named.127.0.0

? ? ? ? named.company.com(正解)

? ? ? ? ? ? ? ? ? ? 目录:/var/named/

? ? ? ? ? ? ? ? ? ? 内容:$TTL ?600

? ? ? ? ? ? ? ? ? ? ? ? ? ? ?@ ?IN ?SOA ?dns.company.com. root(2012031901 28800 14400 720000 86400)

? ? ? ? ? ? ? ? ? ? ? ? ? ? ?@ ? IN ?NS dns.company.com.

? ? ? ? ? ? ? ? ? ? ? ? ? ? ?dns ?IN ?A ? 192.168.1.154

? ? ? ? ? ? ? ? ? ? ? ? ? ? ?www ?IN ?CNAME ?dns

? ? ? ? ? ? ? ? ? ? ? ? ? ? ?ftp ? ? ?IN ? CNAME ?dns

?

? ? ? ? named.192.168.1反解)

? ? ? ? ? ? ? ? ? ? ? 目录:/var/named/

? ? ? ? ? ? ? ? ? ? ? 内容: $TTL ?600

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? @ IN ? SOA ?dns.company.com. root (2012031901 28800 14400 720000 86400)

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? @ ?IN ? NS ? dns.company.com.

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?1 ? ?IN ?PTR ? dns.company.com.

?

?

?

?

开启 master ? named ?& ?后台运行 ? ? tail --20 ? /var/log/messages 观察

?

? ?Mar 19 13:42:32 localhost named[4469]: managed-keys-zone/wan: loaded serial 0

Mar 19 13:42:32 localhost named[4469]: zone ./IN/lan: has 0 SOA records

Mar 19 13:42:32 localhost named[4469]: zone ./IN/lan: not loaded due to errors.

Mar 19 13:42:32 localhost named[4469]: zone 0.0.127.in-addr.arpa/IN/lan: loaded serial 2012031302

Mar 19 13:42:32 localhost named[4469]: zone 1.168.192.in-addr.arpa/IN/lan: loaded serial 2012031304

Mar 19 13:42:32 localhost named[4469]: zone company.com/IN/lan: loaded serial 2012031303

Mar 19 13:42:32 localhost named[4469]: zone ./IN/wan: has 0 SOA records

Mar 19 13:42:32 localhost named[4469]: zone ./IN/wan: not loaded due to errors.

Mar 19 13:42:32 localhost named[4469]: zone localhost/IN/lan: loaded serial 2012031301

Mar 19 13:42:32 localhost named[4469]: zone localhost/IN/wan: loaded serial 2012031301

Mar 19 13:42:32 localhost named[4469]: zone company.com/IN/wan: loaded serial 2012031901

Mar 19 13:42:32 localhost named[4469]: all zones loaded

Mar 19 13:42:32 localhost named[4469]: running

Mar 19 13:42:32 localhost named[4469]: zone company.com/IN/lan: sending notifies (serial 2012031303)

Mar 19 13:42:32 localhost named[4469]: zone 1.168.192.in-addr.arpa/IN/lan: sending notifies (serial 2012031304)

Mar 19 13:42:32 localhost named[4469]: zone company.com/IN/wan: sending notifies (serial 2012031901)

Mar 19 13:44:05 localhost named[4469]: client 192.168.1.154#39095/key dns (1.168.192.in-addr.arpa): view lan: transfer of '1.168.192.in-addr.arpa/IN': AXFR started: TSIG dns

Mar 19 13:44:05 localhost named[4469]: client 192.168.1.154#39095/key dns (1.168.192.in-addr.arpa): view lan: transfer of '1.168.192.in-addr.arpa/IN': AXFR ended

Mar 19 13:44:05 localhost named[4469]: client 192.168.1.154#50110/key dns (company.com): view lan: transfer of 'company.com/IN': AXFR started: TSIG dns

Mar 19 13:44:05 localhost named[4469]: client 192.168.1.154#50110/key dns (company.com): view lan: transfer of 'company.com/IN': AXFR ended

?

开启 slave ? named & ??

?

? ??19-Mar-2012 13:42:52.103 command channel listening on 127.0.0.1#953

19-Mar-2012 13:42:52.103 ignoring config file logging statement due to -g option

19-Mar-2012 13:42:52.103 managed-keys-zone: loaded serial 0

19-Mar-2012 13:42:52.104 zone 0.0.127.in-addr.arpa/IN: loaded serial 2012031302

19-Mar-2012 13:42:52.106 zone localhost/IN: loaded serial 2012031301

19-Mar-2012 13:42:52.106 all zones loaded

19-Mar-2012 13:42:52.106 running

19-Mar-2012 13:42:52.124 zone 1.168.192.in-addr.arpa/IN: Transfer started.

19-Mar-2012 13:42:52.125 transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.163#53: connected using 192.168.1.154#39095

19-Mar-2012 13:42:52.138 zone 1.168.192.in-addr.arpa/IN: transferred serial 2012031304: TSIG 'dns'

19-Mar-2012 13:42:52.139 transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.163#53: Transfer completed: 1 messages, 6 records, 283 bytes, 0.013 secs (21769 bytes/sec)

19-Mar-2012 13:42:52.139 zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2012031304)

19-Mar-2012 13:42:52.609 zone company.com/IN: Transfer started.

19-Mar-2012 13:42:52.617 transfer of 'company.com/IN' from 192.168.1.163#53: connected using 192.168.1.154#50110

19-Mar-2012 13:42:52.619 zone company.com/IN: transferred serial 2012031303: TSIG 'dns'

19-Mar-2012 13:42:52.620 transfer of 'company.com/IN' from 192.168.1.163#53: Transfer completed: 1 messages, 10 records, 344 bytes, 0.002 secs (172000 bytes/sec)

19-Mar-2012 13:42:52.620 zone company.com/IN: sending notifies (serial 2012031303)

?

?

?

读书人网 >开源软件

热点推荐

触屏版 | 电脑版

读书人网 m.reader8.net