1> 安装bind
① 安装软件
apt-get install bind9 bind9utils dnsutils② 编辑主配置文件
# vi /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
114.114.114.114;
180.76.76.76;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
allow-query {any; };
allow-query-cache {any; };
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
};③ 配置区域数据信息
# vi /etc/bind/named.conf.default-zones
#正向解析
zone "google.cn" {
type master; //服务器类型:主服务器
file "/etc/bind/db.google.cn"; // 数据文件地址
};
#反向解析
zone "60.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.google.cn.ip";
};④ 配置解析数据
a. 正向解析数据
# vim /etc/bind/db.google.cn
$TTL 604800
@ IN SOA google.cn. root.google.cn. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.google.cn.
@ IN A 192.168.60.25
dns IN A 127.0.0.1b. 反向解析数据
$TTL 604800
@ IN SOA google.cn. root.google.cn. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS 127.0.0.1.
25 IN PTR www.google.cn⑤ 检查配置
named-checkconf
named-checkzone google.cn /etc/bind/db.google.cn
sudo service bind9 restart
dig @127.0.0.1 www.baidu.com A⑥ 关闭ipv6解析
vim /etc/default/named
OPTIONS="-u bind -4"systemctl restart named1 2
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
