在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

更新时间：2023-03-19 19:12:01 阅读量：人文社科文档下载

说明：文章内容仅供预览，部分内容可能不全。下载后的文档，内容与下面显示的完全一致。下载之前请确认下面内容是否您想要的，是否完整无缺。

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

因为单位的 DNS 服务器放在网通，近来网通那边路由有问题，需要配置一台电信的服务器做DNS服务器，因此就在网上搜罗了一些资料，虽然不太完整，但是自己边测边配，弄出来啦，整理出来给大家分享，应该是目前比较完整的Bind教程了：

下载稳定版的bind服务器：

卸载原来系统自带的bind服务 # rpm -qa|grep bind # rpm -e --nodeps bind

编译安装BIND

# tar zxvf bind-9.2.6.tar.gz # cd bind-9.2.6

# ./configure -sysconfdir=/etc/bind # make # make install

修改配置文件 # mkdir /etc/bind # mkdir /var/bind

# vi /etc/bind/named.conf 在named.conf 加入以下内容： options {

directory "/var/bind"; };

zone "." { type hint; file "named.ca"; };

查询根DNS服务器 # dig -t NS .

; <<>> DiG 9.2.6 <<>> -t NS . ;; global options: printcmd ;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39532

;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

;; QUESTION SECTION: ;. IN NS

;; ANSWER SECTION:

. 490301 IN NS . . 490301 IN NS . . 490301 IN NS . . 490301 IN NS . . 490301 IN NS . . 490301 IN NS . . 490301 IN NS . . 490301 IN NS . . 490301 IN NS . . 490301 IN NS . . 490301 IN NS . . 490301 IN NS . . 490301 IN NS .

;; ADDITIONAL SECTION:

. 576701 IN A 198.41.0.4 . 576701 IN A 192.228.79.201 . 576701 IN A 192.33.4.12 . 576701 IN A 128.8.10.90 . 576701 IN A 192.203.230.10 . 576701 IN A 192.5.5.241 . 576701 IN A 192.112.36.4 . 576701 IN A 128.63.2.53 . 576701 IN A 192.36.148.17 . 576701 IN A 192.58.128.30 . 576701 IN A 193.0.14.129 . 576701 IN A 198.32.64.12 . 576701 IN A 202.12.27.33

;; Query time: 1 msec

;; SERVER: 127.0.0.1# 53(127.0.0.1) ;; WHEN: Tue Oct 10 23:34:53 2006 ;; MSG SIZE rcvd: 436

将跟记录加入到/etc/resolv.conf文件中

# echo "nameserver 192.58.128.30" >/etc/resolv.conf

将跟服务器的信息导入到/var/bind/named.ca文件中

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

# dig -t NS . >/var/bind/named.ca # cat /var/bind/named.ca

; <<>> DiG 9.2.6 <<>> -t NS . ;; global options: printcmd ;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15141

;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION: ;. IN NS

;; ANSWER SECTION:

. 518400 IN NS . . 518400 IN NS . . 518400 IN NS . . 518400 IN NS . . 518400 IN NS . . 518400 IN NS . . 518400 IN NS . . 518400 IN NS . . 518400 IN NS . . 518400 IN NS . . 518400 IN NS . . 518400 IN NS . . 518400 IN NS .

;; ADDITIONAL SECTION:

. 3600000 IN A 198.41.0.4 . 3600000 IN A 128.63.2.53 . 3600000 IN A 192.33.4.12 . 3600000 IN A 192.112.36.4 . 3600000 IN A 192.5.5.241 . 3600000 IN A 192.228.79.201 . 3600000 IN A 192.58.128.30 . 3600000 IN A 193.0.14.129 . 3600000 IN A 198.32.64.12 . 3600000 IN A 202.12.27.33 . 3600000 IN A 192.36.148.17 . 3600000 IN A 192.203.230.10 . 3600000 IN A 128.8.10.90

;; Query time: 107 msec

;; SERVER: 192.58.128.30# 53(192.58.128.30)

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

;; WHEN: Tue Oct 10 10:16:47 2006 ;; MSG SIZE rcvd: 436

配置rndc

# rndc-confgen >/etc/bind/rndc.conf # cat -n /etc/bind/rndc.conf

1 # Start of rndc.conf 2 key "rndc-key" { 3 algorithm hmac-md5;

4 secret "6wVd+yM4v80YJuIdp0o+vg=="; 5 }; 6

7 options {

8 default-key "rndc-key"; 9 default-server 127.0.0.1; 10 default-port 953; 11 };

12 # End of rndc.conf 13

14 # Use with the following in named.conf, adjusting the allow list as needed: 15 # key "rndc-key" { 16 # algorithm hmac-md5;

17 # secret "6wVd+yM4v80YJuIdp0o+vg=="; 18 # }; 19 #

20 # controls {

21 # inet 127.0.0.1 port 953

22 # allow { 127.0.0.1; } keys { "rndc-key"; }; 23 # };

24 # End of named.conf

将rndc中的部分记录导入到/etc/bind/named.conf文件中，并修改/etc/bind/named.conf，将导入的配置前面的注释去掉。

# tail +13 /etc/bind/rndc.conf>>/etc/bind/named.conf # cat /etc/bind/named.conf

options {

directory "/var/bind"; };

zone "." { type hint; file "named.ca";

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

};

key "rndc-key" { algorithm hmac-md5;

secret "6wVd+yM4v80YJuIdp0o+vg=="; };

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; }; };

检查并重新启动named服务，查看日志文件并检查rndc访问状态 # ps -axu|grep named # killall named # ps -axu|grep named # named

# ps -axu|grep named # tail /var/log/messages # rndc status number of zones: 2 debug level: 0 xfers running: 0 xfers deferred: 0

soa queries in progress: 0 query logging is OFF server is up and running

修改/etc/resolv.conf，并使用host命令测试

# echo "nameserver 127.0.0.1" >/etc/resolv.conf # host www.blueberry.tw

www.blueberry.tw has address 222.73.5.135

配置localhost的正向区域

修改/etc/bind/named.conf，插入如下内容 zone "localhost" { type master; file "db.local"; };

配置 /var/bind/db.local

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

$TTL 900

@ IN SOA localhost. root ( 2006021401 ;serial number 1H ;refresh 15M ;retry 1W ;expire 1D ) ;TTL IN NS @ IN A 127.0.0.1

记得要在IN前面加空格，否则会出现 zone localhost/IN: has no NS records 的错误，我也是搞了老半天才搞明白的。测试

# rndc reload # host localhost

localhost has address 127.0.0.1

配置127.0.0的反向区域

1、修改/etc/bind/named.conf，添加如下内容 zone "0.0.127.in-addr.arpa" { type master; file "127.0.0.zone"; };

2、创建/var/bind/127.0.0.zone，添加如下内容 $TTL 900

@ IN SOA @ root.localhost. ( 20060214 1H 15M 1W 1D )

IN NS localhost. 1 IN PTR localhost.

3、重新启动rndc访问，并测试 # rndc reload # host 127.0.0.1

1.0.0.127.in-addr.arpa domain name pointer localhost.

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

配置区域

1、配置/etc/bind/named.conf文件，加入如下内容 zone "" { type master; file ""; };

2、配置/var/bind/ $TTL 900

@ IN SOA . root ( 2006021401 ;serial number 1H ;refresh 15M ;retry 1W ;expire 1D ) ;TTL IN NS @ IN MX 10 mail

IN A 59.42.10.53 ns IN A 59.42.10.53 www IN A 59.42.10.53

ftp IN A 59.42.10.54

mail IN A 59.42.10.55 smtp IN A 59.42.10.55 pop IN A 59.42.10.55

news IN CNAME www

3、重新启动rndc服务进行测试 # rndc reload

# host -t A

has address 59.42.10.53

# host -t A

has address 59.42.10.54

# host -t A

has address 59.42.10.55

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

# host -t NS

name server .

增加的反向区域

1、修改/etc/bind/named.conf，添加如下内容 zone "10.42.59.in-addr.arpa" { type master;

file "59.42.10.zone"; };

2、创建/var/bind/59.42.10.zone，添加如下内容 $TTL 900

@ IN SOA . ( 2006022301 1H 15M 1W 1D )

IN NS .

53 IN PTR . 54 IN PTR . 55 IN PTR .

3、重新启动rndc访问，并测试 # rndc reload # host 59.42.10.53

53.10.42.59.in-addr.arpa domain name pointer . # host 59.42.10.53

54.10.42.59.in-addr.arpa domain name pointer . # host 59.42.10.53

55.10.42.59.in-addr.arpa domain name pointer .

至此，Bind 配置完毕

在Linux下让Bind支持智能DNS

近期有部分网通用户说没法连接服务器进行软件注册，公司便要求将闲置在网通的服务器用起来，初定的方案是用两个域名轮播，我一向是不赞同这种方案的，这样还不如来个智能DNS，让电信的用户访问电信服务器，让网通的用户访问网通服务器，这样更爽呢。

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

下面是配置过程，前提是你的Bind必须已经正常工作，如果你还不会bind，不要紧，先看下面这篇文章：

编辑bind配置文件 named.conf #vi /etc/bind/named.conf 在 options {

directory "/var/bind"; }; 后添加： acl "CNC" { 58.16.0.0/16; 58.17.0.0/17; 58.17.128.0/17; 58.18.0.0/16; 58.19.0.0/16; 58.20.0.0/16; 58.21.0.0/16; 58.22.0.0/15; 58.240.0.0/15; 58.242.0.0/15; 58.244.0.0/15; 58.246.0.0/15; 58.248.0.0/13; 60.0.0.0/13; 60.8.0.0/15; 60.10.0.0/16; 60.11.0.0/16; 60.12.0.0/16; 60.13.0.0/18; 60.13.128.0/17; 60.14.0.0/15; 60.16.0.0/13; 60.24.0.0/14; 60.30.0.0/16; 60.31.0.0/16; 60.208.0.0/13; 60.216.0.0/15; 60.218.0.0/15; 60.220.0.0/14;

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

61.48.0.0/13; 61.133.0.0/17; 61.134.96.0/19; 61.134.128.0/17; 61.135.0.0/16; 61.137.128.0/17; 61.138.0.0/17; 61.138.128.0/18; 61.139.128.0/18; 61.148.0.0/15; 61.156.0.0/16; 61.159.0.0/18; 61.161.0.0/18; 61.161.128.0/17; 61.162.0.0/16; 61.163.0.0/16; 61.167.0.0/16; 61.168.0.0/16; 61.176.0.0/16; 61.179.0.0/16; 61.181.0.0/16; 61.182.0.0/16; 61.189.0.0/17; 125.32.0.0/16; 125.40.0.0/13; 202.96.0.0/18; 202.96.64.0/21; 202.96.72.0/21; 202.97.128.0/18; 202.97.224.0/21; 202.97.240.0/20; 202.98.0.0/21; 202.98.8.0/21; 202.99.64.0/19; 202.99.96.0/21; 202.99.128.0/19; 202.99.160.0/21; 202.99.168.0/21; 202.99.176.0/20; 202.99.208.0/20; 202.99.224.0/21; 202.99.232.0/21; 202.99.240.0/20; 202.102.128.0/21;

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

202.102.224.0/21; 202.102.232.0/21; 202.106.0.0/16; 202.107.0.0/17; 202.108.0.0/16; 202.110.0.0/17; 202.111.128.0/18; 203.93.8.0/24; 203.93.192.0/18; 210.13.128.0/17; 210.14.160.0/19; 210.14.192.0/19; 210.15.32.0/19; 210.15.96.0/19; 210.15.128.0/18; 210.21.0.0/16; 210.52.128.0/17; 210.53.0.0/17; 210.53.128.0/17; 210.74.96.0/19; 210.74.128.0/19; 210.82.0.0/15; 218.8.0.0/14; 218.12.0.0/16; 218.21.128.0/17; 218.24.0.0/14; 218.56.0.0/14; 218.60.0.0/15; 218.67.128.0/17; 218.68.0.0/15; 218.104.0.0/14; 219.154.0.0/15; 219.156.0.0/15; 219.158.0.0/17; 219.158.128.0/17; 219.159.0.0/18; 220.252.0.0/16; 221.0.0.0/15; 221.2.0.0/16; 221.3.0.0/17; 221.3.128.0/17; 221.4.0.0/16; 221.5.0.0/17; 221.5.128.0/17;

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

221.6.0.0/16; 221.7.0.0/19; 221.7.32.0/19; 221.7.64.0/19; 221.7.96.0/19; 221.8.0.0/15; 221.10.0.0/16; 221.11.0.0/17; 221.11.128.0/18; 221.11.192.0/19; 221.12.0.0/17; 221.12.128.0/18; 221.13.0.0/18; 221.13.64.0/19; 221.13.96.0/19; 221.13.128.0/17; 221.14.0.0/15; 221.192.0.0/15; 221.194.0.0/16; 221.195.0.0/16; 221.196.0.0/15; 221.198.0.0/16; 221.199.0.0/19; 221.199.32.0/20; 221.199.128.0/18; 221.199.192.0/20; 221.200.0.0/14; 221.204.0.0/15; 221.206.0.0/16; 221.207.0.0/18; 221.207.64.0/18; 221.207.128.0/17; 221.208.0.0/14; 221.212.0.0/16; 221.213.0.0/16; 221.216.0.0/13; 222.128.0.0/14; 222.132.0.0/14; 222.136.0.0/13; 222.160.0.0/15; 222.162.0.0/16; 222.163.0.0/19; 222.163.32.0/19; 222.163.64.0/18;

在RedHat Linux 9.0下配置DNS服务器Bind 9.2.6

222.163.128.0/17; };

修改原来的dns配置，让电信和网通访问不同的配置文件 view "view_cnc" {

match-clients { CNC;};

zone "." {

type hint;

file "named.ca"; };

zone "localhost" {

type master;

file "db.local"; };

zone "0.0.127.in-addr.arpa" {

type master;