使用bind搭建权威DNS服务器_过儿9973的博客-CSDN博客
使用bind搭建权威DNS服务器
过儿9973
于 2016-12-14 11:43:26 发布
2692
收藏
https://devops.profitbricks.com/tutorials/configure-authoritative-name-server-using-bind-on-centos-7/
Introduction BIND is the one of the most popular DNS servers used across the Internet. The server can act as an authoritative, recursive, and caching name server and it supports wide range of features.
This tutorial will describe deploying primary and secondary BIND servers as authoritative name servers. This is suitable for public or private name servers, however, internal private name servers will usually include recursive and caching elements for local DNS resolution.
It is highly recommend that primary and secondary name servers are deployed on separate networks and in separate physical locations. This allows the necessary redundancy should one name server become unavailable due to server, network, or data centers failures.
Requirements Two servers (primary and secondary) CentOS or Red Hat Enterprise Linux 7 BIND 9 Example domain: example.com Primary IP address: 192.0.2.1 Secondary IP address: 192.0.2.2 Prepare Servers Both network and host firewalls must allow incoming TCP and UDP traffic over port 53. Standard DNS requests occur over UDP port 53. However, if the response size is over 512 bytes, as the case may be with DNSSEC, the request will need to be sent over TCP port 53.
Zone transfers between the primary and secondary name servers will occur over TCP port 53.
firewall-cmd –permanent –zone=public –add-port=53/tcp firewall-cmd –permanent –zone=public –add-port=53/udp firewall-cmd –reload Install BIND BIND is available from the default CentOS software repository. The bind-utils is extremely useful for testing and troubleshooting DNS related issues.
yum -y install bind bind-utils Configure Primary Server The first step is to modify the named.conf file which usually preconfigured as a caching only name server.
nano /etc/named.conf In order for the name server to respond to external requests, the named process will need to be bound to a public IP address. The any value will bind to all IP addresses assigned to the server.
… listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; … The name server will need to respond to all incoming queries for authoritative zones, but should not allow zone transfer requests by default nor allow recursive queries.
Note: If these name servers on within a private network that will provide internal recursive DNS resolution along with authoritative DNS services, then recursion can be set to yes;. Otherwise, set to no;.
… allow-query { any; }; allow-transfer { none; }; recursion no; … Here is the full named.conf file example adjusted for authoritative name services.
options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory “/var/named”; dump-file “/var/named/data/cache_dump.db”; statistics-file “/var/named/data/named_stats.txt”; memstatistics-file “/var/named/data/named_mem_stats.txt”; allow-query { any; }; allow-transfer { none; }; recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging { channel default_debug { file “data/named.run”; severity dynamic; }; };
zone “.” IN { type hint; file “named.ca”; };
include “/etc/named.rfc1912.zones”; include “/etc/named.root.key”; The path to the zone files and the zone details must be added to the /etc/named.rfc1912.zones file.
nano /etc/named.rfc1912.zones The domain name section will be declared long with the path to the file containing the zone information, that this is the master zone, and the IP address of the secondary server.
zone “example.com” IN { type master; file “example.com”; allow-transfer { 192.0.2.2; }; }; Save and close the file.
Create Zone File The actual zone file can now be created.
nano /var/named/example.com The zone file will contain domain settings and any resource records. Here is an example of a domain with a variety of resource records.
$TTL 3H @ IN SOA @ hostmaster.example.com. ( 0 ; serial 3H ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns1.example.com. @ IN NS ns2.example.com. @ IN A 192.0.2.10 @ IN MX 10 host2.example.com. @ IN MX 20 host3.example.com. ns1 IN A 192.0.2.1 ns2 IN A 192.0.2.2 host1 IN A 192.0.2.10 host2 IN A 192.0.2.11 host3 IN A 192.0.2.12 www IN CNAME example.com. mail IN CNAME host2.example.com. gopher IN CNAME host3.example.com. example.com. IN TXT “v=spf1 ip4:203.0.113.42 include:_spf.google.com ~all” The @ within the zone file presents the domain name itself. In this particular case, @ is equivalent to example.com. with the trailing period. A trailing period (.) is used to identify the end of the domain name within the zone file.
Save the zone file and exit the editor. You should confirm there are no errors in the named.conf file before attempting to start the service.
named-checkconf The BIND named can now be enabled on boot and started.
systemctl enable named systemctl start named Configure Secondary Server Log into the secondary server and modify the /etc/named.conf file to match that of the primary server.
nano /etc/named.conf Refer to the Configure Primary Server section for the named.conf. Once the file has been updated, the zone needs to be added to /etc/named.rfc1912.zones on the secondary server.
zone “example.com” IN { type slave; file “slaves/example.com”; masters { 192.0.2.1; }; }; Save the zone file and exit the editor. You should confirm there are no errors in the named.conf file before attempting to start the service.
named-checkconf The secondary named process can now be enabled on boot and started.
systemctl enable named systemctl start named Test DNS Resolution The following dig command can be run from either name server should return the records for the domain on that server.
dig any example.com @localhost You should also confirm results can be retrieved from a remote host that is able to connect to the name servers. This will confirm connectivity and that proper firewall rules are in place.
dig any example.com @192.0.2.1 dig any example.com @192.0.2.2 Modify Zone File Zone files can be modified on the primary name servers. Once resource records have been added, modified, or removed, you must remember to increment the zone serial number. Here is the existing serial number of the example.com zone.
… @ IN SOA @ hostmaster.example.com. ( 0 ; serial 3H ; refresh … If the initial serial number begins at 0, then the next value will be 1.
… @ IN SOA @ hostmaster.example.com. ( 1 ; serial 3H ; refresh … Once the zone serial number has been incremented, the zone needs to be reloaded. This can be done without restarting the named process.
rndc reload example.com The reload will also initiate a zone transfer to the secondary server.
Reverse DNS Reverse DNS is the mapping of an IP address to a domain name rather than a domain name to an IP address. Some services, such as SMTP or Kerberos, may require proper reverse resolution.
In most cases regarding the public IP address space, reverse DNS will be handled by the service provider managing the IP subnets. It is suggested that you contact the support department of the service provider if you require adjustments to the reverse DNS.
There may be situations where the reverse DNS for a subnet has been delegated to your name servers. Or perhaps you wish to assign reverse DNS records to a private, internal network. In these situations, a special domain named in-addr.arpa is used with a reverse representation of the IP range.
The zone file for the 192.0.2.0/24 subnet would be 2.0.192.in-addr.arpa and would follow the same configuration process as a normal zone file on the primary and secondary name servers.
Once the zone has to been added to the primary and secondary named.rfc1912.zones files, the zone can be created.
nano /var/named/2.0.192.in-addr.arpa Here is an example of the PTR records in the 2.0.192.in-addr.arpa zone file.
$TTL 3H @ IN SOA @ hostmaster.example.com. ( 2 ; serial 3H ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns1.example.com. @ IN NS ns2.example.com. 1 IN PTR ns1.example.com. 2 IN PTR ns2.example.com. 10 IN PTR host1.example.com. 11 IN PTR host2.example.com. 12 IN PTR host3.example.com. Troubleshoot DNS Issues Syntax errors in the configuration files are easy to overlook. Therefore, it is always recommended to run named-checkconf before starting or restarting the named process.
named-checkconf When problems occur, the named log file is the first place to start looking. The log file on CentOS will be found here:
/var/named/data/named.run The bind-utils includes several utilities such as dig, nslookup, and host. These can be used to verify queries directly against the authoritative name servers. They will require the domain name, the authoritative server, and optionally a resource record as parameters.
dig mx example.com @192.0.2.1 A query against the authoritative name server will display the current zone and resource records regardless of caching or TTL.
One last tip for troubleshooting registered domains over the public Internet is to verify the domain registrar is aware of the authoritative name servers and that the domain name has not expired.
whois example.com If whois is not aware of the top level domain, as new TLDs are being frequently released, then you may need to perform the whois search from the central registry for domains under the desired TLD.
SHARE SUBSCRIBE
过儿9973
关注
关注
点赞
收藏
评论
使用bind搭建权威DNS服务器
Introduction BIND is the one of the most popular DNS servers used across the Internet. The server can act as an authoritative, recursive, and caching name server and it supports wide range of features
复制链接
扫一扫
DNS分类与区别-权威DNS、递归DNS、转发DNS
DNS_CSDN的博客
02-23
3470
权威各种DNS有什么区别?
比如帝恩思小编的电脑上配置的是DNS114.114.114.114,但是www.dns.com用的是帝恩思dns.com的DNS,这两种DNS有什么区别?
这里就做一些解释。
首先,DNS按功能(角色)的分类:
1.权威DNS:
权威DNS是经过上一级授权对域名进行解析的服务器,同时它可以把解析授权转授给其他人,如COM顶级服务器可以授权dns.com这个域名的的权威服务器为NS.ABC.COM,同时NS.ABC.COM还可以把授权转授给NS.DDD.COM,这样NS.
搭建DNS服务器
最新发布
weixin_43729284的博客
10-24
2450
搭建dns服务详细教程(感谢qianfeng)
参与评论
您还未登录,请先
登录
后发表或查看评论
使用BIND构建权威域名服务器
you_21939的博客
09-09
1372
一、安装
安装BIND到服务器:server1.example.com 192.168.5.20
操作系统:CentOS 7 1804
1.1BIND需安装的包有
描述
bind
包含基本的域名服务器软件和扩展文档
bind-libs
添加bind和bind-untils RPM使用文件库
bind-libs-lite
为客户端实用工具包含了BIND库的一个精简版本
...
使用bind搭建权威DNS、智能DNS
han156的博客
10-15
3434
DNS的解析过程:(以www.qq.com为例说明)
1、在浏览器中输入www.qq.com域名,操作系统会先检查自己本地的hosts文件是否有这个网址映射关系,如果有,就先调用这个IP地址映射,完成域名解析。
2、如果hosts里没有这个域名的映射,则查找本地DNS解析器缓存,是否有这个网址映射关系,如果有,直接返回,完成域名解析。
3、如果hosts与本地DNS解析器缓存都没有相应的网
如何在Ubuntu 14.04当中将Bind配置为仅权威DNS服务器
zstack_org的博客
01-17
1336
提供:ZStack云计算 系列教程本教程为DNS管理介绍系列七篇中的第五篇。内容介绍DNS,或者称为域名系统,往往成为学习网站与服务器配置中的一大难点。尽管很多人都会使用由托管厂商或者域名注册商提供的DNS服务器,但建立自己的DNS服务器亦能带来诸多不容忽视的助益。在本篇教程中,我们将探讨如何在Ubuntu 14.04当中安装Bind9 DNS服务器并将其配置为仅权威DNS服务器。作为示例,我们将立
使用bind实现DNS服务
weixin_44358770的博客
06-01
653
安装bind9
sudo apt install bind9
创建一个权威侧zone文件/etc/bind/example.com.zone
域文件 zone file由指令directives 和资源记录resource records组成。指令指定名称服务器执行任务或者在该区域中应用特殊设置;资源记录定义该区域的参数,并为每台主机分配身份识别。指令是可选的;资源记录是必须的,需要为区域提供名称服务。
$TTL 10M
@ IN SOA ns1.example.com a
bind---dns服务器
识途老码
09-01
1539
bind---dns服务器A记录CNAMEDNS工作模式正向解析模式反向解析模式主服务--根服务器主服务-CDN,分离解析技术从服务器缓存服务器向DNS服务器发起域名查询请求的流程TSIG加密**安装Bind服务程序**配置bind编辑bind主配置文件编辑区域配置文件新建正向解析文件新建反向解析文件编辑正向解析文件
A记录
将域名解析到一个IP地址上
CNAME
将域名解析到一个别名上
DNS工作模式
正向解析模式
将域名解析为IP地址
正常情况下,我们的99.99%都是正向解析
反向解
怎么样搭建一个权威DNS
songyuchaoshi的博客
10-18
1137
权威DNS相对于一般DNS服务器,不同之处在于,我们所指向的地址不再包括114.114.114.114。而是服务器本身。
所以在所有配置文件中删除指向:
[root@server1 ~]# vim /etc/named.conf
这个时候就要补充一点小知识点啦!!!
我们首先配置这两个重要文件:
...
Linux基于Bind9搭建dns服务器
it
10-22
1690
Bind9简介
Bind是Berkeley Internet Name Domain Service的简写,它是一款实现DNS服务器的开放源码软件。Bind已经成为世界上使用最为广泛的DNS服务器软件,目前Internet上半数以上的DNS服务器都是用Bind来架设的,已经成为DNS中事实上的标准。
bind历史
BIND4版本,BIND包最初是在 1980 年代初在加州大学伯克利分校作为研究生项目在美国国防高级研究项目管理局 (DARPA)的资助下编写的。BIND 到 4.8.3 的版本由加州大学伯克
最详细搭建bind服务器教程
m0_55024320的博客
10-13
1518
1、准备设备
客户端10.10.30.30
应用交付:10.10.30.31
根服务器(.)10.10.30.52
一级服务器(com.)10.10.30.53
二级服务器(baidu.com.)10.10.30.54
2、编辑一级服务器vi /etc/named.conf
注释这两行
bind 跟服务器修改,使用bind搭建高可用DNS服务器
weixin_27188815的博客
08-10
334
使用bind搭建高可用DNS服务器作者:陆文举2010-11-26主DNS:192.168.1.101备DNS:192.168.1.102OS版本:CentOS 5.4Bind版本:bind-9.6.2-P2.tar.gzBind下载地址:一、主DNS安装及配置安装bind#tar zxvf bind-9.6.2-P2.tar.gz#cd bind-9.6.2-P2#./configure --p...
构建企业级DNS系统(四)bind9配置标准权威区
张舵主的专栏
06-16
813
基于BIND9搭建DNS系统先从学习配置标准权威区开始。
一、配置named.conf
下面named.conf是实现最简单的权威主区test.com的举例,关于多视图智能权威解析以及主辅权威区等内容咱们后续再慢慢介绍,先从这个简单的例子了解权威区的含义和区(zone)文件的格式。
key "rndc-key" {
algorithm hmac-sha256;
secret "AXeCgzN/af9naYrVgtmdBkBEO2XYDl4k+rlq3dICfrY=";
};
运维之DNS服务器Bind9配置解析和基础示例及附带命令
WeiyiGeek 唯一极客IT知识分享
04-27
4173
0x03 Bind 配置解析
实例1.DNS主从区域传输介绍与配置
实例2.DNS区域传输限制
实例3.DNS部分二级域名解析
示例1.采用Bind建立一个A记录DNS服务器
示例2.采用Bind建立一个CNAME记录DNS服务器
示例3.采用Bind建立一个正向/反向解析DNS服务器
示例4.DNS递归迭代查询
1) 配置文件目录
2) 配置选项
3..
DNS and Bind详解
weixin_33816300的博客
04-12
154
DNS 域名系统(英文:Domain Name System,缩写:DNS)是因特网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网。DNS使用TCP和UDP端口53。是一个域名服务,应用层协议。原理篇DNS组成根域(.)顶级域(.com, .net, .org, .gov, .edu, .mil,.ac)...
DNS服务器之一:总揽与非权威DNS的搭建
ly2020_的博客
05-13
1065
1 DNS总揽
1.1 DNS是什么?
 域名系统(英文:Domain Name System,缩写:DNS)是互联网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网。DNS使用TCP和UDP端口53。当前,对于每一级域名长度的限制是63个字符,域名总长度则不能超过253个字符。
1.2 权威和非权威DNS
权威名称服务器:存储并提供某区域(整个DNS域或D...
DNS详解,权威DNS,递归DNS,转发DNS,公共DNS
热门推荐
Java,IOS,Nodejs, HTML5,全栈工程师
12-23
1万+
DNS基本概念
域名 如在浏览器地址栏输入的www.baidu.com,www.hao123.com等我们称之为域名,域名即网站名称。如果说互联网的本质是连接一切,域名则为“一切”提供了身份标识功能,而IP为“一切”提供了寻址功能。域名和IP的关系可类比每个人的姓名与住址。
根域、顶级域、二级域、子域 域名采用层次化的方式进行组织,每一个点代表一个层级。一个域名完整的格式为www
基于Linux(CentOS/Ubuntu)使用Bind9自建私有权威DNS
CongxCX的博客
04-29
2584
Bind9简介
企业内部经常需要搭建内部的DNS服务器,现在使用最为广泛的DNS服务器软件是BIND(Berkeley Internet Name Domain),最早有伯克利大学的一名学生编写,现在最新的版本是9,有ISC(Internet Systems Consortium)编写和维护。BIND支持先今绝大多数的操作系统(Linux,UNIX,Mac,Windows),BIND服务的名称称之...
dns服务器理论基础知识
小耗子的博客
08-23
4697
一、什么是DNS
DNS全称为Domain Name System,即域名系统,其作用就是将我们经常使用的“网址”解析为IP地址。
在互联网上通信需要借助于IP地址,但人类对于数字的记忆能力远不如文字,那么将IP地址转换成容易记忆的文字是个好办法,可是计算机只能识别0、1代码,这时就需要一种机制来解决IP地址与主机名的转换问题。
早期由于网络上的主机数量有限,主机
DNS反向解析、主从域名服务器与分离解析
weixin_53496421的博客
02-27
380
反向解析配置
安装bind软件包
yum -y install bind
编辑主配置文件
vim /etc/named.conf
options {
listen-on-v6 poet 53 { any; }; #监听53端口,IP地址使用提供服务的本地IP,也可用any代表所有
# listen-on-v6 port 53 { : :1; }; #ipv6注释掉或者删除
directory "/var/named
DNS服务器之二:权威服务器的搭建(正向、反向、双向解析、远程更新、辅助DNS)与动态域名解析
ly2020_的博客
05-14
1681
 上一篇博客中,我们已经详细介绍了DNS服务器,其中包括权威与非权威DNS服务器。现在,我们以维护westos.com域为例,进行权威服务器的搭建
1 权威服务器的正向解析
1.1 权威服务器的配置(A记录):
在服务器上/etc/named.conf
#forwarders { 114.114.114.114;}; 将接下来找的服务器的114.114.114.114删掉
第一步:...
DNS服务器列表
好大一只鸡的专栏
09-27
8736
Public DNS+
IPv4 地址
首选:119.29.29.29
AliDNS 阿里公共 DNS
IPv4 地址
首选:223.5.5.5
备用:223.6.6.6
114 DNS
常规公共 DNS (干净无劫持)
首选:114.114.114.114 、备选:114.114.115.115
拦截钓鱼病毒木马网站 (保护上网安全)
首选:114.114.114.119、备用:114.11...
“相关推荐”对你有帮助么?
非常没帮助
没帮助
一般
有帮助
非常有帮助
提交
©️2022 CSDN
皮肤主题:大白
设计师:CSDN官方博客
返回首页
过儿9973
CSDN认证博客专家
CSDN认证企业博客
码龄11年
暂无认证
231
原创
10万+
周排名
118万+
总排名
66万+
访问
等级
8293
积分
68
粉丝
80
获赞
46
评论
99
收藏
私信
关注
热门文章
vscode 搭建react-native 详解
29129
树莓派3-系统安装-Windows下利用Win32DiskImager进行系统安装
28249
go语言的urlencode编码使用方式
26018
vscode快捷键大全
24170
git 解决主库冲突conflict
16278
最新评论
关于 unable to load shared object 'C:\Program Files\R\R-3.0.3\library\stats\libs\i386\stats.dll'
-LisaZhou:
我也是想说这个博主为啥说的牛头不对马嘴的。。。。
opnet安装教程
white_lbw:
我在大佬的评论区瑟瑟发抖,希望能引起注意并回访我的博客哈哈
vscode 搭建react-native 详解
恩829:
哎,还是看不懂,也没说到底装啥插件
七牛qiniu c/c++ sdk 在windows系统环境下使用vs导入lib静态库的使用教程总结
Wang_Ye.:
我一直 卡在 400 或 401错误
R.net简介(原创翻译)
thanks_yu:
MUA
您愿意向朋友推荐“博客详情页”吗?
强烈不推荐
不推荐
一般般
推荐
强烈推荐
提交
最新文章
直播-005
海思芯片3518c v200板子-推流端-娃娃机集成指南
树莓派3-系统安装-Windows下利用Win32DiskImager进行系统安装
2018年4篇
2017年34篇
2016年69篇
2015年126篇
目录
目录
最新文章
直播-005
海思芯片3518c v200板子-推流端-娃娃机集成指南
树莓派3-系统安装-Windows下利用Win32DiskImager进行系统安装
2018年4篇
2017年34篇
2016年69篇
2015年126篇
目录
评论
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
查看更多评论
实付元
使用余额支付
点击重新获取
扫码支付
钱包余额
抵扣说明:
1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。 2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。
余额充值