安裝bind9
# sudo apt-get install bind9 bind9-host dnsutils bind9-doc
設定檔:
/etc/bind/named.conf.option
/etc/bind/named.conf
/etc/bind/named.conf.local
vi named.conf.opteam 注意結尾符號為分號,每一行敘述或一個括號後都要有。
這是可以讓當外部dns用時要設定的
query-source address * port 53;
forwarders {
168.95.1.1;
};
allow-query { any; };
allow-transfer { none; };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
如果只是要做private ip dns時可以設定以下
acl lan {
127.0.0.1;
172.16.0.1/24;
};//設定Access Control List
options {
directory "/var/cache/bind";
allow-query { lan;}; //只讓lan內部的人query
};
vi named.conf
Zone定義是dns伺服器管理的邏輯單位 ex.dns.tonyhack.com
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones"
//增加使用者domain正解區域(Zone)
zone "tonyhack.com" {
type master;
file "/etc/bind/db.tonyhack";
};
//增加使用者domain反解區域(Zone)
zone "242.126.59.in-addr.arpa" {
type master;
file "/etc/bind/db.tonyhack.rev";
};
複製一份空的檔案來做自已zone以下是我的範例
cp db.empty db.tonyhack
$TTL 604800 @ IN SOA tonyhack.com. dns.tonyhack.com. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS dns.tonyhack.com. @ IN NS www.tonyhack.com. dns.tonyhack.com. IN A 192.168.1.7 www.tonyhack.com. IN A 59.126.242.79 @ IN MX 10 ms1 @ IN MX 20 ms2 ms1 IN A 192.168.1.7 ms2 IN A 192.168.1.7 dns 10 IN A 192.168.1.7 www 10 IN A 192.168.1.7 web IN CNAME www
重啟bind9
/etc/init.d/bind9 restart
測試是否查詢的到,相關dns查詢指令nslookup、dig、whois
root@server:/etc/bind# host web.tonyhack.com 192.168.1.7 Using domain server: Name: 192.168.1.7 Address: 192.168.1.7#53 Aliases: web.tonyhack.com is an alias for www.tonyhack.com. www.tonyhack.com has address 192.168.1.7 www.tonyhack.com has address 59.126.242.79