环境:centos 6.5
安装方式:yum
实现目标:正向解析(A)、反向解析(PTR)、智能解析
安装:
yum -y install bind-utils bind bind-devel bind-chroot bind-libs
编辑/etc/named.conf:
options { version "1.1.1"; #版本 listen-on port 53 {any;}; #默认端口 directory "/var/named/chroot/etc/"; #zone文件配置目录 pid-file "/var/named/chroot/var/run/named/named.pid"; #pid文件 allow-query { any; }; #允许访问的地址,可以是IP或IP段等
#blackhole {1.1.1.1; }; #拒绝哪些主机的查询请求 Dump-file "/var/named/chroot/var/log/binddump.db"; Statistics-file "/var/named/chroot/var/log/named_stats"; #DNS状态文件 zone-statistics yes; #与上面的参数关联 memstatistics-file "log/mem_stats"; #内存状态 empty-zones-enable no; #禁止空的zone文件 forwarders {202.106.196.115;8.8.8.8; }; #本地无解析时,转发的DNS地址 }; key "rndc-key" { #rndc认证 algorithm hmac-md5; secret "Eqw4hClGExUWeDkKBX/pBg=="; }; controls { inet 127.0.0.1 port 953 #rndc端口 allow { 127.0.0.1; } keys { "rndc-key"; }; }; logging { channel warning { file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m; #日志路径及log文件的数量和大小 severity warning; #日志级别 print-category yes; print-severity yes; print-time yes; }; channel general_dns { file "/var/named/chroot/var/log/dns_log" versions 10 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category default { warning; #默认日志级别 }; category queries { general_dns; #访问日志,调用上面的general_dns }; };
#智能DNS配置
#acl group1 {
# 10.3.255.100;
#};
#acl group2 {
# 10.3.255.101;
#};
include "/var/named/chroot/etc/view.conf";
配置/etc/rndc.key:
key "rndc-key" { algorithm hmac-md5; secret "Eqw4hClGExUWeDkKBX/pBg=="; };
配置/etc/rndc.conf:
key "rndc-key" { algorithm hmac-md5; secret "Eqw4hClGExUWeDkKBX/pBg=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; };
配置/var/named/chroot/etc/view.conf:
view "GROUP1" {
#match-clients {group1;}; #智能DNS的配置
zone "abc.com" { type master; #主DNS的配置 file "abc.com.zone"; #zone文件 allow-transfer { #允许哪些地址(slave)同步数据 192.168.0.11; }; notify yes; also-notify { 192.168.0.11; #数据变更时,通知的对象 }; };
#反向解析:
zone "168.192. in-addr.arpa" {
type master;
file "168.192.zone";
alow-transfer {
192.168.0.11;
};
nitify yes;
also-notify {
192.168.1.11;
};
};
};
#slave节点的配置:
#view "myDNS_slave" {
# zone "abc.com" {
# type slave;
# masters {192.168.0.10;};
# };
#反向解析
# zone "168.192. in-addr.arpa" {
# type slave;
# masters {192.168.0.10;};
# file "slave.168.192.zone";
# };
#};
#要注意slave节点的文件权限,master的zone文件有更新时,serial号要增加。
配置/var/named/chroot/etc/abc.com.zone:
\$ORIGIN . \$TTL 3600 ; 1 hour abc.com IN SOA op.abc.com. dns.abc.com. ( 2000 ; serial #slave检查master是否变更的标记。在有master/slave集群时,若zone文件变更,则要增大此数值 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.abc.com. \$ORIGIN abc.com. op A 1.2.3.4
a A 1.2.3.4
mx MX 5 1.2.2.1
cname CNAME a.abc.com. #域名以.结尾
配置反向代理文件/var/named/chroot/etc/168.192.zone:
$TTL 3600 ; 1 hour @ IN SOA op.abc.com. dns.abc.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.abc.com. 100.1 IN PTR a.abc.com. #将192.168.1.100解析为a.abc.com
更改配置文件的属主状态:
cd /var && chown -R named.named named/
启动服务,加入开机自启动:
/etc/init.d/named start
chkconfig named on
DNS硬件选型:
主要耗CPU和网卡流量
DNS压测:
下载并解压bind源码,进入crontrib/queryperf/目录,编译./configure && make,将出现的queryperf目录copy至/usr/bin/下,
编辑域名记录文件如下格式:
www.baidu.com A
www.baidu.com A
www.baidu.com A
压测命令:
queryperf -d test.txt -s 8.8.8.8
浙公网安备 33010602011771号