服务器安装"/>
centos bind dns服务器安装
bind安装:yum install bind yum install bind-chroot
bind-chroot是bind的一个功能,使bind可以在一个chroot的模式下运行。也就是说,bind运行时的/(根)目录,并不是系统真正的/(根)目录,只是系统中的一个子目录而已。这样做的目的是为了提高安全性,因为在chroot的模式下,bind可以访问的范围仅限于这个子目录的范围里,无法进一步提升,进入到系统的其他目录中。将BIND运行于chroot的方式将加强安全性。
bind配置
设置监听的ip地址范围,另外里面有个把IPV6也包含在里面了,可以删除。 vi /etc/named.conf
options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db";
dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key"; };
logging {
zone "." IN { type hint; file "named.ca"; };
include "/etc/named.rfc1912.zones";
修改,named.rfc1912.zones文件,在这里,我已经把多余的全部删除了,只保留了使用的部分
vi /etc/named.rfc1912.zones
zone "sdlyyx" IN {
zone "120.16.10.in-addr.arpa" IN {
zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; };
zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; };
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN { type master; file "named.loopback"; allow-update { none; }; };
zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; };
vi /var/named/sdlyyx.zone
$TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1
vi /var/named/10.16.120.rev
$TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1
设置bind随系统自动启动
chkconfig named on
设置防火墙,让客户端能访问DNS服务器。
iptables -F
iptables -A OUTPUT -p udp --dport 53 -jACCEPT
然后 DNS 服务器收到我们发出去的包,就回应一个回来 iptables -A INPUT -p udp --sport 53 -j ACCEPT
同时还要设置
允许连线出去后对方主机回应进来的封包,否则yum update不能更新。 iptables -A INPUT -m state --state ESTABLISHED,RELATED -jACCEPT
DNS使用tcpt和udp的53端品。从专业的角度说,TCP的可靠保证,是它的三次握手机制,这一机制保证校验了数据,保证了他的可靠性。而UDP就没有了,所以不可靠。不过UDP的速度是TCP比不了的,而且UDP的反应速度更快,QQ就是用UDP协议传输的,HTTP是用TCP协议传输的,不用我说什么,自己体验一下就能发现区别了。再有就是UDP和TCP的目的端口不一样(这句话好象是多余的),而且两个协议不在同一层,TCP在三层,UDP不是在四层就是七层。 所以说使用udp能提高对网站的速度。
查看
解决方法:网上有人说主要原因是以为DNS服务器不能连接公网,所以无法查询根服务器。开始无法理解,我的DNS服务器已设置了网络地址(IPV4),怎么会不能连接公网呢?再仔细一看日志“***/AAAA/IN':2001:500:40::1#53说明IPV6无法连接到公网,突然明白了,是因为我没设置IPV6地址的原因。目前IPV6还没用处,所以想法禁用IPV6,问题解决了。
禁用IPV6方法:
vi /etc/modprobe.d/dist.conf
并禁用ip6tables chkconfig ip6tables off
新方法:(推荐) /etc/sysconfig/named加入红色部分,让bind仅支持ipv4
ROOTDIR=/var/named/chroot OPTIONS="-4"
error (network unreachable) resolving 'dlv.isc/DNSKEY/IN':2001:500:e::1#53 error (network unreachable) resolving './DNSKEY/IN':2001:500:2f::f#53 error (network unreachable) resolving'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:19::1#53 error (network unreachable) resolving'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:a::79#53 error (network unreachable) resolving 'dlv.isc/DNSKEY/IN':2001:4f8:0:2::20#53 error (network unreachable) resolving'ns2.isc.ultradns/A/IN': 2001:503:a83e::2:30#53 error (network unreachable) resolving'pdns3.ultradns/AAAA/IN': 2001:500:40::1#53 error (network unreachable) resolving'pdns4.ultradns/AAAA/IN': 2001:500:b::1#53 error (network unreachable) resolving'pdns3.ultradns/AAAA/IN': 2001:500:48::1#53 error (network unreachable) resolving'pdns3.ultradns/AAAA/IN': 2001:500:b::1#53 error (network unreachable) resolving'pdns5.ultradns.info/AAAA/IN': 2001:500:1a::1#53 error (network unreachable) resolving'pdns5.ultradns.info/AAAA/IN': 2001:500:49::1#53 error (network unreachable) resolving'pdns6.ultradns.co.uk/A/IN': 2001:503:ba3e::2:30#53 error (network unreachable) resolving'pdns6.ultradns.co.uk/AAAA/IN': 2001:503:ba3e::2:30#53 error (network unreachable) resolving'ns.isc.afilias-nst.info/A/IN': 2001:500:7::79#53 error (network unreachable) resolving'pdns6.ultradns.co.uk/AAAA/IN': 2001:502:4612::1#53 error (network unreachable) resolving'pdns5.ultradns.info/A/IN': 2001:500:41::1#53 error (network unreachable) resolving 'meili.lywww/A/IN':2001:503:c27::2:30#53 error (network unreachable) resolving 'meili.lywww/A/IN':2001:500:1::803f:235#53 error (network unreachable) resolving 'meili.lywww/A/IN':2001:7fd::1#53 error (network unreachable) resolving 'meili.lywww/A/IN':2001:dc3::35#53 error (network unreachable) resolving 'ns.macomnet.ru/A/IN':2001:678:18:0:194:190:124:17#53 error (network unreachable) resolving 'com/DNSKEY/IN':2001:503:231d::2:30#53 error (network unreachable) resolving'meili.lywww.dlv.isc/DLV/IN': 2001:500:2c::254#53 error (network unreachable) resolving'meili.lywww.dlv.isc/DLV/IN': 2001:500:71::29#53 error (network unreachable) resolving'geons1.kaspersky-labs/AAAA/IN': 2001:4c08:2006::2#53 error (network unreachable) resolving'xnop007.tlgslb.dlv.isc/DLV/IN': 2001:500:60::29#53 error (network unreachable) resolving 'www.sina/A/IN':2001:dc7:1000::1#53 error (network unreachable) resolving 'www.sina/A/IN':2001:dc7::1#53 error (network unreachable) resolving'com.dlv.isc/DLV/IN': 2001:502:2eda::23#53 error (network unreachable) resolving'com.dlv.isc/DLV/IN': 2001:502:ad09::23#53 error (network unreachable) resolving 'g.msn/A/IN':2001:503:231d::2:30#53 error (network unreachable) resolving 'g.msn/A/IN':2001:503:a83e::2:30
更多推荐
centos bind dns服务器安装
发布评论