sudo vi /etc/bind/named.conf.local //针对内网DNS域名解析
=======================================================
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "internal-sa"{type master;
file "/etc/bind/zone-internal-sa/db.dns";//正向
};
zone “127.12.172.in-addr.arpa” {type master;
notify no;
file "/etc/bind/zone-internal-sa/db.reverse-dns"; //反向
};
//新建配置
/etc/bind/zone-internal-sa/db.dns
/etc/bind/zone-internal-sa/db.reverse-dns
ubuntu@dbserver:/etc/bind/zone-internal-sa$ vi db.dns
-------------------------------------------------------;; BIND data file for local loopback interface
;$TTL 604800
@ IN SOA ns1.internal-sa. root.internal-sa. (
2013102301 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ); Negative Cache TTL
;
@ IN NS ns1.internal-sa.
ns1 IN A 172.16.127.128
;configure
dbserver IN A 172.16.127.128
nimbusz IN A 172.16.127.129
supervisor01z IN A 172.16.127.130
supervisor02z IN A 172.16.127.131
ubuntu@dbserver:/etc/bind/zone-internal-sa$ vi db.reverse-dns
-------------------------------------------------------;; BIND data file for local loopback interface
;$TTL 604800
@ IN SOA ns1.internal-sa. root.internal-sa. (
2013102301 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ); Negative Cache TTL
;
@ IN NS ns1.
;@ IN NS ns1.internal-sa.
;ns1 IN A 172.16.127.128
;configure
128 IN PTR dbserver.
129 IN PTR nimbusz.
130 IN PTR supervisor01z.
131 IN PTR supervisor02z.
sudo vi /etc/bind/named.conf.options //针对外网DNS解析
=======================================================
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
172.31.0.2;
8.8.8.8;
114.114.114.114;
};
//=====================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//=====================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
//重启bind9服务
sudo service bind9 restart
客户端
# DHCP(Dynamic Host Configuration Protocol)配置(用bind9做DNS域名解析, 需要重启客户端)sudo vi /etc/dhcp/dhclient.conf
=======================================================# Configuration file for /sbin/dhclient, which is included in Debian's# dhcp3-client package.## This is a sample configuration file for dhclient. See dhclient.conf's# man page for more information about the syntax of this file# and a more comprehensive list of the parameters understood by# dhclient.## Normally, if the DHCP server provides reasonable information and does# not leave anything out (like the domain name, for example), then# few changes must be made to this file, if any.#
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;#send host-name "andare.fugue.com";
send host-name = gethostname();#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;#send dhcp-lease-time 3600;#supersede domain-name "fugue.com home.vix.com";#prepend domain-name-servers 127.0.0.1;
prepend domain-name-servers 172.16.127.xxx;
prepend domain-name "internal-sa "; //注意最后的空格!!!
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers,
dhcp6.fqdn, dhcp6.sntp-servers;#require subnet-mask, domain-name-servers;#timeout 60;#retry 60;#reboot 10;#查看bind9的状态:
netstat -ltnp=======================================================
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN -
#验证正向解析
ping 172.16.127.xxx
#验证反向解析
ubuntu@nimbusz:~$ host -t PTR 172.16.127.xxx
xxx.127.16.172.in-addr.arpa domain name pointer dbserver.
#查看bind的版本信息
ubuntu@nimbusz:~$ dig @172.16.127.128 version.bind chaos txt
xxx
;version.bind. 0 CH TXT "9.9.5-3ubuntu0.9-Ubuntu"
xxx