Fedora 15上Bind 9.8.0 简单配置

来源：互联网发布：windows离线补丁包编辑：程序博客网时间：2024/05/20 05:59

因为要解决一个bug，需要用到DNS query，选择Bind9.8.0作为DNS Server.

结果发现从网上搜来的zone文件都没办法正确load. 以下是我的简单配置，希望可以节省大家时间。

1. named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};

//zone "100.137.168.192.in-addr.arpa" IN {
//type master;
//file "zone.example.com";
//allow-update { none;};
//};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. zone.example.com

$TTL 1D
$ORIGIN ccnsr.com.
@       IN SOA ccnsr.com. root(
                                        20111220        ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A 192.168.137.100

3. 打开防火墙端口53

iptables -I INPUT -p udp --dport 53 -j ACCEPT

4. 反向查询文件还有点问题，暂时不影响我的工作，待以后补充，先在named.conf中注释掉了。

5. named -g #选择前台运行bind, 有什么错可以及时发现。

次配置nslookup example.com 可以得到正确的ip.