自己动手搭建自己DNS服务器.docxVIP

搭建自己的DNS域名服务器(非主从)前言DNS协议是UDP混合TCP的一个SERVER，就是我们在windows下Linux下的/etc/resolv.conf配置第一步：下载源码包和安装/downloads/bind/下载最新版本是9.6.1tarzxvf bind-9.6.1.tar.gzcd bind-9.6.1./configuremakemakemake installPS：默认安装是/usr/sbin/named，配置文件在/etc/named.conf，zone文件目录是/var/named配置rndc.confcd /usr/local/sbin/named/usr/local/named/sbin/rndc-confgen /etc/rndc.conf把rndc.conf中的key信息输出到named.conf中tail -10 /etc/rndc.conf | head -9 | sed -e s/#\ //g /etc/named.conf这里强调一下，rndc.conf与named.conf的key值必须完全一样，而且并不需要生配置named.conf刚才我们已经生成了一部分named.conf,增加如下key rndc-key {algorithm hmac-md5;secret ydF5brUiwvHgsPMOFgNabw==;};controls {inet allow { localhost; } keys { rndc-key; };//如果对外服务这里的localhost改any};logging {channeldefault_debug{file /var/named/named.run;severity dynamic; };};options { allow-query ? ? { localhost; };#是否可以对外服务，localhost就只能自己directory /var/named; #named区文件目录pid-file named.pid; #进程id文件名listen-on port 53 { ; };listen-on-v6 port 53 { ::1; };dump-file /var/named/cache_dump.db;statistics-file /var/named/named_stats.txt;memstatistics-file /var/named/named_mem_stats.txt; recursion yes;#迭代查询dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;};zone . IN { //定义根域的zone，对应的 /var/named/named.ca 列出所有根域名服务器type hint; file named.root; //可以在 /usr/share/doc/bind-9.8.2/sample/var/named/ 获取named.ca模板};zone localhost IN {type master;file /var/named/localhost.zone;allow-update { none; };}; zone 0.0.127. IN { type master; file /var/named/named.local;allow-update { none; }; }; zone IN { type master;file /var/named/test.zone;allow-update { none; }; };zone 19.202.220. IN {type master;file /var/named/test.local; allow-update { none; };};配置localhost.zone$TTL 3600@ IN SOA localhost. root.localhost. ( ; @就是代表对应/etc/named.conf　zone对应的名字 zone xxx 0 ; serial 1D ; refresh 1H ; retry 1