域名服务器 BIND

域名服务器 BIND

 

BIND=Berkeley Internet Name Domain

是由4个University of California, Berkeley的计算机系统研究组的学生完成第一版本,并在1988年基于BSD授权协议下面发布。早期的版本BIND是直接将数据存储于txt文件的,在2007的BIND 9.4中才转换到数据库中,诸如Berkeley DB, mysql,PostgreSql。现在有ISC(Internet Software Consortium)来维护开发,现在的版本是10.

官网:

ISC – Publishers of BIND, DHCP, and Kea | Open Source for the Internet

对应的文档也可以从官网得到,本人在这里保存了一份9.10的文档:

BIND 9.10.1 Manual

如果你是Windows系统,可以去官网下载BIND的安装包,如果你是linux的,可以直接安装,因为已经在默认的仓库中。

BIND是域名解析软件领域默认的标准,就连13个根域名服务器(除了 H, K, L )上面的域名解析软件通通都是BIND。

关于安装BIND和基本的配置请参看:

linux下面建立自己的dns服务器

 

下面就BIND配置和使用的一些自己的总结写下来。

BIND在服务的名字是named而不是bind,所以管理服务的时候用named

$ sudo  service named start|stop|restart|reload

 

1. 如何启动BIND的query log,这样方便调试和找到问题

$ rndc querylog

log文件就在 /var/log/messages里面

tail -f /var/log/messages

query的log类似

named[1367]: client ::1#37971: query: 360cc.org IN A + (::1)

如果想关掉query log再一次执行

$ rndc querylog

如果你想配置query log到不同的文件,则需要更改/etc/named.conf文件,然后重启named服务,

logging {
    channel default_file {
        file "/var/log/named/default.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel general_file {
        file "/var/log/named/general.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel database_file {
        file "/var/log/named/database.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel security_file {
        file "/var/log/named/security.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel config_file {
        file "/var/log/named/config.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel resolver_file {
        file "/var/log/named/resolver.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-in_file {
        file "/var/log/named/xfer-in.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-out_file {
        file "/var/log/named/xfer-out.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel notify_file {
        file "/var/log/named/notify.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel client_file {
        file "/var/log/named/client.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel unmatched_file {
        file "/var/log/named/unmatched.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel queries_file {
        file "/var/log/named/queries.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel network_file {
        file "/var/log/named/network.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel update_file {
        file "/var/log/named/update.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dispatch_file {
        file "/var/log/named/dispatch.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dnssec_file {
        file "/var/log/named/dnssec.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel lame-servers_file {
        file "/var/log/named/lame-servers.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };

    category default { default_file; };
    category general { general_file; };
    category database { database_file; };
    category security { security_file; };
    category config { config_file; };
    category resolver { resolver_file; };
    category xfer-in { xfer-in_file; };
    category xfer-out { xfer-out_file; };
    category notify { notify_file; };
    category client { client_file; };
    category unmatched { unmatched_file; };
    category queries { queries_file; };
    category network { network_file; };
    category update { update_file; };
    category dispatch { dispatch_file; };
    category dnssec { dnssec_file; };
    category lame-servers { lame-servers_file; };
};
 

2. 如果更改了zone文件,不需要重新启动BIND,而是使用rndc reload

$ sudo rndc reload

记住 sudo service named reload完全其不到重新加载的作用。

如果只是加载一个zone的话,

 

3. 用工具检查config文件

如果 /etc/named.conf文件有错,那么使用 service named reload就什么不做,在使用 service named restart的时候就会报错,那么我们是否可以检测是否有语法错误呢?可以

BIND提供了一个工具

named-checkconf

不用带任何参数就可以检测config文件。

$ named-checkconf

 

4. 用工具检查zone文件是否有错

如果 zone文件有语法错误,那么使用 service named reload就什么不做,BIND提供了一个工具可以用来检测是否有语法错误

named-checkzone

语法大概是这样:

$ named-checkzone [域名] [域名文件]

域名文件必须在 /var/named/ 下面(针对centos是这个目录)

例如:

$ named-checkzone 360cc.org 360cc.org.china.zone

zone 360cc.org/IN: loaded serial 3
OK

表示没有问题

 

5. BIND提供的重量级工具rndc

rndc是BIND提供的用于管理控制BIND的一个客户端,是通过TCP和后台的BIND交互的。
这里说一下典型的rndc的应用,其他请参看BIND的手册:

status — Display status of the server

stop [-p] — Stop the server

querylog [on|off]  —- Enable or disable query logging

reconfig —- Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed.

addzone zone [class[view]] configuration — Add a zone while the server is running, requires the allow-new-zones option to be set to yes

$ rndc addzone example.com ’{ type master; file "example.com.db"; };’

 

版权所有,禁止转载. 如需转载,请先征得博主的同意,并且表明文章出处,否则按侵权处理.

    分享到:

Leave a Reply

Your email address will not be published. Required fields are marked *