鳥哥的 Linux 私房菜
第十九章、主機名稱控制者: DNS 伺服器
DNS BIND 安裝設定
http://ipv6.tcc.edu.tw/
相關文件:
1 //
2 // Sample named.conf BIND DNS server 'named' configuration fil e
3 // for the Red Hat BIND distribution.
4 //
5 // See the BIND Administrator's Reference Manual (ARM) for det ails, in:
6 // file:///usr/share/doc/bind-*/arm/Bv9ARM.html
7 // Also see the BIND Configuration GUI : /usr/bin/system-confi g-bind and
8 // its manual.
9 //
10 options
11 {
12 // Those options should be used carefully because they disable port
13 // randomization
14 // query-source port 53;
15 // query-source-v6 port 53;
16
17 // Put files that named is allowed to write in the dat a/ directory:
18 directory "/var/named"; // the default
19 dump-file "data/cache_dump.db";
20 statistics-file "data/named_stats.txt";
21 memstatistics-file "data/named_mem_stats.txt";
22
23 };
24 logging
25 {
26 /* If you want to enable debugging, eg. using the 'rndc t race' command,
27 * named will try to write the 'named.run' file in the $d irectory (/var/named).
28 * By default, SELinux policy does not allow named to mod ify the /var/named directory,
29 * so put the default debug log file in data/ :
30 */
31 channel default_debug {
32 file "data/named.run";
33 severity dynamic;
34 };
35 };
36 //
37 // All BIND 9 zones are in a "view", which allow different zon es to be served
38 // to different types of client addresses, and for options to be set for groups
39 // of zones.
40 //
41 // By default, if named.conf contains no "view" clauses, all z ones are in the
42 // "default" view, which matches all clients.
43 //
44 // If named.conf contains any "view" clause, then all zones MU ST be in a view;
45 // so it is recommended to start off using views to avoid havi ng to restructure
46 // your configuration files in the future.
47 //
48 view "localhost_resolver"
49 {
50 /* This view sets up named to be a localhost resolver ( cachin g only nameserver ).
51 * If all you want is a caching-only nameserver, then you need only define this view:
52 */
53 match-clients { localhost; };
54 match-destinations { localhost; };
55 recursion yes;
56 # all views must contain the root hints zone:
57 include "/etc/named.root.hints";
58
59 /* these are zones that contain definitions for all th e localhost
60 * names and addresses, as recommended in RFC1912 - th ese names should
61 * ONLY be served to localhost clients:
62 */
63 include "/etc/named.rfc1912.zones";
64 };
65 view "internal"
66 {
67 /* This view will contain zones you want to serve only to "int ernal" clients
68 that connect via your directly attached LAN interfaces - "l ocalnets" .
69 */
70 match-clients { localnets; };
71 match-destinations { localnets; };
72 recursion yes;
73 // all views must contain the root hints zone:
74 include "/etc/named.root.hints";
75
76 // include "named.rfc1912.zones";
77 // you should not serve your rfc1912 names to non-loca lhost clients.
78
79 // These are your "authoritative" internal zones, and would probably
80 // also be included in the "localhost_resolver" view a bove :
81
82 zone "my.internal.zone" {
83 type master;
84 file "my.internal.zone.db";
85 };
86 zone "my.slave.internal.zone" {
87 type slave;
88 file "slaves/my.slave.internal.zone.db";
89 masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
90 // put slave zones in the slaves/ directory so named can update them
91 };
92 zone "my.ddns.internal.zone" {
93 type master;
94 allow-update { key ddns_key; };
95 file "slaves/my.ddns.internal.zone.db";
96 // put dynamically updateable zones in the sla ves/ directory so named can update them
97 };
98 };
99 key ddns_key
100 {
101 algorithm hmac-md5;
102 secret "use /usr/sbin/dns-keygen to generate TSIG keys ";
103 };
104 view "external"
105 {
106 /* This view will contain zones you want to serve only to "ext ernal" clients
107 * that have addresses that are not on your directly attached LAN interface subnets:
108 */
109 match-clients { any; };
110 match-destinations { any; };
111
112 recursion no;
113 // you'd probably want to deny recursion to external c lients, so you don't
114 // end up providing free DNS service to all takers
115
116 allow-query-cache { none; };
117 // Disable lookups for any cached data and root hints
118
119 // all views must contain the root hints zone:
120 include "/etc/named.root.hints";
121
122 // These are your "authoritative" external zones, and would probably
123 // contain entries for just your web and mail servers:
124
125 zone "my.external.zone" {
126 type master;
127 file "my.external.zone.db";
128 };
129 };
----------------------------------
沒有留言:
張貼留言