dns_配置指南
目录
DNS 配置常见问题的解决
解析不存在域名造成的解析速度慢,以及反向解析为bogon.的情况
添加zone "10.in-addr.arpa",Zone 信息使用空文件
DNS 基本概念
青岛大学内部的 DNS 服务器一般不使用迭代查询,即不向根服务器查询到何处去找该域名记录,而是向可信外部DNS服务器发起请求。
关于迭代查询,dig 实用工具手册中的解释:dig makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
DNS 服务器的配置
ISC Berkeley Internet Name Domain (BIND)
Name Server Daemon (NSD)
NSD 是一个高性能的权威 DNS 服务器实现,是 DNSSEC 的实验环境,有一台根服务器使用 NSD。
编译参数:
./configure --prefix=/opt/nsd --sysconfdir=/etc --localstatedir=/var --with-zonesdir=/etc/nsd/zones --with-dbfile=/var/lib/nsd/nsd.db
一个配置文件的例子,曾用于 OSQDU 美国总部内部评测的 NSD
- nsd.conf
server: ip-address: 192.168.29.10 hide-version: no debug-mode: no ip4-only: no ip6-only: no database: "/var/lib/nsd/nsd.db" identity: "OSQDU US Evaluation DNS" server-count: 1 tcp-count: 10 tcp-query-count: 0 tcp-timeout: 10 pidfile: "/var/run/nsd.pid" port: 53 statistics: 3600 username: 60001.60001 zonesdir: "/etc/nsd/zones" # ---- Zone Configuration ---- zone: name: "us.osqdu.org" zonefile: "us.osqdu.org.forward" provide-xfr: 192.168.29.0/24 NOKEY outgoing-interface: 192.168.29.10 zone: name: "29.168.192.in-addr.arpa" zonefile: "192.168.29.reverse" provide-xfr: 192.168.29.0/24 NOKEY outgoing-interface: 192.168.29.10
NSD 在 Solaris 10 中配置为 SMF 服务所需的 XML 文件
- nsd.xml
<?xml version="1.0"?> <!-- CDDL HEADER START The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] CDDL HEADER END --> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type='manifest' name='NSD'> <service name='network/dns/nsd' type='service' version='1'> <dependency name='filesystem_minimal' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/system/filesystem/local' /> </dependency> <dependency name='loopback' grouping='require_any' restart_on='error' type='service'> <service_fmri value='svc:/network/loopback' /> </dependency> <dependency name='network' grouping='optional_all' restart_on='error' type='service'> <service_fmri value='svc:/milestone/network' /> </dependency> <exec_method type='method' name='stop' exec='/opt/nsd/sbin/nsdc stop' timeout_seconds='60' /> <instance name='default' enabled='false' > <exec_method type='method' name='start' exec='/opt/nsd/sbin/nsdc start' timeout_seconds='60' > <method_context> <method_credential user='root' group='root' /> </method_context> </exec_method> <exec_method type='method' name='refresh' exec='/opt/nsd/sbin/nsdc rebuild' timeout_seconds='60'> <method_context> <method_credential user='root' group='root' /> </method_context> </exec_method> </instance> <stability value='Unstable' /> <template> <common_name> <loctext xml:lang='C'> NSD Authoritative-only DNS server </loctext> </common_name> </template> </service> </service_bundle>
NSD 兼容 BIND 的 Zone 文件格式
dns_配置指南.txt · 最后更改: 2012/06/24 22:04 由 ysong