Difference between revisions of "BIND (简体中文)"

From ArchWiki
Jump to: navigation, search
(add template to notice that this page is being translating from English page)
(继续部分翻译)
Line 9: Line 9:
  
 
== 安装 ==
 
== 安装 ==
These few steps show you how to install BIND and set it up as a local caching-only server.
+
下面的过程是简单的安装 BIND 并且将其配置成仅供本地使用的缓存 DNS 服务器。
  
 
[[Pacman (简体中文)|安装]][[Official Repositories (简体中文)|官方源]]中的 {{Pkg|bind}}。
 
[[Pacman (简体中文)|安装]][[Official Repositories (简体中文)|官方源]]中的 {{Pkg|bind}}。
Line 21: Line 21:
 
[[Daemon (简体中文)#管理守护进程|启动]]  '''named''' 守护进程。
 
[[Daemon (简体中文)#管理守护进程|启动]]  '''named''' 守护进程。
  
== A configuration template for running a domain ==
+
== 一个权威域的配置模板 ==
This is a simple tutorial in howto setup a simple home network DNS-server with bind. In our example we use "domain.tld" as our domain.
+
  
For a more elaborate example see [http://www.howtoforge.com/two_in_one_dns_bind9_views Two-in-one DNS server with BIND9].
+
下面是一个如何设置自己的权威域的简单教程,假设我们要用的权威域为 "domain.tld" (请替换成自己真实的域)
  
=== 1. Creating a zonefile ===
+
更详尽的教程参见 [http://www.howtoforge.com/two_in_one_dns_bind9_views Two-in-one DNS server with BIND9].
 +
 
 +
=== 1. 设置一个 zone 文件 ===
 
  # nano /var/named/domain.tld.zone
 
  # nano /var/named/domain.tld.zone
  
Line 50: Line 51:
 
  @              IN      TXT    "v=spf1 mx"
 
  @              IN      TXT    "v=spf1 mx"
  
$TTL defines the default time-to-live in seconds for all record types. In this example it is 2 hours.
+
$TTL 定义了这个文件里面的记录在未指定情况下默认的 TTL, 单位是秒。在这个例子中,默认 TTL 为2小时
 +
 
 +
每次修改 zone 文件的时候,都需要将 Serial 加一,然后再重启 named, 否则 BIND 主服务器不会将 zone 文件的变更发送给从服务器。让主服务器将变更发送给从服务器的条件是主服务器上的 zone 文件的 Serial 比从服务器的大。
  
Serial must be incremented manually before restarting named every time you change a resource record for the zone. If you forget to do it slaves will not re-transfer the zone: they only do it if the serial is greater than that of the last time they transferred the zone.
 
  
=== 2. Configuring master server ===
+
=== 2. 配置主服务器 ===
Add your zone to {{ic|/etc/named.conf}}:
+
将你的 zone 文件加到 {{ic|/etc/named.conf}}:
 
  zone "domain.tld" IN {
 
  zone "domain.tld" IN {
 
         type master;
 
         type master;
Line 63: Line 65:
 
  };
 
  };
  
Restart the daemon and you are done.
+
重启 "named"
  
 
== BIND as simple DNS forwarder ==
 
== BIND as simple DNS forwarder ==

Revision as of 08:22, 20 August 2013


Tango-preferences-desktop-locale.png本页面需要更新翻译,内容可能已经与英文脱节。要贡献翻译,请访问简体中文翻译组Tango-preferences-desktop-locale.png

附注:SteamedFish翻译中,尚未完成翻译

伯克利互联网名称服务 Berkeley Internet Name Daemon (BIND) 是 DNS 协议的一个参考实现。

安装

下面的过程是简单的安装 BIND 并且将其配置成仅供本地使用的缓存 DNS 服务器。

安装官方源中的 bind

你可以编辑 /etc/named.conf 加上下面的这一行,来只允许来自 localhost 的查询。

listen-on { 127.0.0.1; };

编辑 /etc/resolv.conf 让其使用本机作为 DNS 服务器。

nameserver 127.0.0.1

启动 named 守护进程。

一个权威域的配置模板

下面是一个如何设置自己的权威域的简单教程,假设我们要用的权威域为 "domain.tld" (请替换成自己真实的域)

更详尽的教程参见 Two-in-one DNS server with BIND9.

1. 设置一个 zone 文件

# nano /var/named/domain.tld.zone
$TTL 7200
; domain.tld
@       IN      SOA     ns01.domain.tld. postmaster.domain.tld. (
                                        2007011601 ; Serial
                                        28800      ; Refresh
                                        1800       ; Retry
                                        604800     ; Expire - 1 week
                                        86400 )    ; Minimum
                IN      NS      ns01
                IN      NS      ns02
ns01            IN      A       0.0.0.0
ns02            IN      A       0.0.0.0
localhost       IN      A       127.0.0.1
@               IN      MX 10   mail
imap            IN      CNAME   mail
smtp            IN      CNAME   mail
@               IN      A       0.0.0.0
www             IN      A       0.0.0.0
mail            IN      A       0.0.0.0
@               IN      TXT     "v=spf1 mx"

$TTL 定义了这个文件里面的记录在未指定情况下默认的 TTL, 单位是秒。在这个例子中,默认 TTL 为2小时

每次修改 zone 文件的时候,都需要将 Serial 加一,然后再重启 named, 否则 BIND 主服务器不会将 zone 文件的变更发送给从服务器。让主服务器将变更发送给从服务器的条件是主服务器上的 zone 文件的 Serial 比从服务器的大。


2. 配置主服务器

将你的 zone 文件加到 /etc/named.conf:

zone "domain.tld" IN {
        type master;
        file "domain.tld.zone";
        allow-update { none; };
        notify no;
};

重启 "named"

BIND as simple DNS forwarder

If you have problems with, for example, VPN connections, they can sometimes be solved by setting-up a forwarding DNS server. This is very simple with BIND. Add these lines to /etc/named.conf, and change IP address according to your setup.

listen-on { 192.168.66.1; };
forwarders { 8.8.8.8; 8.8.4.4; };

Don't forget to restart the service!

Running BIND in a chrooted environment

Running in a chroot environment is not required but improves security. See BIND (chroot) for how to do this.

Configuring BIND to serve DNSSEC signed zones

See DNSSEC#BIND (serving signed DNS zones)

Automatically listen on new interfaces without chroot and root privileges

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: initscripts have been replaced by systemd (Discuss in Talk:BIND (简体中文)#)

Add

 interface-interval <rescan-timeout-in-minutes>;

parameter into named.conf options. Then you should modify rc-script:

     stat_busy "Starting DNS"
-    [ -z "$PID" ] && /usr/sbin/named ${NAMED_ARGS}
+    setcap cap_net_bind_service=eip /usr/sbin/named
+    NAMED_ARGS=`echo ${NAMED_ARGS} | sed 's#-u [[:alnum:]]*##'`
+    [ -z "$PID" ] && sudo -u named /usr/sbin/named ${NAMED_ARGS}

So your /etc/rc.d/named should look like this:

     stat_busy "Starting DNS"
     setcap cap_net_bind_service=eip /usr/sbin/named
     NAMED_ARGS=`echo ${NAMED_ARGS} | sed 's#-u [[:alnum:]]*##'`
     [ -z "$PID" ] && sudo -u named /usr/sbin/named ${NAMED_ARGS}

Change user name in last line (with "... sudo -u named ...") if your named user is not 'named'.

See also

BIND Resources