BIND (简体中文)

From ArchWiki
Revision as of 08:11, 20 August 2013 by SteamedFish (Talk | contribs) (add template to notice that this page is being translating from English page)

Jump to: navigation, search



伯克利互联网名称服务 Berkeley Internet Name Daemon (BIND) 是 DNS 协议的一个参考实现。


These few steps show you how to install BIND and set it up as a local caching-only server.

安装官方源中的 bind

你可以编辑 /etc/named.conf 加上下面的这一行,来只允许来自 localhost 的查询。

listen-on {; };

编辑 /etc/resolv.conf 让其使用本机作为 DNS 服务器。


启动 named 守护进程。

A configuration template for running a domain

This is a simple tutorial in howto setup a simple home network DNS-server with bind. In our example we use "domain.tld" as our domain.

For a more elaborate example see Two-in-one DNS server with BIND9.

1. Creating a zonefile

# nano /var/named/
$TTL 7200
; domain.tld
@       IN      SOA     ns01.domain.tld. postmaster.domain.tld. (
                                        2007011601 ; Serial
                                        28800      ; Refresh
                                        1800       ; Retry
                                        604800     ; Expire - 1 week
                                        86400 )    ; Minimum
                IN      NS      ns01
                IN      NS      ns02
ns01            IN      A
ns02            IN      A
localhost       IN      A
@               IN      MX 10   mail
imap            IN      CNAME   mail
smtp            IN      CNAME   mail
@               IN      A
www             IN      A
mail            IN      A
@               IN      TXT     "v=spf1 mx"

$TTL defines the default time-to-live in seconds for all record types. In this example it is 2 hours.

Serial must be incremented manually before restarting named every time you change a resource record for the zone. If you forget to do it slaves will not re-transfer the zone: they only do it if the serial is greater than that of the last time they transferred the zone.

2. Configuring master server

Add your zone to /etc/named.conf:

zone "domain.tld" IN {
        type master;
        file "";
        allow-update { none; };
        notify no;

Restart the daemon and you are done.

BIND as simple DNS forwarder

If you have problems with, for example, VPN connections, they can sometimes be solved by setting-up a forwarding DNS server. This is very simple with BIND. Add these lines to /etc/named.conf, and change IP address according to your setup.

listen-on {; };
forwarders {;; };

Don't forget to restart the service!

Running BIND in a chrooted environment

Running in a chroot environment is not required but improves security. See BIND (chroot) for how to do this.

Configuring BIND to serve DNSSEC signed zones

See DNSSEC#BIND (serving signed DNS zones)

Automatically listen on new interfaces without chroot and root privileges

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: initscripts have been replaced by systemd (Discuss in Talk:BIND (简体中文)#)


 interface-interval <rescan-timeout-in-minutes>;

parameter into named.conf options. Then you should modify rc-script:

     stat_busy "Starting DNS"
-    [ -z "$PID" ] && /usr/sbin/named ${NAMED_ARGS}
+    setcap cap_net_bind_service=eip /usr/sbin/named
+    NAMED_ARGS=`echo ${NAMED_ARGS} | sed 's#-u [[:alnum:]]*##'`
+    [ -z "$PID" ] && sudo -u named /usr/sbin/named ${NAMED_ARGS}

So your /etc/rc.d/named should look like this:

     stat_busy "Starting DNS"
     setcap cap_net_bind_service=eip /usr/sbin/named
     NAMED_ARGS=`echo ${NAMED_ARGS} | sed 's#-u [[:alnum:]]*##'`
     [ -z "$PID" ] && sudo -u named /usr/sbin/named ${NAMED_ARGS}

Change user name in last line (with "... sudo -u named ...") if your named user is not 'named'.

See also

BIND Resources