ps -aux | grep named
named 10525 0.0 5.8 168284 57916 ? Ssl 14:24 0:00 /usr/sbin/named -u named -c /etc/named.conf
root 11416 0.0 0.0 112724 988 pts/1 R+ 16:11 0:00 grep --color=auto named
配置
/etc/named.conf:
options {} 整个Bind的全局选项
logging {} 服务日志选项
zone . {} DNS域解析
options {
// Bind 监听 127.0.0.1 的53端口
listen-on port 53 { 127.0.0.1; };
// ipv6 53端口
listen-on-v6 port 53 { ::1; };
// Bind主配置路径, 数据库路径
directory "/var/named";
// DNS缓存
dump-file "/var/named/data/cache_dump.db";
// 静态解析文件
statistics-file "/var/named/data/named_stats.txt";
// 内存统计信息
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// 权限
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
// 日志路径以及级别
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
// 根域解析, named.ca 记录了所有根域服务器的地址
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
配置权威解析
配置/etc/named.conf, 修改
listen-on port 53 { any; };
allow-query { any; };
配置 /etc/named.rfc1912.zones, 增加如下zone:
zone "svc.com" {
type master;
file "svc.com.zone"
allow-update { none; };
}